(t *testing.T)
| 157 | } |
| 158 | |
| 159 | func TestGenerateDropScriptWithIPFilter(t *testing.T) { |
| 160 | ip := net.ParseIP("10.0.0.1") |
| 161 | config := TraceConfig{ |
| 162 | FilterIPs: []net.IP{ip}, |
| 163 | OutputJSON: false, |
| 164 | } |
| 165 | |
| 166 | gen := NewScriptGenerator(config) |
| 167 | filter := gen.buildSkbIPFilterCondition() |
| 168 | |
| 169 | // Should contain hex representation |
| 170 | if !strings.Contains(filter, "0x0a000001") { |
| 171 | t.Errorf("expected filter to contain hex IP 0x0a000001, got: %s", filter) |
| 172 | } |
| 173 | |
| 174 | // Should use bswap() to handle endianness (kfree_skb reads __be32 as native int) |
| 175 | if !strings.Contains(filter, "bswap($saddr_raw)") || !strings.Contains(filter, "bswap($daddr_raw)") { |
| 176 | t.Errorf("expected filter to use bswap() for endianness conversion, got: %s", filter) |
| 177 | } |
| 178 | |
| 179 | // Should NOT contain the original IP string (security check) |
| 180 | if strings.Contains(filter, "10.0.0.1") { |
| 181 | t.Error("filter should not contain original IP string - security risk") |
| 182 | } |
| 183 | } |
| 184 | |
| 185 | func TestGenerateDropScriptWithCIDRFilter(t *testing.T) { |
| 186 | _, cidr, err := net.ParseCIDR("10.0.0.0/24") |
nothing calls this directly
no test coverage detected