mgmt: create Ethernet multicast faces according to whitelist/blacklist
Refs: #1712
Change-Id: Iaabaeaf58e460c86ca58f9099b5c2b904a5a5c93
diff --git a/core/network-interface-predicate.cpp b/core/network-interface-predicate.cpp
new file mode 100644
index 0000000..abb0029
--- /dev/null
+++ b/core/network-interface-predicate.cpp
@@ -0,0 +1,123 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2016, Regents of the University of California,
+ * Arizona Board of Regents,
+ * Colorado State University,
+ * University Pierre & Marie Curie, Sorbonne University,
+ * Washington University in St. Louis,
+ * Beijing Institute of Technology,
+ * The University of Memphis.
+ *
+ * This file is part of NFD (Named Data Networking Forwarding Daemon).
+ * See AUTHORS.md for complete list of NFD authors and contributors.
+ *
+ * NFD is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * NFD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * NFD, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "network-interface-predicate.hpp"
+
+#include "config-file.hpp"
+#include "network-interface.hpp"
+#include "network.hpp"
+
+namespace nfd {
+
+NetworkInterfacePredicate::NetworkInterfacePredicate()
+{
+ this->clear();
+}
+
+void
+NetworkInterfacePredicate::clear()
+{
+ m_whitelist = std::set<std::string>{"*"};
+ m_blacklist.clear();
+}
+
+static void
+parseList(std::set<std::string>& set, const boost::property_tree::ptree& list, const std::string& section)
+{
+ set.clear();
+
+ for (const auto& item : list) {
+ if (item.first == "*") {
+ // insert wildcard
+ set.insert(item.first);
+ }
+ else if (item.first == "ifname") {
+ // very basic sanity check for interface names
+ auto name = item.second.get_value<std::string>();
+ if (name.empty()) {
+ BOOST_THROW_EXCEPTION(ConfigFile::Error("Empty interface name in \"" + section + "\" section"));
+ }
+ set.insert(name);
+ }
+ else if (item.first == "ether") {
+ // validate ethernet address
+ auto addr = item.second.get_value<std::string>();
+ if (ethernet::Address::fromString(addr).isNull()) {
+ BOOST_THROW_EXCEPTION(ConfigFile::Error("Malformed ether address \"" + addr +
+ "\" in \"" + section + "\" section"));
+ }
+ set.insert(addr);
+ }
+ else if (item.first == "subnet") {
+ // example subnet: 10.0.0.0/8
+ auto cidr = item.second.get_value<std::string>();
+ if (!Network::isValidCidr(cidr)) {
+ BOOST_THROW_EXCEPTION(ConfigFile::Error("Malformed subnet declaration \"" + cidr +
+ "\" in \"" + section + "\" section"));
+ }
+ set.insert(cidr);
+ }
+ }
+}
+
+void
+NetworkInterfacePredicate::parseWhitelist(const boost::property_tree::ptree& list)
+{
+ parseList(m_whitelist, list, "whitelist");
+}
+
+void
+NetworkInterfacePredicate::parseBlacklist(const boost::property_tree::ptree& list)
+{
+ parseList(m_blacklist, list, "blacklist");
+}
+
+static bool
+doesMatchRule(const NetworkInterfaceInfo& nic, const std::string& rule)
+{
+ // if / is in rule, this is a subnet, check if IP in subnet
+
+ if (boost::contains(rule, "/")) {
+ Network n = boost::lexical_cast<Network>(rule);
+ for (const auto& addr : nic.ipv4Addresses) {
+ if (n.doesContain(addr)) {
+ return true;
+ }
+ }
+ }
+
+ return rule == "*" ||
+ nic.name == rule ||
+ nic.etherAddress.toString() == rule;
+}
+
+bool
+NetworkInterfacePredicate::operator()(const NetworkInterfaceInfo& nic) const
+{
+ return std::any_of(m_whitelist.begin(), m_whitelist.end(), bind(&doesMatchRule, nic, _1)) &&
+ std::none_of(m_blacklist.begin(), m_blacklist.end(), bind(&doesMatchRule, nic, _1));
+}
+
+} // namespace nfd
diff --git a/core/network-interface-predicate.hpp b/core/network-interface-predicate.hpp
new file mode 100644
index 0000000..4254623
--- /dev/null
+++ b/core/network-interface-predicate.hpp
@@ -0,0 +1,72 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2016, Regents of the University of California,
+ * Arizona Board of Regents,
+ * Colorado State University,
+ * University Pierre & Marie Curie, Sorbonne University,
+ * Washington University in St. Louis,
+ * Beijing Institute of Technology,
+ * The University of Memphis
+ *
+ * This file is part of NFD (Named Data Networking Forwarding Daemon).
+ * See AUTHORS.md for complete list of NFD authors and contributors.
+ *
+ * NFD is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * NFD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * NFD, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef NFD_CORE_NETWORK_INTERFACE_PREDICATE_HPP
+#define NFD_CORE_NETWORK_INTERFACE_PREDICATE_HPP
+
+#include "common.hpp"
+
+namespace nfd {
+
+class NetworkInterfaceInfo;
+
+/**
+ * \brief Represents a predicate to accept or reject a NetworkInterfaceInfo.
+ *
+ * The predicate consists of a whitelist and a blacklist. Whitelist and blacklist can contain,
+ * in no particular order, interface names (e.g., ifname eth0), mac addresses
+ * (e.g., ether 85:3b:4d:d3:5f:c2), subnets (e.g., subnet 192.0.2.0/24) or a wildcard (*) that matches
+ * all interfaces. A NetworkInterfaceInfo is accepted if it matches any entry in the whitelist and none
+ * of the entries in the blacklist.
+ */
+
+class NetworkInterfacePredicate
+{
+public:
+ NetworkInterfacePredicate();
+
+ /**
+ * \brief Set the whitelist to "*" and clear the blacklist
+ */
+ void
+ clear();
+
+ void
+ parseWhitelist(const boost::property_tree::ptree& list);
+
+ void
+ parseBlacklist(const boost::property_tree::ptree& list);
+
+ bool
+ operator()(const NetworkInterfaceInfo& nic) const;
+
+private:
+ std::set<std::string> m_whitelist;
+ std::set<std::string> m_blacklist;
+};
+
+} // namespace nfd
+
+#endif // NFD_CORE_NETWORK_INTERFACE_PREDICATE_HPP
diff --git a/core/network.cpp b/core/network.cpp
index b9a6c36..465e246 100644
--- a/core/network.cpp
+++ b/core/network.cpp
@@ -1,12 +1,12 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014, Regents of the University of California,
- * Arizona Board of Regents,
- * Colorado State University,
- * University Pierre & Marie Curie, Sorbonne University,
- * Washington University in St. Louis,
- * Beijing Institute of Technology,
- * The University of Memphis
+ * Copyright (c) 2014-2016, Regents of the University of California,
+ * Arizona Board of Regents,
+ * Colorado State University,
+ * University Pierre & Marie Curie, Sorbonne University,
+ * Washington University in St. Louis,
+ * Beijing Institute of Technology,
+ * The University of Memphis
*
* This file is part of NFD (Named Data Networking Forwarding Daemon).
* See AUTHORS.md for complete list of NFD authors and contributors.
@@ -51,8 +51,33 @@
return range;
}
-//////////////////////////////////////////////////////////////////////
-//////////////////////////////////////////////////////////////////////
+bool
+Network::isValidCidr(const std::string& cidr)
+{
+ std::vector<std::string> splitCidr;
+ boost::split(splitCidr, cidr, boost::is_any_of("/"));
+ if (splitCidr.size() != 2) {
+ return false;
+ }
+
+ auto network = splitCidr[0];
+ auto mask = splitCidr[1];
+ auto netmask = 0;
+ if (mask.length() <= 0) {
+ return false;
+ }
+ if (!std::all_of(mask.begin(), mask.end(), ::isdigit)) {
+ return false;
+ }
+
+ netmask = boost::lexical_cast<int>(splitCidr[1]);
+ boost::system::error_code invalidIP;
+ boost::asio::ip::address_v4::from_string(network, invalidIP);
+ if (invalidIP || netmask < 0 || netmask > 32) {
+ return false;
+ }
+ return true;
+}
std::ostream&
operator<<(std::ostream& os, const Network& network)
diff --git a/core/network.hpp b/core/network.hpp
index 1c0f6d3..2949324 100644
--- a/core/network.hpp
+++ b/core/network.hpp
@@ -1,12 +1,12 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014, Regents of the University of California,
- * Arizona Board of Regents,
- * Colorado State University,
- * University Pierre & Marie Curie, Sorbonne University,
- * Washington University in St. Louis,
- * Beijing Institute of Technology,
- * The University of Memphis
+ * Copyright (c) 2014-2016, Regents of the University of California,
+ * Arizona Board of Regents,
+ * Colorado State University,
+ * University Pierre & Marie Curie, Sorbonne University,
+ * Washington University in St. Louis,
+ * Beijing Institute of Technology,
+ * The University of Memphis
*
* This file is part of NFD (Named Data Networking Forwarding Daemon).
* See AUTHORS.md for complete list of NFD authors and contributors.
@@ -29,6 +29,7 @@
#include <boost/asio.hpp>
#include <boost/utility/value_init.hpp>
#include <boost/lexical_cast.hpp>
+#include <boost/algorithm/string.hpp>
namespace nfd {
@@ -55,6 +56,9 @@
return (m_minAddress <= address && address <= m_maxAddress);
}
+ static bool
+ isValidCidr(const std::string& cidr);
+
static const Network&
getMaxRangeV4();
diff --git a/daemon/mgmt/face-manager.cpp b/daemon/mgmt/face-manager.cpp
index c03f9d8..0ce16c5 100644
--- a/daemon/mgmt/face-manager.cpp
+++ b/daemon/mgmt/face-manager.cpp
@@ -24,8 +24,8 @@
*/
#include "face-manager.hpp"
-
#include "core/network-interface.hpp"
+#include "core/network-interface-predicate.hpp"
#include "face/generic-link-service.hpp"
#include "face/tcp-factory.hpp"
#include "face/udp-factory.hpp"
@@ -872,6 +872,7 @@
// }
#if defined(HAVE_LIBPCAP)
+ NetworkInterfacePredicate nicPredicate;
bool useMcast = true;
ethernet::Address mcastGroup(ethernet::getDefaultMulticastAddress());
@@ -887,6 +888,12 @@
}
NFD_LOG_TRACE("Ethernet multicast group set to " << mcastGroup);
}
+ else if (i.first == "whitelist") {
+ nicPredicate.parseWhitelist(i.second);
+ }
+ else if (i.first == "blacklist") {
+ nicPredicate.parseBlacklist(i.second);
+ }
else {
BOOST_THROW_EXCEPTION(ConfigFile::Error("Unrecognized option \"" +
i.first + "\" in \"ether\" section"));
@@ -910,7 +917,7 @@
if (useMcast) {
for (const auto& nic : nicList) {
- if (nic.isUp() && nic.isMulticastCapable()) {
+ if (nic.isUp() && nic.isMulticastCapable() && nicPredicate(nic)) {
try {
auto newFace = factory->createMulticastFace(nic, mcastGroup);
m_faceTable.add(newFace);
diff --git a/nfd.conf.sample.in b/nfd.conf.sample.in
index 601dc92..8b0e30b 100644
--- a/nfd.conf.sample.in
+++ b/nfd.conf.sample.in
@@ -148,7 +148,7 @@
;
; sudo chgrp admin /dev/bpf*
; sudo chmod g+rw /dev/bpf*
-
+ ;
@IF_HAVE_LIBPCAP@ether
@IF_HAVE_LIBPCAP@{
@IF_HAVE_LIBPCAP@ ; Ethernet multicast settings
@@ -156,10 +156,23 @@
@IF_HAVE_LIBPCAP@
@IF_HAVE_LIBPCAP@ mcast yes ; set to 'no' to disable Ethernet multicast, default 'yes'
@IF_HAVE_LIBPCAP@ mcast_group 01:00:5E:00:17:AA ; Ethernet multicast group
+ @IF_HAVE_LIBPCAP@
+ @IF_HAVE_LIBPCAP@ ; Whitelist and blacklist can contain, in no particular order,
+ @IF_HAVE_LIBPCAP@ ; interface names (e.g., ifname eth0),
+ @IF_HAVE_LIBPCAP@ ; mac addresses (e.g., ether 85:3b:4d:d3:5f:c2),
+ @IF_HAVE_LIBPCAP@ ; subnets (e.g., subnet 192.0.2.0/24, note that only IPv4 is supported here),
+ @IF_HAVE_LIBPCAP@ ; or a wildcard (*) that matches all interfaces.
+ @IF_HAVE_LIBPCAP@
+ @IF_HAVE_LIBPCAP@ whitelist
+ @IF_HAVE_LIBPCAP@ {
+ @IF_HAVE_LIBPCAP@ *
+ @IF_HAVE_LIBPCAP@ }
+ @IF_HAVE_LIBPCAP@ blacklist
+ @IF_HAVE_LIBPCAP@ {
+ @IF_HAVE_LIBPCAP@ }
@IF_HAVE_LIBPCAP@}
; The websocket section contains settings of WebSocket faces and channels.
-
@IF_HAVE_WEBSOCKET@websocket
@IF_HAVE_WEBSOCKET@{
@IF_HAVE_WEBSOCKET@ listen yes ; set to 'no' to disable WebSocket listener, default 'yes'
diff --git a/tests/core/network-interface-predicate.t.cpp b/tests/core/network-interface-predicate.t.cpp
new file mode 100644
index 0000000..75beb81
--- /dev/null
+++ b/tests/core/network-interface-predicate.t.cpp
@@ -0,0 +1,231 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2016, Regents of the University of California,
+ * Arizona Board of Regents,
+ * Colorado State University,
+ * University Pierre & Marie Curie, Sorbonne University,
+ * Washington University in St. Louis,
+ * Beijing Institute of Technology,
+ * The University of Memphis.
+ *
+ * This file is part of NFD (Named Data Networking Forwarding Daemon).
+ * See AUTHORS.md for complete list of NFD authors and contributors.
+ *
+ * NFD is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * NFD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * NFD, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "core/network-interface-predicate.hpp"
+#include "core/network-interface.hpp"
+
+#include "tests/test-common.hpp"
+
+#include <boost/property_tree/info_parser.hpp>
+#include <sstream>
+
+namespace nfd {
+namespace tests {
+
+class NetworkInterfacePredicateFixture : public BaseFixture
+{
+protected:
+ NetworkInterfacePredicateFixture()
+ {
+ using namespace boost::asio::ip;
+ interfaces.push_back(
+ NetworkInterfaceInfo{0, "eth0",
+ ethernet::Address::fromString("3e:15:c2:8b:65:00"),
+ {address_v4::from_string("129.82.100.1")},
+ {},
+ address_v4::from_string("129.82.255.255"),
+ IFF_UP});
+ interfaces.push_back(
+ NetworkInterfaceInfo{1, "eth1",
+ ethernet::Address::fromString("3e:15:c2:8b:65:01"),
+ {address_v4::from_string("192.168.2.1")},
+ {},
+ address_v4::from_string("192.168.2.255"),
+ IFF_UP});
+ interfaces.push_back(
+ NetworkInterfaceInfo{2, "eth2",
+ ethernet::Address::fromString("3e:15:c2:8b:65:02"),
+ {address_v4::from_string("198.51.100.1")},
+ {address_v6::from_string("2001:db8::1")},
+ address_v4::from_string("198.51.100.255"),
+ IFF_MULTICAST | IFF_BROADCAST | IFF_UP});
+ }
+
+ void
+ parseConfig(const std::string& config)
+ {
+ std::istringstream input(config);
+ boost::property_tree::ptree ptree;
+ boost::property_tree::read_info(input, ptree);
+
+ for (const auto& i : ptree) {
+ if (i.first == "whitelist") {
+ predicate.parseWhitelist(i.second);
+ }
+ else if (i.first == "blacklist") {
+ predicate.parseBlacklist(i.second);
+ }
+ }
+ }
+
+protected:
+ NetworkInterfacePredicate predicate;
+ std::vector<NetworkInterfaceInfo> interfaces;
+};
+
+BOOST_FIXTURE_TEST_SUITE(TestNetworkInterfacePredicate, NetworkInterfacePredicateFixture)
+
+BOOST_AUTO_TEST_CASE(Default)
+{
+ parseConfig("");
+
+ BOOST_CHECK_EQUAL(predicate(interfaces[0]), true);
+ BOOST_CHECK_EQUAL(predicate(interfaces[1]), true);
+ BOOST_CHECK_EQUAL(predicate(interfaces[2]), true);
+}
+
+BOOST_AUTO_TEST_CASE(EmptyWhitelist)
+{
+ parseConfig("whitelist\n"
+ "{\n"
+ "}");
+
+ BOOST_CHECK_EQUAL(predicate(interfaces[0]), false);
+ BOOST_CHECK_EQUAL(predicate(interfaces[1]), false);
+ BOOST_CHECK_EQUAL(predicate(interfaces[2]), false);
+}
+
+BOOST_AUTO_TEST_CASE(WildcardBlacklist)
+{
+ parseConfig("blacklist\n"
+ "{\n"
+ " *\n"
+ "}");
+
+ BOOST_CHECK_EQUAL(predicate(interfaces[0]), false);
+ BOOST_CHECK_EQUAL(predicate(interfaces[1]), false);
+ BOOST_CHECK_EQUAL(predicate(interfaces[2]), false);
+}
+
+BOOST_AUTO_TEST_CASE(IfnameWhitelist)
+{
+ parseConfig("whitelist\n"
+ "{\n"
+ " ifname eth0\n"
+ " ifname eth1\n"
+ "}");
+
+ BOOST_CHECK_EQUAL(predicate(interfaces[0]), true);
+ BOOST_CHECK_EQUAL(predicate(interfaces[1]), true);
+ BOOST_CHECK_EQUAL(predicate(interfaces[2]), false);
+}
+
+BOOST_AUTO_TEST_CASE(IfnameBlacklist)
+{
+ parseConfig("blacklist\n"
+ "{\n"
+ " ifname eth0\n"
+ " ifname eth1\n"
+ "}");
+
+ BOOST_CHECK_EQUAL(predicate(interfaces[0]), false);
+ BOOST_CHECK_EQUAL(predicate(interfaces[1]), false);
+ BOOST_CHECK_EQUAL(predicate(interfaces[2]), true);
+}
+
+BOOST_AUTO_TEST_CASE(IfnameMalformed)
+{
+ BOOST_CHECK_THROW(
+ parseConfig("whitelist\n"
+ "{\n"
+ " ifname\n"
+ "}"),
+ ConfigFile::Error);
+}
+
+BOOST_AUTO_TEST_CASE(EtherWhitelist)
+{
+ parseConfig("whitelist\n"
+ "{\n"
+ " ether 3e:15:c2:8b:65:00\n"
+ " ether 3e:15:c2:8b:65:01\n"
+ "}");
+
+ BOOST_CHECK_EQUAL(predicate(interfaces[0]), true);
+ BOOST_CHECK_EQUAL(predicate(interfaces[1]), true);
+ BOOST_CHECK_EQUAL(predicate(interfaces[2]), false);
+}
+
+BOOST_AUTO_TEST_CASE(EtherBlacklist)
+{
+ parseConfig("blacklist\n"
+ "{\n"
+ " ether 3e:15:c2:8b:65:00\n"
+ " ether 3e:15:c2:8b:65:01\n"
+ "}");
+
+ BOOST_CHECK_EQUAL(predicate(interfaces[0]), false);
+ BOOST_CHECK_EQUAL(predicate(interfaces[1]), false);
+ BOOST_CHECK_EQUAL(predicate(interfaces[2]), true);
+}
+
+BOOST_AUTO_TEST_CASE(EtherMalformed)
+{
+ BOOST_CHECK_THROW(
+ parseConfig("blacklist\n"
+ "{\n"
+ " ether foo\n"
+ "}"),
+ ConfigFile::Error);
+}
+
+BOOST_AUTO_TEST_CASE(SubnetWhitelist)
+{
+ parseConfig("whitelist\n"
+ "{\n"
+ " subnet 192.168.0.0/16\n"
+ "}");
+
+ BOOST_CHECK_EQUAL(predicate(interfaces[0]), false);
+ BOOST_CHECK_EQUAL(predicate(interfaces[1]), true);
+ BOOST_CHECK_EQUAL(predicate(interfaces[2]), false);
+}
+
+BOOST_AUTO_TEST_CASE(SubnetBlacklist)
+{
+ parseConfig("blacklist\n"
+ "{\n"
+ " subnet 192.168.0.0/16\n"
+ "}");
+
+ BOOST_CHECK_EQUAL(predicate(interfaces[0]), true);
+ BOOST_CHECK_EQUAL(predicate(interfaces[1]), false);
+ BOOST_CHECK_EQUAL(predicate(interfaces[2]), true);
+}
+
+BOOST_AUTO_TEST_CASE(SubnetMalformed)
+{
+ BOOST_CHECK_THROW(
+ parseConfig("blacklist\n"
+ "{\n"
+ " subnet 266.0.0.91/\n"
+ "}"),
+ ConfigFile::Error);
+}
+
+BOOST_AUTO_TEST_SUITE_END() // TestNetworkInterfacePredicate
+
+} // namespace tests
+} // namespace nfd
diff --git a/tests/core/network.t.cpp b/tests/core/network.t.cpp
index 043a7dd..a7af98f 100644
--- a/tests/core/network.t.cpp
+++ b/tests/core/network.t.cpp
@@ -144,6 +144,26 @@
boost::lexical_cast<Network>("2001:db8:3f9:0::/64"));
}
+BOOST_AUTO_TEST_CASE(IsValidCidr)
+{
+ BOOST_CHECK_EQUAL(Network::isValidCidr("192.0.0.0/24"), true);
+ BOOST_CHECK_EQUAL(Network::isValidCidr(""), false);
+ BOOST_CHECK_EQUAL(Network::isValidCidr("/192.0.0.0/24"), false);
+ BOOST_CHECK_EQUAL(Network::isValidCidr("192.0.0.0/+24"), false);
+ BOOST_CHECK_EQUAL(Network::isValidCidr("192.0.0.0/*24"), false);
+ BOOST_CHECK_EQUAL(Network::isValidCidr("192.0.0.0/24.42"), false);
+ BOOST_CHECK_EQUAL(Network::isValidCidr("192.0.0.0/foo"), false);
+ BOOST_CHECK_EQUAL(Network::isValidCidr("192.0.0.0/24/23"), false);
+ BOOST_CHECK_EQUAL(Network::isValidCidr("192.0.0.0/33"), false);
+ BOOST_CHECK_EQUAL(Network::isValidCidr("192.0.0.0/-24"), false);
+ BOOST_CHECK_EQUAL(Network::isValidCidr("192.0.0.0/"), false);
+ BOOST_CHECK_EQUAL(Network::isValidCidr("192.0.0.0"), false);
+ BOOST_CHECK_EQUAL(Network::isValidCidr("foo/4"), false);
+ BOOST_CHECK_EQUAL(Network::isValidCidr("foo/"), false);
+ BOOST_CHECK_EQUAL(Network::isValidCidr("foo"), false);
+ BOOST_CHECK_EQUAL(Network::isValidCidr("256.0.256.0/24"), false);
+}
+
BOOST_AUTO_TEST_SUITE_END() // TestNetwork
} // namespace tests
diff --git a/tests/daemon/mgmt/face-manager-process-config.t.cpp b/tests/daemon/mgmt/face-manager-process-config.t.cpp
index 0ccc75c..82495d5 100644
--- a/tests/daemon/mgmt/face-manager-process-config.t.cpp
+++ b/tests/daemon/mgmt/face-manager-process-config.t.cpp
@@ -341,6 +341,13 @@
" {\n"
" mcast yes\n"
" mcast_group 01:00:5E:00:17:AA\n"
+ " whitelist\n"
+ " {\n"
+ " *\n"
+ " }\n"
+ " blacklist\n"
+ " {\n"
+ " }\n"
" }\n"
"}\n";
BOOST_CHECK_NO_THROW(parseConfig(CONFIG, true));