diff options
| author | Topi Miettinen <toiwoton@gmail.com> | 2022-05-03 22:43:00 +0200 |
|---|---|---|
| committer | Topi Miettinen <topimiettinen@users.noreply.github.com> | 2022-06-06 20:24:10 +0200 |
| commit | 3cf63830acdef9d8afdc9ef1cf25aa7e85a5e4d5 (patch) | |
| tree | da068c2af170caaba91e6163fdf18a5e21e1fc60 /src/test | |
| parent | hwdb: Add accel orientation quirk for the Aya Neo Next (diff) | |
| download | systemd-3cf63830acdef9d8afdc9ef1cf25aa7e85a5e4d5.tar.xz systemd-3cf63830acdef9d8afdc9ef1cf25aa7e85a5e4d5.zip | |
networkd: NetLabel integration
New directive `NetLabel=` provides a method for integrating dynamic network
configuration into Linux NetLabel subsystem rules, used by Linux security
modules (LSMs) for network access control. The option expects a whitespace
separated list of NetLabel labels. The labels must conform to lexical
restrictions of LSM labels. When an interface is configured with IP addresses,
the addresses and subnetwork masks will be appended to the NetLabel Fallback
Peer Labeling rules. They will be removed when the interface is
deconfigured. Failures to manage the labels will be ignored.
Example:
```
[DHCP]
NetLabel=system_u:object_r:localnet_peer_t:s0
```
With the above rules for interface `eth0`, when the interface is configured with
an IPv4 address of 10.0.0.0/8, `systemd-networkd` performs the equivalent of
`netlabelctl` operation
```
$ sudo netlabelctl unlbl add interface eth0 address:10.0.0.0/8 label:system_u:object_r:localnet_peer_t:s0
```
Result:
```
$ sudo netlabelctl -p unlbl list
...
interface: eth0
address: 10.0.0.0/8
label: "system_u:object_r:localnet_peer_t:s0"
...
```
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/test-in-addr-util.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/src/test/test-in-addr-util.c b/src/test/test-in-addr-util.c index 636967c240..3ff2a7540e 100644 --- a/src/test/test-in-addr-util.c +++ b/src/test/test-in-addr-util.c @@ -363,4 +363,35 @@ TEST(in_addr_to_string) { test_in_addr_to_string_one(AF_INET6, "fe80::"); } +TEST(in_addr_prefixlen_to_netmask) { + union in_addr_union addr; + static const char *const ipv4_netmasks[] = { + "0.0.0.0", "128.0.0.0", "192.0.0.0", "224.0.0.0", "240.0.0.0", + "248.0.0.0", "252.0.0.0", "254.0.0.0", "255.0.0.0", + "255.128.0.0", "255.192.0.0", "255.224.0.0", "255.240.0.0", + "255.248.0.0", "255.252.0.0", "255.254.0.0", "255.255.0.0", + "255.255.128.0", "255.255.192.0", "255.255.224.0", "255.255.240.0", + "255.255.248.0", "255.255.252.0", "255.255.254.0", "255.255.255.0", + "255.255.255.128", "255.255.255.192", "255.255.255.224", "255.255.255.240", + "255.255.255.248", "255.255.255.252", "255.255.255.254", "255.255.255.255", + }; + + for (unsigned char prefixlen = 0; prefixlen <= 32; prefixlen++) { + _cleanup_free_ char *r = NULL; + + assert_se(in_addr_prefixlen_to_netmask(AF_INET, &addr, prefixlen) >= 0); + assert_se(in_addr_to_string(AF_INET, &addr, &r) >= 0); + printf("test_in_addr_prefixlen_to_netmask: %s == %s\n", ipv4_netmasks[prefixlen], r); + assert_se(streq(ipv4_netmasks[prefixlen], r)); + } + + for (unsigned char prefixlen = 0; prefixlen <= 128; prefixlen++) { + _cleanup_free_ char *r = NULL; + + assert_se(in_addr_prefixlen_to_netmask(AF_INET6, &addr, prefixlen) >= 0); + assert_se(in_addr_to_string(AF_INET6, &addr, &r) >= 0); + printf("test_in_addr_prefixlen_to_netmask: %s\n", r); + } +} + DEFINE_TEST_MAIN(LOG_DEBUG); |