From: Alberto Leiva Popper Date: Fri, 17 May 2019 21:06:55 +0000 (-0500) Subject: Patch compilation on OpenBSD and LibreSSL X-Git-Tag: v0.0.2~31 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7f52fa010ad0e28f08778e25468b3fded4f32807;p=thirdparty%2FFORT-validator.git Patch compilation on OpenBSD and LibreSSL --- diff --git a/README.md b/README.md index 3b1eeb3e..401a43ee 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ More documentation at [https://nicmx.github.io/FORT-validator/](https://nicmx.gi ## RTR Configuration -> TODO Move this +> TODO Update this The RTR server reads the configuration from a JSON file, learn about it at FORT's site [RTR Server arguments](https://nicmx.github.io/FORT-validator/doc/rtr-server.html). @@ -48,6 +48,8 @@ Here's an example of a valid configuration file (assuming that the CSV file retu ## Execution +> TODO Update this + The executable needs only one argument: the location of the configuration file. So, assuming that the configuration file is located at `/home/fort/rtr.conf`, use the flag `-f` to indicate such location and run the server: ``` diff --git a/docs/doc/installation.md b/docs/doc/installation.md index 5e12ecb5..0c85daa6 100644 --- a/docs/doc/installation.md +++ b/docs/doc/installation.md @@ -52,3 +52,24 @@ cd rpki-validator make sudo make install {% endhighlight %} + +## OpenBSD + +{% highlight bash %} +# pkg_add libexecinfo jansson rsync +$ +$ ftp +$ tar xvzf libcmscodec-.tar.gz +$ cd libcmscodec +$ ./configure +$ make +# make install +$ cd .. +$ ftp +$ tar xvzf fort-.tar.gz +$ cd fort +$ # clang is needed because of gnu11. +$ env CC=clang CFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib ./configure +$ make +# make install +{% endhighlight %} diff --git a/src/address.c b/src/address.c index cad820d4..296584f9 100644 --- a/src/address.c +++ b/src/address.c @@ -3,9 +3,30 @@ #include #include #include /* inet_ntop */ +#include /* AF_INET, AF_INET6 (needed in OpenBSD) */ +#include /* AF_INET, AF_INET6 (needed in OpenBSD) */ #include "log.h" #include "thread_var.h" +static void +init_quadrant(struct in6_addr *addr, unsigned int slot, uint32_t value) +{ + addr->s6_addr[slot ] = (value >> 24) ; + addr->s6_addr[slot + 1] = (value >> 16) & 0xFF; + addr->s6_addr[slot + 2] = (value >> 8) & 0xFF; + addr->s6_addr[slot + 3] = (value ) & 0xFF; +} + +void +in6_addr_init(struct in6_addr *addr, uint32_t quadrant0, uint32_t quadrant1, + uint32_t quadrant2, uint32_t quadrant3) +{ + init_quadrant(addr, 0, quadrant0); + init_quadrant(addr, 4, quadrant1); + init_quadrant(addr, 8, quadrant2); + init_quadrant(addr, 12, quadrant3); +} + /* * Returns a mask you can use to extract the suffix bits of a 32-bit unsigned * number whose prefix lengths @prefix_len. @@ -463,15 +484,15 @@ ipv6_prefix_validate(struct ipv6_prefix *prefix) { struct in6_addr suffix; char buffer[INET6_ADDRSTRLEN]; + unsigned int i; memset(&suffix, 0, sizeof(suffix)); ipv6_suffix_mask(prefix->len, &suffix); - if ((prefix->addr.s6_addr32[0] & suffix.s6_addr32[0]) - || (prefix->addr.s6_addr32[1] & suffix.s6_addr32[1]) - || (prefix->addr.s6_addr32[2] & suffix.s6_addr32[2]) - || (prefix->addr.s6_addr32[3] & suffix.s6_addr32[3])) - return pr_err("IPv6 prefix %s/%u has enabled suffix bits.", - addr2str6(&prefix->addr, buffer), prefix->len); + + for (i = 0; i < 16; i++) + if (prefix->addr.s6_addr[i] & suffix.s6_addr[i]) + return pr_err("IPv6 prefix %s/%u has enabled suffix bits.", + addr2str6(&prefix->addr, buffer), prefix->len); return 0; } diff --git a/src/address.h b/src/address.h index d3453752..ae1786ea 100644 --- a/src/address.h +++ b/src/address.h @@ -26,6 +26,8 @@ struct ipv6_range { struct in6_addr max; }; +void in6_addr_init(struct in6_addr *, uint32_t, uint32_t, uint32_t, uint32_t); + uint32_t u32_suffix_mask(unsigned int); uint32_t be32_suffix_mask(unsigned int); void ipv6_suffix_mask(unsigned int, struct in6_addr *); diff --git a/src/object/certificate.c b/src/object/certificate.c index f81824c3..60a6c3b4 100644 --- a/src/object/certificate.c +++ b/src/object/certificate.c @@ -4,6 +4,7 @@ #include /* SIZE_MAX */ #include #include +#include #include "algorithm.h" #include "config.h" @@ -19,7 +20,6 @@ #include "crypto/hash.h" #include "object/name.h" #include "rsync/rsync.h" -#include /* Just to prevent some line breaking. */ #define GN_URI uniformResourceIdentifier @@ -113,59 +113,47 @@ validate_subject(X509 *cert) } static int -spki_validate_algorithm(OBJECT_IDENTIFIER_t *tal_alg, - X509_PUBKEY *cert_public_key) +spki_cmp(X509_PUBKEY *tal_spki, X509_PUBKEY *cert_spki) { + ASN1_OBJECT *tal_alg; ASN1_OBJECT *cert_alg; - int ok; - ok = X509_PUBKEY_get0_param(&cert_alg, NULL, NULL, NULL, - cert_public_key); - if (!ok) - return crypto_err("X509_PUBKEY_get0_param() returned %d", ok); - - if (tal_alg->size != OBJ_length(cert_alg)) - goto fail; - if (memcmp(tal_alg->buf, OBJ_get0_data(cert_alg), tal_alg->size) != 0) - goto fail; + unsigned char const *tal_spk, *cert_spk; + int tal_spk_len, cert_spk_len; - return 0; - -fail: - return pr_err("TAL's public key algorithm is different than the root certificate's public key algorithm."); -} - -static int -spki_validate_key(BIT_STRING_t *tal_key, X509_PUBKEY *cert_public_key) -{ - unsigned char const *cert_spk; - int cert_spk_len; int ok; - ok = X509_PUBKEY_get0_param(NULL, &cert_spk, &cert_spk_len, NULL, - cert_public_key); + ok = X509_PUBKEY_get0_param(&tal_alg, &tal_spk, &tal_spk_len, NULL, + tal_spki); if (!ok) - return crypto_err("X509_PUBKEY_get0_param() returned %d", ok); + return crypto_err("X509_PUBKEY_get0_param() 1 returned %d", ok); + ok = X509_PUBKEY_get0_param(&cert_alg, &cert_spk, &cert_spk_len, NULL, + cert_spki); + if (!ok) + return crypto_err("X509_PUBKEY_get0_param() 2 returned %d", ok); - if (tal_key->size != cert_spk_len) - goto fail; - if (memcmp(tal_key->buf, cert_spk, cert_spk_len) != 0) - goto fail; + if (OBJ_cmp(tal_alg, cert_alg) != 0) + goto different_alg; + if (tal_spk_len != cert_spk_len) + goto different_pk; + if (memcmp(tal_spk, cert_spk, cert_spk_len) != 0) + goto different_pk; return 0; -fail: +different_alg: + return pr_err("TAL's public key algorithm is different than the root certificate's public key algorithm."); +different_pk: return pr_err("TAL's public key is different than the root certificate's public key."); } static int -validate_spki(X509_PUBKEY *cert_public_key) +validate_spki(X509_PUBKEY *cert_spki) { struct validation *state; struct tal *tal; - int error; - struct SubjectPublicKeyInfo *tal_spki; + X509_PUBKEY *tal_spki; unsigned char const *_tal_spki; size_t _tal_spki_len; @@ -191,34 +179,32 @@ validate_spki(X509_PUBKEY *cert_public_key) * Luckily, the only other component of the SPKI is the algorithm * identifier. So doing a field-by-field comparison is not too much * trouble. We'll have to decode the TAL's SPKI though. + * + * Reminder: "X509_PUBKEY" and "Subject Public Key Info" are synonyms. */ fnstack_push(tal_get_file_name(tal)); tal_get_spki(tal, &_tal_spki, &_tal_spki_len); - error = asn1_decode(_tal_spki, _tal_spki_len, - &asn_DEF_SubjectPublicKeyInfo, (void **) &tal_spki); + tal_spki = d2i_X509_PUBKEY(NULL, &_tal_spki, _tal_spki_len); fnstack_pop(); - if (error) + if (tal_spki == NULL) { + crypto_err("The TAL's public key cannot be decoded"); goto fail1; + } - error = spki_validate_algorithm(&tal_spki->algorithm.algorithm, - cert_public_key); - if (error) - goto fail2; - error = spki_validate_key(&tal_spki->subjectPublicKey, cert_public_key); - if (error) + if (spki_cmp(tal_spki, cert_spki) != 0) goto fail2; - ASN_STRUCT_FREE(asn_DEF_SubjectPublicKeyInfo, tal_spki); + X509_PUBKEY_free(tal_spki); validation_pubkey_valid(state); return 0; fail2: - ASN_STRUCT_FREE(asn_DEF_SubjectPublicKeyInfo, tal_spki); + X509_PUBKEY_free(tal_spki); fail1: validation_pubkey_invalid(state); - return error; + return -EINVAL; } static int diff --git a/src/rsync/rsync.c b/src/rsync/rsync.c index 05b62a53..3a3325d4 100644 --- a/src/rsync/rsync.c +++ b/src/rsync/rsync.c @@ -3,6 +3,7 @@ #include #include #include +#include /* SIGINT, SIGQUIT, etc */ #include #include #include diff --git a/src/rtr/db/delta.c b/src/rtr/db/delta.c index 7ffe0790..4b416a14 100644 --- a/src/rtr/db/delta.c +++ b/src/rtr/db/delta.c @@ -1,6 +1,8 @@ #include "rtr/db/delta.h" #include +#include /* AF_INET, AF_INET6 (needed in OpenBSD) */ +#include /* AF_INET, AF_INET6 (needed in OpenBSD) */ #include "data_structure/array_list.h" struct delta_v4 { diff --git a/src/rtr/db/roa_table.c b/src/rtr/db/roa_table.c index 5e7df96b..596bd0d6 100644 --- a/src/rtr/db/roa_table.c +++ b/src/rtr/db/roa_table.c @@ -1,5 +1,7 @@ #include "rtr/db/roa_table.h" +#include /* AF_INET, AF_INET6 (needed in OpenBSD) */ +#include /* AF_INET, AF_INET6 (needed in OpenBSD) */ #include "data_structure/uthash_nonfatal.h" struct hashable_roa { diff --git a/src/rtr/pdu.h b/src/rtr/pdu.h index 8a905b35..5d07b0f2 100644 --- a/src/rtr/pdu.h +++ b/src/rtr/pdu.h @@ -1,6 +1,7 @@ #ifndef RTR_PDU_H_ #define RTR_PDU_H_ +#include #include #include "common.h" diff --git a/src/rtr/pdu_sender.c b/src/rtr/pdu_sender.c index d05b7d29..4830a4eb 100644 --- a/src/rtr/pdu_sender.c +++ b/src/rtr/pdu_sender.c @@ -182,8 +182,7 @@ vrp_equals(struct vrp const *left, struct vrp const *right) && ((left->addr_fam == AF_INET && left->prefix.v4.s_addr == right->prefix.v4.s_addr) || (left->addr_fam == AF_INET6 - && IN6_ARE_ADDR_EQUAL(left->prefix.v6.s6_addr32, - right->prefix.v6.s6_addr32))); + && IN6_ARE_ADDR_EQUAL(&left->prefix.v6, &right->prefix.v6))); } static int diff --git a/src/rtr/primitive_reader.c b/src/rtr/primitive_reader.c index cc5c0968..7c7c7b4a 100644 --- a/src/rtr/primitive_reader.c +++ b/src/rtr/primitive_reader.c @@ -118,10 +118,16 @@ read_in_addr(struct pdu_reader *reader, struct in_addr *result) int read_in6_addr(struct pdu_reader *reader, struct in6_addr *result) { - return read_int32(reader, &result->s6_addr32[0]) - || read_int32(reader, &result->s6_addr32[1]) - || read_int32(reader, &result->s6_addr32[2]) - || read_int32(reader, &result->s6_addr32[3]); + unsigned int i; + int error; + + for (i = 0; i < 16; i++) { + error = read_int8(reader, &result->s6_addr[i]); + if (error) + return error; + } + + return 0; } #define EINVALID_UTF8 -0xFFFF diff --git a/src/rtr/primitive_reader.h b/src/rtr/primitive_reader.h index 014b8ceb..a66857ea 100644 --- a/src/rtr/primitive_reader.h +++ b/src/rtr/primitive_reader.h @@ -2,7 +2,7 @@ #define RTR_PRIMITIVE_READER_H_ #include -#include +#include /* in_addr, in6_addr */ #include "common.h" diff --git a/src/rtr/rtr.c b/src/rtr/rtr.c index e78342a7..155f2662 100644 --- a/src/rtr/rtr.c +++ b/src/rtr/rtr.c @@ -128,13 +128,25 @@ handle_accept_result(int client_fd, int err) */ /* - * TODO this `if` is a Linux quirk and should probably not exist in the - * BSDs. See `man 2 accept`. + * TODO (whatever) print error messages? + * "Connection acceptor thread interrupted" sounds pretty unhelpful. + */ + +#if __linux__ + /* + * man 2 accept (on Linux): + * Linux accept() (...) passes already-pending network errors on the + * new socket as an error code from accept(). This behavior differs from + * other BSD socket implementations. For reliable operation the + * application should detect the network errors defined for the protocol + * after accept() and treat them like EAGAIN by retrying. In the case of + * TCP/IP, these are (...) */ if (err == ENETDOWN || err == EPROTO || err == ENOPROTOOPT || err == EHOSTDOWN || err == ENONET || err == EHOSTUNREACH || err == EOPNOTSUPP || err == ENETUNREACH) return VERDICT_RETRY; +#endif #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wlogical-op" diff --git a/src/slurm/slurm_db.c b/src/slurm/slurm_db.c index 6b49b878..a81b7251 100644 --- a/src/slurm/slurm_db.c +++ b/src/slurm/slurm_db.c @@ -1,6 +1,8 @@ #include "slurm_db.h" #include +#include /* AF_INET, AF_INET6 (needed in OpenBSD) */ +#include /* AF_INET, AF_INET6 (needed in OpenBSD) */ #include "data_structure/array_list.h" @@ -46,8 +48,7 @@ prefix_filtered_by(struct slurm_prefix *filter, struct slurm_prefix *prefix) return ((filter_vrp->addr_fam == AF_INET && filter_vrp->prefix.v4.s_addr == prefix_vrp->prefix.v4.s_addr) || (filter_vrp->addr_fam == AF_INET6 && - IN6_ARE_ADDR_EQUAL(filter_vrp->prefix.v6.s6_addr32, - prefix_vrp->prefix.v6.s6_addr32))); + IN6_ARE_ADDR_EQUAL(&filter_vrp->prefix.v6, &prefix_vrp->prefix.v6))); return false; } @@ -79,8 +80,7 @@ prefix_equal(struct slurm_prefix *left, struct slurm_prefix *right, && ((left_vrp->addr_fam == AF_INET && left_vrp->prefix.v4.s_addr == right_vrp->prefix.v4.s_addr) || (left_vrp->addr_fam == AF_INET6 - && IN6_ARE_ADDR_EQUAL(left_vrp->prefix.v6.s6_addr32, - right_vrp->prefix.v6.s6_addr32))); + && IN6_ARE_ADDR_EQUAL(&left_vrp->prefix.v6, &right_vrp->prefix.v6))); if ((left->data_flag & SLURM_PFX_FLAG_MAX_LENGTH) > 0) equal = equal && diff --git a/src/slurm/slurm_loader.c b/src/slurm/slurm_loader.c index 69a70807..4838fff4 100644 --- a/src/slurm/slurm_loader.c +++ b/src/slurm/slurm_loader.c @@ -2,6 +2,8 @@ #include #include +#include /* AF_INET, AF_INET6 (needed in OpenBSD) */ +#include /* AF_INET, AF_INET6 (needed in OpenBSD) */ #include "log.h" #include "config.h" diff --git a/src/slurm/slurm_parser.c b/src/slurm/slurm_parser.c index 90dd4c61..7a20e8ba 100644 --- a/src/slurm/slurm_parser.c +++ b/src/slurm/slurm_parser.c @@ -4,6 +4,8 @@ #include #include #include +#include /* AF_INET, AF_INET6 (needed in OpenBSD) */ +#include /* AF_INET, AF_INET6 (needed in OpenBSD) */ #include "crypto/base64.h" #include "log.h" diff --git a/test/Makefile.am b/test/Makefile.am index 29eb694c..24bde676 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -72,6 +72,7 @@ pdu_handler_test_SOURCES += rtr/pdu_handler_test.c pdu_handler_test_LDADD = ${MY_LDADD} ${JANSSON_LIBS} roa_table_test_SOURCES = ${BASIC_MODULES} +roa_table_test_SOURCES += ../src/address.c roa_table_test_SOURCES += ../src/rtr/db/delta.c roa_table_test_SOURCES += ../src/rtr/db/roa_table.c roa_table_test_SOURCES += rtr/db/roa_table_test.c diff --git a/test/rtr/db/impersonator.c b/test/rtr/db/impersonator.c index fded5635..5ea4cbf4 100644 --- a/test/rtr/db/impersonator.c +++ b/test/rtr/db/impersonator.c @@ -18,10 +18,7 @@ static void add_v6(struct validation_handler *handler, uint32_t as) { struct ipv6_prefix prefix; - prefix.addr.s6_addr32[0] = htonl(0x20010DB8); - prefix.addr.s6_addr32[1] = 0; - prefix.addr.s6_addr32[2] = 0; - prefix.addr.s6_addr32[3] = 0; + in6_addr_init(&prefix.addr, 0x20010DB8u, 0, 0, 0); prefix.len = 96; ck_assert_int_eq(0, handler->handle_roa_v6(as, &prefix, 120, handler->arg)); diff --git a/test/rtr/db/roa_table_test.c b/test/rtr/db/roa_table_test.c index 881edb2b..42e6728f 100644 --- a/test/rtr/db/roa_table_test.c +++ b/test/rtr/db/roa_table_test.c @@ -25,12 +25,12 @@ static bool vrp_equals_v6(struct vrp const *vrp, uint8_t as, uint32_t addr, uint8_t prefix_len, uint8_t max_prefix_len) { + struct in6_addr tmp; + in6_addr_init(&tmp, 0x20010DB8u, 0, 0, addr); + return (AF_INET6 == vrp->addr_fam) && (as == vrp->asn) - && (htonl(0x20010DB8) == vrp->prefix.v6.s6_addr32[0]) - && (0 == vrp->prefix.v6.s6_addr32[1]) - && (0 == vrp->prefix.v6.s6_addr32[2]) - && (htonl(addr) == vrp->prefix.v6.s6_addr32[3]) + && IN6_ARE_ADDR_EQUAL(&tmp, &vrp->prefix.v6) && (prefix_len == vrp->prefix_length) && (max_prefix_len == vrp->max_prefix_length); } @@ -98,10 +98,7 @@ START_TEST(test_basic) prefix4.addr.s_addr = ADDR1; prefix4.len = 24; - prefix6.addr.s6_addr32[0] = htonl(0x20010DB8); - prefix6.addr.s6_addr32[1] = 0; - prefix6.addr.s6_addr32[2] = 0; - prefix6.addr.s6_addr32[3] = htonl(0x00000001); + in6_addr_init(&prefix6.addr, 0x20010DB8u, 0, 0, 1); prefix6.len = 120; /* Duplicates should be transparently not re-added. */ @@ -135,11 +132,11 @@ START_TEST(test_basic) ck_assert_int_eq(0, rtrhandler_handle_roa_v6(table, 11, &prefix6, 128)); ck_assert_int_eq(0, rtrhandler_handle_roa_v6(table, 11, &prefix6, 128)); - prefix6.addr.s6_addr32[3] = htonl(0x00000002); + in6_addr_init(&prefix6.addr, 0x20010DB8u, 0, 0, 2); ck_assert_int_eq(0, rtrhandler_handle_roa_v6(table, 10, &prefix6, 128)); ck_assert_int_eq(0, rtrhandler_handle_roa_v6(table, 10, &prefix6, 128)); - prefix6.addr.s6_addr32[3] = htonl(0x00000001); + in6_addr_init(&prefix6.addr, 0x20010DB8u, 0, 0, 1); prefix6.len = 121; ck_assert_int_eq(0, rtrhandler_handle_roa_v6(table, 10, &prefix6, 128)); ck_assert_int_eq(0, rtrhandler_handle_roa_v6(table, 10, &prefix6, 128)); @@ -177,10 +174,7 @@ START_TEST(test_merge) prefix4.addr.s_addr = ADDR1; prefix4.len = 24; - prefix6.addr.s6_addr32[0] = htonl(0x20010DB8); - prefix6.addr.s6_addr32[1] = 0; - prefix6.addr.s6_addr32[2] = 0; - prefix6.addr.s6_addr32[3] = htonl(0x00000001); + in6_addr_init(&prefix6.addr, 0x20010DB8u, 0, 0, 1); prefix6.len = 120; left_count = 0; @@ -217,11 +211,11 @@ START_TEST(test_merge) ck_assert_int_eq(0, rtrhandler_handle_roa_v6(left, 11, &prefix6, 128)); left_count++; - prefix6.addr.s6_addr32[3] = htonl(0x00000002); + in6_addr_init(&prefix6.addr, 0x20010DB8u, 0, 0, 2); ck_assert_int_eq(0, rtrhandler_handle_roa_v6(right, 10, &prefix6, 128)); right_count++; - prefix6.addr.s6_addr32[3] = htonl(0x00000001); + in6_addr_init(&prefix6.addr, 0x20010DB8u, 0, 0, 1); prefix6.len = 121; ck_assert_int_eq(0, rtrhandler_handle_roa_v6(left, 10, &prefix6, 128)); left_count++; diff --git a/test/rtr/db/vrps_test.c b/test/rtr/db/vrps_test.c index 80319835..8fb14de4 100644 --- a/test/rtr/db/vrps_test.c +++ b/test/rtr/db/vrps_test.c @@ -70,6 +70,7 @@ vrp_fail(struct vrp const *vrp, void *arg) static array_index get_vrp_index(struct vrp const *vrp) { + struct in6_addr tmp; array_index family_bit; switch (vrp->addr_fam) { @@ -81,10 +82,8 @@ get_vrp_index(struct vrp const *vrp) break; case AF_INET6: - ck_assert_uint_eq(htonl(0x20010DB8), vrp->prefix.v6.s6_addr32[0]); - ck_assert_uint_eq(0, vrp->prefix.v6.s6_addr32[1]); - ck_assert_uint_eq(0, vrp->prefix.v6.s6_addr32[2]); - ck_assert_uint_eq(0, vrp->prefix.v6.s6_addr32[3]); + in6_addr_init(&tmp, 0x20010DB8u, 0, 0, 0); + ck_assert(IN6_ARE_ADDR_EQUAL(&tmp, &vrp->prefix.v6)); ck_assert_uint_eq(96, vrp->prefix_length); ck_assert_uint_eq(120, vrp->max_prefix_length); family_bit = 1; diff --git a/test/rtr/pdu_test.c b/test/rtr/pdu_test.c index 9829561e..19474952 100644 --- a/test/rtr/pdu_test.c +++ b/test/rtr/pdu_test.c @@ -119,16 +119,15 @@ START_TEST(test_ipv6_prefix_from_stream) 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60 }; struct ipv6_prefix_pdu pdu; + struct in6_addr tmp; BUFFER2FD(input, ipv6_prefix_from_stream, &pdu); ck_assert_uint_eq(pdu.flags, 33); ck_assert_uint_eq(pdu.prefix_length, 34); ck_assert_uint_eq(pdu.max_length, 35); ck_assert_uint_eq(pdu.zero, 36); - ck_assert_uint_eq(pdu.ipv6_prefix.s6_addr32[0], 0x25262728); - ck_assert_uint_eq(pdu.ipv6_prefix.s6_addr32[1], 0x292a2b2c); - ck_assert_uint_eq(pdu.ipv6_prefix.s6_addr32[2], 0x2d2e2f30); - ck_assert_uint_eq(pdu.ipv6_prefix.s6_addr32[3], 0x31323334); + in6_addr_init(&tmp, 0x25262728, 0x292a2b2c, 0x2d2e2f30, 0x31323334); + ck_assert(IN6_ARE_ADDR_EQUAL(&tmp, &pdu.ipv6_prefix)); ck_assert_uint_eq(pdu.asn, 0x35363738); } END_TEST