diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-04-04 22:01:33 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-04-04 22:01:33 -0400 |
| commit | 54fc70b7bf4e3f74c63d068a873de5a9ddf78330 (patch) | |
| tree | 98e15626d9271b14f8208e29debbb6685eb0d65a | |
| parent | grsecurity: --join, --shutdown (diff) | |
| download | firejail-54fc70b7bf4e3f74c63d068a873de5a9ddf78330.tar.gz firejail-54fc70b7bf4e3f74c63d068a873de5a9ddf78330.tar.zst firejail-54fc70b7bf4e3f74c63d068a873de5a9ddf78330.zip | |
grsecurity: network testing
| -rwxr-xr-x | test/4bridges_arp.exp | 37 | ||||
| -rwxr-xr-x | test/4bridges_ip.exp | 35 | ||||
| -rwxr-xr-x | test/net_defaultgw.exp | 35 | ||||
| -rwxr-xr-x | test/net_defaultgw2.exp | 47 | ||||
| -rwxr-xr-x | test/net_ip.exp | 33 |
5 files changed, 59 insertions, 128 deletions
diff --git a/test/4bridges_arp.exp b/test/4bridges_arp.exp index 3004082e6..6a3e6db2a 100755 --- a/test/4bridges_arp.exp +++ b/test/4bridges_arp.exp | |||
| @@ -115,7 +115,7 @@ sleep 2 | |||
| 115 | 115 | ||
| 116 | 116 | ||
| 117 | # check loopback | 117 | # check loopback |
| 118 | send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" | 118 | send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3 --protocol=unix,inet,netlink\r" |
| 119 | expect { | 119 | expect { |
| 120 | timeout {puts "TESTING ERROR 5\n";exit} | 120 | timeout {puts "TESTING ERROR 5\n";exit} |
| 121 | "lo" | 121 | "lo" |
| @@ -136,40 +136,35 @@ expect { | |||
| 136 | timeout {puts "TESTING ERROR 9\n";exit} | 136 | timeout {puts "TESTING ERROR 9\n";exit} |
| 137 | "Child process initialized" | 137 | "Child process initialized" |
| 138 | } | 138 | } |
| 139 | sleep 1 | ||
| 139 | 140 | ||
| 140 | # check default gateway | 141 | # check default gateway |
| 141 | send -- "bash\r" | 142 | send -- "ip route show\r" |
| 142 | sleep 1 | ||
| 143 | send -- "netstat -rn;pwd\r" | ||
| 144 | expect { | 143 | expect { |
| 145 | timeout {puts "TESTING ERROR 10.1\n";exit} | 144 | timeout {puts "TESTING ERROR 10.1\n";exit} |
| 146 | "0.0.0.0" | 145 | "default via 10.10.20.1 dev eth0" |
| 147 | } | 146 | } |
| 147 | send -- "ip route show\r" | ||
| 148 | expect { | 148 | expect { |
| 149 | timeout {puts "TESTING ERROR 10.2\n";exit} | 149 | timeout {puts "TESTING ERROR 10.2\n";exit} |
| 150 | "10.10.20.1" | 150 | "10.10.20.0/29 dev eth0 proto kernel scope link" |
| 151 | } | ||
| 152 | expect { | ||
| 153 | timeout {puts "TESTING ERROR 10.3\n";exit} | ||
| 154 | "eth0" | ||
| 155 | } | 151 | } |
| 152 | send -- "ip route show\r" | ||
| 156 | expect { | 153 | expect { |
| 157 | timeout {puts "TESTING ERROR 10.4\n";exit} | 154 | timeout {puts "TESTING ERROR 10.2\n";exit} |
| 158 | "10.10.20.0" | 155 | "10.10.30.0/24 dev eth1 proto kernel scope link" |
| 159 | } | ||
| 160 | expect { | ||
| 161 | timeout {puts "TESTING ERROR 10.5\n";exit} | ||
| 162 | "0.0.0.0" | ||
| 163 | } | 156 | } |
| 157 | send -- "ip route show\r" | ||
| 164 | expect { | 158 | expect { |
| 165 | timeout {puts "TESTING ERROR 10.6\n";exit} | 159 | timeout {puts "TESTING ERROR 10.2\n";exit} |
| 166 | "eth0" | 160 | "10.10.40.0/24 dev eth2 proto kernel scope link" |
| 167 | } | 161 | } |
| 162 | send -- "ip route show\r" | ||
| 168 | expect { | 163 | expect { |
| 169 | timeout {puts "TESTING ERROR 10\n";exit} | 164 | timeout {puts "TESTING ERROR 10.2\n";exit} |
| 170 | "home" | 165 | "10.10.50.0/24 dev eth3 proto kernel scope link" |
| 171 | } | 166 | } |
| 172 | sleep 1 | 167 | sleep 1 |
| 173 | 168 | ||
| 174 | puts "\n" | 169 | puts "\nall done\n" |
| 175 | 170 | ||
diff --git a/test/4bridges_ip.exp b/test/4bridges_ip.exp index 9e37b4ff4..8068aeebb 100755 --- a/test/4bridges_ip.exp +++ b/test/4bridges_ip.exp | |||
| @@ -115,7 +115,7 @@ sleep 2 | |||
| 115 | 115 | ||
| 116 | 116 | ||
| 117 | # check loopback | 117 | # check loopback |
| 118 | send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" | 118 | send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3 --protocol=unix,inet,netlink\r" |
| 119 | expect { | 119 | expect { |
| 120 | timeout {puts "TESTING ERROR 5\n";exit} | 120 | timeout {puts "TESTING ERROR 5\n";exit} |
| 121 | "lo" | 121 | "lo" |
| @@ -138,38 +138,37 @@ expect { | |||
| 138 | } | 138 | } |
| 139 | 139 | ||
| 140 | # check default gateway | 140 | # check default gateway |
| 141 | send -- "bash\r" | 141 | send -- "ip route show\r" |
| 142 | sleep 1 | ||
| 143 | send -- "netstat -rn;pwd\r" | ||
| 144 | expect { | 142 | expect { |
| 145 | timeout {puts "TESTING ERROR 10.1\n";exit} | 143 | timeout {puts "TESTING ERROR 10.1\n";exit} |
| 146 | "0.0.0.0" | 144 | "default via 10.10.20.1 dev eth0" |
| 147 | } | 145 | } |
| 146 | |||
| 147 | send -- "ip route show\r" | ||
| 148 | expect { | 148 | expect { |
| 149 | timeout {puts "TESTING ERROR 10.2\n";exit} | 149 | timeout {puts "TESTING ERROR 10.2\n";exit} |
| 150 | "10.10.20.1" | 150 | "10.10.20.0/29 dev eth0 proto kernel scope link" |
| 151 | } | 151 | } |
| 152 | |||
| 153 | send -- "ip route show\r" | ||
| 152 | expect { | 154 | expect { |
| 153 | timeout {puts "TESTING ERROR 10.3\n";exit} | 155 | timeout {puts "TESTING ERROR 10.3\n";exit} |
| 154 | "eth0" | 156 | "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" |
| 155 | } | 157 | } |
| 158 | |||
| 159 | send -- "ip route show\r" | ||
| 156 | expect { | 160 | expect { |
| 157 | timeout {puts "TESTING ERROR 10.4\n";exit} | 161 | timeout {puts "TESTING ERROR 10.4\n";exit} |
| 158 | "10.10.20.0" | 162 | "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" |
| 159 | } | 163 | } |
| 164 | |||
| 165 | send -- "ip route show\r" | ||
| 160 | expect { | 166 | expect { |
| 161 | timeout {puts "TESTING ERROR 10.5\n";exit} | 167 | timeout {puts "TESTING ERROR 10.5\n";exit} |
| 162 | "0.0.0.0" | 168 | "10.10.50.0/24 dev eth3 proto kernel scope link" |
| 163 | } | ||
| 164 | expect { | ||
| 165 | timeout {puts "TESTING ERROR 10.6\n";exit} | ||
| 166 | "eth0" | ||
| 167 | } | ||
| 168 | expect { | ||
| 169 | timeout {puts "TESTING ERROR 10\n";exit} | ||
| 170 | "home" | ||
| 171 | } | 169 | } |
| 170 | |||
| 172 | sleep 1 | 171 | sleep 1 |
| 173 | 172 | ||
| 174 | puts "\n" | 173 | puts "\nall done\n" |
| 175 | 174 | ||
diff --git a/test/net_defaultgw.exp b/test/net_defaultgw.exp index 9820660b7..840f2ccac 100755 --- a/test/net_defaultgw.exp +++ b/test/net_defaultgw.exp | |||
| @@ -5,7 +5,7 @@ spawn $env(SHELL) | |||
| 5 | match_max 100000 | 5 | match_max 100000 |
| 6 | 6 | ||
| 7 | # check ip address | 7 | # check ip address |
| 8 | send -- "firejail --net=br0 --ip=10.10.20.5 --defaultgw=10.10.20.2\r" | 8 | send -- "firejail --net=br0 --ip=10.10.20.5 --defaultgw=10.10.20.2 --protocol=unix,inet,netlink\r" |
| 9 | expect { | 9 | expect { |
| 10 | timeout {puts "TESTING ERROR 0\n";exit} | 10 | timeout {puts "TESTING ERROR 0\n";exit} |
| 11 | "eth0" | 11 | "eth0" |
| @@ -26,40 +26,21 @@ expect { | |||
| 26 | timeout {puts "TESTING ERROR 4\n";exit} | 26 | timeout {puts "TESTING ERROR 4\n";exit} |
| 27 | "Child process initialized" | 27 | "Child process initialized" |
| 28 | } | 28 | } |
| 29 | sleep 1 | ||
| 29 | 30 | ||
| 30 | # check default gateway | 31 | # check default gateway |
| 31 | send -- "bash\r" | 32 | send -- "ip route show\r" |
| 32 | sleep 1 | ||
| 33 | send -- "netstat -rn;pwd\r" | ||
| 34 | expect { | 33 | expect { |
| 35 | timeout {puts "TESTING ERROR 10.1\n";exit} | 34 | timeout {puts "TESTING ERROR 10.1\n";exit} |
| 36 | "0.0.0.0" | 35 | "default via 10.10.20.2 dev eth0" |
| 37 | } | 36 | } |
| 37 | |||
| 38 | send -- "ip route show\r" | ||
| 38 | expect { | 39 | expect { |
| 39 | timeout {puts "TESTING ERROR 10.2\n";exit} | 40 | timeout {puts "TESTING ERROR 10.2\n";exit} |
| 40 | "10.10.20.2" | 41 | "10.10.20.0/29 dev eth0 proto kernel scope link" |
| 41 | } | ||
| 42 | expect { | ||
| 43 | timeout {puts "TESTING ERROR 10.3\n";exit} | ||
| 44 | "eth0" | ||
| 45 | } | ||
| 46 | expect { | ||
| 47 | timeout {puts "TESTING ERROR 10.4\n";exit} | ||
| 48 | "10.10.20.0" | ||
| 49 | } | ||
| 50 | expect { | ||
| 51 | timeout {puts "TESTING ERROR 10.5\n";exit} | ||
| 52 | "0.0.0.0" | ||
| 53 | } | ||
| 54 | expect { | ||
| 55 | timeout {puts "TESTING ERROR 10.6\n";exit} | ||
| 56 | "eth0" | ||
| 57 | } | ||
| 58 | expect { | ||
| 59 | timeout {puts "TESTING ERROR 10\n";exit} | ||
| 60 | "home" | ||
| 61 | } | 42 | } |
| 62 | sleep 1 | 43 | sleep 1 |
| 63 | 44 | ||
| 64 | puts "\n" | 45 | puts "\nall done\n" |
| 65 | 46 | ||
diff --git a/test/net_defaultgw2.exp b/test/net_defaultgw2.exp index be9b4882a..db14e17cb 100755 --- a/test/net_defaultgw2.exp +++ b/test/net_defaultgw2.exp | |||
| @@ -5,7 +5,7 @@ spawn $env(SHELL) | |||
| 5 | match_max 100000 | 5 | match_max 100000 |
| 6 | 6 | ||
| 7 | # check ip address | 7 | # check ip address |
| 8 | send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.30.89\r" | 8 | send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.30.89 --protocol=unix,inet,netlink\r" |
| 9 | expect { | 9 | expect { |
| 10 | timeout {puts "TESTING ERROR 0\n";exit} | 10 | timeout {puts "TESTING ERROR 0\n";exit} |
| 11 | "eth1" | 11 | "eth1" |
| @@ -14,52 +14,27 @@ expect { | |||
| 14 | timeout {puts "TESTING ERROR 4\n";exit} | 14 | timeout {puts "TESTING ERROR 4\n";exit} |
| 15 | "Child process initialized" | 15 | "Child process initialized" |
| 16 | } | 16 | } |
| 17 | sleep 1 | ||
| 17 | 18 | ||
| 18 | # check default gateway | 19 | # check default gateway |
| 19 | send -- "bash\r" | 20 | send -- "ip route show\r" |
| 20 | sleep 1 | ||
| 21 | send -- "netstat -rn;pwd\r" | ||
| 22 | expect { | 21 | expect { |
| 23 | timeout {puts "TESTING ERROR 10.1\n";exit} | 22 | timeout {puts "TESTING ERROR 10.1\n";exit} |
| 24 | "0.0.0.0" | 23 | "default via 10.10.30.89 dev eth1" |
| 25 | } | 24 | } |
| 25 | |||
| 26 | send -- "ip route show\r" | ||
| 26 | expect { | 27 | expect { |
| 27 | timeout {puts "TESTING ERROR 10.2\n";exit} | 28 | timeout {puts "TESTING ERROR 10.2\n";exit} |
| 28 | "10.10.30.89" | 29 | "10.10.20.0/29 dev eth0 proto kernel scope link" |
| 29 | } | 30 | } |
| 31 | |||
| 32 | send -- "ip route show\r" | ||
| 30 | expect { | 33 | expect { |
| 31 | timeout {puts "TESTING ERROR 10.3\n";exit} | 34 | timeout {puts "TESTING ERROR 10.3\n";exit} |
| 32 | "eth1" | 35 | "10.10.30.0/24 dev eth1 proto kernel scope link" |
| 33 | } | ||
| 34 | expect { | ||
| 35 | timeout {puts "TESTING ERROR 10.4\n";exit} | ||
| 36 | "10.10.20.0" | ||
| 37 | } | ||
| 38 | expect { | ||
| 39 | timeout {puts "TESTING ERROR 10.5\n";exit} | ||
| 40 | "0.0.0.0" | ||
| 41 | } | ||
| 42 | expect { | ||
| 43 | timeout {puts "TESTING ERROR 10.6\n";exit} | ||
| 44 | "eth0" | ||
| 45 | } | ||
| 46 | expect { | ||
| 47 | timeout {puts "TESTING ERROR 10.4\n";exit} | ||
| 48 | "10.10.30.0" | ||
| 49 | } | ||
| 50 | expect { | ||
| 51 | timeout {puts "TESTING ERROR 10.5\n";exit} | ||
| 52 | "0.0.0.0" | ||
| 53 | } | ||
| 54 | expect { | ||
| 55 | timeout {puts "TESTING ERROR 10.6\n";exit} | ||
| 56 | "eth1" | ||
| 57 | } | ||
| 58 | expect { | ||
| 59 | timeout {puts "TESTING ERROR 10\n";exit} | ||
| 60 | "home" | ||
| 61 | } | 36 | } |
| 62 | sleep 1 | 37 | sleep 1 |
| 63 | 38 | ||
| 64 | puts "\n" | 39 | puts "\nall done\n" |
| 65 | 40 | ||
diff --git a/test/net_ip.exp b/test/net_ip.exp index 5995296c7..f5d487ecc 100755 --- a/test/net_ip.exp +++ b/test/net_ip.exp | |||
| @@ -31,7 +31,7 @@ send -- "exit\r" | |||
| 31 | sleep 2 | 31 | sleep 2 |
| 32 | 32 | ||
| 33 | # check loopback | 33 | # check loopback |
| 34 | send -- "firejail --net=br0 --ip=10.10.20.5\r" | 34 | send -- "firejail --net=br0 --ip=10.10.20.5 --protocol=unix,inet,netlink\r" |
| 35 | expect { | 35 | expect { |
| 36 | timeout {puts "TESTING ERROR 5\n";exit} | 36 | timeout {puts "TESTING ERROR 5\n";exit} |
| 37 | "lo" | 37 | "lo" |
| @@ -52,38 +52,19 @@ expect { | |||
| 52 | timeout {puts "TESTING ERROR 9\n";exit} | 52 | timeout {puts "TESTING ERROR 9\n";exit} |
| 53 | "Child process initialized" | 53 | "Child process initialized" |
| 54 | } | 54 | } |
| 55 | sleep 1 | ||
| 55 | 56 | ||
| 56 | # check default gateway | 57 | # check default gateway |
| 57 | send -- "bash\r" | 58 | send -- "ip route show\r" |
| 58 | sleep 1 | ||
| 59 | send -- "netstat -rn;pwd\r" | ||
| 60 | expect { | 59 | expect { |
| 61 | timeout {puts "TESTING ERROR 10.1\n";exit} | 60 | timeout {puts "TESTING ERROR 10.1\n";exit} |
| 62 | "0.0.0.0" | 61 | "default via 10.10.20.1 dev eth0" |
| 63 | } | ||
| 64 | expect { | ||
| 65 | timeout {puts "TESTING ERROR 10.2\n";exit} | ||
| 66 | "10.10.20.1" | ||
| 67 | } | ||
| 68 | expect { | ||
| 69 | timeout {puts "TESTING ERROR 10.3\n";exit} | ||
| 70 | "eth0" | ||
| 71 | } | ||
| 72 | expect { | ||
| 73 | timeout {puts "TESTING ERROR 10.4\n";exit} | ||
| 74 | "10.10.20.0" | ||
| 75 | } | ||
| 76 | expect { | ||
| 77 | timeout {puts "TESTING ERROR 10.5\n";exit} | ||
| 78 | "0.0.0.0" | ||
| 79 | } | ||
| 80 | expect { | ||
| 81 | timeout {puts "TESTING ERROR 10.6\n";exit} | ||
| 82 | "eth0" | ||
| 83 | } | 62 | } |
| 63 | |||
| 64 | send -- "ip route show\r" | ||
| 84 | expect { | 65 | expect { |
| 85 | timeout {puts "TESTING ERROR 10\n";exit} | 66 | timeout {puts "TESTING ERROR 10\n";exit} |
| 86 | "home" | 67 | "10.10.20.0/29 dev eth0 proto kernel scope link" |
| 87 | } | 68 | } |
| 88 | sleep 1 | 69 | sleep 1 |
| 89 | 70 | ||