sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

r13827@catbus: nickm | 2007-07-19 14:42:25 -0400 

Merge in some generic address manipulation code from croup.  Needs some work.


svn:r10880
This commit is contained in:
Nick Mathewson 2007-07-19 18:46:09 +00:00
parent 70aef18db1
commit bbbf504281
8 changed files with 944 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -30,6 +30,10 @@ Changes in version 0.2.0.3-alpha - 2007-??-??
expiry information. addr-mappings/* is now deprecated.
(Patch from Tup.)
o Minor features (IPv6):
- Merge in some (as-yet-unused) IPv6 address manipulation code. (Patch
from croup.)
o Performance improvements (win32):
- Use Critical Sections rather than Mutexes for synchronizing threads
on win32; Mutexes are heavier-weight, and designed for synchronizing

2
configure.in
View File

@ -329,7 +329,7 @@ AC_CHECK_SIZEOF(size_t)
AC_CHECK_TYPES([uint, u_char])
AC_CHECK_TYPES([struct in6_addr, struct sockaddr_storage], , ,
AC_CHECK_TYPES([struct in6_addr, struct sockaddr_in6, struct sockaddr_storage], , ,
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif

85
src/common/compat.c
View File

@ -1004,7 +1004,7 @@ tor_inet_pton(int af, const char *src, void *dst)
}
/** Similar behavior to Unix gethostbyname: resolve <b>name</b>, and set
* *addr to the proper IP address, in network byte order. Returns 0
* *<b>addr</b> to the proper IP address, in host byte order. Returns 0
* on success, -1 on failure; 1 on transient failure.
*
* (This function exists because standard windows gethostbyname
@ -1012,39 +1012,91 @@ tor_inet_pton(int af, const char *src, void *dst)
*/
int
tor_lookup_hostname(const char *name, uint32_t *addr)
{
tor_addr_t myaddr;
int ret;
if ((ret = tor_addr_lookup(name, AF_INET, &myaddr)))
return ret;
if (IN_FAMILY(&myaddr) == AF_INET) {
*addr = IPV4IPh(&myaddr);
return ret;
}
return -1;
}
/** Similar behavior to Unix gethostbyname: resolve <b>name</b>, and set
* *<b>addr</b> to the proper IP address and family.
* Return 0 on success, -1 on failure; 1 on transient failure.
* DOCDOC family argument.
*/
int
tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr)
{
/* Perhaps eventually this should be replaced by a tor_getaddrinfo or
* something.
*/
struct in_addr iaddr;
struct in6_addr iaddr6;
tor_assert(name);
tor_assert(addr);
tor_assert(family == AF_INET || family == AF_UNSPEC);
memset(addr, 0, sizeof(addr)); /* Clear the extraneous fields. */
if (!*name) {
/* Empty address is an error. */
return -1;
} else if (tor_inet_aton(name, &iaddr)) {
/* It's an IP. */
memcpy(addr, &iaddr.s_addr, 4);
} else if (tor_inet_pton(AF_INET, name, &iaddr)) {
/* It's an IPv4 IP. */
addr->sa.sin_family = AF_INET;
memcpy(&addr->sa.sin_addr, &iaddr, sizeof(struct in_addr));
return 0;
} else if (tor_inet_pton(AF_INET6, name, &iaddr6)) {
addr->sa6.sin6_family = AF_INET6;
memcpy(&addr->sa6.sin6_addr, &iaddr6, sizeof(struct in6_addr));
return 0;
} else {
#ifdef HAVE_GETADDRINFO
int err;
struct addrinfo *res=NULL, *res_p;
struct addrinfo *best=NULL;
struct addrinfo hints;
int result = -1;
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_INET;
hints.ai_family = family;
hints.ai_socktype = SOCK_STREAM;
err = getaddrinfo(name, NULL, &hints, &res);
if (!err) {
best = NULL;
for (res_p = res; res_p; res_p = res_p->ai_next) {
if (res_p->ai_family == AF_INET) {
struct sockaddr_in *sin = (struct sockaddr_in *)res_p->ai_addr;
memcpy(addr, &sin->sin_addr, 4);
result = 0;
if (family == AF_UNSPEC) {
if (res_p->ai_family == AF_INET) {
best = res_p;
break;
} else if (res_p->ai_family == AF_INET6 && !best) {
best = res_p;
}
} else if (family == res_p->ai_family) {
best = res_p;
break;
}
}
if (!best)
best = res;
if (best->ai_family == AF_INET) {
addr->sa.sin_family = AF_INET;
memcpy(&addr->sa.sin_addr,
&((struct sockaddr_in*)best->ai_addr)->sin_addr,
sizeof(struct in_addr));
result = 0;
} else if (best->ai_family == AF_INET6) {
addr->sa6.sin6_family = AF_INET6;
memcpy(&addr->sa6.sin6_addr,
&((struct sockaddr_in6*)best->ai_addr)->sin6_addr,
sizeof(struct in6_addr));
result = 0;
}
freeaddrinfo(res);
return result;
}
@ -1074,14 +1126,19 @@ tor_lookup_hostname(const char *name, uint32_t *addr)
#else
err = h_errno;
#endif
#endif
#endif /* endif HAVE_GETHOSTBYNAME_R_6_ARG. */
if (ent) {
/* break to remind us if we move away from IPv4 */
tor_assert(ent->h_length == 4);
memcpy(addr, ent->h_addr, 4);
addr->sa.sin_family = ent->h_addrtype;
if (ent->h_addrtype == AF_INET) {
memcpy(addr->sa.sin_addr, ent->h_addr, sizeof(struct in_addr));
} else if (ent->h_addrtype == AF_INET6) {
memcpy(addr->sa.sin6_addr, ent->h_addr, sizeof(struct in6_addr));
} else {
tor_assert(0) /* gethostbyname() returned a bizarre addrtype */
}
return 0;
}
memset(addr, 0, 4);
memset(addr, 0, sizeof(tor_addr_t)); /* XXXX020 is this redundant? */
#ifdef MS_WINDOWS
return (err == WSATRY_AGAIN) ? 1 : -1;
#else

91
src/common/compat.h
View File

@ -36,6 +36,15 @@
#include <ctype.h>
#endif
#include <stdarg.h>
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_NETINET_IN6_H
#include <netinet/in6.h>
#endif
#ifndef NULL_REP_IS_ZERO_BYTES
#error "It seems your platform does not represent NULL as zero. We can't cope."
@ -263,11 +272,88 @@ typedef int socklen_t;
#if !defined(HAVE_STRUCT_IN6_ADDR) && !defined(MS_WINDOWS)
struct in6_addr
{
uint8_t s6_addr[16];
union {
uint8_t u6_addr8[16];
uint16_t u6_addr16[8];
uint32_t u6_addr32[4];
} in6_u;
#define s6_addr in6_u.u6_addr8
#define s6_addr16 in6_u.u6_addr16
#define s6_addr32 in6_u.u6_addr32
};
#endif
#if !defined(HAVE_STRUCT_SOCKADDR_IN6)
struct sockaddr_in6 {
uint16_t sin6_family; /* XXXX020 right size???? */
uint16_t sin6_port;
// uint32_t sin6_flowinfo;
struct in6_addr sin6_addr;
// uint32_t sin6_scope_id;
};
#endif
typedef uint8_t maskbits_t;
struct in_addr;
typedef union tor_addr_t
{
/* XXXX020 There are extra fields in sockaddr_in and sockaddr_in6 that
* make this union waste space. Do we care? */
struct sockaddr_in sa;
struct sockaddr_in6 sa6;
} tor_addr_t;
/* XXXX020 rename these. */
static INLINE uint32_t IPV4IP(const tor_addr_t *a);
static INLINE uint32_t IPV4IPh(const tor_addr_t *a);
static INLINE uint32_t IPV4MAPh(const tor_addr_t *a);
static INLINE uint16_t IN_FAMILY(const tor_addr_t *a);
static INLINE const struct in_addr *IN_ADDR(const tor_addr_t *a);
static INLINE const struct in6_addr *IN6_ADDR(const tor_addr_t *a);
static INLINE uint16_t IN_PORT(const tor_addr_t *a);
static INLINE uint32_t
IPV4IP(const tor_addr_t *a)
{
return a->sa.sin_addr.s_addr;
}
static INLINE uint32_t IPV4IPh(const tor_addr_t *a)
{
/*XXXX020 remove this function */
return ntohl(IPV4IP(a));
}
static INLINE uint32_t
IPV4MAPh(const tor_addr_t *a)
{
return ntohl(a->sa6.sin6_addr.s6_addr32[3]);
}
static INLINE uint16_t
IN_FAMILY(const tor_addr_t *a)
{
return a->sa.sin_family;
}
static INLINE const struct in_addr *
IN_ADDR(const tor_addr_t *a)
{
return &a->sa.sin_addr;
}
static INLINE const struct in6_addr *
IN6_ADDR(const tor_addr_t *a)
{
return &a->sa6.sin6_addr;
}
static INLINE uint16_t
IN_PORT(const tor_addr_t *a)
{
if (IN_FAMILY(a) == AF_INET)
return a->sa.sin_port;
else
return a->sa6.sin6_port;
}
#define INET_NTOA_BUF_LEN 16 /* 255.255.255.255 */
#define TOR_ADDR_BUF_LEN 46 /* ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255 */
int tor_inet_aton(const char *cp, struct in_addr *addr) ATTR_NONNULL((1,2));
const char *tor_inet_ntop(int af, const void *src, char *dst, size_t len);
int tor_inet_pton(int af, const char *src, void *dst);
@ -275,6 +361,9 @@ int tor_lookup_hostname(const char *name, uint32_t *addr) ATTR_NONNULL((1,2));
void set_socket_nonblocking(int socket);
int tor_socketpair(int family, int type, int protocol, int fd[2]);
int network_init(void);
int tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr_out);
/* For stupid historical reasons, windows sockets have an independent
* set of errnos, and an independent way to get them. Also, you can't
* always believe WSAEWOULDBLOCK. Use the macros below to compare

625
src/common/util.c
View File

@ -1828,18 +1828,96 @@ path_is_relative(const char *filename)
int
is_internal_IP(uint32_t ip, int for_listening)
{
if (for_listening && !ip) /* special case for binding to 0.0.0.0 */
return 0;
if (((ip & 0xff000000) == 0x0a000000) || /* 10/8 */
((ip & 0xff000000) == 0x00000000) || /* 0/8 */
((ip & 0xff000000) == 0x7f000000) || /* 127/8 */
((ip & 0xffff0000) == 0xa9fe0000) || /* 169.254/16 */
((ip & 0xfff00000) == 0xac100000) || /* 172.16/12 */
((ip & 0xffff0000) == 0xc0a80000)) /* 192.168/16 */
return 1;
return 0;
tor_addr_t myaddr;
myaddr.sa.sin_family = AF_INET;
myaddr.sa.sin_addr.s_addr = htonl(ip);
return tor_addr_is_internal(&myaddr, for_listening);
}
/** Return true iff <b>ip</b> is an IP reserved to localhost or local networks
* in RFC1918 or RFC4193 or RFC4291. (fec0::/10, deprecated by RFC3879, is
* also treated as internal for now.)
*/
int
tor_addr_is_internal(const tor_addr_t *addr, int for_listening)
{
uint32_t iph4;
uint32_t iph6[4];
sa_family_t v_family;
v_family = IN_FAMILY(addr);
if (v_family == AF_INET) {
iph4 = IPV4IPh(addr);
} else if (v_family == AF_INET6) {
if (tor_addr_is_v4(addr)) { /* v4-mapped */
v_family = AF_INET;
iph4 = ntohl(IN6_ADDR(addr)->s6_addr32[3]);
}
}
if (v_family == AF_INET6) {
iph6[0] = ntohl(IN6_ADDR(addr)->s6_addr32[0]);
iph6[1] = ntohl(IN6_ADDR(addr)->s6_addr32[1]);
iph6[2] = ntohl(IN6_ADDR(addr)->s6_addr32[2]);
iph6[3] = ntohl(IN6_ADDR(addr)->s6_addr32[3]);
if (for_listening && !iph6[0] && !iph6[1] && !iph6[2] && !iph6[3]) /* :: */
return 0;
if (((iph6[0] & 0xfe000000) == 0xfc000000) || /* fc00/7 - RFC4193 */
((iph6[0] & 0xffc00000) == 0xfe800000) || /* fe80/10 - RFC4291 */
((iph6[0] & 0xffc00000) == 0xfec00000)) /* fec0/10 D- RFC3879 */
return 1;
if (!iph6[0] && !iph6[1] && !iph6[2] &&
((iph6[3] & 0xfffffffe) == 0x00000000)) /* ::/127 */
return 1;
return 0;
} else if (v_family == AF_INET) {
if (for_listening && !iph4) /* special case for binding to 0.0.0.0 */
return 0;
if (((iph4 & 0xff000000) == 0x0a000000) || /* 10/8 */
((iph4 & 0xff000000) == 0x00000000) || /* 0/8 */
((iph4 & 0xff000000) == 0x7f000000) || /* 127/8 */
((iph4 & 0xffff0000) == 0xa9fe0000) || /* 169.254/16 */
((iph4 & 0xfff00000) == 0xac100000) || /* 172.16/12 */
((iph4 & 0xffff0000) == 0xc0a80000)) /* 192.168/16 */
return 1;
return 0;
}
/* unknown address family... assume it's not safe for external use */
/* rather than tor_assert(0) */
log_warn(LD_BUG, "tor_addr_is_internal() called with a non-IP address.");
return 1;
}
#if 0
/** Convert a tor_addr_t <b>addr</b> into a string, and store it in
* <b>dest</b> of size <b>len</b>. Returns a pointer to dest on success,
* or NULL on failure.
*/
void
tor_addr_to_str(char *dest, const tor_addr_t *addr, int len)
{
const char *ptr;
tor_assert(addr && dest);
switch (IN_FAMILY(addr)) {
case AF_INET:
ptr = tor_inet_ntop(AF_INET, &addr->sa.sin_addr, dest, len);
break;
case AF_INET6:
ptr = tor_inet_ntop(AF_INET6, &addr->sa6.sin6_addr, dest, len);
break;
default:
return NULL;
}
return ptr;
}
#endif
/** Parse a string of the form "host[:port]" from <b>addrport</b>. If
* <b>address</b> is provided, set *<b>address</b> to a copy of the
* host portion of the string. If <b>addr</b> is provided, try to
@ -1889,7 +1967,6 @@ parse_addr_port(int severity, const char *addrport, char **address,
ok = 0;
*addr = 0;
}
*addr = ntohl(*addr);
}
if (address && ok) {
@ -2055,9 +2132,244 @@ parse_addr_and_port_range(const char *s, uint32_t *addr_out,
return -1;
}
/** Given an IPv4 address <b>in</b> (in network order, as usual),
* write it as a string into the <b>buf_len</b>-byte buffer in
* <b>buf</b>.
/** Parse a string <b>s</b> containing an IPv4/IPv6 address, and possibly
* a mask and port or port range. Store the parsed address in
* <b>addr_out</b>, a mask (if any) in <b>mask_out</b>, and port(s) (if any)
* in <b>port_min_out</b> and <b>port_max_out</b>.
*
* DOCDOC exact syntax.
*
* - If mask, minport, or maxport are NULL, avoid storing those elements.
* - If the string has no mask, the mask is set to /32 (IPv4) or /128 (IPv6).
* - If the string has one port, it is placed in both min and max port
* variables.
* - If the string has no port(s), port_(min|max)_out are set to 1 and 65535.
*
* Return an address family on success, or -1 if an invalid address string is
* provided.
*/
int
tor_addr_parse_mask_ports(const char *s, tor_addr_t *addr_out,
maskbits_t *maskbits_out,
uint16_t *port_min_out, uint16_t *port_max_out)
{
char *base = NULL, *address, *mask = NULL, *port = NULL, *rbracket = NULL;
char *endptr;
int any_flag=0, v4map=0;
tor_assert(s);
tor_assert(addr_out);
/* IP, [], /mask, ports */
#define MAX_ADDRESS_LENGTH (TOR_ADDR_BUF_LEN+2+(1+INET_NTOA_BUF_LEN)+12+1)
if (strlen(s) > MAX_ADDRESS_LENGTH) {
log_warn(LD_GENERAL, "Impossibly long IP %s; rejecting", escaped(s));
goto err;
}
base = tor_strdup(s);
/* Break 'base' into separate strings. */
address = base;
if (*address == '[') { /* Probably IPv6 */
address++;
rbracket = strchr(address, ']');
if (!rbracket) {
log_warn(LD_GENERAL,
"No closing IPv6 bracket in address pattern; rejecting.");
goto err;
}
}
mask = strchr((rbracket?rbracket:address),'/');
port = strchr((mask?mask:(rbracket?rbracket:address)), ':');
if (port)
*port++ = '\0';
if (mask)
*mask++ = '\0';
if (rbracket)
*rbracket = '\0';
if (port && mask)
tor_assert(port > mask);
if (mask && rbracket)
tor_assert(mask > rbracket);
/* Now "address" is the a.b.c.d|'*'|abcd::1 part...
* "mask" is the Mask|Maskbits part...
* and "port" is the *|port|min-max part.
*/
/* Process the address portion */
memset(addr_out, 0, sizeof(tor_addr_t));
if (!strcmp(address, "*")) {
addr_out->sa.sin_family = AF_INET; /* AF_UNSPEC ???? XXXXX020 */
any_flag = 1;
} else if (tor_inet_pton(AF_INET6, address, &addr_out->sa6.sin6_addr) > 0) {
addr_out->sa6.sin6_family = AF_INET6;
} else if (tor_inet_pton(AF_INET, address, &addr_out->sa.sin_addr) > 0) {
addr_out->sa.sin_family = AF_INET;
} else {
log_warn(LD_GENERAL, "Malformed IP %s in address pattern; rejecting.",
escaped(address));
goto err;
}
v4map = tor_addr_is_v4(addr_out);
/*
#ifdef ALWAYS_V6_MAP
if (v_family == AF_INET) {
v_family = AF_INET6;
IN_ADDR6(addr_out).s6_addr32[3] = IN6_ADDR(addr_out).s_addr;
memset(&IN6_ADDR(addr_out), 0, 10);
IN_ADDR6(addr_out).s6_addr16[5] = 0xffff;
}
#else
if (v_family == AF_INET6 && v4map) {
v_family = AF_INET;
IN_ADDR(addr_out).s_addr = IN6_ADDR(addr_out).s6_addr32[3];
}
#endif
*/
/* Parse mask */
if (maskbits_out) {
int bits = 0;
struct in_addr v4mask;
if (mask) { /* the caller (tried to) specify a mask */
bits = (int) strtol(mask, &endptr, 10);
if (!*endptr) { /* strtol converted everything, so it was an integer */
if ((bits<0 || bits>128) ||
((IN_FAMILY(addr_out) == AF_INET) && bits > 32)) {
log_warn(LD_GENERAL,
"Bad number of mask bits (%d) on address range; rejecting.",
bits);
goto err;
}
} else { /* mask might still be an address-style mask */
if (tor_inet_pton(AF_INET, mask, &v4mask) > 0) {
bits = addr_mask_get_bits(ntohl(v4mask.s_addr));
if (bits < 0) {
log_warn(LD_GENERAL,
"IPv4-style mask %s is not a prefix address; rejecting.",
escaped(mask));
goto err;
}
} else { /* Not IPv4; we don't do address-style IPv6 masks. */
log_warn(LD_GENERAL,
"Malformed mask on address range %s; rejecting.",
escaped(s));
goto err;
}
}
if (IN_FAMILY(addr_out) == AF_INET6 && v4map) {
if (bits > 32 && bits < 96) { /* Crazy */
log_warn(LD_GENERAL,
"Bad mask bits %i for V4-mapped V6 address; rejecting.",
bits);
goto err;
}
/* XXXX020 is this really what we want? */
bits = 96 + bits%32; /* map v4-mapped masks onto 96-128 bits */
}
} else { /* pick an appropriate mask, as none was given */
if (any_flag)
bits = 0; /* This is okay whether it's V6 or V4 (FIX V4-mapped V6!) */
else if (IN_FAMILY(addr_out) == AF_INET)
bits = 32;
else if (IN_FAMILY(addr_out) == AF_INET6)
bits = 128;
}
*maskbits_out = (maskbits_t) bits;
} else {
if (mask) {
log_warn(LD_GENERAL,
"Unexpected mask in addrss %s; rejecting", escaped(s));
goto err;
}
}
/* Parse port(s) */
if (port_min_out) {
uint16_t port2;
if (!port_max_out) /* caller specified one port; fake the second one */
port_max_out = &port2;
if (parse_port_range(port, port_min_out, port_max_out) < 0) {
goto err;
} else if ((*port_min_out != *port_max_out) && port_max_out == &port2) {
log_warn(LD_GENERAL,
"Wanted one port from address range, but there are two.");
port_max_out = NULL; /* caller specified one port, so set this back */
goto err;
}
} else {
if (port) {
log_warn(LD_GENERAL,
"Unexpected ports in addrss %s; rejecting", escaped(s));
goto err;
}
}
tor_free(base);
return IN_FAMILY(addr_out);
err:
tor_free(base);
return -1;
}
/** Determine whether an address is IPv4, either native or ipv4-mapped ipv6.
* Note that this is about representation only, as any decent stack will
* reject ipv4-mapped addresses received on the wire (and won't use them
* on the wire either).
*/
int
tor_addr_is_v4(const tor_addr_t *addr)
{
tor_assert(addr);
if (IN_FAMILY(addr) == AF_INET)
return 1;
if (IN_FAMILY(addr) == AF_INET6) { /* First two don't need to be ordered */
if ((IN6_ADDR(addr)->s6_addr32[0] == 0) &&
(IN6_ADDR(addr)->s6_addr32[1] == 0) &&
(ntohl(IN6_ADDR(addr)->s6_addr32[2]) == 0x0000ffffu))
return 1;
}
return 0; /* Not IPv4 - unknown family or a full-blood IPv6 address */
}
/** Determine whether an address <b>addr</b> is null, either all zeroes or
* belonging to family AF_UNSPEC.
*/
int
tor_addr_is_null(const tor_addr_t *addr)
{
tor_assert(addr);
switch(IN_FAMILY(addr)) {
case AF_INET6:
if (!IN6_ADDR(addr)->s6_addr32[0] && !IN6_ADDR(addr)->s6_addr32[1] &&
!IN6_ADDR(addr)->s6_addr32[2] && !IN6_ADDR(addr)->s6_addr32[3])
return 1;
return 0;
case AF_INET:
if (!IN_ADDR(addr)->s_addr)
return 1;
return 0;
default:
return 1;
}
//return 1;
}
/** Given an IPv4 in_addr struct *<b>in</b> (in network order, as usual),
* write it as a string into the <b>buf_len</b>-byte buffer in
* <b>buf</b>.
*/
int
tor_inet_ntoa(const struct in_addr *in, char *buf, size_t buf_len)
@ -2070,20 +2382,251 @@ tor_inet_ntoa(const struct in_addr *in, char *buf, size_t buf_len)
(int)(uint8_t)((a )&0xff));
}
/** Given a host-order <b>addr</b>, call tor_inet_ntoa() on it
* and return a strdup of the resulting address.
/** Take a 32-bit host-order ipv4 address <b>v4addr</b> and store it in the
* tor_addr *<b>dest</b>.
*
* XXXX020 Temporary, for use while 32-bit int addresses are still being
* passed around.
*/
void
tor_addr_from_ipv4(tor_addr_t *dest, uint32_t v4addr)
{
tor_assert(dest);
memset(dest, 0, sizeof(dest));
dest->sa.sin_family = AF_INET;
dest->sa.sin_addr.s_addr = htonl(v4addr);
}
/** Copy a tor_addr_t from <b>src</b> to <b>dest</b>.
*/
void
tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
{
tor_assert(src && dest);
memcpy(dest, src, sizeof(tor_addr_t));
}
/** DOCDOC */
int
tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2)
{
return tor_addr_compare_masked(addr1, addr2, 128);
}
/** Given two addresses <b>addr1</b> and <b>addr2</b>, return 0 if the two
* addresses are equivalent under the mask mbits, or nonzero if not.
*
* Different address families (IPv4 vs IPv6) are always considered unequal.
*
* Reduce over-specific masks (>128 for ipv6, >32 for ipv4) to 128 or 32.
*/
int
tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
maskbits_t mbits)
{
uint32_t ip4a=0, ip4b=0;
sa_family_t v_family[2];
int idx;
uint32_t masked_a, masked_b;
tor_assert(addr1 && addr2);
v_family[0] = IN_FAMILY(addr1);
v_family[1] = IN_FAMILY(addr2);
if (v_family[0] == AF_INET) { /* If this is native IPv4, note the address */
ip4a = IPV4IPh(addr1); /* Later we risk overwriting a v4-mapped address */
} else if ((v_family[0] == AF_INET6) && tor_addr_is_v4(addr1)) {
v_family[0] = AF_INET;
ip4a = IPV4MAPh(addr1);
}
if (v_family[1] == AF_INET) { /* If this is native IPv4, note the address */
ip4b = IPV4IPh(addr2); /* Later we risk overwriting a v4-mapped address */
} else if ((v_family[1] == AF_INET6) && tor_addr_is_v4(addr2)) {
v_family[1] = AF_INET;
ip4b = IPV4MAPh(addr2);
}
if (v_family[0] > v_family[1]) /* Comparison of virtual families */
return 1;
else if (v_family[0] < v_family[1])
return -1;
if (mbits == 0) /* Under a complete wildcard mask, consider them equal */
return 0;
if (v_family[0] == AF_INET) { /* Real or mapped IPv4 */
#if 0
if (mbits >= 32) {
masked_a = ip4a;
masked_b = ip4b;
} else {
masked_a = ip4a & (0xfffffffful << (32-mbits));
masked_b = ip4b & (0xfffffffful << (32-mbits));
}
#endif
if (mbits > 32)
mbits = 32;
masked_a = ip4a >> (32-mbits);
masked_b = ip4b >> (32-mbits);
if (masked_a < masked_b)
return -1;
else if (masked_a > masked_b)
return 1;
return 0;
} else if (v_family[0] == AF_INET6) { /* Real IPv6 */
maskbits_t lmbits;
const uint32_t *a1 = IN6_ADDR(addr1)->s6_addr32;
const uint32_t *a2 = IN6_ADDR(addr2)->s6_addr32;
for (idx = 0; idx < 4; ++idx) {
if (!mbits)
return 0; /* Mask covers both addresses from here on */
else if (mbits > 32)
lmbits = 32;
else
lmbits = mbits;
masked_a = ntohl(a1[idx]) >> (32-lmbits);
masked_b = ntohl(a2[idx]) >> (32-lmbits);
if (masked_a > masked_b)
return 1;
else if (masked_a < masked_b)
return -1;
if (mbits < 32)
return 0;
mbits -= 32;
}
#if 0
for (idx = 0; idx < 4; ++idx) {
if (mbits <= 32*idx) /* Mask covers both addresses from here on */
return 0;
if (mbits >= 32*(idx+1)) { /* Mask doesn't affect these 32 bits */
lmbits = 32;
} else {
lmbits = mbits % 32;
}
masked_a = ntohl(IN6_ADDR(addr1).s6_addr32[idx]) &
(0xfffffffful << (32-lmbits));
masked_b = ntohl(IN6_ADDR(addr2).s6_addr32[idx]) &
(0xfffffffful << (32-lmbits));
if (masked_a > masked_b)
return 1;
if (masked_a < masked_b)
return -1;
}
#endif
return 0;
}
tor_assert(0); /* Unknown address family */
return -1; /* unknown address family, return unequal? */
}
/** Given a host-order <b>addr</b>, call tor_inet_ntop() on it
* and return a strdup of the resulting address.
*/
char *
tor_dup_addr(uint32_t addr)
{
char buf[INET_NTOA_BUF_LEN];
char buf[TOR_ADDR_BUF_LEN];
struct in_addr in;
in.s_addr = htonl(addr);
tor_inet_ntoa(&in, buf, sizeof(buf));
tor_inet_ntop(AF_INET, &in, buf, sizeof(buf));
return tor_strdup(buf);
}
/** Convert the tor_addr_t *<b>addr</b> into string form and store it in
* <b>dest</b> (no more than <b>len</b> bytes). DOCDOC return value.
*/
const char *
tor_addr_to_str(char *dest, const tor_addr_t *addr, int len)
{
tor_assert(addr && dest);
if (IN_FAMILY(addr) == AF_INET) {
return tor_inet_ntop(AF_INET, IN_ADDR(addr), dest, len);
} else if (IN_FAMILY(addr) == AF_INET6) {
return tor_inet_ntop(AF_INET6, IN6_ADDR(addr), dest, len);
} else {
return NULL;
}
}
/** Convert the string in <b>src</b> to a tor_addr_t <b>addr</b>.
*/
int
tor_addr_from_str(tor_addr_t *addr, const char *src)
{
tor_assert(addr && src);
return tor_addr_parse_mask_ports(src, addr, NULL, NULL, NULL);
}
/** Set *<b>addr</b> to the IP address (if any) of whatever interface
* connects to the internet. This address should only be used in checking
* whether our address has changed. Return 0 on success, -1 on failure.
*/
int
get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
{
int sock=-1, r=-1;
struct sockaddr_storage my_addr, target_addr;
socklen_t my_addr_len;
tor_assert(addr);
memset(addr, 0, sizeof(tor_addr_t));
memset(&target_addr, 0, sizeof(target_addr));
my_addr_len = sizeof(my_addr);
((struct sockaddr_in*)&target_addr)->sin_port = 9; /* DISGARD port */
/* Don't worry: no packets are sent. We just need to use a real address
* on the actual internet. */
if (family == AF_INET6) {
struct sockaddr_in6 *sin6 = (struct sockaddr_in6*)&target_addr;
sock = tor_open_socket(PF_INET6,SOCK_DGRAM,IPPROTO_UDP);
my_addr_len = sizeof(struct sockaddr_in6);
sin6->sin6_family = AF_INET6;
sin6->sin6_addr.s6_addr16[0] = htons(0x2002); /* 2002:: */
} else if (family == AF_INET) {
struct sockaddr_in *sin = (struct sockaddr_in*)&target_addr;
sock = tor_open_socket(PF_INET,SOCK_DGRAM,IPPROTO_UDP);
my_addr_len = sizeof(struct sockaddr_in);
sin->sin_family = AF_INET;
sin->sin_addr.s_addr = htonl(0x12000001); /* 18.0.0.1 */
} else {
return -1;
}
if (sock < 0) {
int e = tor_socket_errno(-1);
log_fn(severity, LD_NET, "unable to create socket: %s",
tor_socket_strerror(e));
goto err;
}
if (connect(sock,(struct sockaddr *)&target_addr,sizeof(target_addr))<0) {
int e = tor_socket_errno(sock);
log_fn(severity, LD_NET, "connect() failed: %s", tor_socket_strerror(e));
goto err;
}
if (getsockname(sock,(struct sockaddr*)&my_addr, &my_addr_len)) {
int e = tor_socket_errno(sock);
log_fn(severity, LD_NET, "getsockname() to determine interface failed: %s",
tor_socket_strerror(e));
goto err;
}
memcpy(addr, &my_addr, sizeof(tor_addr_t));
r=0;
err:
if (sock >= 0)
tor_close_socket(sock);
return r;
}
/**
* Set *<b>addr</b> to the host-order IPv4 address (if any) of whatever
* interface connects to the internet. This address should only be used in
@ -2093,48 +2636,12 @@ tor_dup_addr(uint32_t addr)
int
get_interface_address(int severity, uint32_t *addr)
{
int sock=-1, r=-1;
struct sockaddr_in target_addr, my_addr;
socklen_t my_addr_len = sizeof(my_addr);
tor_addr_t local_addr;
int r;
tor_assert(addr);
*addr = 0;
sock = tor_open_socket(PF_INET,SOCK_DGRAM,IPPROTO_UDP);
if (sock < 0) {
int e = tor_socket_errno(-1);
log_fn(severity, LD_NET, "unable to create socket: %s",
tor_socket_strerror(e));
goto err;
}
memset(&target_addr, 0, sizeof(target_addr));
target_addr.sin_family = AF_INET;
/* discard port */
target_addr.sin_port = 9;
/* 18.0.0.1 (Don't worry: no packets are sent. We just need a real address
* on the internet.) */
target_addr.sin_addr.s_addr = htonl(0x12000001);
if (connect(sock,(struct sockaddr *)&target_addr,sizeof(target_addr))<0) {
int e = tor_socket_errno(sock);
log_fn(severity, LD_NET, "connect() failed: %s", tor_socket_strerror(e));
goto err;
}
if (getsockname(sock, (struct sockaddr*)&my_addr, &my_addr_len)) {
int e = tor_socket_errno(sock);
log_fn(severity, LD_NET, "getsockname() to determine interface failed: %s",
tor_socket_strerror(e));
goto err;
}
*addr = ntohl(my_addr.sin_addr.s_addr);
r=0;
err:
if (sock >= 0)
tor_close_socket(sock);
r = get_interface_address6(severity, AF_INET, &local_addr);
if (r>=0)
*addr = IPV4IPh(&local_addr);
return r;
}

16
src/common/util.h
View File

@ -254,11 +254,25 @@ int parse_addr_and_port_range(const char *s, uint32_t *addr_out,
uint32_t *mask_out, uint16_t *port_min_out,
uint16_t *port_max_out);
int addr_mask_get_bits(uint32_t mask);
#define INET_NTOA_BUF_LEN 16
int tor_inet_ntoa(const struct in_addr *in, char *buf, size_t buf_len);
char *tor_dup_addr(uint32_t addr) ATTR_MALLOC;
int get_interface_address(int severity, uint32_t *addr);
int get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr);
int tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2);
int tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
maskbits_t mask);
int tor_addr_is_v4(const tor_addr_t *addr);
int tor_addr_is_internal(const tor_addr_t *ip, int for_listening) ATTR_PURE;
int tor_addr_parse_mask_ports(const char *s,
tor_addr_t *addr_out, maskbits_t *mask_out,
uint16_t *port_min_out, uint16_t *port_max_out);
const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, int len);
int tor_addr_from_str(tor_addr_t *addr, const char *src);
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src);
void tor_addr_from_ipv4(tor_addr_t *dest, uint32_t v4addr);
int tor_addr_is_null(const tor_addr_t *addr);
/* Process helpers */
void start_daemon(void);
void finish_daemon(const char *desired_cwd);

1
src/or/routerlist.c
View File

@ -3643,7 +3643,6 @@ add_trusted_dir_server(const char *nickname, const char *address,
return;
}
hostname = tor_strdup(address);
a = ntohl(a);
}
ent = tor_malloc_zero(sizeof(trusted_dir_server_t));

207
src/or/test.c
View File

@ -854,13 +854,14 @@ test_util(void)
buf[0] = (char)1;
test_assert(!tor_mem_is_zero(buf, 10));
/* Test inet_ntoa */
/* Test inet_ntop */
{
char tmpbuf[INET_NTOA_BUF_LEN];
char tmpbuf[TOR_ADDR_BUF_LEN];
const char *ip = "176.192.208.224";
struct in_addr in;
tor_inet_aton("18.244.0.188",&in);
tor_inet_ntoa(&in, tmpbuf, sizeof(tmpbuf));
test_streq(tmpbuf, "18.244.0.188");
tor_inet_pton(AF_INET, ip, &in);
tor_inet_ntop(AF_INET, &in, tmpbuf, sizeof(tmpbuf));
test_streq(tmpbuf, ip);
}
/* Test 'escaped' */
@ -1027,12 +1028,67 @@ _test_eq_ip6(struct in6_addr *a, struct in6_addr *b, const char *e1,
test_eq_ip6(&a1, &a2); \
STMT_END
/*XXXX020 make this macro give useful output on failure, and follow the
* conventions of the other test macros. */
#define test_internal_ip(a,b) STMT_BEGIN \
r = tor_inet_pton(AF_INET6, a, &t1.sa6.sin6_addr); \
test_assert(r==1); \
t1.sa6.sin6_family = AF_INET6; \
r = tor_addr_is_internal(&t1, b); \
test_assert(r==1); \
STMT_END
/*XXXX020 make this macro give useful output on failure, and follow the
* conventions of the other test macros. */
#define test_external_ip(a,b) STMT_BEGIN \
r = tor_inet_pton(AF_INET6, a, &t1.sa6.sin6_addr); \
test_assert(r==1); \
t1.sa6.sin6_family = AF_INET6; \
r = tor_addr_is_internal(&t1, b); \
test_assert(r==0); \
STMT_END
/*XXXX020 make this macro give useful output on failure, and follow the
* conventions of the other test macros. */
#define test_addr_convert6(a,b) STMT_BEGIN \
tor_inet_pton(AF_INET6, a, &t1.sa6.sin6_addr); \
tor_inet_pton(AF_INET6, b, &t2.sa6.sin6_addr); \
t1.sa6.sin6_family = AF_INET6; \
t2.sa6.sin6_family = AF_INET6; \
STMT_END
/*XXXX020 make this macro give useful output on failure, and follow the
* conventions of the other test macros. */
#define test_addr_parse(xx) STMT_BEGIN \
r=tor_addr_parse_mask_ports(xx, &t1, &mask, &port1, &port2); \
t2.sa6.sin6_family = AF_INET6; \
p1=tor_inet_ntop(AF_INET6, &t1.sa6.sin6_addr, bug, sizeof(bug)); \
STMT_END
/*XXXX020 make this macro give useful output on failure, and follow the
* conventions of the other test macros. */
#define test_addr_parse_check(ip1, ip2, ip3, ip4, mm, pt1, pt2) STMT_BEGIN \
test_assert(r>=0); \
test_eq(htonl(ip1), IN6_ADDR(&t1)->s6_addr32[0]); \
test_eq(htonl(ip2), IN6_ADDR(&t1)->s6_addr32[1]); \
test_eq(htonl(ip3), IN6_ADDR(&t1)->s6_addr32[2]); \
test_eq(htonl(ip4), IN6_ADDR(&t1)->s6_addr32[3]); \
test_eq(mask, mm); \
test_eq(port1, pt1); \
test_eq(port2, pt2); \
STMT_END
static void
test_ip6_helpers(void)
{
char buf[64];
char buf[TOR_ADDR_BUF_LEN], bug[TOR_ADDR_BUF_LEN];
struct in6_addr a1, a2;
tor_addr_t t1, t2;
int r, i;
uint16_t port1, port2;
maskbits_t mask;
const char *p1;
// struct in_addr b1, b2;
/* Test tor_inet_ntop and tor_inet_pton: IPv6 */
@ -1066,8 +1122,13 @@ test_ip6_helpers(void)
test_ntop6_reduces("0001:0099:BEEF:0006:0123:FFFF:0001:0001",
"1:99:beef:6:123:ffff:1:1");
test_ntop6_reduces("0:0:0:0:0:0:c0a8:0101", "::192.168.1.1");
//test_ntop6_reduces("0:0:0:0:0:0:c0a8:0101", "::192.168.1.1");
test_ntop6_reduces("0:0:0:0:0:ffff:c0a8:0101", "::ffff:192.168.1.1");
test_ntop6_reduces("002:0:0000:0:3::4", "2::3:0:0:4");
test_ntop6_reduces("0:0::3", "::3");
test_ntop6_reduces("008:0::0", "8::");
test_ntop6_reduces("0:0:0:0:0:ffff::1", "::ffff:0.0.0.1");
test_ntop6_reduces("abcd:0:0:0:0:0:7f00::", "abcd::7f00:0");
test_ntop6_reduces("0000:0000:0000:0000:0009:C0A8:0001:0001",
"::9:c0a8:1:1");
test_ntop6_reduces("fe80:0000:0000:0000:0202:1111:0001:0001",
@ -1080,7 +1141,7 @@ test_ip6_helpers(void)
test_pton6_bad("55555::");
test_pton6_bad("9:-60::");
test_pton6_bad("1:2:33333:4:0002:3::");
// test_pton6_bad("1:2:3333:4:00002:3::"); //XXXX not bad.
//test_pton6_bad("1:2:3333:4:00002:3::");// BAD, but glibc doesn't say so.
test_pton6_bad("1:2:3333:4:fish:3::");
test_pton6_bad("1:2:3:4:5:6:7:8:9");
test_pton6_bad("1:2:3:4:5:6:7");
@ -1090,6 +1151,130 @@ test_ip6_helpers(void)
test_pton6_bad("::1.2.3.4.5");
test_pton6_bad("99");
test_pton6_bad("");
test_pton6_bad("1::2::3:4");
test_pton6_bad("a:::b:c");
test_pton6_bad(":::a:b:c");
test_pton6_bad("a:b:c:::");
/* test internal checking */
test_external_ip("fbff:ffff::2:7", 0);
test_internal_ip("fc01::2:7", 0);
test_internal_ip("fdff:ffff::f:f", 0);
test_external_ip("fe00::3:f", 0);
test_external_ip("fe7f:ffff::2:7", 0);
test_internal_ip("fe80::2:7", 0);
test_internal_ip("febf:ffff::f:f", 0);
test_internal_ip("fec0::2:7:7", 0);
test_internal_ip("feff:ffff::e:7:7", 0);
test_external_ip("ff00::e:7:7", 0);
test_internal_ip("::", 0);
test_internal_ip("::1", 0);
test_internal_ip("::1", 1);
test_internal_ip("::", 0);
test_external_ip("::", 1);
test_external_ip("::2", 0);
test_external_ip("2001::", 0);
test_external_ip("ffff::", 0);
test_external_ip("::ffff:0.0.0.0", 1);
test_internal_ip("::ffff:0.0.0.0", 0);
test_internal_ip("::ffff:0.255.255.255", 0);
test_external_ip("::ffff:1.0.0.0", 0);
test_external_ip("::ffff:9.255.255.255", 0);
test_internal_ip("::ffff:10.0.0.0", 0);
test_internal_ip("::ffff:10.255.255.255", 0);
test_external_ip("::ffff:11.0.0.0", 0);
test_external_ip("::ffff:126.255.255.255", 0);
test_internal_ip("::ffff:127.0.0.0", 0);
test_internal_ip("::ffff:127.255.255.255", 0);
test_external_ip("::ffff:128.0.0.0", 0);
test_external_ip("::ffff:172.15.255.255", 0);
test_internal_ip("::ffff:172.16.0.0", 0);
test_internal_ip("::ffff:172.31.255.255", 0);
test_external_ip("::ffff:172.32.0.0", 0);
test_external_ip("::ffff:192.167.255.255", 0);
test_internal_ip("::ffff:192.168.0.0", 0);
test_internal_ip("::ffff:192.168.255.255", 0);
test_external_ip("::ffff:192.169.0.0", 0);
test_external_ip("::ffff:169.253.255.255", 0);
test_internal_ip("::ffff:169.254.0.0", 0);
test_internal_ip("::ffff:169.254.255.255", 0);
test_external_ip("::ffff:169.255.0.0", 0);
/* tor_addr_compare(tor_addr_t x2) */
test_addr_convert6("ffff::", "ffff::0");
test_assert(tor_addr_compare(&t1, &t2) == 0);
test_addr_convert6("0::3:2:1", "0::ffff:0.3.2.1");
test_assert(tor_addr_compare(&t1, &t2) > 0);
test_addr_convert6("0::2:2:1", "0::ffff:0.3.2.1");
test_assert(tor_addr_compare(&t1, &t2) > 0);
test_addr_convert6("0::ffff:0.3.2.1", "0::0:0:0");
test_assert(tor_addr_compare(&t1, &t2) < 0);
test_addr_convert6("0::ffff:5.2.2.1", "::ffff:6.0.0.0");
test_assert(tor_addr_compare(&t1, &t2) < 0); /* XXXX wrong. */
tor_addr_parse_mask_ports("[::ffff:2.3.4.5]", &t1, NULL, NULL, NULL);
tor_addr_parse_mask_ports("2.3.4.5", &t2, NULL, NULL, NULL);
test_assert(tor_addr_compare(&t1, &t2) == 0);
tor_addr_parse_mask_ports("[::ffff:2.3.4.4]", &t1, NULL, NULL, NULL);
tor_addr_parse_mask_ports("2.3.4.5", &t2, NULL, NULL, NULL);
test_assert(tor_addr_compare(&t1, &t2) < 0);
/* XXXX020 test compare_masked */
/* test tor_addr_parse_mask_ports */
test_addr_parse("[::f]/17:47-95");
test_addr_parse_check(0, 0, 0, 0x0000000f, 17, 47, 95);
//test_addr_parse("[::fefe:4.1.1.7/120]:999-1000");
//test_addr_parse_check("::fefe:401:107", 120, 999, 1000);
test_addr_parse("[::ffff:4.1.1.7]/120:443");
test_addr_parse_check(0, 0, 0x0000ffff, 0x04010107, 120, 443, 443);
test_addr_parse("[abcd:2::44a:0]:2-65000");
test_addr_parse_check(0xabcd0002, 0, 0, 0x044a0000, 128, 2, 65000);
r=tor_addr_parse_mask_ports("[fefef::]/112", &t1, NULL, NULL, NULL);
test_assert(r == -1);
r=tor_addr_parse_mask_ports("efef::/112", &t1, NULL, NULL, NULL);
test_assert(r == -1);
r=tor_addr_parse_mask_ports("[f:f:f:f:f:f:f:f::]", &t1, NULL, NULL, NULL);
test_assert(r == -1);
r=tor_addr_parse_mask_ports("[::f:f:f:f:f:f:f:f]", &t1, NULL, NULL, NULL);
test_assert(r == -1);
r=tor_addr_parse_mask_ports("[f:f:f:f:f:f:f:f:f]", &t1, NULL, NULL, NULL);
test_assert(r == -1);
/* Test for V4-mapped address with mask < 96. (arguably not valid) */
r=tor_addr_parse_mask_ports("[::ffff:1.1.2.2/33]", &t1, &mask, NULL, NULL);
test_assert(r == -1);
r=tor_addr_parse_mask_ports("1.1.2.2/33", &t1, &mask, NULL, NULL);
test_assert(r == -1);
r=tor_addr_parse_mask_ports("1.1.2.2/31", &t1, &mask, NULL, NULL);
test_assert(r == AF_INET);
r=tor_addr_parse_mask_ports("[efef::]/112", &t1, &mask, &port1, &port2);
test_assert(r == AF_INET6);
test_assert(port1 == 1);
test_assert(port2 == 65535);
/* make sure inet address lengths >= max */
test_assert(INET_NTOA_BUF_LEN >= sizeof("255.255.255.255"));
test_assert(TOR_ADDR_BUF_LEN >=
sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"));
test_assert(sizeof(tor_addr_t) >= sizeof(struct sockaddr_in6));
/* get interface addresses */
r = get_interface_address6(0, AF_INET, &t1);
i = get_interface_address6(0, AF_INET6, &t2);
tor_inet_ntop(AF_INET, &t1.sa.sin_addr, buf, sizeof(buf));
printf("\nv4 address: %s (family=%i)", buf, IN_FAMILY(&t1));
tor_inet_ntop(AF_INET6, &t2.sa6.sin6_addr, buf, sizeof(buf));
printf("\nv6 address: %s (family=%i)", buf, IN_FAMILY(&t2));
}
static void
@ -1915,7 +2100,7 @@ test_dir_format(void)
ex1.next = &ex2;
ex2.policy_type = ADDR_POLICY_REJECT;
ex2.addr = 18 << 24;
ex2.msk = 0xFF000000u;
ex2.msk = 0xff000000u;
ex2.prt_min = ex2.prt_max = 24;
ex2.next = NULL;
r2.address = tor_strdup("1.1.1.1");
@ -2526,12 +2711,14 @@ static void
test_policies(void)
{
addr_policy_t *policy, *policy2;
tor_addr_t tar;
config_line_t line;
policy = router_parse_addr_policy_from_string("reject 192.168.0.0/16:*",-1);
test_eq(NULL, policy->next);
test_eq(ADDR_POLICY_REJECT, policy->policy_type);
test_eq(0xc0a80000u, policy->addr);
tor_addr_from_ipv4(&tar, 0xc0a80000u);
test_assert(policy->addr == 0xc0a80000u);
test_eq(0xffff0000u, policy->msk);
test_eq(1, policy->prt_min);
test_eq(65535, policy->prt_max);