Parcourir la source

[trac998] Remove "inverse" argument

Stephen Morris il y a 14 ans
Parent
commit
30570ab2d9
2 fichiers modifiés avec 47 ajouts et 129 suppressions
  1. 15 36
      src/lib/acl/ip_check.h
  2. 32 93
      src/lib/acl/tests/ip_check_unittest.cc

+ 15 - 36
src/lib/acl/ip_check.h

@@ -112,7 +112,7 @@ T createMask(size_t prefixlen) {
 ///
 /// \return Pair of (string, int) holding the address string and the prefix
 ///         length.  The second element is -1 if no prefix was given.
-///
+// definitions and te/
 /// \exception InvalidParameter Address prefix not of the expected syntax
 
 std::pair<std::string, int>
@@ -152,8 +152,7 @@ public:
     ///
     /// Constructs an empty IPCheck object.  The address family returned will
     /// be zero.
-    IPCheck() : address_(), mask_(), prefixlen_(0), inverse_(false),
-                family_(0), straddr_()
+    IPCheck() : address_(), mask_(), prefixlen_(0), family_(0), straddr_()
     {
         std::fill(address_.word, address_.word + IPV6_SIZE32, 0);
         std::fill(mask_.word, mask_.word + IPV6_SIZE32, 0);
@@ -169,13 +168,9 @@ public:
     /// \param prefixlen The prefix length specified as an integer between 0 and
     ///        32. This determines the number of bits of the address to check.
     ///        (A value of zero imples match all IPV4 addresses.)
-    /// \param inverse If false (the default), matches() returns true if the
-    ///        condition matches.  If true, matches() returns true if the
-    ///        condition does not match.
-    IPCheck(uint32_t address, int prefixlen = 8 * sizeof(uint32_t),
-            bool inverse = false):
-            address_(), mask_(), prefixlen_(prefixlen), inverse_(inverse),
-            family_(AF_INET), straddr_()
+    IPCheck(uint32_t address, int prefixlen = 8 * sizeof(uint32_t)) :
+            address_(), mask_(), prefixlen_(prefixlen), family_(AF_INET),
+            straddr_()
     {
         address_.word[0] = address;
         std::fill(address_.word + 1, address_.word + IPV6_SIZE32, 0);
@@ -192,13 +187,9 @@ public:
     ///        order).
     /// \param mask The network mask specified as an integer between 1 and
     ///        128 This determines the number of bits in the mask to check.
-    /// \param inverse If false (the default), matches() returns true if the
-    ///        condition matches.  If true, matches() returns true if the
-    ///        condition does not match.
-    IPCheck(const uint8_t* address, int prefixlen = 8 * IPV6_SIZE8,
-            bool inverse = false):
-            address_(), mask_(), prefixlen_(prefixlen), inverse_(inverse),
-            family_(AF_INET6), straddr_()
+    IPCheck(const uint8_t* address, int prefixlen = 8 * IPV6_SIZE8) :
+            address_(), mask_(), prefixlen_(prefixlen), family_(AF_INET6),
+            straddr_()
     {
         std::copy(address, address + IPV6_SIZE8, address_.byte);
         std::fill(mask_.word, mask_.word + IPV6_SIZE32, 0);
@@ -219,12 +210,8 @@ public:
     ///        address).  If "n" is specified as zero, the match is for any
     ///        address in that address family.  The address can also be
     ///        given as "any4" or "any6".
-    /// \param inverse If false (the default), matches() returns true if the
-    ///        condition matches.  If true, matches() returns true if the
-    ///        condition does not match.
-    IPCheck(const std::string& addrprfx, bool inverse = false) :
-            address_(), mask_(), prefixlen_(0), inverse_(inverse),
-            family_(0), straddr_(addrprfx)
+    IPCheck(const std::string& addrprfx) : address_(), mask_(), prefixlen_(0),
+                                           family_(0), straddr_(addrprfx)
     {
         // Initialize.
         std::fill(address_.word, address_.word + IPV6_SIZE32, 0);
@@ -272,8 +259,8 @@ public:
     ///
     /// \param other Object from which the copy is being constructed.
     IPCheck(const IPCheck<Context>& other) : address_(), mask_(),
-            prefixlen_(other.prefixlen_), inverse_(other.inverse_),
-            family_(other.family_), straddr_(other.straddr_)
+            prefixlen_(other.prefixlen_), family_(other.family_),
+            straddr_(other.straddr_)
     {
         std::copy(other.address_.word, other.address_.word + IPV6_SIZE32,
                   address_.word);
@@ -294,7 +281,6 @@ public:
             std::copy(other.mask_.word, other.mask_.word + IPV6_SIZE32,
                       mask_.word);
             prefixlen_ = other.prefixlen_;
-            inverse_ = other.inverse_;
             family_ = other.family_;
             straddr_ = other.straddr_;
         }
@@ -357,11 +343,6 @@ public:
 
         return (family_);
     }
-
-    /// \return Setting of inverse flag
-    bool getInverse() const {
-        return (inverse_);
-    }
     ///@}
 
 private:
@@ -402,8 +383,7 @@ private:
                           (address_.byte[i] & mask_.byte[i]));
             }
 
-            // As with the V4 check, return the XOR with the inverse flag.
-            return (match != inverse_);
+            return (match);
         }
 
         // A prefix length of 0 is an unconditional match.
@@ -420,8 +400,8 @@ private:
     /// \return true if the address matches, false if it does not.
     virtual bool compare(const uint32_t testaddr) const {
         if (prefixlen_ != 0) {
-            return (((testaddr & mask_.word[0]) ==
-                     (address_.word[0] & mask_.word[0])) != inverse_);
+            return ((testaddr & mask_.word[0]) ==
+                    (address_.word[0] & mask_.word[0]));
         }
 
         // A prefix length of 0 is an unconditional match.
@@ -488,7 +468,6 @@ private:
     AddressData address_;   ///< Address in binary form
     AddressData mask_;      ///< Address mask
     size_t      prefixlen_; ///< Mask size passed to constructor
-    bool        inverse_;   ///< Test for equality or inequality
     int         family_;    ///< Address family
     std::string straddr_;   ///< Copy of constructor address string
 };

+ 32 - 93
src/lib/acl/tests/ip_check_unittest.cc

@@ -200,18 +200,6 @@ TEST(IPCheck, V4ConstructorMask) {
     EXPECT_THROW(IPCheck<GeneralAddress>(dummy.v6addr, 129), isc::OutOfRange);
 }
 
-TEST(IPCheck, V4ConstructorInverse) {
-    // Valid values. Address ands mask of "1" are used as placeholders
-    IPCheck<GeneralAddress> acl1(1, 1);
-    EXPECT_FALSE(acl1.getInverse());
-
-    IPCheck<GeneralAddress> acl2(1, 1, true);
-    EXPECT_TRUE(acl2.getInverse());
-
-    IPCheck<GeneralAddress> acl3(1, 1, false);
-    EXPECT_FALSE(acl3.getInverse());
-}
-
 TEST(IPCheck, V4StringConstructor) {
     // Constructor with no mask given
     IPCheck<GeneralAddress> acl1("192.0.2.255");
@@ -247,11 +235,10 @@ TEST(IPCheck, V4StringConstructor) {
 }
 
 TEST(IPCheck, V4CopyConstructor) {
-    IPCheck<GeneralAddress> acl1("192.0.2.1/24", true);
+    IPCheck<GeneralAddress> acl1("192.0.2.1/24");
     IPCheck<GeneralAddress> acl2(acl1);
 
     EXPECT_EQ(acl1.getPrefixlen(), acl2.getPrefixlen());
-    EXPECT_EQ(acl1.getInverse(), acl2.getInverse());
     EXPECT_EQ(acl1.getFamily(), acl2.getFamily());
     EXPECT_EQ(acl1.getStringAddress(), acl2.getStringAddress());
 
@@ -267,12 +254,11 @@ TEST(IPCheck, V4CopyConstructor) {
 }
 
 TEST(IPCheck, V4AssignmentOperator) {
-    IPCheck<GeneralAddress> acl1("192.0.2.0/24", true);
-    IPCheck<GeneralAddress> acl2("192.0.2.128/25", false);
+    IPCheck<GeneralAddress> acl1("192.0.2.0/24");
+    IPCheck<GeneralAddress> acl2("192.0.2.128/25");
     acl2 = acl1;
 
     EXPECT_EQ(acl1.getPrefixlen(), acl2.getPrefixlen());
-    EXPECT_EQ(acl1.getInverse(), acl2.getInverse());
     EXPECT_EQ(acl1.getFamily(), acl2.getFamily());
     EXPECT_EQ(acl1.getStringAddress(), acl2.getStringAddress());
 
@@ -303,42 +289,28 @@ TEST(IPCheck, V4Compare) {
     EXPECT_FALSE(acl1.matches(htonl(0x23457f12)));
     EXPECT_FALSE(acl1.matches(htonl(0x13457f13)));
 
-    // Exact address - match if address does not match stored address
-    IPCheck<GeneralAddress> acl2(htonl(0x23457f13), 32, true);
-    EXPECT_FALSE(acl2.matches(htonl(0x23457f13)));
-    EXPECT_TRUE(acl2.matches(htonl(0x23457f12)));
-    EXPECT_TRUE(acl2.matches(htonl(0x13457f13)));
-
     // Match if the address matches a mask
-    IPCheck<GeneralAddress> acl3(htonl(0x23450000), 16);
+    IPCheck<GeneralAddress> acl2(htonl(0x23450000), 16);
+    EXPECT_TRUE(acl2.matches(htonl(0x23450000)));
+    EXPECT_TRUE(acl2.matches(htonl(0x23450001)));
+    EXPECT_TRUE(acl2.matches(htonl(0x2345ffff)));
+    EXPECT_FALSE(acl2.matches(htonl(0x23460000)));
+    EXPECT_FALSE(acl2.matches(htonl(0x2346ffff)));
+
+    // Match if "any4" is specified
+    IPCheck<GeneralAddress> acl3("any4");
     EXPECT_TRUE(acl3.matches(htonl(0x23450000)));
     EXPECT_TRUE(acl3.matches(htonl(0x23450001)));
     EXPECT_TRUE(acl3.matches(htonl(0x2345ffff)));
-    EXPECT_FALSE(acl3.matches(htonl(0x23460000)));
-    EXPECT_FALSE(acl3.matches(htonl(0x2346ffff)));
-
-    // Match if the address does not match a mask
-    IPCheck<GeneralAddress> acl4(htonl(0x23450000), 16, true);
-    EXPECT_FALSE(acl4.matches(htonl(0x23450000)));
-    EXPECT_FALSE(acl4.matches(htonl(0x23450001)));
-    EXPECT_FALSE(acl4.matches(htonl(0x2345ffff)));
+    EXPECT_TRUE(acl3.matches(htonl(0x23460000)));
+    EXPECT_TRUE(acl3.matches(htonl(0x2346ffff)));
+
+    IPCheck<GeneralAddress> acl4(htonl(0x23450000), 0);
+    EXPECT_TRUE(acl4.matches(htonl(0x23450000)));
+    EXPECT_TRUE(acl4.matches(htonl(0x23450001)));
+    EXPECT_TRUE(acl4.matches(htonl(0x2345ffff)));
     EXPECT_TRUE(acl4.matches(htonl(0x23460000)));
     EXPECT_TRUE(acl4.matches(htonl(0x2346ffff)));
-
-    // Match if "any4" is specified
-    IPCheck<GeneralAddress> acl5("any4");
-    EXPECT_TRUE(acl5.matches(htonl(0x23450000)));
-    EXPECT_TRUE(acl5.matches(htonl(0x23450001)));
-    EXPECT_TRUE(acl5.matches(htonl(0x2345ffff)));
-    EXPECT_TRUE(acl5.matches(htonl(0x23460000)));
-    EXPECT_TRUE(acl5.matches(htonl(0x2346ffff)));
-
-    IPCheck<GeneralAddress> acl6(htonl(0x23450000), 0);
-    EXPECT_TRUE(acl6.matches(htonl(0x23450000)));
-    EXPECT_TRUE(acl6.matches(htonl(0x23450001)));
-    EXPECT_TRUE(acl6.matches(htonl(0x2345ffff)));
-    EXPECT_TRUE(acl6.matches(htonl(0x23460000)));
-    EXPECT_TRUE(acl6.matches(htonl(0x2346ffff)));
 }
 
 
@@ -443,18 +415,6 @@ TEST(IPCheck, V6ConstructorMask) {
     EXPECT_THROW(IPCheck<GeneralAddress>(V6ADDR_1, 129), isc::OutOfRange);
 }
 
-TEST(IPCheck, V6ConstructorInverse) {
-    // Valid values. Address/mask of "1" is used as a placeholder
-    IPCheck<GeneralAddress> acl1(V6ADDR_1, 1);
-    EXPECT_FALSE(acl1.getInverse());
-
-    IPCheck<GeneralAddress> acl2(V6ADDR_1, 1, true);
-    EXPECT_TRUE(acl2.getInverse());
-
-    IPCheck<GeneralAddress> acl3(V6ADDR_1, 1, false);
-    EXPECT_FALSE(acl3.getInverse());
-}
-
 TEST(IPCheck, V6StringConstructor) {
     IPCheck<GeneralAddress> acl1(V6ADDR_1_STRING);
     vector<uint8_t> address = acl1.getAddress();
@@ -507,8 +467,6 @@ TEST(IPCheck, V6CopyConstructor) {
     EXPECT_EQ(acl1_mask.size(), acl2_mask.size());
     EXPECT_TRUE(equal(acl1_mask.begin(), acl1_mask.end(),
                 acl2_mask.begin()));
-
-    EXPECT_EQ(acl1.getInverse(), acl2.getInverse());
 }
 
 TEST(IPCheck, V6AssignmentOperator) {
@@ -532,8 +490,6 @@ TEST(IPCheck, V6AssignmentOperator) {
     EXPECT_EQ(acl1_mask.size(), acl2_mask.size());
     EXPECT_TRUE(equal(acl1_mask.begin(), acl1_mask.end(),
                 acl2_mask.begin()));
-
-    EXPECT_EQ(acl1.getInverse(), acl2.getInverse());
 }
 
 TEST(IPCheck, V6Compare) {
@@ -550,42 +506,25 @@ TEST(IPCheck, V6Compare) {
     EXPECT_FALSE(acl1.matches(v6addr_2_48));
     EXPECT_FALSE(acl1.matches(v6addr_3));
 
-    // Exact address - match if address does not match stored address
-    IPCheck<GeneralAddress> acl2(string(V6ADDR_2_STRING) + string("/128"),
-                                   true);
-    EXPECT_FALSE(acl2.matches(v6addr_2));
+    // Match if the address matches a mask
+    IPCheck<GeneralAddress> acl2(string(V6ADDR_2_STRING) + string("/52"));
+    EXPECT_TRUE(acl2.matches(v6addr_2));
     EXPECT_TRUE(acl2.matches(v6addr_2_52));
-    EXPECT_TRUE(acl2.matches(v6addr_2_48));
-    EXPECT_TRUE(acl2.matches(v6addr_3));
+    EXPECT_FALSE(acl2.matches(v6addr_2_48));
+    EXPECT_FALSE(acl2.matches(v6addr_3));
 
-    // Match if the address matches a mask
-    IPCheck<GeneralAddress> acl3(string(V6ADDR_2_STRING) + string("/52"));
+    // Match on any address
+    IPCheck<GeneralAddress> acl3("any6");
     EXPECT_TRUE(acl3.matches(v6addr_2));
     EXPECT_TRUE(acl3.matches(v6addr_2_52));
-    EXPECT_FALSE(acl3.matches(v6addr_2_48));
-    EXPECT_FALSE(acl3.matches(v6addr_3));
-
-    // Match if the address does not match a mask
-    IPCheck<GeneralAddress> acl4(string(V6ADDR_2_STRING) + string("/52"),
-                              true);
-    EXPECT_FALSE(acl4.matches(v6addr_2));
-    EXPECT_FALSE(acl4.matches(v6addr_2_52));
+    EXPECT_TRUE(acl3.matches(v6addr_2_48));
+    EXPECT_TRUE(acl3.matches(v6addr_3));
+
+    IPCheck<GeneralAddress> acl4(string(V6ADDR_1_STRING) + string("/0"));
+    EXPECT_TRUE(acl4.matches(v6addr_2));
+    EXPECT_TRUE(acl4.matches(v6addr_2_52));
     EXPECT_TRUE(acl4.matches(v6addr_2_48));
     EXPECT_TRUE(acl4.matches(v6addr_3));
-
-    // Match on any address
-    IPCheck<GeneralAddress> acl5("any6");
-    EXPECT_TRUE(acl5.matches(v6addr_2));
-    EXPECT_TRUE(acl5.matches(v6addr_2_52));
-    EXPECT_TRUE(acl5.matches(v6addr_2_48));
-    EXPECT_TRUE(acl5.matches(v6addr_3));
-
-    IPCheck<GeneralAddress> acl6(string(V6ADDR_1_STRING) + string("/0"));
-    EXPECT_TRUE(acl6.matches(v6addr_2));
-    EXPECT_TRUE(acl6.matches(v6addr_2_52));
-    EXPECT_TRUE(acl6.matches(v6addr_2_48));
-    EXPECT_TRUE(acl6.matches(v6addr_3));
-
 }
 
 // *** Mixed-mode tests - mainly to check that no exception is thrown ***