add ipv6 tests

fabiolb · Feb 18, 2018 · 57dd6e5 · 57dd6e5
1 parent cce3288
commit 57dd6e5
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 6 deletions.
diff --git a/route/access_rules.go b/route/access_rules.go
@@ -125,7 +125,7 @@ func (t *Target) parseAccessRule(allowDeny string) error {
 		case ipAllowTag, ipDenyTag:
 			if value = strings.TrimSpace(temps[1]); !strings.Contains(value, "/") {
 				if ip = net.ParseIP(value); ip == nil {
-					return fmt.Errorf("failed to parse IP %s with error", value)
+					return fmt.Errorf("failed to parse IP %s", value)
 				}
 				if ip.To4() != nil {
 					value = ip.String() + "/32"

diff --git a/route/access_rules_test.go b/route/access_rules_test.go
@@ -13,9 +13,13 @@ func TestAccessRules_parseAccessRule(t *testing.T) {
 		fail      bool
 	}{
 		{
-			desc:      "valid rule",
+			desc:      "valid ipv4 rule",
 			allowDeny: "ip:10.0.0.0/8,ip:192.168.0.0/24,ip:1.2.3.4/32",
 		},
+		{
+			desc:      "valid ipv6 rule",
+			allowDeny: "ip:1234:567:beef:cafe::/64,ip:1234:5678:dead:beef::/32",
+		},
 		{
 			desc:      "invalid rule type",
 			allowDeny: "xxx:10.0.0.0/8",
@@ -67,37 +71,69 @@ func TestAccessRules_denyByIP(t *testing.T) {
 		denied bool
 	}{
 		{
-			desc: "allow rule with included ip",
+			desc: "allow rule with included ipv4",
 			target: &Target{
 				Opts: map[string]string{"allow": "ip:10.0.0.0/8,ip:192.168.0.0/24"},
 			},
 			remote: net.ParseIP("10.10.0.1"),
 			denied: false,
 		},
 		{
-			desc: "allow rule with exluded ip",
+			desc: "allow rule with exluded ipv4",
 			target: &Target{
 				Opts: map[string]string{"allow": "ip:10.0.0.0/8,ip:192.168.0.0/24"},
 			},
 			remote: net.ParseIP("1.2.3.4"),
 			denied: true,
 		},
 		{
-			desc: "deny rule with included ip",
+			desc: "deny rule with included ipv4",
 			target: &Target{
 				Opts: map[string]string{"deny": "ip:10.0.0.0/8,ip:192.168.0.0/24"},
 			},
 			remote: net.ParseIP("10.10.0.1"),
 			denied: true,
 		},
 		{
-			desc: "deny rule with excluded ip",
+			desc: "deny rule with excluded ipv4",
 			target: &Target{
 				Opts: map[string]string{"deny": "ip:10.0.0.0/8,ip:192.168.0.0/24"},
 			},
 			remote: net.ParseIP("1.2.3.4"),
 			denied: false,
 		},
+		{
+			desc: "allow rule with included ipv6",
+			target: &Target{
+				Opts: map[string]string{"allow": "ip:1234:dead:beef:cafe::/64"},
+			},
+			remote: net.ParseIP("1234:dead:beef:cafe::5678"),
+			denied: false,
+		},
+		{
+			desc: "allow rule with exluded ipv6",
+			target: &Target{
+				Opts: map[string]string{"allow": "ip:1234:dead:beef:cafe::/64"},
+			},
+			remote: net.ParseIP("1234:5678::1"),
+			denied: true,
+		},
+		{
+			desc: "deny rule with included ipv6",
+			target: &Target{
+				Opts: map[string]string{"deny": "ip:1234:dead:beef:cafe::/64"},
+			},
+			remote: net.ParseIP("1234:dead:beef:cafe::5678"),
+			denied: true,
+		},
+		{
+			desc: "deny rule with excluded ipv6",
+			target: &Target{
+				Opts: map[string]string{"deny": "ip:1234:dead:beef:cafe::/64"},
+			},
+			remote: net.ParseIP("1234:5678::1"),
+			denied: false,
+		},
 	}
 
 	for i, tt := range tests {