OMPUB-1426: ipport_plugin table support ip range

test/ipport_matcher_gtest.cpp

@@ -19,10 +19,11 @@ TEST(IPv4PortMatcher, MatchedOneRuleInPortRange) {
     struct ipport_rule rules[MAX_ARRAY_SIZE];
 
     rules[0].rule_id = 100;
-    rules[0].ip.ip_type = IPV4;
+    rules[0].ip_type = IPV4;
     rules[0].min_port = 100;
     rules[0].max_port = 150;
-    inet_pton(AF_INET, ip1_str, &rules[0].ip.ipv4);
+    inet_pton(AF_INET, ip1_str, &rules[0].ipv4.start_ip);
+    inet_pton(AF_INET, ip1_str, &rules[0].ipv4.end_ip);
 
     struct ipport_matcher *matcher = ipport_matcher_new(rules, 1);
     ASSERT_TRUE(matcher != NULL);
@@ -30,6 +31,7 @@ TEST(IPv4PortMatcher, MatchedOneRuleInPortRange) {
     struct ip_addr ip;
     ip.ip_type = IPV4;
     inet_pton(AF_INET, ip1_str, &ip.ipv4);
+    ip.ipv4 = htonl(ip.ipv4);
     uint16_t port = htons(120);
 
     struct ipport_result results[MAX_ARRAY_SIZE];
@@ -46,10 +48,11 @@ TEST(IPv4PortMatcher, MatchedOneRuleOnPortRangeBoundary) {
     struct ipport_rule rules[MAX_ARRAY_SIZE];
 
     rules[0].rule_id = 100;
-    rules[0].ip.ip_type = IPV4;
+    rules[0].ip_type = IPV4;
     rules[0].min_port = 100;
     rules[0].max_port = 150;
-    inet_pton(AF_INET, ip1_str, &rules[0].ip.ipv4);
+    inet_pton(AF_INET, ip1_str, &rules[0].ipv4.start_ip);
+    inet_pton(AF_INET, ip1_str, &rules[0].ipv4.end_ip);
 
     struct ipport_matcher *matcher = ipport_matcher_new(rules, 1);
     ASSERT_TRUE(matcher != NULL);
@@ -57,6 +60,7 @@ TEST(IPv4PortMatcher, MatchedOneRuleOnPortRangeBoundary) {
     struct ip_addr ip;
     ip.ip_type = IPV4;
     inet_pton(AF_INET, ip1_str, &ip.ipv4);
+    ip.ipv4 = htonl(ip.ipv4);
     uint16_t port = htons(100);
 
     struct ipport_result results[MAX_ARRAY_SIZE];
@@ -82,40 +86,46 @@ TEST(IPv4PortMatcher, MatchedMultiRuleInPortRange) {
     memset(rules, 0, sizeof(rules));
 
     rules[0].rule_id = 100;
-    rules[0].ip.ip_type = IPV4;
+    rules[0].ip_type = IPV4;
     rules[0].min_port = 100;
     rules[0].max_port = 150;
-    inet_pton(AF_INET, ip1_str, &rules[0].ip.ipv4);
+    inet_pton(AF_INET, ip1_str, &rules[0].ipv4.start_ip);
+    inet_pton(AF_INET, ip1_str, &rules[0].ipv4.end_ip);
 
     rules[1].rule_id = 200;
-    rules[1].ip.ip_type = IPV4;
+    rules[1].ip_type = IPV4;
     rules[1].min_port = 110;
     rules[1].max_port = 160;
-    inet_pton(AF_INET, ip1_str, &rules[1].ip.ipv4);
+    inet_pton(AF_INET, ip1_str, &rules[1].ipv4.start_ip);
+    inet_pton(AF_INET, ip1_str, &rules[1].ipv4.end_ip);
 
     rules[2].rule_id = 300;
-    rules[2].ip.ip_type = IPV4;
+    rules[2].ip_type = IPV4;
     rules[2].min_port = 120;
     rules[2].max_port = 170;
-    inet_pton(AF_INET, ip1_str, &rules[2].ip.ipv4);
+    inet_pton(AF_INET, ip1_str, &rules[2].ipv4.start_ip);
+    inet_pton(AF_INET, ip1_str, &rules[2].ipv4.end_ip);
 
     rules[3].rule_id = 400;
-    rules[3].ip.ip_type = IPV4;
+    rules[3].ip_type = IPV4;
     rules[3].min_port = 130;
     rules[3].max_port = 180;
-    inet_pton(AF_INET, ip1_str, &rules[3].ip.ipv4);
+    inet_pton(AF_INET, ip1_str, &rules[3].ipv4.start_ip);
+    inet_pton(AF_INET, ip1_str, &rules[3].ipv4.end_ip);
 
     rules[4].rule_id = 500;
-    rules[4].ip.ip_type = IPV4;
+    rules[4].ip_type = IPV4;
     rules[4].min_port = 140;
     rules[4].max_port = 190;
-    inet_pton(AF_INET, ip1_str, &rules[4].ip.ipv4);
+    inet_pton(AF_INET, ip1_str, &rules[4].ipv4.start_ip);
+    inet_pton(AF_INET, ip1_str, &rules[4].ipv4.end_ip);
 
     rules[5].rule_id = 600;
-    rules[5].ip.ip_type = IPV4;
+    rules[5].ip_type = IPV4;
     rules[5].min_port = 150;
     rules[5].max_port = 200;
-    inet_pton(AF_INET, ip1_str, &rules[5].ip.ipv4);
+    inet_pton(AF_INET, ip1_str, &rules[5].ipv4.start_ip);
+    inet_pton(AF_INET, ip1_str, &rules[5].ipv4.end_ip);
 
     struct ipport_matcher *matcher = ipport_matcher_new(rules, MAX_ARRAY_SIZE);
     ASSERT_TRUE(matcher != NULL);
@@ -123,6 +133,7 @@ TEST(IPv4PortMatcher, MatchedMultiRuleInPortRange) {
     struct ip_addr ip;
     ip.ip_type = IPV4;
     inet_pton(AF_INET, ip1_str, &ip.ipv4);
+    ip.ipv4 = htonl(ip.ipv4);
     uint16_t port = htons(90);
 
     //no match rule_id
@@ -226,10 +237,11 @@ TEST(IPv6PortMatcher, MatchedOneRuleInPortRange) {
     struct ipport_rule rules[MAX_ARRAY_SIZE];
 
     rules[0].rule_id = 100;
-    rules[0].ip.ip_type = IPV6;
+    rules[0].ip_type = IPV6;
     rules[0].min_port = 100;
     rules[0].max_port = 150;
-    inet_pton(AF_INET6, ip1_str, rules[0].ip.ipv6);
+    inet_pton(AF_INET6, ip1_str, rules[0].ipv6.start_ip);
+    inet_pton(AF_INET6, ip1_str, rules[0].ipv6.end_ip);
 
     struct ipport_matcher *matcher = ipport_matcher_new(rules, 1);
     ASSERT_TRUE(matcher != NULL);
@@ -253,10 +265,11 @@ TEST(IPv6PortMatcher, MatchedOneRuleOnPortRangeBoundary) {
     struct ipport_rule rules[MAX_ARRAY_SIZE];
 
     rules[0].rule_id = 100;
-    rules[0].ip.ip_type = IPV6;
+    rules[0].ip_type = IPV6;
     rules[0].min_port = 100;
     rules[0].max_port = 150;
-    inet_pton(AF_INET6, ip1_str, rules[0].ip.ipv6);
+    inet_pton(AF_INET6, ip1_str, rules[0].ipv6.start_ip);
+    inet_pton(AF_INET6, ip1_str, rules[0].ipv6.end_ip);
 
     struct ipport_matcher *matcher = ipport_matcher_new(rules, 1);
     ASSERT_TRUE(matcher != NULL);
@@ -289,40 +302,46 @@ TEST(IPv6PortMatcher, MatchedMultiRuleInPortRange) {
     memset(rules, 0, sizeof(rules));
 
     rules[0].rule_id = 100;
-    rules[0].ip.ip_type = IPV6;
+    rules[0].ip_type = IPV6;
     rules[0].min_port = 100;
     rules[0].max_port = 150;
-    inet_pton(AF_INET6, ip1_str, rules[0].ip.ipv6);
+    inet_pton(AF_INET6, ip1_str, rules[0].ipv6.start_ip);
+    inet_pton(AF_INET6, ip1_str, rules[0].ipv6.end_ip);
 
     rules[1].rule_id = 200;
-    rules[1].ip.ip_type = IPV6;
+    rules[1].ip_type = IPV6;
     rules[1].min_port = 110;
     rules[1].max_port = 160;
-    inet_pton(AF_INET6, ip1_str, rules[1].ip.ipv6);
+    inet_pton(AF_INET6, ip1_str, rules[1].ipv6.start_ip);
+    inet_pton(AF_INET6, ip1_str, rules[1].ipv6.end_ip);
 
     rules[2].rule_id = 300;
-    rules[2].ip.ip_type = IPV6;
+    rules[2].ip_type = IPV6;
     rules[2].min_port = 120;
     rules[2].max_port = 170;
-    inet_pton(AF_INET6, ip1_str, rules[2].ip.ipv6);
+    inet_pton(AF_INET6, ip1_str, rules[2].ipv6.start_ip);
+    inet_pton(AF_INET6, ip1_str, rules[2].ipv6.end_ip);
 
     rules[3].rule_id = 400;
-    rules[3].ip.ip_type = IPV6;
+    rules[3].ip_type = IPV6;
     rules[3].min_port = 130;
     rules[3].max_port = 180;
-    inet_pton(AF_INET6, ip1_str, rules[3].ip.ipv6);
+    inet_pton(AF_INET6, ip1_str, rules[3].ipv6.start_ip);
+    inet_pton(AF_INET6, ip1_str, rules[3].ipv6.end_ip);
 
     rules[4].rule_id = 500;
-    rules[4].ip.ip_type = IPV6;
+    rules[4].ip_type = IPV6;
     rules[4].min_port = 140;
     rules[4].max_port = 190;
-    inet_pton(AF_INET6, ip1_str, rules[4].ip.ipv6);
+    inet_pton(AF_INET6, ip1_str, rules[4].ipv6.start_ip);
+    inet_pton(AF_INET6, ip1_str, rules[4].ipv6.end_ip);
 
     rules[5].rule_id = 600;
-    rules[5].ip.ip_type = IPV6;
+    rules[5].ip_type = IPV6;
     rules[5].min_port = 150;
     rules[5].max_port = 200;
-    inet_pton(AF_INET6, ip1_str, rules[5].ip.ipv6);
+    inet_pton(AF_INET6, ip1_str, rules[5].ipv6.start_ip);
+    inet_pton(AF_INET6, ip1_str, rules[5].ipv6.end_ip);
 
     struct ipport_matcher *matcher = ipport_matcher_new(rules, MAX_ARRAY_SIZE);
     ASSERT_TRUE(matcher != NULL);

test/maat_framework_gtest.cpp

@@ -5624,7 +5624,7 @@ void ipport_plugin_ex_new_cb(const char *table_name, int table_id, const char *k
 
 	ud->rule_id = atoll(table_line + column_offset);
 
-	ret = get_column_pos(table_line, 5, &column_offset, &column_len);	
+	ret = get_column_pos(table_line, 6, &column_offset, &column_len);	
 	EXPECT_EQ(ret, 0);
 
 	ud->buffer = ALLOC(char, column_len + 1);
@@ -5684,6 +5684,18 @@ TEST_F(IPPortPluginTable, EX_DATA) {
     EXPECT_EQ(ret, 1);
     EXPECT_EQ(results[0]->rule_id, 103);
 
+    ret = inet_pton(AF_INET, "192.168.100.5", &ipv4.ipv4);
+    EXPECT_EQ(ret, 1);
+
+    port = htons(150);
+
+    memset(results, 0, sizeof(results));
+    ret = maat_ipport_plugin_table_get_ex_data(maat_inst, table_id, &ipv4, port,
+                                               (void **)results, ARRAY_SIZE);
+    EXPECT_EQ(ret, 1);
+    EXPECT_EQ(results[0]->rule_id, 102);
+
+    port = htons(255);
     struct ip_addr ipv6;
     ipv6.ip_type = IPv6;
     inet_pton(AF_INET6, "2001:db8:1234::5210", ipv6.ipv6);
@@ -5694,6 +5706,7 @@ TEST_F(IPPortPluginTable, EX_DATA) {
 	EXPECT_EQ(ret, 1);
 	EXPECT_EQ(results[0]->rule_id, 104);
 
+    port = htons(255);
     inet_pton(AF_INET6, "240e:97c:4010:104::17", ipv6.ipv6);
     ret = maat_ipport_plugin_table_get_ex_data(maat_inst, table_id, &ipv6, port,
                                               (void**)results, ARRAY_SIZE);

test/maat_json.json

@@ -4189,10 +4189,10 @@
         {
             "table_name": "TEST_IPPORT_PLUGIN_WITH_EXDATA",
             "table_content": [
-                "101\t4\t192.168.100.1\t0\t255\t1",
-                "102\t4\t192.168.100.2\t100\t200\t1",
-                "103\t4\t192.168.100.1\t255\t300\t1",
-                "104\t6\t2001:db8:1234::5210\t255\t512\t1"
+                "101\t4\t192.168.100.1\t192.168.100.1\t0\t255\t1",
+                "102\t4\t192.168.100.2\t192.168.100.100\t100\t200\t1",
+                "103\t4\t192.168.100.1\t192.168.100.1\t255\t300\t1",
+                "104\t6\t2001:db8:1234::5210\t2001:db8:1234::5220\t255\t512\t1"
             ]
         },
         {

test/table_info.conf

@@ -634,14 +634,15 @@
         "table_id":52,
         "table_name":"TEST_IPPORT_PLUGIN_WITH_EXDATA",
         "table_type":"ipport_plugin",
-        "valid_column":6,
+        "valid_column":7,
         "custom": {
             "gc_timeout_s": 3,
             "item_id":1,
             "ip_type":2,
-            "ip_addr":3,
-            "port1":4,
-            "port2":5
+            "start_ip":3,
+            "end_ip":4,
+            "port1":5,
+            "port2":6
         }
     },
     {