1 files changed, 94 insertions, 0 deletions
diff --git a/tests/unit/test_firewall_sandbox.c b/tests/unit/test_firewall_sandbox.c
new file mode 100644
index 0000000..66a491b
--- /dev/null
+++ b/tests/unit/test_firewall_sandbox.c
@@ -0,0 +1,94 @@
+#include "test_framework.h"
+#include "../../main/firewall.h"
+#include <stdio.h>
+#include <string.h>
+int main(void)
+{
+    printf("=== test_firewall_sandbox ===\n");
+    printf("\n--- FW_MAX_MAC_LEN is 18 ---\n");
+    {
+        ASSERT_EQ_INT(18, FW_MAX_MAC_LEN, "MAC length is 18 (17 chars + null)");
+    }
+    printf("\n--- esp_ip4_addr_t available ---\n");
+    {
+        esp_ip4_addr_t ip;
+        ip.addr = 0x0102A8C0;
+        ASSERT(ip.addr == 0x0102A8C0, "ip4_addr stores value");
+    }
+    printf("\n--- firewall_set_mining_port / set_sandbox_mint_access compile ---\n");
+    {
+        firewall_set_mining_port(3333);
+        firewall_set_mining_port(4033);
+        firewall_set_sandbox_mint_access(true);
+        firewall_set_sandbox_mint_access(false);
+        ASSERT(true, "setters compile and run without crash");
+    }
+    printf("\n--- firewall_init + client management ---\n");
+    {
+        esp_ip4_addr_t ap_ip = { .addr = 0x012FA80A };
+        esp_err_t ret = firewall_init(ap_ip);
+        ASSERT_EQ_INT(ESP_OK, (int)ret, "firewall_init succeeds");
+        ASSERT_EQ_INT(0, firewall_client_count(), "no clients after init");
+        firewall_grant_access(0x0201A8C0);
+        ASSERT_EQ_INT(1, firewall_client_count(), "1 client after grant");
+        ASSERT(firewall_is_client_allowed(0x0201A8C0), "client is allowed");
+        firewall_revoke_access(0x0201A8C0);
+        ASSERT_EQ_INT(0, firewall_client_count(), "0 clients after revoke");
+        ASSERT(!firewall_is_client_allowed(0x0201A8C0), "client not allowed after revoke");
+    }
+    printf("\n--- grant same IP twice ---\n");
+    {
+        esp_ip4_addr_t ap_ip = { .addr = 0x012FA80A };
+        firewall_init(ap_ip);
+        firewall_grant_access(0x0301A8C0);
+        firewall_grant_access(0x0301A8C0);
+        ASSERT_EQ_INT(1, firewall_client_count(), "duplicate grant does not double count");
+    }
+    printf("\n--- revoke non-existent ---\n");
+    {
+        firewall_revoke_access(0x99999999);
+        ASSERT_EQ_INT(1, firewall_client_count(), "revoke non-existent no effect");
+    }
+    printf("\n--- revoke_all ---\n");
+    {
+        firewall_grant_access(0x0401A8C0);
+        firewall_grant_access(0x0501A8C0);
+        ASSERT_EQ_INT(3, firewall_client_count(), "3 clients");
+        firewall_revoke_all();
+        ASSERT_EQ_INT(0, firewall_client_count(), "0 after revoke_all");
+    }
+    printf("\n--- max clients (10) ---\n");
+    {
+        esp_ip4_addr_t ap_ip = { .addr = 0x012FA80A };
+        firewall_init(ap_ip);
+        for (int i = 0; i < 10; i++) {
+            firewall_grant_access(0x0A000000 + i);
+        }
+        ASSERT_EQ_INT(10, firewall_client_count(), "10 clients at max");
+        firewall_grant_access(0x0A000100);
+        ASSERT_EQ_INT(10, firewall_client_count(), "still 10 after exceeding max");
+    }
+    printf("\n--- is_mac_allowed (no MACs resolved in stub) ---\n");
+    {
+        firewall_init((esp_ip4_addr_t){ .addr = 0x012FA80A });
+        firewall_grant_access(0x0601A8C0);
+        ASSERT(!firewall_is_mac_allowed(""), "empty MAC not allowed");
+    }
+    TEST_SUMMARY();
+}

diff --git a/tests/unit/test_firewall_sandbox.c b/tests/unit/test_firewall_sandbox.c new file mode 100644 index 0000000..66a491b --- /dev/null +++ b/tests/unit/test_firewall_sandbox.c
@@ -0,0 +1,94 @@
	1	#include "test_framework.h"
	2	#include "../../main/firewall.h"
	3	#include <stdio.h>
	4	#include <string.h>
	5
	6	int main(void)
	7	{
	8	printf("=== test_firewall_sandbox ===\n");
	9
	10	printf("\n--- FW_MAX_MAC_LEN is 18 ---\n");
	11	{
	12	ASSERT_EQ_INT(18, FW_MAX_MAC_LEN, "MAC length is 18 (17 chars + null)");
	13	}
	14
	15	printf("\n--- esp_ip4_addr_t available ---\n");
	16	{
	17	esp_ip4_addr_t ip;
	18	ip.addr = 0x0102A8C0;
	19	ASSERT(ip.addr == 0x0102A8C0, "ip4_addr stores value");
	20	}
	21
	22	printf("\n--- firewall_set_mining_port / set_sandbox_mint_access compile ---\n");
	23	{
	24	firewall_set_mining_port(3333);
	25	firewall_set_mining_port(4033);
	26	firewall_set_sandbox_mint_access(true);
	27	firewall_set_sandbox_mint_access(false);
	28	ASSERT(true, "setters compile and run without crash");
	29	}
	30
	31	printf("\n--- firewall_init + client management ---\n");
	32	{
	33	esp_ip4_addr_t ap_ip = { .addr = 0x012FA80A };
	34	esp_err_t ret = firewall_init(ap_ip);
	35	ASSERT_EQ_INT(ESP_OK, (int)ret, "firewall_init succeeds");
	36	ASSERT_EQ_INT(0, firewall_client_count(), "no clients after init");
	37
	38	firewall_grant_access(0x0201A8C0);
	39	ASSERT_EQ_INT(1, firewall_client_count(), "1 client after grant");
	40	ASSERT(firewall_is_client_allowed(0x0201A8C0), "client is allowed");
	41
	42	firewall_revoke_access(0x0201A8C0);
	43	ASSERT_EQ_INT(0, firewall_client_count(), "0 clients after revoke");
	44	ASSERT(!firewall_is_client_allowed(0x0201A8C0), "client not allowed after revoke");
	45	}
	46
	47	printf("\n--- grant same IP twice ---\n");
	48	{
	49	esp_ip4_addr_t ap_ip = { .addr = 0x012FA80A };
	50	firewall_init(ap_ip);
	51
	52	firewall_grant_access(0x0301A8C0);
	53	firewall_grant_access(0x0301A8C0);
	54	ASSERT_EQ_INT(1, firewall_client_count(), "duplicate grant does not double count");
	55	}
	56
	57	printf("\n--- revoke non-existent ---\n");
	58	{
	59	firewall_revoke_access(0x99999999);
	60	ASSERT_EQ_INT(1, firewall_client_count(), "revoke non-existent no effect");
	61	}
	62
	63	printf("\n--- revoke_all ---\n");
	64	{
	65	firewall_grant_access(0x0401A8C0);
	66	firewall_grant_access(0x0501A8C0);
	67	ASSERT_EQ_INT(3, firewall_client_count(), "3 clients");
	68	firewall_revoke_all();
	69	ASSERT_EQ_INT(0, firewall_client_count(), "0 after revoke_all");
	70	}
	71
	72	printf("\n--- max clients (10) ---\n");
	73	{
	74	esp_ip4_addr_t ap_ip = { .addr = 0x012FA80A };
	75	firewall_init(ap_ip);
	76
	77	for (int i = 0; i < 10; i++) {
	78	firewall_grant_access(0x0A000000 + i);
	79	}
	80	ASSERT_EQ_INT(10, firewall_client_count(), "10 clients at max");
	81
	82	firewall_grant_access(0x0A000100);
	83	ASSERT_EQ_INT(10, firewall_client_count(), "still 10 after exceeding max");
	84	}
	85
	86	printf("\n--- is_mac_allowed (no MACs resolved in stub) ---\n");
	87	{
	88	firewall_init((esp_ip4_addr_t){ .addr = 0x012FA80A });
	89	firewall_grant_access(0x0601A8C0);
	90	ASSERT(!firewall_is_mac_allowed(""), "empty MAC not allowed");
	91	}
	92
	93	TEST_SUMMARY();
	94	}