Skip to content

Commit a4857f8

Browse files
JeremiahM37JeremiahM37
committed
add tests for fenrir fixes
1 parent 7833470 commit a4857f8

1 file changed

Lines changed: 133 additions & 0 deletions

File tree

tests/unittests.c

Lines changed: 133 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1573,6 +1573,16 @@ static int test_static_routes(void) {
15731573

15741574
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_route_default_policy_set(WOLFSENTRY_CONTEXT_ARGS_OUT, WOLFSENTRY_ACTION_RES_NONE));
15751575

1576+
/* non-decisional default_policy values (STOP/ERROR alone) must be rejected. */
1577+
WOLFSENTRY_EXIT_UNLESS_EXPECTED_FAILURE(
1578+
INVALID_ARG,
1579+
wolfsentry_route_default_policy_set(WOLFSENTRY_CONTEXT_ARGS_OUT, WOLFSENTRY_ACTION_RES_STOP));
1580+
WOLFSENTRY_EXIT_UNLESS_EXPECTED_FAILURE(
1581+
INVALID_ARG,
1582+
wolfsentry_route_default_policy_set(WOLFSENTRY_CONTEXT_ARGS_OUT, WOLFSENTRY_ACTION_RES_ERROR));
1583+
WOLFSENTRY_EXIT_UNLESS_EXPECTED_FAILURE(
1584+
INVALID_ARG,
1585+
wolfsentry_route_default_policy_set(WOLFSENTRY_CONTEXT_ARGS_OUT, WOLFSENTRY_ACTION_RES_STOP | WOLFSENTRY_ACTION_RES_ERROR));
15761586

15771587
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_route_insert(WOLFSENTRY_CONTEXT_ARGS_OUT, NULL /* caller_arg */, &remote.sa, &local.sa, flags, 0 /* event_label_len */, 0 /* event_label */, &id, &action_results));
15781588

@@ -2747,6 +2757,70 @@ static int test_static_routes(void) {
27472757
&action_results));
27482758
}
27492759

2760+
/* max_connection_count == 0 means "no limit": CONNECT dispatches must not
2761+
* be rejected regardless of how many times we fire them.
2762+
*/
2763+
{
2764+
struct wolfsentry_eventconfig nolimit_config = config;
2765+
wolfsentry_ent_id_t nolimit_route_id;
2766+
wolfsentry_route_flags_t nolimit_flags;
2767+
unsigned int i;
2768+
2769+
nolimit_config.max_connection_count = 0;
2770+
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_event_insert(
2771+
WOLFSENTRY_CONTEXT_ARGS_OUT,
2772+
"nolimit-conn-test",
2773+
WOLFSENTRY_LENGTH_NULL_TERMINATED,
2774+
0 /* priority */,
2775+
&nolimit_config,
2776+
WOLFSENTRY_EVENT_FLAG_NONE,
2777+
NULL /* id */));
2778+
2779+
WOLFSENTRY_CLEAR_ALL_BITS(nolimit_flags);
2780+
WOLFSENTRY_SET_BITS(nolimit_flags, WOLFSENTRY_ROUTE_FLAG_TCPLIKE_PORT_NUMBERS
2781+
| WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN
2782+
| WOLFSENTRY_ROUTE_FLAG_GREENLISTED);
2783+
memcpy(remote.sa.addr, "\7\10\11\12", sizeof remote.addr_buf);
2784+
memcpy(local.sa.addr, "\377\376\375\374", sizeof local.addr_buf);
2785+
2786+
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_route_insert(
2787+
WOLFSENTRY_CONTEXT_ARGS_OUT,
2788+
NULL /* caller_arg */,
2789+
&remote.sa, &local.sa, nolimit_flags,
2790+
"nolimit-conn-test",
2791+
WOLFSENTRY_LENGTH_NULL_TERMINATED,
2792+
&nolimit_route_id, &action_results));
2793+
2794+
/* 20 iterations covers the "unlimited" no-reject behavior; the
2795+
* UINT16_MAX saturation path is covered by
2796+
* WOLFSENTRY_ATOMIC_INCREMENT_UNSIGNED_SAFELY_BY_ONE itself, not
2797+
* exercised here to avoid a 65535-iteration CI cost.
2798+
*/
2799+
for (i = 0; i < 20; ++i) {
2800+
WOLFSENTRY_CLEAR_ALL_BITS(action_results);
2801+
WOLFSENTRY_SET_BITS(action_results, WOLFSENTRY_ACTION_RES_CONNECT);
2802+
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_route_event_dispatch_with_inited_result(
2803+
WOLFSENTRY_CONTEXT_ARGS_OUT,
2804+
&remote.sa, &local.sa, nolimit_flags,
2805+
NULL /* event_label */, 0 /* event_label_len */,
2806+
NULL /* caller_arg */,
2807+
&id, &inexact_matches, &action_results));
2808+
WOLFSENTRY_EXIT_ON_TRUE(WOLFSENTRY_CHECK_BITS(action_results, WOLFSENTRY_ACTION_RES_REJECT));
2809+
}
2810+
2811+
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_route_delete_by_id(
2812+
WOLFSENTRY_CONTEXT_ARGS_OUT,
2813+
NULL /* caller_arg */,
2814+
nolimit_route_id,
2815+
NULL /* event_label */, 0 /* event_label_len */,
2816+
&action_results));
2817+
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_event_delete(
2818+
WOLFSENTRY_CONTEXT_ARGS_OUT,
2819+
"nolimit-conn-test",
2820+
WOLFSENTRY_LENGTH_NULL_TERMINATED,
2821+
&action_results));
2822+
}
2823+
27502824
printf("all subtests succeeded -- %u distinct ents inserted and deleted.\n",wolfsentry->mk_id_cb_state.id_counter);
27512825

27522826
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_shutdown(WOLFSENTRY_CONTEXT_ARGS_OUT_EX(&wolfsentry)));
@@ -3703,6 +3777,46 @@ static int test_user_values(void) {
37033777

37043778
}
37053779

3780+
#ifdef WOLFSENTRY_HAVE_JSON_DOM
3781+
/* strings rendered as JSON must escape quotes and backslashes. */
3782+
{
3783+
static const char raw[] = "a\"b\\c";
3784+
const struct wolfsentry_kv_pair *kv_exports;
3785+
char render_buf[64];
3786+
int render_buf_space = (int)sizeof render_buf;
3787+
3788+
memset(render_buf, 0, sizeof render_buf);
3789+
3790+
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_user_value_store_string(
3791+
WOLFSENTRY_CONTEXT_ARGS_OUT,
3792+
"json_escape_string",
3793+
WOLFSENTRY_LENGTH_NULL_TERMINATED,
3794+
raw,
3795+
WOLFSENTRY_LENGTH_NULL_TERMINATED,
3796+
0));
3797+
{
3798+
const char *value = NULL;
3799+
int value_len = -1;
3800+
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_user_value_get_string(
3801+
WOLFSENTRY_CONTEXT_ARGS_OUT,
3802+
"json_escape_string",
3803+
WOLFSENTRY_LENGTH_NULL_TERMINATED,
3804+
&value, &value_len, &kv_ref));
3805+
}
3806+
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_context_lock_shared(WOLFSENTRY_CONTEXT_ARGS_OUT));
3807+
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_kv_pair_export(WOLFSENTRY_CONTEXT_ARGS_OUT, kv_ref, &kv_exports));
3808+
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_kv_render_value(WOLFSENTRY_CONTEXT_ARGS_OUT, kv_exports, render_buf, &render_buf_space));
3809+
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_context_unlock(WOLFSENTRY_CONTEXT_ARGS_OUT));
3810+
WOLFSENTRY_EXIT_ON_FALSE(strstr(render_buf, "\\\"") != NULL);
3811+
WOLFSENTRY_EXIT_ON_FALSE(strstr(render_buf, "\\\\") != NULL);
3812+
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_user_value_release_record(WOLFSENTRY_CONTEXT_ARGS_OUT, &kv_ref));
3813+
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_user_value_delete(
3814+
WOLFSENTRY_CONTEXT_ARGS_OUT,
3815+
"json_escape_string",
3816+
WOLFSENTRY_LENGTH_NULL_TERMINATED));
3817+
}
3818+
#endif /* WOLFSENTRY_HAVE_JSON_DOM */
3819+
37063820
WOLFSENTRY_EXIT_UNLESS_EXPECTED_FAILURE(
37073821
BAD_VALUE,
37083822
wolfsentry_user_value_store_string(
@@ -4086,6 +4200,25 @@ static int test_user_addr_families(void) {
40864200
family_number,
40874201
&bits));
40884202
WOLFSENTRY_EXIT_ON_FALSE(bits == 48);
4203+
4204+
/* LINK64 must roundtrip through pton → ntop → verify label. */
4205+
{
4206+
struct wolfsentry_addr_family_bynumber *addr_family = NULL;
4207+
const char *family_name = NULL;
4208+
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_addr_family_pton(
4209+
WOLFSENTRY_CONTEXT_ARGS_OUT,
4210+
"LINK64",
4211+
WOLFSENTRY_LENGTH_NULL_TERMINATED,
4212+
&family_number));
4213+
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_addr_family_ntop(
4214+
WOLFSENTRY_CONTEXT_ARGS_OUT,
4215+
family_number,
4216+
&addr_family,
4217+
&family_name));
4218+
WOLFSENTRY_EXIT_ON_FALSE((family_name != NULL) && (! strcmp(family_name, "LINK64")));
4219+
if (addr_family)
4220+
WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_addr_family_drop_reference(WOLFSENTRY_CONTEXT_ARGS_OUT, addr_family, &action_results));
4221+
}
40894222
}
40904223
#endif /* WOLFSENTRY_PROTOCOL_NAMES */
40914224

0 commit comments

Comments
 (0)