HIPL

Merge lp:~christian-roeller/hipl/whitelisting into lp:hipl

  1. whitelisting
  2. Merge into trunk
Proposed by Christian Röller
Status: Superseded
Proposed branch: lp:~christian-roeller/hipl/whitelisting
Merge into: lp:hipl
Diff against target: 464 lines (+265/-32)
8 files modified
Makefile.am (+11/-2)
hipd/input.c (+1/-1)
hipd/netdev.c (+85/-28)
hipd/netdev.h (+3/-0)
test/check_hipd.c (+41/-0)
test/hipd/netdev.c (+89/-0)
test/hipd/test_suites.h (+34/-0)
test/lib/core/hostid.c (+1/-1)
To merge this branch: bzr merge lp:~christian-roeller/hipl/whitelisting
Reviewer Review Type Date Requested Status
René Hummen Needs Information
Diego Biurrun Approve
Stefan Götz Pending
Review via email: mp+72487@code.launchpad.net

This proposal supersedes a proposal from 2011-08-22.

This proposal has been superseded by a proposal from 2011-09-13.

Description of the change

Change in the whitelisting of hipl:

The problem with the current whitelisting fuction is, that it only considers the interface-indexes. So when you for instance want to whitelist your eth0 interface, but there are also alias-interfaces for this interface on your machine, then a change for this alias-interfaces would also trigger an update, because these interfaces have the same interface-index for the kernel.

To have a more concrete possibility to whitelist interfaces, I extend the whitelist-structure with the interface-label. So that when you now whitelist your interface eth0, only changes on this interface would trigger an update and not for the alias-interfaces.

I did this by just checking for every incoming NEWADDR netlinkevent, if the corresponding label for this address is whitelisted or not.

So please have a look and just tell if you are fine with this...

To post a comment you must log in.
Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) wrote : Posted in a previous version of this proposal
Download full text (7.4 KiB)

Hi Christian!

Thanks for this helpful contribution! My comments below:

> > === modified file 'hipd/netdev.c'
> > --- hipd/netdev.c 2011-05-31 18:21:28 +0000
> > +++ hipd/netdev.c 2011-07-14 15:34:41 +0000
> > -static void hip_netdev_white_list_add_index(int if_index)
> > +static void hip_netdev_white_list_add_index_and_name(int if_index, const char *const device_name)

[L] cleanup: please add a 'const' modifier to the 'if_index' argument
[L] cleanup: I guess that 'if_index' cannot be less than 0. If so, it would be
nice to change its type to unsigned to communicate this fact to the caller.

> > {
> > if (hip_netdev_white_list_count < HIP_NETDEV_MAX_WHITE_LIST) {
> > - hip_netdev_white_list[hip_netdev_white_list_count++] = if_index;
> > + hip_netdev_white_list[hip_netdev_white_list_count].if_index = if_index;
> > + strncpy(hip_netdev_white_list[hip_netdev_white_list_count].if_label, device_name, IF_NAMESIZE);
[L] maintainability: it is more maintainable to use
'sizeof(hip_netdev_white_list[0].if_label)' than 'IF_NAMESIZE' because then the
size of the 'if_label' field can be changed in the struct declaration without
having to touch other code.

> > @@ -120,16 +127,18 @@
> > }
> >
> > /**
> > - * Test if the given network interface index is white listed.
> > + * Test if the given network interface index plus label is white listed.
> > *
> > * @param if_index the index of the network interface to be tested
> > + * @param device_name the label of the network interface to be tested
> > * @return 1 if the index is whitelisted or zero otherwise
> > */
> > -static int hip_netdev_is_in_white_list(int if_index)
> > +static int hip_netdev_is_in_white_list(int if_index, char *device_name)

[M] policy: please apply full const correctness to the function arguments.
[L] cleanup: it would be nice to change the type of 'if_index' to unsigned as it
can never be < 0 (I guess)

> > {
> > - int i = 0;
> > + int i;
> > for (i = 0; i < hip_netdev_white_list_count; i++) {

[L] style: you could even place the declaration of 'i' in the for() header.

> > - if (hip_netdev_white_list[i] == if_index) {
> > + if (hip_netdev_white_list[i].if_index == if_index &&
> > + !strncmp(hip_netdev_white_list[i].if_label, device_name, IF_NAMESIZE)) {

[L] maintainability: 'sizeof()' instead of 'IF_NAMESIZE', see above

> > @@ -637,7 +645,7 @@
> > HIP_IFEL(!(if_index = if_nametoindex(g_iface->ifa_name)),
> > -1, "if_nametoindex failed\n");
> > /* Check if our interface is in the whitelist */
> > - if ((hip_netdev_white_list_count > 0) && (!hip_netdev_is_in_white_list(if_index))) {
> > + if ((hip_netdev_white_list_count > 0) && (!hip_netdev_is_in_white_list(if_index, g_iface->ifa_name))) {

[L] style: just a general comment: it would make more sense to move the '> 0'
check into the 'hip_netdev_is_in_white_list()' function so the caller does not
need to have internal knowledge about the list implementation. Furthermore it's
a really silly performance optimization.

> > @@ -1125,6 +1133,55 @@
> > }
> >
> > /**
> > + * find interface label for a given ip4 or ip6 addr
...

Read more...

review: Needs Fixing
Revision history for this message
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal

Quick test report: seems to work without any troubles.

Revision history for this message
Christian Röller (christian-roeller) wrote : Posted in a previous version of this proposal
Download full text (9.2 KiB)

Once my exam is over I have finally found the time to work on your improvement suggestions...

> Hi Christian!
>
> Thanks for this helpful contribution! My comments below:
>
> > > === modified file 'hipd/netdev.c'
> > > --- hipd/netdev.c 2011-05-31 18:21:28 +0000
> > > +++ hipd/netdev.c 2011-07-14 15:34:41 +0000
> > > -static void hip_netdev_white_list_add_index(int if_index)
> > > +static void hip_netdev_white_list_add_index_and_name(int if_index, const
> char *const device_name)
>
> [L] cleanup: please add a 'const' modifier to the 'if_index' argument
> [L] cleanup: I guess that 'if_index' cannot be less than 0. If so, it would be
> nice to change its type to unsigned to communicate this fact to the caller.

Both done, you are right no reason here for dont make it unsigned and const...

>
> > > {
> > > if (hip_netdev_white_list_count < HIP_NETDEV_MAX_WHITE_LIST) {
> > > - hip_netdev_white_list[hip_netdev_white_list_count++] = if_index;
> > > + hip_netdev_white_list[hip_netdev_white_list_count].if_index =
> if_index;
> > > +
> strncpy(hip_netdev_white_list[hip_netdev_white_list_count].if_label,
> device_name, IF_NAMESIZE);
> [L] maintainability: it is more maintainable to use
> 'sizeof(hip_netdev_white_list[0].if_label)' than 'IF_NAMESIZE' because then
> the
> size of the 'if_label' field can be changed in the struct declaration without
> having to touch other code.

Good point I didnt take this into account, its changed now

>
> > > @@ -120,16 +127,18 @@
> > > }
> > >
> > > /**
> > > - * Test if the given network interface index is white listed.
> > > + * Test if the given network interface index plus label is white listed.
> > > *
> > > * @param if_index the index of the network interface to be tested
> > > + * @param device_name the label of the network interface to be tested
> > > * @return 1 if the index is whitelisted or zero otherwise
> > > */
> > > -static int hip_netdev_is_in_white_list(int if_index)
> > > +static int hip_netdev_is_in_white_list(int if_index, char *device_name)
>
> [M] policy: please apply full const correctness to the function arguments.
> [L] cleanup: it would be nice to change the type of 'if_index' to unsigned as
> it
> can never be < 0 (I guess)

Same as above, so done...

>
> > > {
> > > - int i = 0;
> > > + int i;
> > > for (i = 0; i < hip_netdev_white_list_count; i++) {
>
> [L] style: you could even place the declaration of 'i' in the for() header.

Yes I can, so I did... ;-) The actual writer did it like this, so I just adopt it...

>
> > > - if (hip_netdev_white_list[i] == if_index) {
> > > + if (hip_netdev_white_list[i].if_index == if_index &&
> > > + !strncmp(hip_netdev_white_list[i].if_label, device_name,
> IF_NAMESIZE)) {
>
> [L] maintainability: 'sizeof()' instead of 'IF_NAMESIZE', see above

Done...but I use sizeof()-1 to do not override the null-termination

>
> > > @@ -637,7 +645,7 @@
> > > HIP_IFEL(!(if_index = if_nametoindex(g_iface->ifa_name)),
> > > -1, "if_nametoindex failed\n");
> > > /* Check if our interface is in the whitelist */
> > > - if ((hip_netdev_white_list_count ...

Read more...

Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) wrote : Posted in a previous version of this proposal
Download full text (4.4 KiB)

Hi Christian!

Thanks for your detailed reply! I was on holidays so that's why my answer is
quite late:

>>>> - if (hip_netdev_white_list[i] == if_index) {
>>>> + if (hip_netdev_white_list[i].if_index == if_index &&
>>>> + !strncmp(hip_netdev_white_list[i].if_label, device_name,
>> IF_NAMESIZE)) {
>>
>> [L] maintainability: 'sizeof()' instead of 'IF_NAMESIZE', see above
>
> Done...but I use sizeof()-1 to do not override the null-termination

Hm - in the case of the read-only 'strncmp()' function, I'm pretty sure that you
want to check both strings to their full extent, including the null-terminating
character. Otherwise, you can get false positives with unterminated strings (I
know, that's a pathological case, but still, passing 'sizeof() - 1' to
'strncmp()' seems logically incorrect to me).

>>>> +int hip_find_label_for_address(struct sockaddr *addr, char *label)
>>
>> [M] policy: please ensure full const correctness
>
> I write to label and cast addr, so I cannot declare const, can I?

You can use 'const struct sockaddr *const addr' and cast it to 'const struct
sockaddr_in const* s4_in'. Similarly, you can use 'char *const label' as you do
not intend to or do change the pointer value.

>>>> + res = getifaddrs(&myaddrs);
>>>> + for (ifa = myaddrs; ifa != NULL; ifa = ifa->ifa_next) {
>>>> + if (ifa->ifa_addr == NULL) continue;
>>>> + if (ifa->ifa_addr->sa_family != AF_INET &&
>> ifa->ifa_addr->sa_family != AF_INET6) continue;
>>
>> [M] policy: HIPL always uses "long" if statements including braces and
>> newlines.
>> Please adhere to that style. Do you use the pre-commit hook for checking your
>> code style? I'm asking because I'm surprised that the checker does not catch
>> this.
>
> For me the statement doesnt include braces or a new line. Maybe I have changed it and forgot to commit it...maybe you can check it again...

Exactly my point: it *should* include braces and newlines but currently it does
not :-) It should read

if (ifa->ifa_addr == NULL) {
 continue;
}

etc.

>> [L] maintainability: similar to the above cases, 'sizeof(s4_in)' would be more
>> easily maintainable and more obvious to read than 'sizeof(struct
>> sockaddr_in)'.
>> The same applies to the code below.
>>
>>>> + strncpy(label, ifa->ifa_name, IF_NAMESIZE);
>>
>> [L] 'sizeof()'
>
> Both done, like described above...

Just like 'strncmp()', 'strncpy()' should use the full character array - the
code should also check that the string to copy is not longer than the given
character array - 1 or otherwise return an error from the function. Only this
combination will ensure that the string is either copied correctly or an error
is detected under all circumstances.

>>>> + freeifaddrs(myaddrs);
>>>> + return 1;
>>>> + }
>>>> + }
>>>> + if (ifa->ifa_addr->sa_family == AF_INET6) {
>>>> + s6 = (struct sockaddr_in6 *)(ifa->ifa_addr);
>>>> + if (!memcmp(s6_in, s6, sizeof(struct sockaddr_in6))) {
>>>> + strncpy(label, ifa->ifa_name, IF_NAMESIZE);
>>>> + freeifaddrs(myaddrs);
>>>> + return 1;
>>
>> [L] styl...

Read more...

Revision history for this message
Christian Röller (christian-roeller) wrote : Posted in a previous version of this proposal
Download full text (5.1 KiB)

> Hi Christian!
>
> Thanks for your detailed reply! I was on holidays so that's why my answer is
> quite late:

No problem my first reply has also taken a while due to my exam preparations ;-)

>
> >>>> - if (hip_netdev_white_list[i] == if_index) {
> >>>> + if (hip_netdev_white_list[i].if_index == if_index &&
> >>>> + !strncmp(hip_netdev_white_list[i].if_label, device_name,
> >> IF_NAMESIZE)) {
> >>
> >> [L] maintainability: 'sizeof()' instead of 'IF_NAMESIZE', see above
> >
> > Done...but I use sizeof()-1 to do not override the null-termination
>
> Hm - in the case of the read-only 'strncmp()' function, I'm pretty sure that
> you
> want to check both strings to their full extent, including the null-
> terminating
> character. Otherwise, you can get false positives with unterminated strings (I
> know, that's a pathological case, but still, passing 'sizeof() - 1' to
> 'strncmp()' seems logically incorrect to me).

Yes of course...I never did it in the code. This was just a comment at the wrong position.

>
> >>>> +int hip_find_label_for_address(struct sockaddr *addr, char *label)
> >>
> >> [M] policy: please ensure full const correctness
> >
> > I write to label and cast addr, so I cannot declare const, can I?
>
> You can use 'const struct sockaddr *const addr' and cast it to 'const struct
> sockaddr_in const* s4_in'. Similarly, you can use 'char *const label' as you
> do
> not intend to or do change the pointer value.

Yes you are right, did it.

>
> >>>> + res = getifaddrs(&myaddrs);
> >>>> + for (ifa = myaddrs; ifa != NULL; ifa = ifa->ifa_next) {
> >>>> + if (ifa->ifa_addr == NULL) continue;
> >>>> + if (ifa->ifa_addr->sa_family != AF_INET &&
> >> ifa->ifa_addr->sa_family != AF_INET6) continue;
> >>
> >> [M] policy: HIPL always uses "long" if statements including braces and
> >> newlines.
> >> Please adhere to that style. Do you use the pre-commit hook for checking
> your
> >> code style? I'm asking because I'm surprised that the checker does not
> catch
> >> this.
> >
> > For me the statement doesnt include braces or a new line. Maybe I have
> changed it and forgot to commit it...maybe you can check it again...
>
> Exactly my point: it *should* include braces and newlines but currently it
> does
> not :-) It should read
>
> if (ifa->ifa_addr == NULL) {
> continue;
> }
>
> etc.

Ah OK now I got your point...sorry ;-) I changed it

>
> >> [L] maintainability: similar to the above cases, 'sizeof(s4_in)' would be
> more
> >> easily maintainable and more obvious to read than 'sizeof(struct
> >> sockaddr_in)'.
> >> The same applies to the code below.
> >>
> >>>> + strncpy(label, ifa->ifa_name, IF_NAMESIZE);
> >>
> >> [L] 'sizeof()'
> >
> > Both done, like described above...
>
> Just like 'strncmp()', 'strncpy()' should use the full character array - the
> code should also check that the string to copy is not longer than the given
> character array - 1 or otherwise return an error from the function. Only this
> combination will ensure that the string is either copied correctly or an error
> is detected under all circumstances.

OK, I changed it in the following way:
I chec...

Read more...

Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) : Posted in a previous version of this proposal
review: Approve
Revision history for this message
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal

 review needs-fixing

On Thu, Jul 14, 2011 at 03:34:45PM +0000, Christian Röller wrote:
> Christian Röller has proposed merging lp:~christian-roeller/hipl/whitelisting into lp:hipl.

Formatting is messed-up. Didn't you install the uncrustify pre-commit
hook as described in doc/HACKING? Why?

Diego

review: Needs Fixing
Revision history for this message
Christian Röller (christian-roeller) wrote : Posted in a previous version of this proposal

> review needs-fixing
>
> On Thu, Jul 14, 2011 at 03:34:45PM +0000, Christian Röller wrote:
> > Christian Röller has proposed merging lp:~christian-
> roeller/hipl/whitelisting into lp:hipl.
>
> Formatting is messed-up. Didn't you install the uncrustify pre-commit
> hook as described in doc/HACKING? Why?
>
> Diego

Sorry for that, I checked now my modifications with the stylechecker and correct everything it complained about.

Revision history for this message
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal

On Mon, Aug 01, 2011 at 09:19:26AM +0000, Christian Röller wrote:
> > On Thu, Jul 14, 2011 at 03:34:45PM +0000, Christian Röller wrote:
> > > Christian Röller has proposed merging lp:~christian-
> > roeller/hipl/whitelisting into lp:hipl.
> >
> > Formatting is messed-up. Didn't you install the uncrustify pre-commit
> > hook as described in doc/HACKING? Why?
>
> Sorry for that, I checked now my modifications with the stylechecker
> and correct everything it complained about.

I'm not trying to pass blame around. I want to know why some of our
processes are not working as intended, so that we can fix them.

Why were you not running uncrustify? Did you just forget to install
the hook (no big deal, we all make mistakes and we have review for a
reason) or did you not know about it? Where would we have to advertise
it so that the next newcomer is informed of its existence?

Diego

Revision history for this message
Christian Röller (christian-roeller) wrote : Posted in a previous version of this proposal

> On Mon, Aug 01, 2011 at 09:19:26AM +0000, Christian Röller wrote:
> > > On Thu, Jul 14, 2011 at 03:34:45PM +0000, Christian Röller wrote:
> > > > Christian Röller has proposed merging lp:~christian-
> > > roeller/hipl/whitelisting into lp:hipl.
> > >
> > > Formatting is messed-up. Didn't you install the uncrustify pre-commit
> > > hook as described in doc/HACKING? Why?
> >
> > Sorry for that, I checked now my modifications with the stylechecker
> > and correct everything it complained about.
>
> I'm not trying to pass blame around. I want to know why some of our
> processes are not working as intended, so that we can fix them.
>
> Why were you not running uncrustify? Did you just forget to install
> the hook (no big deal, we all make mistakes and we have review for a
> reason) or did you not know about it? Where would we have to advertise
> it so that the next newcomer is informed of its existence?
>
> Diego

I have heard that there is a hook for this, but as this is my first share,
I just forgot to install it.
So in this case it was just my fault...
But for the next newcomers, it would be nice to advertise the HACKING doc a
little bit more, because it is very helpful and I don't know about it. I just
heard about the stylechecker through the grapevine.

So sorry again and thanks for the infos...
Christian

Revision history for this message
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal

On Mon, Aug 01, 2011 at 09:59:28AM +0000, Christian Röller wrote:
> > On Mon, Aug 01, 2011 at 09:19:26AM +0000, Christian Röller wrote:
> > > > On Thu, Jul 14, 2011 at 03:34:45PM +0000, Christian Röller wrote:
> > > > > Christian Röller has proposed merging lp:~christian-
> > > > roeller/hipl/whitelisting into lp:hipl.
> > > >
> > > > Formatting is messed-up. Didn't you install the uncrustify pre-commit
> > > > hook as described in doc/HACKING? Why?
> > >
> > > Sorry for that, I checked now my modifications with the stylechecker
> > > and correct everything it complained about.
> >
> > I'm not trying to pass blame around. I want to know why some of our
> > processes are not working as intended, so that we can fix them.
> >
> > Why were you not running uncrustify? Did you just forget to install
> > the hook (no big deal, we all make mistakes and we have review for a
> > reason) or did you not know about it? Where would we have to advertise
> > it so that the next newcomer is informed of its existence?
>
> I have heard that there is a hook for this, but as this is my first share,
> I just forgot to install it.
> So in this case it was just my fault...

I repeat: I'm not trying to pass blame around. Stop apologizing please.

> But for the next newcomers, it would be nice to advertise the HACKING doc a
> little bit more, because it is very helpful and I don't know about it. I just
> heard about the stylechecker through the grapevine.

I've updated INSTALL and the PISA wiki slightly. There's still room for
improvement though.

Diego

Revision history for this message
Christian Röller (christian-roeller) wrote : Posted in a previous version of this proposal

Hi,

sorry for my long absence, it was again exam-time ;-)

So I correct everything, which were mentioned. Are there more improvement suggestions or any other reasons why it should not be merged in this version?
Otherwise I would do so.
I merged it locally and as there are only a few changes in two files, it works without any trouble.
The same applies for the compiling.

Regards,
Christian

Revision history for this message
René Hummen (rene-hummen) wrote : Posted in a previous version of this proposal

Diego, have your comments been tackled? If so, please approve the merge request.

Revision history for this message
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal

On Wed, Aug 10, 2011 at 02:07:38PM +0000, Christian Röller wrote:
>
> So I correct everything, which were mentioned. Are there more
> improvement suggestions or any other reasons why it should not be
> merged in this version?
> Otherwise I would do so.

The general idea is that you resubmit a fixed merge proposal.

Diego

Revision history for this message
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal

On Wed, Aug 10, 2011 at 02:39:35PM +0000, René Hummen wrote:
> Diego, have your comments been tackled? If so, please approve the merge request.

There was no updated merge request, so the answer is no.

Diego

Revision history for this message
Christian Röller (christian-roeller) wrote : Posted in a previous version of this proposal

> On Wed, Aug 10, 2011 at 02:39:35PM +0000, René Hummen wrote:
> > Diego, have your comments been tackled? If so, please approve the merge
> request.
>
> There was no updated merge request, so the answer is no.
>
> Diego

I correct the code style violations with revision 5987.
What do you mean with updated merge request? I answered on your needs-fixing comment and correct it.
I did the same for Stefan's needs-fixing request and he approved it.
What should I rather have done?

Christian

Revision history for this message
René Hummen (rene-hummen) wrote : Posted in a previous version of this proposal

On 10.08.2011, at 17:11, Christian Röller wrote:
>> On Wed, Aug 10, 2011 at 02:39:35PM +0000, René Hummen wrote:
>>> Diego, have your comments been tackled? If so, please approve the merge
>> request.
>>
>> There was no updated merge request, so the answer is no.
>>
>> Diego
>
> I correct the code style violations with revision 5987.
> What do you mean with updated merge request? I answered on your needs-fixing comment and correct it.
> I did the same for Stefan's needs-fixing request and he approved it.
> What should I rather have done?

In the top right corner of your merge proposal page on the Launchpad website, you can follow the link "Resubmit proposal". Don't check the option to "start afresh" in order to keep the discussion history intact and for others to follow the whole conversation.

Ciao,
René

--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://www.comsys.rwth-aachen.de/team/rene-hummen/

Revision history for this message
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal

On Wed, Aug 10, 2011 at 03:11:23PM +0000, Christian Röller wrote:
> > On Wed, Aug 10, 2011 at 02:39:35PM +0000, René Hummen wrote:
> > > Diego, have your comments been tackled? If so, please approve the merge
> > request.
> >
> > There was no updated merge request, so the answer is no.
>
> I correct the code style violations with revision 5987.
> What do you mean with updated merge request? I answered on your
> needs-fixing comment and correct it.
> I did the same for Stefan's needs-fixing request and he approved it.
> What should I rather have done?

Maybe you did fix it in your branch, but how would we know? We never
had a chance to see and review it. What you should do now is send
another merge request from your updated branch.

Diego

Revision history for this message
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal

On Wed, Aug 10, 2011 at 03:28:27PM +0000, Christian Röller wrote:
> Christian Röller has proposed merging lp:~christian-roeller/hipl/whitelisting into lp:hipl.

Did you run

  make alltests
  tools/hipl_autobuild.sh

with this branch?

> --- hipd/netdev.c 2011-05-25 09:22:19 +0000
> +++ hipd/netdev.c 2011-08-10 15:28:20 +0000
> @@ -99,19 +99,26 @@
> -static void hip_netdev_white_list_add_index(int if_index)
> +static void hip_netdev_white_list_add_index_and_name(const unsigned int if_index, const char *const device_name)

Please keep lines below 80 characters where easily possible, like here.

More examples below...

> @@ -1122,6 +1131,68 @@
>
> /**
> + * This functions gives you the interface label for a given ip4 or ip6 addr.

IPv4, IPv6 address

> + * @param addr address for which you want to know the label
> + * @param label pointer where the function stores the label
> + * @return one on success, zero on error and write the label in param label

Is the label written in both cases?

> +int hip_find_label_for_address(const struct sockaddr *const addr, char *const label)
> +{
> +
> + if (addr->sa_family == AF_INET) {
> + s4_in = (const struct sockaddr_in *const) (addr);
> + }
> + if (addr->sa_family == AF_INET6) {
> + s6_in = (const struct sockaddr_in6 *const) (addr);
> + }

An else will save you a comparison here.

> + getifaddrs(&myaddrs);
> + for (ifa = myaddrs; ifa != NULL; ifa = ifa->ifa_next) {
> + if (ifa->ifa_addr == NULL) {
> + continue;
> + }
> + if (ifa->ifa_addr->sa_family != AF_INET && ifa->ifa_addr->sa_family != AF_INET6) {
> + continue;
> + }

These two could be merged.

> + if (ifa->ifa_addr->sa_family == AF_INET) {
> + s4 = (struct sockaddr_in *) (ifa->ifa_addr);

pointless ()

> + if (ifa->ifa_addr->sa_family == AF_INET6) {
> + s6 = (struct sockaddr_in6 *) (ifa->ifa_addr);

pointless ()

As above, if you use else here, you could save a comparison.

> + if (!memcmp(s4_in, s4, sizeof(s4))) {
> + if (strlen(ifa->ifa_name) <= sizeof(label) - 1) {
> + strncpy(label, ifa->ifa_name, sizeof(label) - 1);
> + res = 1;
> + } else {
> + res = 0;
> + }
> + break;

> + if (!memcmp(s6_in, s6, sizeof(s6))) {
> + if (strlen(ifa->ifa_name) <= sizeof(label) - 1) {
> + strncpy(label, ifa->ifa_name, sizeof(label) - 1);
> + res = 1;
> + } else {
> + res = 0;
> + }
> + break;

Isn't there a way to avoid this code duplication?

Diego

Revision history for this message
Diego Biurrun (diego-biurrun) : Posted in a previous version of this proposal
review: Needs Fixing
Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) wrote : Posted in a previous version of this proposal

Fixing Diego's comments sure won't hurt, but otherwise I'm okay with this.

review: Approve
Revision history for this message
Christian Röller (christian-roeller) wrote : Posted in a previous version of this proposal
Download full text (3.3 KiB)

> On Wed, Aug 10, 2011 at 03:28:27PM +0000, Christian Röller wrote:
> > Christian Röller has proposed merging lp:~christian-
> roeller/hipl/whitelisting into lp:hipl.
>
> Did you run
>
> make alltests
> tools/hipl_autobuild.sh

Yes I run make alltests. It seems to be OK, I get no errors and it results with "archives ready for distribution".
I am not really sure how to use the autobuild script. How and from which machine can I run this script manually to build my branch?
Can it come to problems, although make and make alltests run without ones?

>
> with this branch?
>
> > --- hipd/netdev.c 2011-05-25 09:22:19 +0000
> > +++ hipd/netdev.c 2011-08-10 15:28:20 +0000
> > @@ -99,19 +99,26 @@
> > -static void hip_netdev_white_list_add_index(int if_index)
> > +static void hip_netdev_white_list_add_index_and_name(const unsigned int
> if_index, const char *const device_name)
>
> Please keep lines below 80 characters where easily possible, like here.

Done...

>
> More examples below...
>
> > @@ -1122,6 +1131,68 @@
> >
> > /**
> > + * This functions gives you the interface label for a given ip4 or ip6
> addr.
>
> IPv4, IPv6 address

Done...

>
> > + * @param addr address for which you want to know the label
> > + * @param label pointer where the function stores the label
> > + * @return one on success, zero on error and write the label in param label
>
> Is the label written in both cases?

Done...only if the address exists in the system

>
> > +int hip_find_label_for_address(const struct sockaddr *const addr, char
> *const label)
> > +{
> > +
> > + if (addr->sa_family == AF_INET) {
> > + s4_in = (const struct sockaddr_in *const) (addr);
> > + }
> > + if (addr->sa_family == AF_INET6) {
> > + s6_in = (const struct sockaddr_in6 *const) (addr);
> > + }
>
> An else will save you a comparison here.
>
> > + getifaddrs(&myaddrs);
> > + for (ifa = myaddrs; ifa != NULL; ifa = ifa->ifa_next) {
> > + if (ifa->ifa_addr == NULL) {
> > + continue;
> > + }
> > + if (ifa->ifa_addr->sa_family != AF_INET && ifa->ifa_addr->sa_family
> != AF_INET6) {
> > + continue;
> > + }
>
> These two could be merged.
>
> > + if (ifa->ifa_addr->sa_family == AF_INET) {
> > + s4 = (struct sockaddr_in *) (ifa->ifa_addr);
>
> pointless ()
>
> > + if (ifa->ifa_addr->sa_family == AF_INET6) {
> > + s6 = (struct sockaddr_in6 *) (ifa->ifa_addr);
>
> pointless ()
>
> As above, if you use else here, you could save a comparison.
>
> > + if (!memcmp(s4_in, s4, sizeof(s4))) {
> > + if (strlen(ifa->ifa_name) <= sizeof(label) - 1) {
> > + strncpy(label, ifa->ifa_name, sizeof(label) - 1);
> > + res = 1;
> > + } else {
> > + res = 0;
> > + }
> > + break;
>
> > + if (!memcmp(s6_in, s6, sizeof(s6))) {
> > + if (strlen(ifa->ifa_name) <= sizeof(label) - 1) {
> > + strncpy(label, ifa->ifa_name, sizeof(label) - 1);
> > + res = 1;
> > + } else {
> > + ...

Read more...

Revision history for this message
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal

On Thu, Aug 11, 2011 at 11:47:26AM +0000, Christian Röller wrote:
> > On Wed, Aug 10, 2011 at 03:28:27PM +0000, Christian Röller wrote:
> > > Christian Röller has proposed merging lp:~christian-
> > roeller/hipl/whitelisting into lp:hipl.
> >
> > Did you run
> >
> > make alltests
> > tools/hipl_autobuild.sh
>
> Yes I run make alltests. It seems to be OK, I get no errors and it
> results with "archives ready for distribution". I am not really sure
> how to use the autobuild script. How and from which machine can I run
> this script manually to build my branch?

Did you try running or reading the script?

> Can it come to problems, although make and make alltests run without ones?

Yes.

Diego

Revision history for this message
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal

 review needs-fixing

On Thu, Aug 11, 2011 at 11:48:47AM +0000, Christian Röller wrote:
> Christian Röller has proposed merging lp:~christian-roeller/hipl/whitelisting into lp:hipl.
>
> --- hipd/netdev.c 2011-05-25 09:22:19 +0000
> +++ hipd/netdev.c 2011-08-11 11:48:38 +0000
> @@ -99,19 +99,27 @@
> if (hip_netdev_white_list_count < HIP_NETDEV_MAX_WHITE_LIST) {
> - hip_netdev_white_list[hip_netdev_white_list_count++] = if_index;
> + hip_netdev_white_list[hip_netdev_white_list_count].if_index = if_index;
> + strncpy(hip_netdev_white_list[hip_netdev_white_list_count].if_label, device_name, sizeof(hip_netdev_white_list[0].if_label) - 1);

This is an opportunity for breaking a line, as is

> @@ -119,17 +127,20 @@
>
> -static int hip_netdev_is_in_white_list(int if_index)
> +static int hip_netdev_is_in_white_list(const unsigned int if_index, const char *const device_name)

this one

> + if (hip_netdev_white_list_count > 0) {
> + for (unsigned int i = 0; i < hip_netdev_white_list_count; i++) {
> + if (hip_netdev_white_list[i].if_index == if_index &&
> + !strncmp(hip_netdev_white_list[i].if_label, device_name, sizeof(hip_netdev_white_list[0].if_label))) {

and this one.

> @@ -1122,6 +1132,40 @@
>
> /**
> + * This functions gives you the interface label for a given IPv4 or IPv6 address.

This sentence explains why starting a sentence with "this sentence" is
redundant and weird.

> + * @param addr address for which you want to know the label
> + * @param label pointer where the function stores the label
> + * @return one on success, zero on error and write the label in param label
> + * if the given addr exists in the system

address

The usual convention is to return zero on success, not one.

> +int hip_find_label_for_address(const struct sockaddr *const addr, char *const label)

long line

> +{
> + int res = 0;
> + struct ifaddrs *myaddrs, *ifa = NULL;
> +
> + getifaddrs(&myaddrs);
> + for (ifa = myaddrs; ifa != NULL; ifa = ifa->ifa_next) {
> + if (ifa->ifa_addr == NULL ||
> + (ifa->ifa_addr->sa_family != AF_INET && ifa->ifa_addr->sa_family != AF_INET6)) {

long line

> @@ -1213,6 +1252,18 @@
>
> + /* find interface label for address and check if it is whitelisted or not */
> + if (is_add) {
> + char label[IF_NAMESIZE];
> + if (hip_find_label_for_address(addr, label)) {
> + if ((!hip_netdev_is_in_white_list(ifa->ifa_index, label))) {
> + HIP_DEBUG("Interface:<%s> is not whitelisted\n", label);
> + continue;

The conditions can be merged.

> --- hipd/netdev.h 2011-05-18 15:12:07 +0000
> +++ hipd/netdev.h 2011-08-11 11:48:38 +0000
> @@ -56,4 +56,6 @@
>
> +int hip_find_label_for_address(const struct sockaddr *const addr, char *const label);

long line

Diego

review: Needs Fixing
Revision history for this message
Christian Röller (christian-roeller) wrote : Posted in a previous version of this proposal
Download full text (3.2 KiB)

> review needs-fixing
>
> On Thu, Aug 11, 2011 at 11:48:47AM +0000, Christian Röller wrote:
> > Christian Röller has proposed merging lp:~christian-
> roeller/hipl/whitelisting into lp:hipl.
> >
> > --- hipd/netdev.c 2011-05-25 09:22:19 +0000
> > +++ hipd/netdev.c 2011-08-11 11:48:38 +0000
> > @@ -99,19 +99,27 @@
> > if (hip_netdev_white_list_count < HIP_NETDEV_MAX_WHITE_LIST) {
> > - hip_netdev_white_list[hip_netdev_white_list_count++] = if_index;
> > + hip_netdev_white_list[hip_netdev_white_list_count].if_index =
> if_index;
> > +
> strncpy(hip_netdev_white_list[hip_netdev_white_list_count].if_label,
> device_name, sizeof(hip_netdev_white_list[0].if_label) - 1);
>
> This is an opportunity for breaking a line, as is
>
> > @@ -119,17 +127,20 @@
> >
> > -static int hip_netdev_is_in_white_list(int if_index)
> > +static int hip_netdev_is_in_white_list(const unsigned int if_index, const
> char *const device_name)
>
> this one
>
> > + if (hip_netdev_white_list_count > 0) {
> > + for (unsigned int i = 0; i < hip_netdev_white_list_count; i++) {
> > + if (hip_netdev_white_list[i].if_index == if_index &&
> > + !strncmp(hip_netdev_white_list[i].if_label, device_name,
> sizeof(hip_netdev_white_list[0].if_label))) {
>
> and this one.
>
> > @@ -1122,6 +1132,40 @@
> >
> > /**
> > + * This functions gives you the interface label for a given IPv4 or IPv6
> address.
>
> This sentence explains why starting a sentence with "this sentence" is
> redundant and weird.
>
> > + * @param addr address for which you want to know the label
> > + * @param label pointer where the function stores the label
> > + * @return one on success, zero on error and write the label in param label
> > + * if the given addr exists in the system
>
> address
>
> The usual convention is to return zero on success, not one.
>
> > +int hip_find_label_for_address(const struct sockaddr *const addr, char
> *const label)
>
> long line
>
> > +{
> > + int res = 0;
> > + struct ifaddrs *myaddrs, *ifa = NULL;
> > +
> > + getifaddrs(&myaddrs);
> > + for (ifa = myaddrs; ifa != NULL; ifa = ifa->ifa_next) {
> > + if (ifa->ifa_addr == NULL ||
> > + (ifa->ifa_addr->sa_family != AF_INET &&
> ifa->ifa_addr->sa_family != AF_INET6)) {
>
> long line
>
> > @@ -1213,6 +1252,18 @@
> >
> > + /* find interface label for address and check if it is
> whitelisted or not */
> > + if (is_add) {
> > + char label[IF_NAMESIZE];
> > + if (hip_find_label_for_address(addr, label)) {
> > + if ((!hip_netdev_is_in_white_list(ifa->ifa_index,
> label))) {
> > + HIP_DEBUG("Interface:<%s> is not whitelisted\n",
> label);
> > + continue;
>
> The conditions can be merged.
>
> > --- hipd/netdev.h 2011-05-18 15:12:07 +0000
> > +++ hipd/netdev.h 2011-08-11 11:48:38 +0000
> > @@ -56,4 +56,6 @@
> >
> > +int hip_find_label_for_address(const struct sockaddr *const addr, char
> *const label);
>
> long line
>
> Diego

Everything done...
I also adapt the autobuild script to my local system conditi...

Read more...

Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) wrote : Posted in a previous version of this proposal

Hi Christian!

Sorry for coming back late with required fixes :-(

> /**
> + * Gives you the interface label for a given IPv4 or IPv6 address.
> + *
> + * @param addr address for which you want to know the label
> + * @param label pointer where the function stores the label
> + * @return zero on success, one on error and write the label in param label
> + * if the given address exists in the system
> + */
> +int hip_find_label_for_address(const struct sockaddr *const addr,
> + char *const label)

[M] safety: this function is not very safe in how it handles the length of the memory buffer pointed to by 'label'. Please either document clearly how large the memory buffer needs to be and what happens if it is not or add code that helps to avoid buffer overflows here.

[M] policy: since this is a new function, it needs to be checked by a unit test. I know it's a PITA but unit tests, for example, immediately point to such issues as the memory buffer handling.

Regards,
 Stefan

review: Needs Fixing
Revision history for this message
Christian Röller (christian-roeller) wrote : Posted in a previous version of this proposal

> Hi Christian!

Hi

>
> Sorry for coming back late with required fixes :-(

no problem...

>
> > /**
> > + * Gives you the interface label for a given IPv4 or IPv6 address.
> > + *
> > + * @param addr address for which you want to know the label
> > + * @param label pointer where the function stores the label
> > + * @return zero on success, one on error and write the label in param label
> > + * if the given address exists in the system
> > + */
> > +int hip_find_label_for_address(const struct sockaddr *const addr,
> > + char *const label)
>
> [M] safety: this function is not very safe in how it handles the length of the
> memory buffer pointed to by 'label'. Please either document clearly how large
> the memory buffer needs to be and what happens if it is not or add code that
> helps to avoid buffer overflows here.

What is exactly the safety problem here? Do you mean I should additionally mention that label
sould be at least as big as IF_NAMESIZE, so that every possible interfacelabel length would fit?
Because right now I check whether the found interfacelabel is not bigger than the associated memory for label. And only if this is the case I will write to label. And I never write more than sizeof(label) bytes to label. Is this not enough to avoid a buffer overflow?
Right now the function will just return 1 if label would be to small. Maybe I should introduce here a special return value to make the debugging easier for the caller. What do you think?

>
> [M] policy: since this is a new function, it needs to be checked by a unit
> test. I know it's a PITA but unit tests, for example, immediately point to
> such issues as the memory buffer handling.
>
> Regards,
> Stefan

Christian

Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) wrote : Posted in a previous version of this proposal

Hi Christian!

> > > +int hip_find_label_for_address(const struct sockaddr *const addr,
> > > + char *const label)
> >
> > [M] safety: this function is not very safe in how it handles the length of
[...]
>
> What is exactly the safety problem here?

Nothing - sorry, I simply misread the code.

Stefan

Revision history for this message
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal

 review needs-fixing

On Mon, Aug 22, 2011 at 11:47:44AM +0000, Christian Röller wrote:
> Christian Röller has proposed merging lp:~christian-roeller/hipl/whitelisting into lp:hipl.

The word is "whitelist", not "white list". This is not exactly very
important, but since you are changing some parts of it, you might fix it
on the lines you are touching anyway.

> --- hipd/netdev.c 2011-08-15 14:11:56 +0000
> +++ hipd/netdev.c 2011-08-22 11:47:21 +0000
> @@ -97,19 +97,28 @@
> -static int hip_netdev_white_list[HIP_NETDEV_MAX_WHITE_LIST];
> -static int hip_netdev_white_list_count = 0;
> +struct hip_netdev_whiteliste_entry {
> + unsigned int if_index;
> + char if_label[IF_NAMESIZE];
> +};
> +static struct hip_netdev_whiteliste_entry hip_netdev_white_list[HIP_NETDEV_MAX_WHITE_LIST];
> +static unsigned int hip_netdev_white_list_count = 0;

whitelist, not whitelistE

> /**
> - * Add a network interface index number to the list of white listed
> + * Add a network interface index number plus label to the list of white listed

whitelisted

> * @param if_index the network interface index to be white listed
> + * @param device_name the network interface label to be white listed

whitelisted

> */
> -static void hip_netdev_white_list_add_index(int if_index)
> +static void hip_netdev_white_list_add_index_and_name(const unsigned int if_index,
> + const char *const device_name)

whitelist

> @@ -117,17 +126,22 @@
>
> /**
> - * Test if the given network interface index is white listed.
> + * Test if the given network interface index plus label is white listed.

whitelisted

> @@ -1120,6 +1133,40 @@
>
> /**
> + * Gives you the interface label for a given IPv4 or IPv6 address.
> + *
> + * @param addr address for which you want to know the label
> + * @param label pointer where the function stores the label

nit: please vertically align the descriptions.

Diego

review: Needs Fixing
Revision history for this message
Christian Röller (christian-roeller) wrote : Posted in a previous version of this proposal

> review needs-fixing
>
> On Mon, Aug 22, 2011 at 11:47:44AM +0000, Christian Röller wrote:
> > Christian Röller has proposed merging lp:~christian-
> roeller/hipl/whitelisting into lp:hipl.
>
> The word is "whitelist", not "white list". This is not exactly very
> important, but since you are changing some parts of it, you might fix it
> on the lines you are touching anyway.
>
> > --- hipd/netdev.c 2011-08-15 14:11:56 +0000
> > +++ hipd/netdev.c 2011-08-22 11:47:21 +0000
> > @@ -97,19 +97,28 @@
> > -static int hip_netdev_white_list[HIP_NETDEV_MAX_WHITE_LIST];
> > -static int hip_netdev_white_list_count = 0;
> > +struct hip_netdev_whiteliste_entry {
> > + unsigned int if_index;
> > + char if_label[IF_NAMESIZE];
> > +};
> > +static struct hip_netdev_whiteliste_entry
> hip_netdev_white_list[HIP_NETDEV_MAX_WHITE_LIST];
> > +static unsigned int hip_netdev_white_list_count = 0;
>
> whitelist, not whitelistE
>
> > /**
> > - * Add a network interface index number to the list of white listed
> > + * Add a network interface index number plus label to the list of white
> listed
>
> whitelisted
>
> > * @param if_index the network interface index to be white listed
> > + * @param device_name the network interface label to be white listed
>
> whitelisted
>
> > */
> > -static void hip_netdev_white_list_add_index(int if_index)
> > +static void hip_netdev_white_list_add_index_and_name(const unsigned int
> if_index,
> > + const char *const
> device_name)
>
> whitelist
>
> > @@ -117,17 +126,22 @@
> >
> > /**
> > - * Test if the given network interface index is white listed.
> > + * Test if the given network interface index plus label is white listed.
>
> whitelisted
>
> > @@ -1120,6 +1133,40 @@
> >
> > /**
> > + * Gives you the interface label for a given IPv4 or IPv6 address.
> > + *
> > + * @param addr address for which you want to know the label
> > + * @param label pointer where the function stores the label
>
> nit: please vertically align the descriptions.
>
> Diego

Correct the typos...

Christian

Revision history for this message
Diego Biurrun (diego-biurrun) wrote :

 review approve

On Mon, Aug 22, 2011 at 07:05:35PM +0000, Christian Röller wrote:
> Christian Röller has proposed merging lp:~christian-roeller/hipl/whitelisting into lp:hipl.
>
> --- hipd/netdev.c 2011-08-15 14:11:56 +0000
> +++ hipd/netdev.c 2011-08-22 19:05:27 +0000
> @@ -1120,6 +1133,40 @@
> }
>
> /**
> + * Gives you the interface label for a given IPv4 or IPv6 address.
> + *
> + * @param addr address for which you want to know the label
> + * @param label pointer where the function stores the label
> + * @return zero on success, one on error and write the label
> + * in param label if the given address exists in the system

What I tried to suggest here was that you could vertically align the
descriptions, i.e.

  * @param addr address for which you want to know the label
  * @param label pointer where the function stores the label

Witness how "address" and "pointer" start on the same column.
Feel free to implement or ignore this nitpick at your discretion.

Diego

review: Approve
lp:~christian-roeller/hipl/whitelisting updated
5993. By Christian Röller

cosmetic: alignments in function description hip_find_label_for_address

Revision history for this message
René Hummen (rene-hummen) wrote :
Download full text (3.5 KiB)

Hi,

I just got one issue that was raised by Stefan before, but has not been fixed so far (more inline).

On 22.08.2011, at 21:05, Christian Röller wrote:
> Christian Röller has proposed merging lp:~christian-roeller/hipl/whitelisting into lp:hipl.
>
> Requested reviews:
> Stefan Götz (stefan.goetz)
> Diego Biurrun (diego-biurrun)
>
> For more details, see:
> https://code.launchpad.net/~christian-roeller/hipl/whitelisting/+merge/72487

> /**
> - * Add a network interface index number to the list of white listed
> + * Add a network interface index number plus label to the list of whitelisted
> * network interfaces.
> *
> - * @param if_index the network interface index to be white listed
> + * @param if_index the network interface index to be whitelisted
> + * @param device_name the network interface label to be whitelisted
> */
> -static void hip_netdev_white_list_add_index(int if_index)
> +static void hip_netdev_white_list_add_index_and_name(const unsigned int if_index,
> + const char *const device_name)
> {
> if (hip_netdev_white_list_count < HIP_NETDEV_MAX_WHITE_LIST) {
> - hip_netdev_white_list[hip_netdev_white_list_count++] = if_index;
> + hip_netdev_white_list[hip_netdev_white_list_count].if_index = if_index;
> + strncpy(hip_netdev_white_list[hip_netdev_white_list_count].if_label,
> + device_name, sizeof(hip_netdev_white_list[0].if_label) - 1);

Why don't you strncpy the complete sizeof? Either the string is null-terminated, in which case you should copy the 0 as well, or it is not, in which case you will miss the last letter of the label. What happens with label is of length 1?

> /**
> - * Add a network interface index number to the list of white listed
> + * Add a network interface index number to the list of whitelisted
> * network interfaces by name.
> *
> - * @param device_name the name of the device to be white listed
> + * @param device_name the name of the device to be whitelisted
> * @return 1 on success, 0 on error
> */
> int hip_netdev_white_list_add(const char *const device_name)
> @@ -146,19 +160,18 @@
> int sock = 0;
> int ret = 0;
>
> - strncpy(ifr.ifr_name, device_name, IF_NAMESIZE);
> + strncpy(ifr.ifr_name, device_name, sizeof(ifr.ifr_name) - 1);

Same here.

> /**
> + * Gives you the interface label for a given IPv4 or IPv6 address.
> + *
> + * @param addr address for which you want to know the label
> + * @param label pointer where the function stores the label
> + * @return zero on success, one on error and write the label
> + * in param label if the given address exists in the system
> + */
> +int hip_find_label_for_address(const struct sockaddr *const addr,
> + char *const label)
> +{
> + int res = 1;
> + struct ifaddrs *myaddrs, *ifa = NULL;
> +
> + getifaddrs(&myaddrs);
> + for (ifa = myaddrs; ifa != NULL; ifa = ifa->ifa_next) {
> + if (ifa->ifa_addr == NULL ||
> + (ifa->ifa_addr->sa_family != AF_INET &&
> + ifa->ifa_addr->sa_family != AF_INET6)) {
> + continue;
> + }
>...

Read more...

Revision history for this message
René Hummen (rene-hummen) :
review: Needs Information
Revision history for this message
Christian Röller (christian-roeller) wrote :
Download full text (5.3 KiB)

> Hi,
>
> I just got one issue that was raised by Stefan before, but has not been fixed
> so far (more inline).
>
> On 22.08.2011, at 21:05, Christian Röller wrote:
> > Christian Röller has proposed merging lp:~christian-
> roeller/hipl/whitelisting into lp:hipl.
> >
> > Requested reviews:
> > Stefan Götz (stefan.goetz)
> > Diego Biurrun (diego-biurrun)
> >
> > For more details, see:
> > https://code.launchpad.net/~christian-roeller/hipl/whitelisting/+merge/72487
>
> > /**
> > - * Add a network interface index number to the list of white listed
> > + * Add a network interface index number plus label to the list of
> whitelisted
> > * network interfaces.
> > *
> > - * @param if_index the network interface index to be white listed
> > + * @param if_index the network interface index to be whitelisted
> > + * @param device_name the network interface label to be whitelisted
> > */
> > -static void hip_netdev_white_list_add_index(int if_index)
> > +static void hip_netdev_white_list_add_index_and_name(const unsigned int
> if_index,
> > + const char *const
> device_name)
> > {
> > if (hip_netdev_white_list_count < HIP_NETDEV_MAX_WHITE_LIST) {
> > - hip_netdev_white_list[hip_netdev_white_list_count++] = if_index;
> > + hip_netdev_white_list[hip_netdev_white_list_count].if_index =
> if_index;
> > +
> strncpy(hip_netdev_white_list[hip_netdev_white_list_count].if_label,
> > + device_name, sizeof(hip_netdev_white_list[0].if_label) -
> 1);
>
> Why don't you strncpy the complete sizeof? Either the string is null-
> terminated, in which case you should copy the 0 as well, or it is not, in
> which case you will miss the last letter of the label. What happens with label
> is of length 1?

Yes, you are right, I should definitly use the complete sizeof here. But it is always the same with
strncpy. Either it only copies the start of the string if the source is too long or it fills up
the destination with zeros, which is actually time wasting. But I think the more worse problem is to
have no null-termination, which would be the case if device_name will be exactly as big as IF_NAMESIZE.
So I should maybe increase:

struct hip_netdev_whitelist_entry {
    unsigned int if_index;
- char if_label[IF_NAMESIZE];
+ char if_label[IF_NAMESIZE+1];
};

to guarantee a null-termination. If we assume, that device_name is not bigger than IF_NAMESIZE, which we could/should check in function hip_netdev_white_list_add. See below...
>
> > /**
> > - * Add a network interface index number to the list of white listed
> > + * Add a network interface index number to the list of whitelisted
> > * network interfaces by name.
> > *
> > - * @param device_name the name of the device to be white listed
> > + * @param device_name the name of the device to be whitelisted
> > * @return 1 on success, 0 on error
> > */
> > int hip_netdev_white_list_add(const char *const device_name)
> > @@ -146,19 +160,18 @@
> > int sock = 0;
> > int ret = 0;
> >
> > - strncpy(ifr.ifr_name, device_name, IF_NAMESIZE);
> > + strncpy(ifr.ifr_name, device_name, sizeof...

Read more...

lp:~christian-roeller/hipl/whitelisting updated
5994. By Christian Röller

Increase the n by 1 in strncpy regarding the writing of the interfacelabel to guarantee null-termination.

Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) wrote : Posted in a previous version of this proposal

Hi Christian!

> +int hip_find_label_for_address(const struct sockaddr *const addr,
> + char *const label)

[M] policy: since this is a new function, it needs to be checked by a unit test.

Regards,
 Stefan

review: Needs Fixing
Revision history for this message
Christian Röller (christian-roeller) wrote :
Download full text (6.0 KiB)

Hi,

sorry for the confusion.
I have just found out,that IF_NAMESIZE is big enough to fit the max. interface
name length plus null-termination. So with Rene's suggested change of using sizeof(*) instead of sizeof(* - 1) it is fine and guarantee a null-termination.

Christian

> > Hi,
> >
> > I just got one issue that was raised by Stefan before, but has not been
> fixed
> > so far (more inline).
> >
> > On 22.08.2011, at 21:05, Christian Röller wrote:
> > > Christian Röller has proposed merging lp:~christian-
> > roeller/hipl/whitelisting into lp:hipl.
> > >
> > > Requested reviews:
> > > Stefan Götz (stefan.goetz)
> > > Diego Biurrun (diego-biurrun)
> > >
> > > For more details, see:
> > > https://code.launchpad.net/~christian-
> roeller/hipl/whitelisting/+merge/72487
> >
> > > /**
> > > - * Add a network interface index number to the list of white listed
> > > + * Add a network interface index number plus label to the list of
> > whitelisted
> > > * network interfaces.
> > > *
> > > - * @param if_index the network interface index to be white listed
> > > + * @param if_index the network interface index to be whitelisted
> > > + * @param device_name the network interface label to be whitelisted
> > > */
> > > -static void hip_netdev_white_list_add_index(int if_index)
> > > +static void hip_netdev_white_list_add_index_and_name(const unsigned int
> > if_index,
> > > + const char *const
> > device_name)
> > > {
> > > if (hip_netdev_white_list_count < HIP_NETDEV_MAX_WHITE_LIST) {
> > > - hip_netdev_white_list[hip_netdev_white_list_count++] = if_index;
> > > + hip_netdev_white_list[hip_netdev_white_list_count].if_index =
> > if_index;
> > > +
> > strncpy(hip_netdev_white_list[hip_netdev_white_list_count].if_label,
> > > + device_name, sizeof(hip_netdev_white_list[0].if_label) -
> > 1);
> >
> > Why don't you strncpy the complete sizeof? Either the string is null-
> > terminated, in which case you should copy the 0 as well, or it is not, in
> > which case you will miss the last letter of the label. What happens with
> label
> > is of length 1?
>
> Yes, you are right, I should definitly use the complete sizeof here. But it is
> always the same with
> strncpy. Either it only copies the start of the string if the source is too
> long or it fills up
> the destination with zeros, which is actually time wasting. But I think the
> more worse problem is to
> have no null-termination, which would be the case if device_name will be
> exactly as big as IF_NAMESIZE.
> So I should maybe increase:
>
> struct hip_netdev_whitelist_entry {
> unsigned int if_index;
> - char if_label[IF_NAMESIZE];
> + char if_label[IF_NAMESIZE+1];
> };
>
> to guarantee a null-termination. If we assume, that device_name is not bigger
> than IF_NAMESIZE, which we could/should check in function
> hip_netdev_white_list_add. See below...
> >
> > > /**
> > > - * Add a network interface index number to the list of white listed
> > > + * Add a network interface index number to the list of whitelisted
> > > * network interfaces by name.
> > > *
> > > - * @param device_name...

Read more...

lp:~christian-roeller/hipl/whitelisting updated
5995. By Christian Röller

Add Unit-Tests for the new function hip_find_label_for_address in /hipd/netdev.c

5996. By Christian Röller

Rebase with trunk.

5997. By Christian Röller

A few cosmetic changes and correct one mistake regarding the use of sizeof.

5998. By Christian Röller

Cosmetic issues in both files.

5999. By Christian Röller

Cosmetic issues in all files.

Unmerged revisions

5999. By Christian Röller

Cosmetic issues in all files.

5998. By Christian Röller

Cosmetic issues in both files.

5997. By Christian Röller

A few cosmetic changes and correct one mistake regarding the use of sizeof.

5996. By Christian Röller

Rebase with trunk.

5995. By Christian Röller

Add Unit-Tests for the new function hip_find_label_for_address in /hipd/netdev.c

5994. By Christian Röller

Increase the n by 1 in strncpy regarding the writing of the interfacelabel to guarantee null-termination.

5993. By Christian Röller

cosmetic: alignments in function description hip_find_label_for_address

5992. By Christian Röller

cosmetic: correct some typos

5991. By Christian Röller

cosmetic: typo in function description

5990. By Christian Röller

cosmetic: shorten a few things

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'Makefile.am'
2--- Makefile.am 2011-08-10 15:03:07 +0000
3+++ Makefile.am 2011-09-13 12:13:33 +0000
4@@ -71,11 +71,15 @@
5 TESTS = test/check_firewall \
6 test/check_lib_core \
7 test/check_lib_tool \
8- test/check_modules_midauth
9+ test/check_modules_midauth \
10+ test/check_lib_tool \
11+ test/check_hipd
12 check_PROGRAMS = test/check_firewall \
13 test/check_lib_core \
14 test/check_lib_tool \
15- test/check_modules_midauth
16+ test/check_modules_midauth \
17+ test/check_lib_tool \
18+ test/check_hipd
19 endif
20
21
22@@ -207,6 +211,10 @@
23 lib_core_libhipcore_la_SOURCES += lib/core/performance.c
24 endif
25
26+test_check_hipd_SOURCES = test/check_hipd.c \
27+ test/hipd/netdev.c \
28+ modules/midauth/hipd/midauth.c \
29+ $(hipd_hipd_sources)
30
31 test_check_firewall_SOURCES = test/check_firewall.c \
32 test/mocks.c \
33@@ -240,6 +248,7 @@
34 hipd_hipd_LDADD = lib/core/libhipcore.la
35 test_auth_performance_LDADD = lib/core/libhipcore.la
36 test_check_firewall_LDADD = lib/core/libhipcore.la
37+test_check_hipd_LDADD = lib/core/libhipcore.la
38 test_check_lib_core_LDADD = lib/core/libhipcore.la
39 test_check_lib_tool_LDADD = lib/core/libhipcore.la
40 test_check_modules_midauth_LDADD = lib/core/libhipcore.la
41
42=== modified file 'hipd/input.c'
43--- hipd/input.c 2011-08-25 12:12:27 +0000
44+++ hipd/input.c 2011-09-13 12:13:33 +0000
45@@ -521,7 +521,7 @@
46 /* RVS/Relay is handled later in the code. */
47 if (hip_relay_get_status() == HIP_RELAY_OFF)
48 #endif
49- return -1;
50+ return -1;
51 }
52
53 /* Debug printing of received packet information. All received HIP
54
55=== modified file 'hipd/netdev.c'
56--- hipd/netdev.c 2011-08-15 14:11:56 +0000
57+++ hipd/netdev.c 2011-09-13 12:13:33 +0000
58@@ -79,7 +79,7 @@
59
60 /**
61 * We really don't expect more than a handfull of interfaces to be on
62- * our white list.
63+ * our whitelist.
64 */
65 #define HIP_NETDEV_MAX_WHITE_LIST 5
66
67@@ -90,54 +90,68 @@
68 #define FAM_STR_MAX 32
69
70 /**
71- * This is the white list. For every interface, which is in our white list,
72+ * This is the whitelist. For every interface, which is in our whitelist,
73 * this array has a fixed size, because there seems to be no need at this
74 * moment to deal with dynamic memory - which would complicate the code
75 * and cost size and performance at least equal if not more to this fixed
76 * size array.
77 * Free slots are signaled by the value -1.
78 */
79-static int hip_netdev_white_list[HIP_NETDEV_MAX_WHITE_LIST];
80-static int hip_netdev_white_list_count = 0;
81+struct hip_netdev_whitelist_entry {
82+ unsigned int if_index;
83+ char if_label[IF_NAMESIZE];
84+};
85+static struct hip_netdev_whitelist_entry hip_netdev_white_list[HIP_NETDEV_MAX_WHITE_LIST];
86+static unsigned int hip_netdev_white_list_count = 0;
87
88 /**
89- * Add a network interface index number to the list of white listed
90+ * Add a network interface index number plus label to the list of whitelisted
91 * network interfaces.
92 *
93- * @param if_index the network interface index to be white listed
94+ * @param if_index the network interface index to be whitelisted
95+ * @param device_name the network interface label to be whitelisted
96 */
97-static void hip_netdev_white_list_add_index(int if_index)
98+static void hip_netdev_white_list_add_index_and_name(const unsigned int if_index,
99+ const char *const device_name)
100 {
101 if (hip_netdev_white_list_count < HIP_NETDEV_MAX_WHITE_LIST) {
102- hip_netdev_white_list[hip_netdev_white_list_count++] = if_index;
103+ hip_netdev_white_list[hip_netdev_white_list_count].if_index = if_index;
104+ strncpy(hip_netdev_white_list[hip_netdev_white_list_count].if_label,
105+ device_name, sizeof(hip_netdev_white_list[0].if_label));
106+ hip_netdev_white_list_count++;
107 } else {
108- /* We should NEVER run out of white list slots!!! */
109- HIP_DIE("Error: ran out of space for white listed interfaces!\n");
110+ /* We should NEVER run out of whitelist slots!!! */
111+ HIP_DIE("Error: ran out of space for whitelisted interfaces!\n");
112 }
113 }
114
115 /**
116- * Test if the given network interface index is white listed.
117+ * Test if the given network interface index plus label is whitelisted.
118 *
119 * @param if_index the index of the network interface to be tested
120+ * @param device_name the label of the network interface to be tested
121 * @return 1 if the index is whitelisted or zero otherwise
122 */
123-static int hip_netdev_is_in_white_list(int if_index)
124+static int hip_netdev_is_in_white_list(const unsigned int if_index,
125+ const char *const device_name)
126 {
127- int i = 0;
128- for (i = 0; i < hip_netdev_white_list_count; i++) {
129- if (hip_netdev_white_list[i] == if_index) {
130- return 1;
131+ if (hip_netdev_white_list_count > 0) {
132+ for (unsigned int i = 0; i < hip_netdev_white_list_count; i++) {
133+ if (hip_netdev_white_list[i].if_index == if_index &&
134+ !strncmp(hip_netdev_white_list[i].if_label,
135+ device_name, sizeof(hip_netdev_white_list[0].if_label))) {
136+ return 1;
137+ }
138 }
139 }
140 return 0;
141 }
142
143 /**
144- * Add a network interface index number to the list of white listed
145+ * Add a network interface index number to the list of whitelisted
146 * network interfaces by name.
147 *
148- * @param device_name the name of the device to be white listed
149+ * @param device_name the name of the device to be whitelisted
150 * @return 1 on success, 0 on error
151 */
152 int hip_netdev_white_list_add(const char *const device_name)
153@@ -146,19 +160,18 @@
154 int sock = 0;
155 int ret = 0;
156
157- strncpy(ifr.ifr_name, device_name, IF_NAMESIZE);
158+ strncpy(ifr.ifr_name, device_name, sizeof(ifr.ifr_name));
159 sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
160
161 if (ioctl(sock, SIOCGIFINDEX, &ifr) == 0) {
162 ret = 1;
163- hip_netdev_white_list_add_index(ifr.ifr_ifindex);
164- HIP_DEBUG("Adding device <%s> to white list with index <%i>.\n",
165+ hip_netdev_white_list_add_index_and_name(ifr.ifr_ifindex, device_name);
166+ HIP_DEBUG("Adding device <%s> to whitelist with index <%i>.\n",
167 device_name,
168 ifr.ifr_ifindex);
169 } else {
170 ret = 0;
171 }
172-
173 if (sock) {
174 close(sock);
175 }
176@@ -632,7 +645,7 @@
177 HIP_IFEL(!(if_index = if_nametoindex(g_iface->ifa_name)),
178 -1, "if_nametoindex failed\n");
179 /* Check if our interface is in the whitelist */
180- if ((hip_netdev_white_list_count > 0) && (!hip_netdev_is_in_white_list(if_index))) {
181+ if ((!hip_netdev_is_in_white_list(if_index, g_iface->ifa_name))) {
182 continue;
183 }
184
185@@ -1120,6 +1133,44 @@
186 }
187
188 /**
189+ * Gives you the interface label for a given IPv4 or IPv6 address.
190+ *
191+ * @param addr Address for which you want to know the label
192+ * @param label Pointer where the function stores the label.
193+ * @param sizeoflabel Size of the passed label parameter, should be chosen big enough
194+ * to be able to store every possible interface name plus null-termination.
195+ * @return Zero on success, one on error and write the label
196+ * in param label if the given address exists in the system.
197+ * Label will be null terminated for sure, iff param label
198+ * is chosen big enough(IF_NAMESIZE == 16).
199+ */
200+int hip_find_label_for_address(const struct sockaddr *const addr,
201+ char *const label, unsigned int const sizeoflabel)
202+{
203+ int res = 1;
204+ struct ifaddrs *myaddrs, *ifa = NULL;
205+
206+ getifaddrs(&myaddrs);
207+ for (ifa = myaddrs; ifa != NULL; ifa = ifa->ifa_next) {
208+ if (ifa->ifa_addr == NULL ||
209+ (ifa->ifa_addr->sa_family != AF_INET &&
210+ ifa->ifa_addr->sa_family != AF_INET6)) {
211+ continue;
212+ }
213+
214+ if (!memcmp(addr, ifa->ifa_addr, sizeof(addr))) {
215+ if (strlen(ifa->ifa_name) < sizeoflabel) {
216+ strncpy(label, ifa->ifa_name, sizeoflabel);
217+ res = 0;
218+ }
219+ break;
220+ }
221+ }
222+ freeifaddrs(myaddrs);
223+ return res;
224+}
225+
226+/**
227 * Netlink event handler. Handles IPsec acquire messages (triggering
228 * of base exchange) and updates the cache of local addresses when
229 * address changes occur.
230@@ -1165,11 +1216,6 @@
231 rta = IFA_RTA(ifa);
232 l = msg->nlmsg_len - NLMSG_LENGTH(sizeof(*ifa));
233
234- /* Check if our interface is in the whitelist */
235- if ((hip_netdev_white_list_count > 0) &&
236- (!hip_netdev_is_in_white_list(ifindex))) {
237- continue;
238- }
239
240 if ((ifa->ifa_family != AF_INET) &&
241 (ifa->ifa_family != AF_INET6)) {
242@@ -1211,6 +1257,17 @@
243 HIP_DEBUG("Unknown addr family in addr\n");
244 }
245
246+ /* find interface label for address and check if it is whitelisted or not */
247+ if (is_add) {
248+ char label[IF_NAMESIZE];
249+ if (!hip_find_label_for_address(addr, label, sizeof(label)) &&
250+ !hip_netdev_is_in_white_list(ifa->ifa_index, label)) {
251+ HIP_DEBUG("Interface:<%s> is not whitelisted\n", label);
252+ continue;
253+ }
254+ }
255+
256+
257 /* Trying to add an existing address or deleting a non-existing
258 * address */
259 exists = hip_exists_address_in_list(addr, ifa->ifa_index);
260
261=== modified file 'hipd/netdev.h'
262--- hipd/netdev.h 2011-05-18 15:12:07 +0000
263+++ hipd/netdev.h 2011-09-13 12:13:33 +0000
264@@ -56,4 +56,7 @@
265 int hip_map_id_to_addr(const hip_hit_t *hit, const hip_lsi_t *lsi,
266 struct in6_addr *addr);
267
268+int hip_find_label_for_address(const struct sockaddr *const addr,
269+ char *const label, unsigned int const sizeoflabel);
270+
271 #endif /* HIP_HIPD_NETDEV_H */
272
273=== added file 'test/check_hipd.c'
274--- test/check_hipd.c 1970-01-01 00:00:00 +0000
275+++ test/check_hipd.c 2011-09-13 12:13:33 +0000
276@@ -0,0 +1,41 @@
277+/*
278+ * Copyright (c) 2010 Aalto University and RWTH Aachen University.
279+ *
280+ * Permission is hereby granted, free of charge, to any person
281+ * obtaining a copy of this software and associated documentation
282+ * files (the "Software"), to deal in the Software without
283+ * restriction, including without limitation the rights to use,
284+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
285+ * copies of the Software, and to permit persons to whom the
286+ * Software is furnished to do so, subject to the following
287+ * conditions:
288+ *
289+ * The above copyright notice and this permission notice shall be
290+ * included in all copies or substantial portions of the Software.
291+ *
292+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
293+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
294+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
295+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
296+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
297+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
298+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
299+ * OTHER DEALINGS IN THE SOFTWARE.
300+ */
301+
302+#include <check.h>
303+#include <stdlib.h>
304+
305+#include "test/hipd/test_suites.h"
306+
307+int main(void)
308+{
309+ int number_failed;
310+ SRunner *sr = srunner_create(NULL);
311+ srunner_add_suite(sr, hipd_netdev());
312+
313+ srunner_run_all(sr, CK_NORMAL);
314+ number_failed = srunner_ntests_failed(sr);
315+ srunner_free(sr);
316+ return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
317+}
318
319=== added directory 'test/hipd'
320=== added file 'test/hipd/netdev.c'
321--- test/hipd/netdev.c 1970-01-01 00:00:00 +0000
322+++ test/hipd/netdev.c 2011-09-13 12:13:33 +0000
323@@ -0,0 +1,89 @@
324+/*
325+ * Copyright (c) 2011 Aalto University and RWTH Aachen University.
326+ *
327+ * Permission is hereby granted, free of charge, to any person
328+ * obtaining a copy of this software and associated documentation
329+ * files (the "Software"), to deal in the Software without
330+ * restriction, including without limitation the rights to use,
331+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
332+ * copies of the Software, and to permit persons to whom the
333+ * Software is furnished to do so, subject to the following
334+ * conditions:
335+ *
336+ * The above copyright notice and this permission notice shall be
337+ * included in all copies or substantial portions of the Software.
338+ *
339+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
340+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
341+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
342+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
343+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
344+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
345+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
346+ * OTHER DEALINGS IN THE SOFTWARE.
347+ */
348+
349+#define _BSD_SOURCE
350+
351+#include <check.h>
352+#include <stdlib.h>
353+
354+#include "hipd/netdev.h"
355+#include <ifaddrs.h>
356+#include <net/if.h>
357+#include "lib/core/debug.h"
358+#include "lib/core/prefix.h"
359+#include "test_suites.h"
360+
361+
362+
363+START_TEST(test_hip_find_label_for_address_parameters)
364+{
365+ struct ifaddrs *myaddrs, *ifa = NULL;
366+ char label[IF_NAMESIZE];
367+
368+ /* The passed label parameter for the function hip_find_label_for_address
369+ * must be at least 1 greater than the found label in the function. So
370+ * a size of 1 would be for sure too short to store at least the shortest
371+ * label of only 1 character.
372+ */
373+ char label_too_short[1];
374+
375+ getifaddrs(&myaddrs);
376+ for (ifa = myaddrs; ifa != NULL; ifa = ifa->ifa_next) {
377+ if (ifa->ifa_addr == NULL ||
378+ (ifa->ifa_addr->sa_family != AF_INET &&
379+ ifa->ifa_addr->sa_family != AF_INET6)) {
380+ continue;
381+ }
382+ HIP_DEBUG("Size of chosen label:%d\n", sizeof(label));
383+ HIP_DEBUG_INADDR("Try to find label for addr...",
384+ hip_cast_sa_addr((struct sockaddr *) (ifa->ifa_addr)));
385+
386+ fail_unless(hip_find_label_for_address(ifa->ifa_addr, label, sizeof(label)) == 0,
387+ "Could not find label although address must be known.");
388+
389+ HIP_DEBUG("Found: %s\n", label);
390+
391+ HIP_DEBUG("Size of chosen label:%d\n", sizeof(label_too_short));
392+ HIP_DEBUG("Try to store in the too short chosen label parameter, return has to be 1\n");
393+
394+ fail_unless(hip_find_label_for_address(ifa->ifa_addr, label_too_short, sizeof(label_too_short)) == 1,
395+ "Not enough memory allocated for the label parameter.");
396+
397+ HIP_DEBUG("Return of function: %d \n",
398+ hip_find_label_for_address(ifa->ifa_addr, label_too_short, sizeof(label_too_short)));
399+ }
400+}
401+END_TEST
402+
403+Suite *hipd_netdev(void)
404+{
405+ Suite *s = suite_create("hipd/netdev");
406+
407+ TCase *tc_netdev = tcase_create("netdev");
408+ tcase_add_test(tc_netdev, test_hip_find_label_for_address_parameters);
409+ suite_add_tcase(s, tc_netdev);
410+
411+ return s;
412+}
413
414=== added file 'test/hipd/test_suites.h'
415--- test/hipd/test_suites.h 1970-01-01 00:00:00 +0000
416+++ test/hipd/test_suites.h 2011-09-13 12:13:33 +0000
417@@ -0,0 +1,34 @@
418+/*
419+ * Copyright (c) 2010 Aalto University and RWTH Aachen University.
420+ *
421+ * Permission is hereby granted, free of charge, to any person
422+ * obtaining a copy of this software and associated documentation
423+ * files (the "Software"), to deal in the Software without
424+ * restriction, including without limitation the rights to use,
425+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
426+ * copies of the Software, and to permit persons to whom the
427+ * Software is furnished to do so, subject to the following
428+ * conditions:
429+ *
430+ * The above copyright notice and this permission notice shall be
431+ * included in all copies or substantial portions of the Software.
432+ *
433+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
434+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
435+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
436+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
437+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
438+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
439+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
440+ * OTHER DEALINGS IN THE SOFTWARE.
441+ */
442+
443+#ifndef HIP_TEST_HIPD_TEST_SUITES_H
444+#define HIP_TEST_HIPD_TEST_SUITES_H
445+
446+#include <check.h>
447+
448+Suite *hipd_netdev(void);
449+
450+
451+#endif /* HIP_TEST_HIPD_TEST_SUITES_H */
452
453=== modified file 'test/lib/core/hostid.c'
454--- test/lib/core/hostid.c 2011-09-05 08:46:53 +0000
455+++ test/lib/core/hostid.c 2011-09-13 12:13:33 +0000
456@@ -65,7 +65,7 @@
457 START_TEST(test_serialize_deserialize_rsa_keys)
458 {
459 unsigned int i, keyrr_len = 0;
460- int bits[3] = {1024, 2048, 3072};
461+ int bits[3] = { 1024, 2048, 3072 };
462 RSA *key = NULL, *key_deserialized = NULL;
463 EVP_PKEY *key_a = NULL, *key_b = NULL;
464 unsigned char *keyrr;

Subscribers

People subscribed via source and target branches