* Update the documentation in ntp.conf.def . HStenn.
* restrictions() must return restrict flags and ippeerlimit. HStenn.
* Update ntpq peer documentation to describe the 'p' type. HStenn.
+* Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn.
+* Provide dump_restricts() for debugging. HStenn.
---
(4.2.8p10) 2017/03/21 Released by Harlan Stenn <stenn@ntp.org>
struct restrict_u_tag {
restrict_u * link; /* link to next entry */
u_int32 count; /* number of packets matched */
- u_short flags; /* accesslist flags */
+ u_short rflags; /* restrict (accesslist) flags */
u_short mflags; /* match flags */
short ippeerlimit; /* IP peer limit */
u_long expire; /* valid until time */
};
char *build_iflags(u_int32 flags);
-char *build_mflags(u_short flags);
-char *build_rflags(u_short flags);
+char *build_mflags(u_short mflags);
+char *build_rflags(u_short rflags);
/*
- * Access flags
+ * Restrict (Access) flags (rflags)
*/
#define RES_IGNORE 0x0001 /* ignore packet */
#define RES_DONTSERVE 0x0002 /* access denied */
RES_NOMRULIST)
/*
- * Match flags
+ * Match flags (mflags)
*/
#define RESM_INTERFACE 0x1000 /* this is an interface */
#define RESM_NTPONLY 0x2000 /* match source port 123 */
/*
* Restriction configuration ops
*/
-#define RESTRICT_FLAGS 1 /* add flags to restrict entry */
-#define RESTRICT_UNFLAG 2 /* remove flags from restrict entry */
-#define RESTRICT_REMOVE 3 /* remove a restrict entry */
-#define RESTRICT_REMOVEIF 4 /* remove an interface restrict entry */
+typedef enum
+restrict_ops {
+ RESTRICT_FLAGS = 1, /* add rflags to restrict entry */
+ RESTRICT_UNFLAG, /* remove rflags from restrict entry */
+ RESTRICT_REMOVE, /* remove a restrict entry */
+ RESTRICT_REMOVEIF, /* remove an interface restrict entry */
+} restrict_op;
/*
* Endpoint structure for the select algorithm
u_int32 addr; /* match address */
u_int32 mask; /* match mask */
u_int32 count; /* number of packets matched */
- u_short flags; /* restrict flags */
+ u_short rflags; /* restrict flags */
u_short mflags; /* match flags */
u_int v6_flag; /* is this v6 or not */
u_int unused1; /* unused, padding for addr6 */
/* ntp_restrict.c */
extern void init_restrict (void);
extern void restrictions (sockaddr_u *, r4addr *);
-extern void hack_restrict (int, sockaddr_u *, sockaddr_u *,
+extern void hack_restrict (restrict_op, sockaddr_u *, sockaddr_u *,
short, u_short, u_short, u_long);
extern void restrict_source (sockaddr_u *, int, u_long);
+extern void dump_restricts (void);
/* ntp_timer.c */
extern void init_timer (void);
struct addrinfo * pai;
int rc;
int restrict_default;
- u_short flags;
+ u_short rflags;
u_short mflags;
short ippeerlimit;
int range_err;
}
/* Configure the restrict options */
- ippeerlimit = -1;
my_node = HEAD_PFIFO(ptree->restrict_opts);
- /* Grab the ippeerlmit */
for (; my_node != NULL; my_node = my_node->link) {
+ /* Grab the ippeerlmit */
+ ippeerlimit = my_node->ippeerlimit;
+
+DPRINTF(1, ("config_access: top-level node %p: ippeerlimit %d\n", my_node, ippeerlimit));
+
/* Parse the flags */
- flags = 0;
+ rflags = 0;
mflags = 0;
curr_tok_fifo = HEAD_PFIFO(my_node->flag_tok_fifo);
break;
case T_Flake:
- flags |= RES_FLAKE;
+ rflags |= RES_FLAKE;
break;
case T_Ignore:
- flags |= RES_IGNORE;
+ rflags |= RES_IGNORE;
break;
case T_Kod:
- flags |= RES_KOD;
+ rflags |= RES_KOD;
break;
case T_Mssntp:
- flags |= RES_MSSNTP;
+ rflags |= RES_MSSNTP;
break;
case T_Limited:
- flags |= RES_LIMITED;
+ rflags |= RES_LIMITED;
break;
case T_Lowpriotrap:
- flags |= RES_LPTRAP;
+ rflags |= RES_LPTRAP;
break;
case T_Nomodify:
- flags |= RES_NOMODIFY;
+ rflags |= RES_NOMODIFY;
break;
case T_Nomrulist:
- flags |= RES_NOMRULIST;
+ rflags |= RES_NOMRULIST;
break;
case T_Noepeer:
- flags |= RES_NOEPEER;
+ rflags |= RES_NOEPEER;
break;
case T_Nopeer:
- flags |= RES_NOPEER;
+ rflags |= RES_NOPEER;
break;
case T_Noquery:
- flags |= RES_NOQUERY;
+ rflags |= RES_NOQUERY;
break;
case T_Noserve:
- flags |= RES_DONTSERVE;
+ rflags |= RES_DONTSERVE;
break;
case T_Notrap:
- flags |= RES_NOTRAP;
+ rflags |= RES_NOTRAP;
break;
case T_Notrust:
- flags |= RES_DONTTRUST;
+ rflags |= RES_DONTTRUST;
break;
case T_Version:
- flags |= RES_VERSION;
+ rflags |= RES_VERSION;
break;
}
}
- if ((RES_MSSNTP & flags) && !warned_signd) {
+ if ((RES_MSSNTP & rflags) && !warned_signd) {
warned_signd = 1;
fprintf(stderr, "%s\n", signd_warning);
msyslog(LOG_WARNING, "%s", signd_warning);
}
/* It would be swell if we could identify the line number */
- if ((RES_KOD & flags) && !(RES_LIMITED & flags)) {
+ if ((RES_KOD & rflags) && !(RES_LIMITED & rflags)) {
const char *kod_where = (my_node->addr)
? my_node->addr->address
: (mflags & RESM_SOURCE)
restrict_default = 1;
} else {
/* apply "restrict source ..." */
- DPRINTF(1, ("restrict source template ippeerlimit %d mflags %x flags %x\n",
- ippeerlimit, mflags, flags));
+ DPRINTF(1, ("restrict source template ippeerlimit %d mflags %x rflags %x\n",
+ ippeerlimit, mflags, rflags));
hack_restrict(RESTRICT_FLAGS, NULL, NULL,
- ippeerlimit, mflags, flags, 0);
+ ippeerlimit, mflags, rflags, 0);
continue;
}
} else {
AF(&addr) = AF_INET;
AF(&mask) = AF_INET;
hack_restrict(RESTRICT_FLAGS, &addr, &mask,
- ippeerlimit, mflags, flags, 0);
+ ippeerlimit, mflags, rflags, 0);
AF(&addr) = AF_INET6;
AF(&mask) = AF_INET6;
}
do {
hack_restrict(RESTRICT_FLAGS, &addr, &mask,
- ippeerlimit, mflags, flags, 0);
+ ippeerlimit, mflags, rflags, 0);
if (pai != NULL &&
NULL != (pai = pai->ai_next)) {
INSIST(pai->ai_addr != NULL);
config_fudge(ptree);
config_reset_counters(ptree);
+#ifdef DEBUG
+ if (debug > 1) {
+ dump_restricts();
+ }
+#endif
+
#ifdef TEST_BLOCKING_WORKER
{
struct addrinfo hints;
char *
-build_rflags(u_short flags)
+build_rflags(u_short rflags)
{
static char rfs[1024];
rfs[0] = '\0';
- if (flags & RES_FLAKE) {
- flags &= ~RES_FLAKE;
+ if (rflags & RES_FLAKE) {
+ rflags &= ~RES_FLAKE;
appendstr(rfs, sizeof rfs, "flake");
}
- if (flags & RES_IGNORE) {
- flags &= ~RES_IGNORE;
+ if (rflags & RES_IGNORE) {
+ rflags &= ~RES_IGNORE;
appendstr(rfs, sizeof rfs, "ignore");
}
- if (flags & RES_KOD) {
- flags &= ~RES_KOD;
+ if (rflags & RES_KOD) {
+ rflags &= ~RES_KOD;
appendstr(rfs, sizeof rfs, "kod");
}
- if (flags & RES_MSSNTP) {
- flags &= ~RES_MSSNTP;
+ if (rflags & RES_MSSNTP) {
+ rflags &= ~RES_MSSNTP;
appendstr(rfs, sizeof rfs, "mssntp");
}
- if (flags & RES_LIMITED) {
- flags &= ~RES_LIMITED;
+ if (rflags & RES_LIMITED) {
+ rflags &= ~RES_LIMITED;
appendstr(rfs, sizeof rfs, "limited");
}
- if (flags & RES_LPTRAP) {
- flags &= ~RES_LPTRAP;
+ if (rflags & RES_LPTRAP) {
+ rflags &= ~RES_LPTRAP;
appendstr(rfs, sizeof rfs, "lptrap");
}
- if (flags & RES_NOMODIFY) {
- flags &= ~RES_NOMODIFY;
+ if (rflags & RES_NOMODIFY) {
+ rflags &= ~RES_NOMODIFY;
appendstr(rfs, sizeof rfs, "nomodify");
}
- if (flags & RES_NOMRULIST) {
- flags &= ~RES_NOMRULIST;
+ if (rflags & RES_NOMRULIST) {
+ rflags &= ~RES_NOMRULIST;
appendstr(rfs, sizeof rfs, "nomrulist");
}
- if (flags & RES_NOEPEER) {
- flags &= ~RES_NOEPEER;
+ if (rflags & RES_NOEPEER) {
+ rflags &= ~RES_NOEPEER;
appendstr(rfs, sizeof rfs, "noepeer");
}
- if (flags & RES_NOPEER) {
- flags &= ~RES_NOPEER;
+ if (rflags & RES_NOPEER) {
+ rflags &= ~RES_NOPEER;
appendstr(rfs, sizeof rfs, "nopeer");
}
- if (flags & RES_NOQUERY) {
- flags &= ~RES_NOQUERY;
+ if (rflags & RES_NOQUERY) {
+ rflags &= ~RES_NOQUERY;
appendstr(rfs, sizeof rfs, "noquery");
}
- if (flags & RES_DONTSERVE) {
- flags &= ~RES_DONTSERVE;
+ if (rflags & RES_DONTSERVE) {
+ rflags &= ~RES_DONTSERVE;
appendstr(rfs, sizeof rfs, "dontserve");
}
- if (flags & RES_NOTRAP) {
- flags &= ~RES_NOTRAP;
+ if (rflags & RES_NOTRAP) {
+ rflags &= ~RES_NOTRAP;
appendstr(rfs, sizeof rfs, "notrap");
}
- if (flags & RES_DONTTRUST) {
- flags &= ~RES_DONTTRUST;
+ if (rflags & RES_DONTTRUST) {
+ rflags &= ~RES_DONTTRUST;
appendstr(rfs, sizeof rfs, "notrust");
}
- if (flags & RES_VERSION) {
- flags &= ~RES_VERSION;
+ if (rflags & RES_VERSION) {
+ rflags &= ~RES_VERSION;
appendstr(rfs, sizeof rfs, "version");
}
- if (flags) {
+ if (rflags) {
char string[10];
- snprintf(string, sizeof string, "%0x", flags);
+ snprintf(string, sizeof string, "%0x", rflags);
appendstr(rfs, sizeof rfs, string);
}
+ if ('\0' == rfs[0]) {
+ appendstr(rfs, sizeof rfs, "(none)");
+ }
+
return rfs;
}
while (sent[which])
which = (which + 1) % COUNTOF(sent);
+ /* XXX: Numbers? Really? */
switch (which) {
case 0:
case 3:
snprintf(tag, sizeof(tag), flags_fmt, idx);
match_str = res_match_flags(pres->mflags);
- access_str = res_access_flags(pres->flags);
+ access_str = res_access_flags(pres->rflags);
if ('\0' == match_str[0]) {
pch = access_str;
} else {
/* remove restrict interface entry */
SET_HOSTMASK(&resmask, AF(&ep->sin));
hack_restrict(RESTRICT_REMOVEIF, &ep->sin, &resmask,
- -2, RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
+ -3, RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
}
*/
SET_HOSTMASK(&resmask, AF(&iface->sin));
hack_restrict(RESTRICT_FLAGS, &iface->sin, &resmask,
- -2, RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
+ -4, RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
/*
* set globals with the first found
ippeerlimit));
return NULL;
}
+ } else {
+ DPRINTF(1, ("newpeer(%s) - ippeerlimit %d ignored\n",
+ (hostname)
+ ? hostname
+ : stoa(srcadr),
+ ippeerlimit));
}
/*
static void do_resaddflags (sockaddr_u *, endpt *, struct req_pkt *);
static void do_ressubflags (sockaddr_u *, endpt *, struct req_pkt *);
static void do_unrestrict (sockaddr_u *, endpt *, struct req_pkt *);
-static void do_restrict (sockaddr_u *, endpt *, struct req_pkt *, int);
+static void do_restrict (sockaddr_u *, endpt *, struct req_pkt *, restrict_op);
static void mon_getlist (sockaddr_u *, endpt *, struct req_pkt *);
static void reset_stats (sockaddr_u *, endpt *, struct req_pkt *);
static void reset_peer (sockaddr_u *, endpt *, struct req_pkt *);
pir->v6_flag = 0;
pir->mask = htonl(res->u.v4.mask);
pir->count = htonl(res->count);
- pir->flags = htons(res->flags);
+ pir->rflags = htons(res->rflags);
pir->mflags = htons(res->mflags);
pir = (struct info_restrict *)more_pkt();
}
pir->mask6 = res->u.v6.mask;
pir->v6_flag = 1;
pir->count = htonl(res->count);
- pir->flags = htons(res->flags);
+ pir->rflags = htons(res->rflags);
pir->mflags = htons(res->mflags);
pir = (struct info_restrict *)more_pkt();
}
sockaddr_u *srcadr,
endpt *inter,
struct req_pkt *inpkt,
- int op
+ restrict_op op
)
{
char * datap;
sockaddr_u matchmask;
int bad;
+ switch(op) {
+ case RESTRICT_FLAGS:
+ case RESTRICT_UNFLAG:
+ case RESTRICT_REMOVE:
+ case RESTRICT_REMOVEIF:
+ break;
+
+ default:
+ req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
+ return;
+ }
+
/*
* Do a check of the flags to make sure that only
* the NTPPORT flag is set, if any. If not, complain
return;
}
- bad = FALSE;
+ bad = 0;
while (items-- > 0 && !bad) {
memcpy(&cr, datap, item_sz);
cr.flags = ntohs(cr.flags);
* "restrict source ..." enabled knob and restriction bits.
*/
static int restrict_source_enabled;
-static u_short restrict_source_flags;
+static u_short restrict_source_rflags;
static u_short restrict_source_mflags;
static short restrict_source_ippeerlimit;
static restrict_u * match_restrict_entry(const restrict_u *, int);
static int res_sorts_before4(restrict_u *, restrict_u *);
static int res_sorts_before6(restrict_u *, restrict_u *);
+static char * roptoa(restrict_op op);
+
+
+void dump_restricts(void);
+
+/*
+ * dump_restrict - spit out a restrict_u
+ */
+static void
+dump_restrict(
+ restrict_u * res,
+ int is_ipv6
+ )
+{
+ char as[INET6_ADDRSTRLEN];
+ char ms[INET6_ADDRSTRLEN];
+
+ if (is_ipv6) {
+ inet_ntop(AF_INET6, &res->u.v6.addr, as, sizeof as);
+ inet_ntop(AF_INET6, &res->u.v6.mask, ms, sizeof ms);
+ } else {
+ struct in_addr sia = { htonl(res->u.v4.addr) };
+ struct in_addr sim = { htonl(res->u.v4.mask) };
+
+ inet_ntop(AF_INET, &sia, as, sizeof as);
+ inet_ntop(AF_INET, &sim, ms, sizeof ms);
+ }
+ mprintf("restrict node at %p: %s/%s count %d, rflags %05x, mflags %05x, ippeerlimit %d, expire %lu, next %p\n",
+ res, as, ms, res->count, res->rflags, res->mflags,
+ res->ippeerlimit, res->expire, res->link);
+ return;
+}
+/*
+ * dump_restricts - spit out the 'restrict' lines
+ */
+void
+dump_restricts(void)
+{
+ int defaultv4_done = 0;
+ int defaultv6_done = 0;
+ restrict_u * res;
+ restrict_u * next;
+
+ mprintf("dump_restrict: restrict_def4: %p\n", &restrict_def4);
+ /* Spit out 'restrict {,-4,-6} default ...' lines, if needed */
+ for (res = &restrict_def4; res != NULL; res = next) {
+ dump_restrict(res, 0);
+ next = res->link;
+ }
+
+ mprintf("dump_restrict: restrict_def6: %p\n", &restrict_def6);
+ for (res = &restrict_def6; res != NULL; res = next) {
+ dump_restrict(res, 1);
+ next = res->link;
+ }
+
+ /* Spit out the IPv4 list */
+ mprintf("dump_restrict: restrictlist4: %p\n", &restrictlist4);
+ for (res = restrictlist4; res != NULL; res = next) {
+ dump_restrict(res, 0);
+ next = res->link;
+ }
+
+ /* Spit out the IPv6 list */
+ mprintf("dump_restrict: restrictlist6: %p\n", &restrictlist6);
+ for (res = restrictlist6; res != NULL; res = next) {
+ dump_restrict(res, 1);
+ next = res->link;
+ }
+
+ return;
+}
+
/*
* init_restrict - initialize the restriction data structures
*/
restrict_u * unlinked;
restrictcount--;
- if (RES_LIMITED & res->flags)
+ if (RES_LIMITED & res->rflags)
dec_res_limited();
if (v6)
restrict_u * next;
for (res = restrictlist4; res != NULL; res = next) {
+ struct in_addr sia = { htonl(res->u.v4.addr) };
+
next = res->link;
- if (res->expire &&
- res->expire <= current_time)
- free_res(res, v6);
- if (res->u.v4.addr == (addr & res->u.v4.mask)
- && (!(RESM_NTPONLY & res->mflags)
- || NTP_PORT == port))
+ DPRINTF(2, ("match_restrict4_addr: Checking %s, port %d ... ",
+ inet_ntoa(sia), port));
+ if ( res->expire
+ && res->expire <= current_time)
+ free_res(res, v6); /* zeroes the contents */
+ if ( res->u.v4.addr == (addr & res->u.v4.mask)
+ && ( !(RESM_NTPONLY & res->mflags)
+ || NTP_PORT == port)) {
+ DPRINTF(2, ("MATCH: ippeerlimit %d\n", res->ippeerlimit));
break;
+ }
+ DPRINTF(2, ("doesn't match: ippeerlimit %d\n", res->ippeerlimit));
}
return res;
}
r4a->rflags = RES_IGNORE;
r4a->ippeerlimit = 0;
+ DPRINTF(1, ("restrictions: looking up %s\n", stoa(srcadr)));
+
/* IPv4 source address */
if (IS_IPV4(srcadr)) {
/*
* (this should be done early in the receive process,
* not later!)
*/
- if (IN_CLASSD(SRCADR(srcadr)))
+ if (IN_CLASSD(SRCADR(srcadr))) {
+ DPRINTF(1, ("restrictions: srcadr %s is multicast\n", stoa(srcadr)));
+ r4a->ippeerlimit = 2; /* XXX: we should use a better value */
return;
+ }
match = match_restrict4_addr(SRCADR(srcadr),
SRCPORT(srcadr));
res_not_found++;
else
res_found++;
- r4a->rflags = match->flags;
+ r4a->rflags = match->rflags;
r4a->ippeerlimit = match->ippeerlimit;
}
res_not_found++;
else
res_found++;
- r4a->rflags = match->flags;
+ r4a->rflags = match->rflags;
r4a->ippeerlimit = match->ippeerlimit;
}
return;
}
+/*
+ * roptoa - convert a restrict_op to a string
+ */
+char *
+roptoa(restrict_op op) {
+ static char sb[30];
+
+ switch(op) {
+ case RESTRICT_FLAGS: return "RESTRICT_FLAGS";
+ case RESTRICT_UNFLAG: return "RESTRICT_UNFLAGS";
+ case RESTRICT_REMOVE: return "RESTRICT_REMOVE";
+ case RESTRICT_REMOVEIF: return "RESTRICT_REMOVEIF";
+ default:
+ snprintf(sb, sizeof sb, "**RESTRICT_#%d**", op);
+ return sb;
+ }
+}
+
+
/*
* hack_restrict - add/subtract/manipulate entries on the restrict list
*/
void
hack_restrict(
- int op,
+ restrict_op op,
sockaddr_u * resaddr,
sockaddr_u * resmask,
short ippeerlimit,
u_short mflags,
- u_short flags,
+ u_short rflags,
u_long expire
)
{
restrict_u * res;
restrict_u ** plisthead;
- DPRINTF(1, ("restrict: op %d addr %s mask %s ippeerlimit %d mflags %08x flags %08x\n",
- op, stoa(resaddr), stoa(resmask), ippeerlimit, mflags, flags));
+ DPRINTF(1, ("hack_restrict: op %s addr %s mask %s ippeerlimit %d mflags %08x rflags %08x\n",
+ roptoa(op), stoa(resaddr), stoa(resmask), ippeerlimit, mflags, rflags));
if (NULL == resaddr) {
REQUIRE(NULL == resmask);
REQUIRE(RESTRICT_FLAGS == op);
- restrict_source_flags = flags;
+ restrict_source_rflags = rflags;
restrict_source_mflags = mflags;
restrict_source_ippeerlimit = ippeerlimit;
restrict_source_enabled = 1;
} else /* not IPv4 nor IPv6 */
REQUIRE(0);
- match.flags = flags;
+ match.rflags = rflags;
match.mflags = mflags;
match.ippeerlimit = ippeerlimit;
match.expire = expire;
case RESTRICT_FLAGS:
/*
- * Here we add bits to the flags. If this is a
+ * Here we add bits to the rflags. If this is a
* new restriction add it.
*/
if (NULL == res) {
: res_sorts_before4(res, L_S_S_CUR()),
link, restrict_u);
restrictcount++;
- if (RES_LIMITED & flags)
+ if (RES_LIMITED & rflags)
inc_res_limited();
} else {
- if ((RES_LIMITED & flags) &&
- !(RES_LIMITED & res->flags))
+ if ( (RES_LIMITED & rflags)
+ && !(RES_LIMITED & res->rflags))
inc_res_limited();
- res->flags |= flags;
+ res->rflags |= rflags;
}
+
+ res->ippeerlimit = match.ippeerlimit;
+
break;
case RESTRICT_UNFLAG:
/*
- * Remove some bits from the flags. If we didn't
+ * Remove some bits from the rflags. If we didn't
* find this one, just return.
*/
if (res != NULL) {
- if ((RES_LIMITED & res->flags)
- && (RES_LIMITED & flags))
+ if ( (RES_LIMITED & res->rflags)
+ && (RES_LIMITED & rflags))
dec_res_limited();
- res->flags &= ~flags;
+ res->rflags &= ~rflags;
}
break;
hack_restrict(RESTRICT_FLAGS, addr, &onesmask,
restrict_source_ippeerlimit, restrict_source_mflags,
- restrict_source_flags, expire);
+ restrict_source_rflags, expire);
DPRINTF(1, ("restrict_source: %s host restriction added\n",
stoa(addr)));
}
offsetof(addr) = 0
offsetof(mask) = 4
offsetof(count) = 8
-offsetof(flags) = 12
+offsetof(rflags) = 12
offsetof(mflags) = 14
offsetof(v6_flag) = 16
offsetof(unused1) = 20
const char *mask;
struct resflags *rf;
u_int32 count;
- u_short flags;
+ u_short rflags;
u_short mflags;
char flagstr[300];
static const char *comma = ", ";
((pcmd->argval->ival == 4) && (rl->v6_flag == 0)))
skip = 0;
count = ntohl(rl->count);
- flags = ntohs(rl->flags);
+ rflags = ntohs(rl->rflags);
mflags = ntohs(rl->mflags);
flagstr[0] = '\0';
: &resflagsV3[0];
while (rf->bit != 0) {
- if (flags & rf->bit) {
+ if (rflags & rf->bit) {
if (!res)
strlcat(flagstr, comma,
sizeof(flagstr));
memset(rl6, 0, sizeof(restrict_u));
TEST_ASSERT_EQUAL(rl4->count, restrictlist4->count);
- TEST_ASSERT_EQUAL(rl4->flags, restrictlist4->flags);
+ TEST_ASSERT_EQUAL(rl4->rflags, restrictlist4->rflags);
TEST_ASSERT_EQUAL(rl4->mflags, restrictlist4->mflags);
TEST_ASSERT_EQUAL(rl4->expire, restrictlist4->expire);
TEST_ASSERT_EQUAL(rl4->u.v4.addr, restrictlist4->u.v4.addr);
TEST_ASSERT_EQUAL(rl4->u.v4.mask, restrictlist4->u.v4.mask);
TEST_ASSERT_EQUAL(rl6->count, restrictlist6->count);
- TEST_ASSERT_EQUAL(rl6->flags, restrictlist6->flags);
+ TEST_ASSERT_EQUAL(rl6->rflags, restrictlist6->rflags);
TEST_ASSERT_EQUAL(rl6->mflags, restrictlist6->mflags);
TEST_ASSERT_EQUAL(rl6->expire, restrictlist6->expire);
* and check if restriction() returns that flag
*/
- const u_short flags = 42;
+ const u_short rflags = 42;
r4addr r4a;
sockaddr_u resaddr = create_sockaddr_u(AF_INET,
sockaddr_u resmask = create_sockaddr_u(AF_INET,
54321, "0.0.0.0");
- hack_restrict(RESTRICT_FLAGS, &resaddr, &resmask, -1, 0, flags, 0);
+ hack_restrict(RESTRICT_FLAGS, &resaddr, &resmask, -1, 0, rflags, 0);
sockaddr_u sockaddr = create_sockaddr_u(AF_INET,
54321, "111.123.251.124");
restrictions(&sockaddr, &r4a);
- TEST_ASSERT_EQUAL(flags, r4a.rflags);
+ TEST_ASSERT_EQUAL(rflags, r4a.rflags);
}
sockaddr_u resmask = create_sockaddr_u(AF_INET, 54321, "128.0.0.0");
r4addr r4a;
- const u_short flags = 42;
+ const u_short rflags = 42;
- hack_restrict(RESTRICT_FLAGS, &resaddr, &resmask, -1, 0, flags, 0);
+ hack_restrict(RESTRICT_FLAGS, &resaddr, &resmask, -1, 0, rflags, 0);
restrictions(&resaddr, &r4a);
- TEST_ASSERT_EQUAL(flags, r4a.rflags);
+ TEST_ASSERT_EQUAL(rflags, r4a.rflags);
}
projects / thirdparty / ntp.git / commitdiff
