networking profile file support

author: netblue30 <netblue30@yahoo.com> 2016-04-19 11:28:19 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-04-19 11:28:19 -0400
commit: 0d5453fc72da34081f22caf191ff31a22be52af8 (patch)
tree: 763e59f9e403ccb31f41aeac97b908ba2985cb8b
parent: google-play-music-desktop-player.profile (diff)
download: firejail-0d5453fc72da34081f22caf191ff31a22be52af8.tar.gz
firejail-0d5453fc72da34081f22caf191ff31a22be52af8.tar.zst
firejail-0d5453fc72da34081f22caf191ff31a22be52af8.zip
6 files changed, 220 insertions, 13 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index b51ba2e65..15720b4c6 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1542,17 +1542,17 @@ int main(int argc, char **argv) {
                                Bridge *br = last_bridge_configured();
                                if (br == NULL) {
                                        fprintf(stderr, "Error: no network device configured\n");
-                                        return 1;
+                                        exit(1);
                                }
                                if (mac_not_zero(br->macsandbox)) {
                                        fprintf(stderr, "Error: cannot configure the MAC address twice for the same interface\n");
-                                        return 1;
+                                        exit(1);
                                }
        
                                // read the address
                                if (atomac(argv[i] + 6, br->macsandbox)) {
                                        fprintf(stderr, "Error: invalid MAC address\n");
-                                        return 1;
+                                        exit(1);
                                }
                        }
                        else {
@@ -1566,12 +1566,12 @@ int main(int argc, char **argv) {
                                Bridge *br = last_bridge_configured();
                                if (br == NULL) {
                                        fprintf(stderr, "Error: no network device configured\n");
-                                        return 1;
+                                        exit(1);
                                }
        
                                if (sscanf(argv[i] + 6, "%d", &br->mtu) != 1 || br->mtu < 576 || br->mtu > 9198) {
                                        fprintf(stderr, "Error: invalid mtu value\n");
-                                        return 1;
+                                        exit(1);
                                }
                        }
                        else {
@@ -1585,11 +1585,11 @@ int main(int argc, char **argv) {
                                Bridge *br = last_bridge_configured();
                                if (br == NULL) {
                                        fprintf(stderr, "Error: no network device configured\n");
-                                        return 1;
+                                        exit(1);
                                }
                                if (br->arg_ip_none || br->ipsandbox) {
                                        fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
-                                        return 1;
+                                        exit(1);
                                }
        
                                // configure this IP address for the last bridge defined
@@ -1598,7 +1598,7 @@ int main(int argc, char **argv) {
                                else {
                                        if (atoip(argv[i] + 5, &br->ipsandbox)) {
                                                fprintf(stderr, "Error: invalid IP address\n");
-                                                return 1;
+                                                exit(1);
                                        }
                                }
                        }
@@ -1613,11 +1613,11 @@ int main(int argc, char **argv) {
                                Bridge *br = last_bridge_configured();
                                if (br == NULL) {
                                        fprintf(stderr, "Error: no network device configured\n");
-                                        return 1;
+                                        exit(1);
                                }
                                if (br->arg_ip_none || br->ip6sandbox) {
                                        fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
-                                        return 1;
+                                        exit(1);
                                }
        
                                // configure this IP address for the last bridge defined
@@ -1625,7 +1625,7 @@ int main(int argc, char **argv) {
                                br->ip6sandbox = argv[i] + 6;
 //                              if (atoip(argv[i] + 5, &br->ipsandbox)) {
 //                                      fprintf(stderr, "Error: invalid IP address\n");
-//                                      return 1;
+//                                      exit(1);
 //                              }
                        }
                        else {
@@ -1639,7 +1639,7 @@ int main(int argc, char **argv) {
                        if (checkcfg(CFG_NETWORK)) {
                                if (atoip(argv[i] + 12, &cfg.defaultgw)) {
                                        fprintf(stderr, "Error: invalid IP address\n");
-                                        return 1;
+                                        exit(1);
                                }
                        }
                        else {
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 6ded0ca2f..7ff7c7926 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -319,7 +319,126 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                return 0;
        }
-        
+// from here
+        else if (strncmp(ptr, "mac ", 4) == 0) {
+#ifdef HAVE_NETWORK
+                if (checkcfg(CFG_NETWORK)) {
+                        Bridge *br = last_bridge_configured();
+                        if (br == NULL) {
+                                fprintf(stderr, "Error: no network device configured\n");
+                                exit(1);
+                        }
+                        
+                        if (mac_not_zero(br->macsandbox)) {
+                                fprintf(stderr, "Error: cannot configure the MAC address twice for the same interface\n");
+                                exit(1);
+                        }
+                        // read the address
+                        if (atomac(ptr + 4, br->macsandbox)) {
+                                fprintf(stderr, "Error: invalid MAC address\n");
+                                exit(1);
+                        }
+                }
+                else
+                        fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
+#endif
+                return 0;
+        }
+        else if (strncmp(ptr, "mtu ", 4) == 0) {
+#ifdef HAVE_NETWORK
+                if (checkcfg(CFG_NETWORK)) {
+                        Bridge *br = last_bridge_configured();
+                        if (br == NULL) {
+                                fprintf(stderr, "Error: no network device configured\n");
+                                exit(1);
+                        }
+                        
+                        if (sscanf(ptr + 4, "%d", &br->mtu) != 1 || br->mtu < 576 || br->mtu > 9198) {
+                                fprintf(stderr, "Error: invalid mtu value\n");
+                                exit(1);
+                        }
+                }
+                else
+                        fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
+#endif
+                return 0;
+        }
+        else if (strncmp(ptr, "ip ", 3) == 0) {
+#ifdef HAVE_NETWORK
+                if (checkcfg(CFG_NETWORK)) {
+                        Bridge *br = last_bridge_configured();
+                        if (br == NULL) {
+                                fprintf(stderr, "Error: no network device configured\n");
+                                exit(1);
+                        }
+                        if (br->arg_ip_none || br->ipsandbox) {
+                                fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
+                                exit(1);
+                        }
+                        // configure this IP address for the last bridge defined
+                        if (strcmp(ptr + 3, "none") == 0)
+                                br->arg_ip_none = 1;
+                        else {
+                                if (atoip(ptr + 3, &br->ipsandbox)) {
+                                        fprintf(stderr, "Error: invalid IP address\n");
+                                        exit(1);
+                                }
+                        }
+                }
+                else
+                        fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
+#endif
+                return 0;
+        }
+        else if (strncmp(ptr, "ip6 ", 4) == 0) {
+#ifdef HAVE_NETWORK
+                if (checkcfg(CFG_NETWORK)) {
+                        Bridge *br = last_bridge_configured();
+                        if (br == NULL) {
+                                fprintf(stderr, "Error: no network device configured\n");
+                                exit(1);
+                        }
+                        if (br->arg_ip_none || br->ip6sandbox) {
+                                fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
+                                exit(1);
+                        }
+                        // configure this IP address for the last bridge defined
+                        // todo: verify ipv6 syntax
+                        br->ip6sandbox = ptr + 4;
+//                      if (atoip(argv[i] + 5, &br->ipsandbox)) {
+//                              fprintf(stderr, "Error: invalid IP address\n");
+//                              exit(1);
+//                      }
+                        
+                }
+                else
+                        fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
+#endif
+                return 0;
+        }
+        else if (strncmp(ptr, "defaultgw ", 10) == 0) {
+#ifdef HAVE_NETWORK
+                if (checkcfg(CFG_NETWORK)) {
+                        Bridge *br = last_bridge_configured();
+                        if (atoip(ptr + 10, &cfg.defaultgw)) {
+                                fprintf(stderr, "Error: invalid IP address\n");
+                                exit(1);
+                        }
+                }
+                else
+                        fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
+#endif
+                return 0;
+        }
        if (strncmp(ptr, "protocol ", 9) == 0) {
 #ifdef HAVE_SECCOMP
                if (checkcfg(CFG_SECCOMP))
diff --git a/test/net-profile.profile b/test/net-profile.profile
new file mode 100644
index 000000000..05052b6dc
--- /dev/null
+++ b/test/net-profile.profile
@@ -0,0 +1,10 @@
+net br0
+mac 00:11:22:33:44:55
+mtu 1000
+net br1
+ip 10.10.30.50
+net br2
+ip 10.10.40.100
+net br3
+defaultgw 10.10.20.2
diff --git a/test/net_profile.exp b/test/net_profile.exp
new file mode 100755
index 000000000..37043c906
--- /dev/null
+++ b/test/net_profile.exp
@@ -0,0 +1,73 @@
+#!/usr/bin/expect -f
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+# check eth0
+send -- "firejail --profile=net-profile.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0.0\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "00:11:22:33:44:55"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "10.10.20"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.2\n";exit}
+        "255.255.255.248"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.3\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "ip route show\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "10.10.30.0/24 dev eth1  proto kernel  scope link  src 10.10.30.50"
+}
+send -- "ip route show\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "10.10.40.0/24 dev eth2  proto kernel  scope link  src 10.10.40.100"
+}
+# check default gw
+send -- "ip route show\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "default via 10.10.20.2 dev eth0"
+}
+# check mtu
+send -- "ip link show\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "mtu 1000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "state UP"
+}
+sleep 1
+puts "\nall done\n"
diff --git a/test/test.sh b/test/test.sh
index c6fe4f299..961b48807 100755
--- a/test/test.sh
+++ b/test/test.sh
@@ -10,6 +10,9 @@ echo "TESTING: cpu.print (cpu-print.exp)"
 echo "TESTING:    failing under VirtualBox where there is only one CPU"
 ./cpu-print.exp
+echo "TESTING: network profile (net_profile.exp)"
+./net_profile.exp
 echo "TESTING: bandwidth (bandwidth.exp)"
 ./bandwidth.exp
diff --git a/todo b/todo
index f23b4b13d..56cc3dc0b 100644
--- a/todo
+++ b/todo
@@ -80,3 +80,5 @@ https://github.com/torvalds/linux/blob/1e75a9f34a5ed5902707fb74b468356c55142b71/
 https://github.com/torvalds/linux/blob/1e75a9f34a5ed5902707fb74b468356c55142b71/arch/x86/entry/syscalls/syscall_32.tbl
 12. check for --chroot why .config/pulse dir is not created
+13. print error line number for profile files in  profile_check_line()
author	netblue30 <netblue30@yahoo.com>	2016-04-19 11:28:19 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-04-19 11:28:19 -0400
commit	0d5453fc72da34081f22caf191ff31a22be52af8 (patch)
tree	763e59f9e403ccb31f41aeac97b908ba2985cb8b
parent	google-play-music-desktop-player.profile (diff)
download	firejail-0d5453fc72da34081f22caf191ff31a22be52af8.tar.gz firejail-0d5453fc72da34081f22caf191ff31a22be52af8.tar.zst firejail-0d5453fc72da34081f22caf191ff31a22be52af8.zip

diff --git a/src/firejail/main.c b/src/firejail/main.c index b51ba2e65..15720b4c6 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -1542,17 +1542,17 @@ int main(int argc, char **argv) {
1542	Bridge *br = last_bridge_configured();	1542	Bridge *br = last_bridge_configured();
1543	if (br == NULL) {	1543	if (br == NULL) {
1544	fprintf(stderr, "Error: no network device configured\n");	1544	fprintf(stderr, "Error: no network device configured\n");
1545	return 1;	1545	exit(1);
1546	}	1546	}
1547	if (mac_not_zero(br->macsandbox)) {	1547	if (mac_not_zero(br->macsandbox)) {
1548	fprintf(stderr, "Error: cannot configure the MAC address twice for the same interface\n");	1548	fprintf(stderr, "Error: cannot configure the MAC address twice for the same interface\n");
1549	return 1;	1549	exit(1);
1550	}	1550	}
1551		1551
1552	// read the address	1552	// read the address
1553	if (atomac(argv[i] + 6, br->macsandbox)) {	1553	if (atomac(argv[i] + 6, br->macsandbox)) {
1554	fprintf(stderr, "Error: invalid MAC address\n");	1554	fprintf(stderr, "Error: invalid MAC address\n");
1555	return 1;	1555	exit(1);
1556	}	1556	}
1557	}	1557	}
1558	else {	1558	else {
@@ -1566,12 +1566,12 @@ int main(int argc, char **argv) {
1566	Bridge *br = last_bridge_configured();	1566	Bridge *br = last_bridge_configured();
1567	if (br == NULL) {	1567	if (br == NULL) {
1568	fprintf(stderr, "Error: no network device configured\n");	1568	fprintf(stderr, "Error: no network device configured\n");
1569	return 1;	1569	exit(1);
1570	}	1570	}
1571		1571
1572	if (sscanf(argv[i] + 6, "%d", &br->mtu) != 1 \|\| br->mtu < 576 \|\| br->mtu > 9198) {	1572	if (sscanf(argv[i] + 6, "%d", &br->mtu) != 1 \|\| br->mtu < 576 \|\| br->mtu > 9198) {
1573	fprintf(stderr, "Error: invalid mtu value\n");	1573	fprintf(stderr, "Error: invalid mtu value\n");
1574	return 1;	1574	exit(1);
1575	}	1575	}
1576	}	1576	}
1577	else {	1577	else {
@@ -1585,11 +1585,11 @@ int main(int argc, char **argv) {
1585	Bridge *br = last_bridge_configured();	1585	Bridge *br = last_bridge_configured();
1586	if (br == NULL) {	1586	if (br == NULL) {
1587	fprintf(stderr, "Error: no network device configured\n");	1587	fprintf(stderr, "Error: no network device configured\n");
1588	return 1;	1588	exit(1);
1589	}	1589	}
1590	if (br->arg_ip_none \|\| br->ipsandbox) {	1590	if (br->arg_ip_none \|\| br->ipsandbox) {
1591	fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");	1591	fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
1592	return 1;	1592	exit(1);
1593	}	1593	}
1594		1594
1595	// configure this IP address for the last bridge defined	1595	// configure this IP address for the last bridge defined
@@ -1598,7 +1598,7 @@ int main(int argc, char **argv) {
1598	else {	1598	else {
1599	if (atoip(argv[i] + 5, &br->ipsandbox)) {	1599	if (atoip(argv[i] + 5, &br->ipsandbox)) {
1600	fprintf(stderr, "Error: invalid IP address\n");	1600	fprintf(stderr, "Error: invalid IP address\n");
1601	return 1;	1601	exit(1);
1602	}	1602	}
1603	}	1603	}
1604	}	1604	}
@@ -1613,11 +1613,11 @@ int main(int argc, char **argv) {
1613	Bridge *br = last_bridge_configured();	1613	Bridge *br = last_bridge_configured();
1614	if (br == NULL) {	1614	if (br == NULL) {
1615	fprintf(stderr, "Error: no network device configured\n");	1615	fprintf(stderr, "Error: no network device configured\n");
1616	return 1;	1616	exit(1);
1617	}	1617	}
1618	if (br->arg_ip_none \|\| br->ip6sandbox) {	1618	if (br->arg_ip_none \|\| br->ip6sandbox) {
1619	fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");	1619	fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
1620	return 1;	1620	exit(1);
1621	}	1621	}
1622		1622
1623	// configure this IP address for the last bridge defined	1623	// configure this IP address for the last bridge defined
@@ -1625,7 +1625,7 @@ int main(int argc, char **argv) {
1625	br->ip6sandbox = argv[i] + 6;	1625	br->ip6sandbox = argv[i] + 6;
1626	// if (atoip(argv[i] + 5, &br->ipsandbox)) {	1626	// if (atoip(argv[i] + 5, &br->ipsandbox)) {
1627	// fprintf(stderr, "Error: invalid IP address\n");	1627	// fprintf(stderr, "Error: invalid IP address\n");
1628	// return 1;	1628	// exit(1);
1629	// }	1629	// }
1630	}	1630	}
1631	else {	1631	else {
@@ -1639,7 +1639,7 @@ int main(int argc, char **argv) {
1639	if (checkcfg(CFG_NETWORK)) {	1639	if (checkcfg(CFG_NETWORK)) {
1640	if (atoip(argv[i] + 12, &cfg.defaultgw)) {	1640	if (atoip(argv[i] + 12, &cfg.defaultgw)) {
1641	fprintf(stderr, "Error: invalid IP address\n");	1641	fprintf(stderr, "Error: invalid IP address\n");
1642	return 1;	1642	exit(1);
1643	}	1643	}
1644	}	1644	}
1645	else {	1645	else {


diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 6ded0ca2f..7ff7c7926 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -319,7 +319,126 @@ int profile_check_line(char ptr, int lineno, const char fname) {
319	return 0;	319	return 0;
320	}	320	}
321		321
322		322
		323	// from here
		324	else if (strncmp(ptr, "mac ", 4) == 0) {
		325	#ifdef HAVE_NETWORK
		326	if (checkcfg(CFG_NETWORK)) {
		327	Bridge *br = last_bridge_configured();
		328	if (br == NULL) {
		329	fprintf(stderr, "Error: no network device configured\n");
		330	exit(1);
		331	}
		332
		333	if (mac_not_zero(br->macsandbox)) {
		334	fprintf(stderr, "Error: cannot configure the MAC address twice for the same interface\n");
		335	exit(1);
		336	}
		337
		338	// read the address
		339	if (atomac(ptr + 4, br->macsandbox)) {
		340	fprintf(stderr, "Error: invalid MAC address\n");
		341	exit(1);
		342	}
		343	}
		344	else
		345	fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
		346	#endif
		347	return 0;
		348	}
		349
		350	else if (strncmp(ptr, "mtu ", 4) == 0) {
		351	#ifdef HAVE_NETWORK
		352	if (checkcfg(CFG_NETWORK)) {
		353	Bridge *br = last_bridge_configured();
		354	if (br == NULL) {
		355	fprintf(stderr, "Error: no network device configured\n");
		356	exit(1);
		357	}
		358
		359	if (sscanf(ptr + 4, "%d", &br->mtu) != 1 \|\| br->mtu < 576 \|\| br->mtu > 9198) {
		360	fprintf(stderr, "Error: invalid mtu value\n");
		361	exit(1);
		362	}
		363	}
		364	else
		365	fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
		366	#endif
		367	return 0;
		368	}
		369
		370	else if (strncmp(ptr, "ip ", 3) == 0) {
		371	#ifdef HAVE_NETWORK
		372	if (checkcfg(CFG_NETWORK)) {
		373	Bridge *br = last_bridge_configured();
		374	if (br == NULL) {
		375	fprintf(stderr, "Error: no network device configured\n");
		376	exit(1);
		377	}
		378	if (br->arg_ip_none \|\| br->ipsandbox) {
		379	fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
		380	exit(1);
		381	}
		382
		383	// configure this IP address for the last bridge defined
		384	if (strcmp(ptr + 3, "none") == 0)
		385	br->arg_ip_none = 1;
		386	else {
		387	if (atoip(ptr + 3, &br->ipsandbox)) {
		388	fprintf(stderr, "Error: invalid IP address\n");
		389	exit(1);
		390	}
		391	}
		392	}
		393	else
		394	fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
		395	#endif
		396	return 0;
		397	}
		398
		399	else if (strncmp(ptr, "ip6 ", 4) == 0) {
		400	#ifdef HAVE_NETWORK
		401	if (checkcfg(CFG_NETWORK)) {
		402	Bridge *br = last_bridge_configured();
		403	if (br == NULL) {
		404	fprintf(stderr, "Error: no network device configured\n");
		405	exit(1);
		406	}
		407	if (br->arg_ip_none \|\| br->ip6sandbox) {
		408	fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
		409	exit(1);
		410	}
		411
		412	// configure this IP address for the last bridge defined
		413	// todo: verify ipv6 syntax
		414	br->ip6sandbox = ptr + 4;
		415	// if (atoip(argv[i] + 5, &br->ipsandbox)) {
		416	// fprintf(stderr, "Error: invalid IP address\n");
		417	// exit(1);
		418	// }
		419
		420	}
		421	else
		422	fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
		423	#endif
		424	return 0;
		425	}
		426
		427	else if (strncmp(ptr, "defaultgw ", 10) == 0) {
		428	#ifdef HAVE_NETWORK
		429	if (checkcfg(CFG_NETWORK)) {
		430	Bridge *br = last_bridge_configured();
		431	if (atoip(ptr + 10, &cfg.defaultgw)) {
		432	fprintf(stderr, "Error: invalid IP address\n");
		433	exit(1);
		434	}
		435	}
		436	else
		437	fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
		438	#endif
		439	return 0;
		440	}
		441
323	if (strncmp(ptr, "protocol ", 9) == 0) {	442	if (strncmp(ptr, "protocol ", 9) == 0) {
324	#ifdef HAVE_SECCOMP	443	#ifdef HAVE_SECCOMP
325	if (checkcfg(CFG_SECCOMP))	444	if (checkcfg(CFG_SECCOMP))


diff --git a/test/net-profile.profile b/test/net-profile.profile new file mode 100644 index 000000000..05052b6dc --- /dev/null +++ b/test/net-profile.profile
@@ -0,0 +1,10 @@
		1	net br0
		2	mac 00:11:22:33:44:55
		3	mtu 1000
		4	net br1
		5	ip 10.10.30.50
		6	net br2
		7	ip 10.10.40.100
		8	net br3
		9	defaultgw 10.10.20.2
		10


diff --git a/test/net_profile.exp b/test/net_profile.exp new file mode 100755 index 000000000..37043c906 --- /dev/null +++ b/test/net_profile.exp
@@ -0,0 +1,73 @@
		1	#!/usr/bin/expect -f
		2
		3	set timeout 10
		4	spawn $env(SHELL)
		5	match_max 100000
		6
		7	# check eth0
		8	send -- "firejail --profile=net-profile.profile\r"
		9	expect {
		10	timeout {puts "TESTING ERROR 0.0\n";exit}
		11	"eth0"
		12	}
		13	expect {
		14	timeout {puts "TESTING ERROR 0.1\n";exit}
		15	"00:11:22:33:44:55"
		16	}
		17	expect {
		18	timeout {puts "TESTING ERROR 0.1\n";exit}
		19	"10.10.20"
		20	}
		21	expect {
		22	timeout {puts "TESTING ERROR 0.2\n";exit}
		23	"255.255.255.248"
		24	}
		25	expect {
		26	timeout {puts "TESTING ERROR 0.3\n";exit}
		27	"UP"
		28	}
		29	expect {
		30	timeout {puts "TESTING ERROR 0.4\n";exit}
		31	"Child process initialized"
		32	}
		33	sleep 2
		34
		35	send -- "ip route show\r"
		36	expect {
		37	timeout {puts "TESTING ERROR 1\n";exit}
		38	"10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50"
		39	}
		40
		41	send -- "ip route show\r"
		42	expect {
		43	timeout {puts "TESTING ERROR 2\n";exit}
		44	"10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100"
		45	}
		46
		47
		48	# check default gw
		49	send -- "ip route show\r"
		50	expect {
		51	timeout {puts "TESTING ERROR 3\n";exit}
		52	"default via 10.10.20.2 dev eth0"
		53	}
		54
		55	# check mtu
		56	send -- "ip link show\r"
		57	expect {
		58	timeout {puts "TESTING ERROR 4\n";exit}
		59	"eth0"
		60	}
		61	expect {
		62	timeout {puts "TESTING ERROR 5\n";exit}
		63	"mtu 1000"
		64	}
		65	expect {
		66	timeout {puts "TESTING ERROR 6\n";exit}
		67	"state UP"
		68	}
		69
		70	sleep 1
		71
		72	puts "\nall done\n"
		73


diff --git a/test/test.sh b/test/test.sh index c6fe4f299..961b48807 100755 --- a/test/test.sh +++ b/test/test.sh
@@ -10,6 +10,9 @@ echo "TESTING: cpu.print (cpu-print.exp)"
10	echo "TESTING: failing under VirtualBox where there is only one CPU"	10	echo "TESTING: failing under VirtualBox where there is only one CPU"
11	./cpu-print.exp	11	./cpu-print.exp
12		12
		13	echo "TESTING: network profile (net_profile.exp)"
		14	./net_profile.exp
		15
13	echo "TESTING: bandwidth (bandwidth.exp)"	16	echo "TESTING: bandwidth (bandwidth.exp)"
14	./bandwidth.exp	17	./bandwidth.exp
15		18


diff --git a/todo b/todo index f23b4b13d..56cc3dc0b 100644 --- a/todo +++ b/todo
@@ -80,3 +80,5 @@ https://github.com/torvalds/linux/blob/1e75a9f34a5ed5902707fb74b468356c55142b71/
80	https://github.com/torvalds/linux/blob/1e75a9f34a5ed5902707fb74b468356c55142b71/arch/x86/entry/syscalls/syscall_32.tbl	80	https://github.com/torvalds/linux/blob/1e75a9f34a5ed5902707fb74b468356c55142b71/arch/x86/entry/syscalls/syscall_32.tbl
81		81
82	12. check for --chroot why .config/pulse dir is not created	82	12. check for --chroot why .config/pulse dir is not created
		83
		84	13. print error line number for profile files in profile_check_line()