diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-05-03 08:41:24 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-05-03 08:41:24 -0400 |
| commit | 57bea6c8c4d1bd666ce57057b1cbb681b3cc4afc (patch) | |
| tree | 60f90718665a1a812b552f589bc4d85616232df1 /test/network | |
| parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
| download | firejail-57bea6c8c4d1bd666ce57057b1cbb681b3cc4afc.tar.gz firejail-57bea6c8c4d1bd666ce57057b1cbb681b3cc4afc.tar.zst firejail-57bea6c8c4d1bd666ce57057b1cbb681b3cc4afc.zip | |
networking features testing
Diffstat (limited to 'test/network')
26 files changed, 1360 insertions, 0 deletions
diff --git a/test/network/4bridges_arp.exp b/test/network/4bridges_arp.exp new file mode 100755 index 000000000..6a3e6db2a --- /dev/null +++ b/test/network/4bridges_arp.exp | |||
| @@ -0,0 +1,170 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # check eth0 | ||
| 8 | send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" | ||
| 9 | expect { | ||
| 10 | timeout {puts "TESTING ERROR 0.0\n";exit} | ||
| 11 | "eth0" | ||
| 12 | } | ||
| 13 | expect { | ||
| 14 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
| 15 | "10.10.20" | ||
| 16 | } | ||
| 17 | expect { | ||
| 18 | timeout {puts "TESTING ERROR 0.2\n";exit} | ||
| 19 | "255.255.255.248" | ||
| 20 | } | ||
| 21 | expect { | ||
| 22 | timeout {puts "TESTING ERROR 0.3\n";exit} | ||
| 23 | "UP" | ||
| 24 | } | ||
| 25 | expect { | ||
| 26 | timeout {puts "TESTING ERROR 0.4\n";exit} | ||
| 27 | "Child process initialized" | ||
| 28 | } | ||
| 29 | sleep 2 | ||
| 30 | send -- "exit\r" | ||
| 31 | sleep 2 | ||
| 32 | |||
| 33 | # check eth1 | ||
| 34 | send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" | ||
| 35 | expect { | ||
| 36 | timeout {puts "TESTING ERROR 1.0\n";exit} | ||
| 37 | "eth1" | ||
| 38 | } | ||
| 39 | expect { | ||
| 40 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
| 41 | "10.10.30" | ||
| 42 | } | ||
| 43 | expect { | ||
| 44 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
| 45 | "255.255.255.0" | ||
| 46 | } | ||
| 47 | expect { | ||
| 48 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
| 49 | "UP" | ||
| 50 | } | ||
| 51 | expect { | ||
| 52 | timeout {puts "TESTING ERROR 1.4\n";exit} | ||
| 53 | "Child process initialized" | ||
| 54 | } | ||
| 55 | sleep 2 | ||
| 56 | send -- "exit\r" | ||
| 57 | sleep 2 | ||
| 58 | |||
| 59 | |||
| 60 | # check eth2 | ||
| 61 | send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" | ||
| 62 | expect { | ||
| 63 | timeout {puts "TESTING ERROR 2.0\n";exit} | ||
| 64 | "eth2" | ||
| 65 | } | ||
| 66 | expect { | ||
| 67 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
| 68 | "10.10.40" | ||
| 69 | } | ||
| 70 | expect { | ||
| 71 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
| 72 | "255.255.255.0" | ||
| 73 | } | ||
| 74 | expect { | ||
| 75 | timeout {puts "TESTING ERROR 2.3\n";exit} | ||
| 76 | "UP" | ||
| 77 | } | ||
| 78 | expect { | ||
| 79 | timeout {puts "TESTING ERROR 2.4\n";exit} | ||
| 80 | "Child process initialized" | ||
| 81 | } | ||
| 82 | sleep 2 | ||
| 83 | send -- "exit\r" | ||
| 84 | sleep 2 | ||
| 85 | |||
| 86 | |||
| 87 | |||
| 88 | # check eth3 | ||
| 89 | send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" | ||
| 90 | expect { | ||
| 91 | timeout {puts "TESTING ERROR 3.0\n";exit} | ||
| 92 | "eth3" | ||
| 93 | } | ||
| 94 | expect { | ||
| 95 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
| 96 | "10.10.50" | ||
| 97 | } | ||
| 98 | expect { | ||
| 99 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
| 100 | "255.255.255.0" | ||
| 101 | } | ||
| 102 | expect { | ||
| 103 | timeout {puts "TESTING ERROR 3.3\n";exit} | ||
| 104 | "UP" | ||
| 105 | } | ||
| 106 | expect { | ||
| 107 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 108 | "Child process initialized" | ||
| 109 | } | ||
| 110 | sleep 2 | ||
| 111 | send -- "exit\r" | ||
| 112 | sleep 2 | ||
| 113 | |||
| 114 | |||
| 115 | |||
| 116 | |||
| 117 | # check loopback | ||
| 118 | send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3 --protocol=unix,inet,netlink\r" | ||
| 119 | expect { | ||
| 120 | timeout {puts "TESTING ERROR 5\n";exit} | ||
| 121 | "lo" | ||
| 122 | } | ||
| 123 | expect { | ||
| 124 | timeout {puts "TESTING ERROR 6\n";exit} | ||
| 125 | "127.0.0.1" | ||
| 126 | } | ||
| 127 | expect { | ||
| 128 | timeout {puts "TESTING ERROR 7\n";exit} | ||
| 129 | "255.0.0.0" | ||
| 130 | } | ||
| 131 | expect { | ||
| 132 | timeout {puts "TESTING ERROR 8\n";exit} | ||
| 133 | "UP" | ||
| 134 | } | ||
| 135 | expect { | ||
| 136 | timeout {puts "TESTING ERROR 9\n";exit} | ||
| 137 | "Child process initialized" | ||
| 138 | } | ||
| 139 | sleep 1 | ||
| 140 | |||
| 141 | # check default gateway | ||
| 142 | send -- "ip route show\r" | ||
| 143 | expect { | ||
| 144 | timeout {puts "TESTING ERROR 10.1\n";exit} | ||
| 145 | "default via 10.10.20.1 dev eth0" | ||
| 146 | } | ||
| 147 | send -- "ip route show\r" | ||
| 148 | expect { | ||
| 149 | timeout {puts "TESTING ERROR 10.2\n";exit} | ||
| 150 | "10.10.20.0/29 dev eth0 proto kernel scope link" | ||
| 151 | } | ||
| 152 | send -- "ip route show\r" | ||
| 153 | expect { | ||
| 154 | timeout {puts "TESTING ERROR 10.2\n";exit} | ||
| 155 | "10.10.30.0/24 dev eth1 proto kernel scope link" | ||
| 156 | } | ||
| 157 | send -- "ip route show\r" | ||
| 158 | expect { | ||
| 159 | timeout {puts "TESTING ERROR 10.2\n";exit} | ||
| 160 | "10.10.40.0/24 dev eth2 proto kernel scope link" | ||
| 161 | } | ||
| 162 | send -- "ip route show\r" | ||
| 163 | expect { | ||
| 164 | timeout {puts "TESTING ERROR 10.2\n";exit} | ||
| 165 | "10.10.50.0/24 dev eth3 proto kernel scope link" | ||
| 166 | } | ||
| 167 | sleep 1 | ||
| 168 | |||
| 169 | puts "\nall done\n" | ||
| 170 | |||
diff --git a/test/network/4bridges_ip.exp b/test/network/4bridges_ip.exp new file mode 100755 index 000000000..8068aeebb --- /dev/null +++ b/test/network/4bridges_ip.exp | |||
| @@ -0,0 +1,174 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # check eth0 | ||
| 8 | send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" | ||
| 9 | expect { | ||
| 10 | timeout {puts "TESTING ERROR 0.0\n";exit} | ||
| 11 | "eth0" | ||
| 12 | } | ||
| 13 | expect { | ||
| 14 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
| 15 | "10.10.20" | ||
| 16 | } | ||
| 17 | expect { | ||
| 18 | timeout {puts "TESTING ERROR 0.2\n";exit} | ||
| 19 | "255.255.255.248" | ||
| 20 | } | ||
| 21 | expect { | ||
| 22 | timeout {puts "TESTING ERROR 0.3\n";exit} | ||
| 23 | "UP" | ||
| 24 | } | ||
| 25 | expect { | ||
| 26 | timeout {puts "TESTING ERROR 0.4\n";exit} | ||
| 27 | "Child process initialized" | ||
| 28 | } | ||
| 29 | sleep 2 | ||
| 30 | send -- "exit\r" | ||
| 31 | sleep 2 | ||
| 32 | |||
| 33 | # check eth1 | ||
| 34 | send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" | ||
| 35 | expect { | ||
| 36 | timeout {puts "TESTING ERROR 1.0\n";exit} | ||
| 37 | "eth1" | ||
| 38 | } | ||
| 39 | expect { | ||
| 40 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
| 41 | "10.10.30.50" | ||
| 42 | } | ||
| 43 | expect { | ||
| 44 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
| 45 | "255.255.255.0" | ||
| 46 | } | ||
| 47 | expect { | ||
| 48 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
| 49 | "UP" | ||
| 50 | } | ||
| 51 | expect { | ||
| 52 | timeout {puts "TESTING ERROR 1.4\n";exit} | ||
| 53 | "Child process initialized" | ||
| 54 | } | ||
| 55 | sleep 2 | ||
| 56 | send -- "exit\r" | ||
| 57 | sleep 2 | ||
| 58 | |||
| 59 | |||
| 60 | # check eth2 | ||
| 61 | send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" | ||
| 62 | expect { | ||
| 63 | timeout {puts "TESTING ERROR 2.0\n";exit} | ||
| 64 | "eth2" | ||
| 65 | } | ||
| 66 | expect { | ||
| 67 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
| 68 | "10.10.40.100" | ||
| 69 | } | ||
| 70 | expect { | ||
| 71 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
| 72 | "255.255.255.0" | ||
| 73 | } | ||
| 74 | expect { | ||
| 75 | timeout {puts "TESTING ERROR 2.3\n";exit} | ||
| 76 | "UP" | ||
| 77 | } | ||
| 78 | expect { | ||
| 79 | timeout {puts "TESTING ERROR 2.4\n";exit} | ||
| 80 | "Child process initialized" | ||
| 81 | } | ||
| 82 | sleep 2 | ||
| 83 | send -- "exit\r" | ||
| 84 | sleep 2 | ||
| 85 | |||
| 86 | |||
| 87 | |||
| 88 | # check eth3 | ||
| 89 | send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" | ||
| 90 | expect { | ||
| 91 | timeout {puts "TESTING ERROR 3.0\n";exit} | ||
| 92 | "eth3" | ||
| 93 | } | ||
| 94 | expect { | ||
| 95 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
| 96 | "10.10.50" | ||
| 97 | } | ||
| 98 | expect { | ||
| 99 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
| 100 | "255.255.255.0" | ||
| 101 | } | ||
| 102 | expect { | ||
| 103 | timeout {puts "TESTING ERROR 3.3\n";exit} | ||
| 104 | "UP" | ||
| 105 | } | ||
| 106 | expect { | ||
| 107 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 108 | "Child process initialized" | ||
| 109 | } | ||
| 110 | sleep 2 | ||
| 111 | send -- "exit\r" | ||
| 112 | sleep 2 | ||
| 113 | |||
| 114 | |||
| 115 | |||
| 116 | |||
| 117 | # check loopback | ||
| 118 | send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3 --protocol=unix,inet,netlink\r" | ||
| 119 | expect { | ||
| 120 | timeout {puts "TESTING ERROR 5\n";exit} | ||
| 121 | "lo" | ||
| 122 | } | ||
| 123 | expect { | ||
| 124 | timeout {puts "TESTING ERROR 6\n";exit} | ||
| 125 | "127.0.0.1" | ||
| 126 | } | ||
| 127 | expect { | ||
| 128 | timeout {puts "TESTING ERROR 7\n";exit} | ||
| 129 | "255.0.0.0" | ||
| 130 | } | ||
| 131 | expect { | ||
| 132 | timeout {puts "TESTING ERROR 8\n";exit} | ||
| 133 | "UP" | ||
| 134 | } | ||
| 135 | expect { | ||
| 136 | timeout {puts "TESTING ERROR 9\n";exit} | ||
| 137 | "Child process initialized" | ||
| 138 | } | ||
| 139 | |||
| 140 | # check default gateway | ||
| 141 | send -- "ip route show\r" | ||
| 142 | expect { | ||
| 143 | timeout {puts "TESTING ERROR 10.1\n";exit} | ||
| 144 | "default via 10.10.20.1 dev eth0" | ||
| 145 | } | ||
| 146 | |||
| 147 | send -- "ip route show\r" | ||
| 148 | expect { | ||
| 149 | timeout {puts "TESTING ERROR 10.2\n";exit} | ||
| 150 | "10.10.20.0/29 dev eth0 proto kernel scope link" | ||
| 151 | } | ||
| 152 | |||
| 153 | send -- "ip route show\r" | ||
| 154 | expect { | ||
| 155 | timeout {puts "TESTING ERROR 10.3\n";exit} | ||
| 156 | "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" | ||
| 157 | } | ||
| 158 | |||
| 159 | send -- "ip route show\r" | ||
| 160 | expect { | ||
| 161 | timeout {puts "TESTING ERROR 10.4\n";exit} | ||
| 162 | "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" | ||
| 163 | } | ||
| 164 | |||
| 165 | send -- "ip route show\r" | ||
| 166 | expect { | ||
| 167 | timeout {puts "TESTING ERROR 10.5\n";exit} | ||
| 168 | "10.10.50.0/24 dev eth3 proto kernel scope link" | ||
| 169 | } | ||
| 170 | |||
| 171 | sleep 1 | ||
| 172 | |||
| 173 | puts "\nall done\n" | ||
| 174 | |||
diff --git a/test/network/bandwidth.exp b/test/network/bandwidth.exp new file mode 100755 index 000000000..33b351296 --- /dev/null +++ b/test/network/bandwidth.exp | |||
| @@ -0,0 +1,62 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | send -- "firejail --name=test --net=br0\r" | ||
| 8 | expect { | ||
| 9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 10 | "Child process initialized" | ||
| 11 | } | ||
| 12 | sleep 2 | ||
| 13 | |||
| 14 | spawn $env(SHELL) | ||
| 15 | send -- "firejail --bandwidth=test status\r" | ||
| 16 | expect { | ||
| 17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 18 | "qdisc noqueue 0: dev eth0" | ||
| 19 | } | ||
| 20 | sleep 1 | ||
| 21 | |||
| 22 | send -- "firejail --bandwidth=test set br0 50 10\r" | ||
| 23 | expect { | ||
| 24 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 25 | "Configuring interface eth0" | ||
| 26 | } | ||
| 27 | expect { | ||
| 28 | timeout {puts "TESTING ERROR 3\n";exit} | ||
| 29 | "configuring tc ingress" | ||
| 30 | } | ||
| 31 | expect { | ||
| 32 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 33 | "configuring tc egress" | ||
| 34 | } | ||
| 35 | |||
| 36 | send -- "firejail --bandwidth=test status\r" | ||
| 37 | expect { | ||
| 38 | timeout {puts "TESTING ERROR 5\n";exit} | ||
| 39 | "dev eth0" | ||
| 40 | } | ||
| 41 | expect { | ||
| 42 | timeout {puts "TESTING ERROR 6\n";exit} | ||
| 43 | "rate 80Kbit burst 10Kb" | ||
| 44 | } | ||
| 45 | sleep 1 | ||
| 46 | |||
| 47 | send -- "firejail --bandwidth=test clear br0\r" | ||
| 48 | expect { | ||
| 49 | timeout {puts "TESTING ERROR 7\n";exit} | ||
| 50 | "Removing bandwith limits" | ||
| 51 | } | ||
| 52 | sleep 1 | ||
| 53 | |||
| 54 | send -- "firejail --bandwidth=test status; pwd\r" | ||
| 55 | expect { | ||
| 56 | timeout {puts "TESTING ERROR 8\n";exit} | ||
| 57 | "rate 80Kbit burst 10Kb" {puts "TESTING ERROR 9\n";exit} | ||
| 58 | "home" {puts "ok\n"} | ||
| 59 | } | ||
| 60 | sleep 1 | ||
| 61 | |||
| 62 | puts "\nall done\n" | ||
diff --git a/test/network/hostname.exp b/test/network/hostname.exp new file mode 100755 index 000000000..4e5c7e073 --- /dev/null +++ b/test/network/hostname.exp | |||
| @@ -0,0 +1,25 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | send -- "firejail --hostname=baluba --noprofile\r" | ||
| 8 | expect { | ||
| 9 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 10 | "Child process initialized" | ||
| 11 | } | ||
| 12 | sleep 1 | ||
| 13 | |||
| 14 | send -- "ping -c 3 baluba;pwd\r" | ||
| 15 | expect { | ||
| 16 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 17 | "3 packets transmitted, 3 received" | ||
| 18 | } | ||
| 19 | expect { | ||
| 20 | timeout {puts "TESTING ERROR 3\n";exit} | ||
| 21 | "home" | ||
| 22 | } | ||
| 23 | sleep 1 | ||
| 24 | |||
| 25 | puts "all done\n" | ||
diff --git a/test/network/ip6.exp b/test/network/ip6.exp new file mode 100755 index 000000000..fba47d095 --- /dev/null +++ b/test/network/ip6.exp | |||
| @@ -0,0 +1,43 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | send -- "firejail --debug --noprofile --net=br0 --ip6=2001:0db8:0:f101::1/64 --netfilter6=ipv6.net\r" | ||
| 8 | expect { | ||
| 9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 10 | "Installing network filter" | ||
| 11 | } | ||
| 12 | expect { | ||
| 13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 14 | "DROP" | ||
| 15 | } | ||
| 16 | expect { | ||
| 17 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 18 | "2001:db8:1f0a:3ec::2" | ||
| 19 | } | ||
| 20 | expect { | ||
| 21 | timeout {puts "TESTING ERROR 3\n";exit} | ||
| 22 | "Child process initialized" | ||
| 23 | } | ||
| 24 | sleep 2 | ||
| 25 | |||
| 26 | send -- "/sbin/ifconfig\r" | ||
| 27 | expect { | ||
| 28 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 29 | "inet6" | ||
| 30 | } | ||
| 31 | expect { | ||
| 32 | timeout {puts "TESTING ERROR 5\n";exit} | ||
| 33 | "2001:db8:0:f101::1" | ||
| 34 | } | ||
| 35 | expect { | ||
| 36 | timeout {puts "TESTING ERROR 6\n";exit} | ||
| 37 | "Scope:Global" { puts "Debian\n"} | ||
| 38 | "scopeid 0x0<global>" { puts "Arch\n"} | ||
| 39 | } | ||
| 40 | |||
| 41 | |||
| 42 | puts "\nall done\n" | ||
| 43 | |||
diff --git a/test/network/ipv6.net b/test/network/ipv6.net new file mode 100644 index 000000000..cc8f22943 --- /dev/null +++ b/test/network/ipv6.net | |||
| @@ -0,0 +1,8 @@ | |||
| 1 | # Generated by ip6tables-save v1.4.14 on Wed Jan 13 10:53:40 2016 | ||
| 2 | *filter | ||
| 3 | :INPUT ACCEPT [0:0] | ||
| 4 | :FORWARD ACCEPT [0:0] | ||
| 5 | :OUTPUT ACCEPT [0:0] | ||
| 6 | -A INPUT -s 2001:db8:1f0a:3ec::2/128 -j DROP | ||
| 7 | COMMIT | ||
| 8 | # Completed on Wed Jan 13 10:53:40 2016 | ||
diff --git a/test/network/net-profile.profile b/test/network/net-profile.profile new file mode 100644 index 000000000..05052b6dc --- /dev/null +++ b/test/network/net-profile.profile | |||
| @@ -0,0 +1,10 @@ | |||
| 1 | net br0 | ||
| 2 | mac 00:11:22:33:44:55 | ||
| 3 | mtu 1000 | ||
| 4 | net br1 | ||
| 5 | ip 10.10.30.50 | ||
| 6 | net br2 | ||
| 7 | ip 10.10.40.100 | ||
| 8 | net br3 | ||
| 9 | defaultgw 10.10.20.2 | ||
| 10 | |||
diff --git a/test/network/net_arp.exp b/test/network/net_arp.exp new file mode 100755 index 000000000..9e07744f3 --- /dev/null +++ b/test/network/net_arp.exp | |||
| @@ -0,0 +1,71 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | send -- "firejail --net=br0 sleep 20 &\r" | ||
| 8 | expect { | ||
| 9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 10 | "Child process initialized" | ||
| 11 | } | ||
| 12 | send -- "firejail --net=br0 sleep 20 &\r" | ||
| 13 | expect { | ||
| 14 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 15 | "Child process initialized" | ||
| 16 | } | ||
| 17 | send -- "firejail --net=br0 sleep 20 &\r" | ||
| 18 | expect { | ||
| 19 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 20 | "Child process initialized" | ||
| 21 | } | ||
| 22 | send -- "firejail --net=br0 sleep 20 &\r" | ||
| 23 | expect { | ||
| 24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
| 25 | "Child process initialized" | ||
| 26 | } | ||
| 27 | send -- "firejail --net=br0 sleep 20 &\r" | ||
| 28 | expect { | ||
| 29 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 30 | "Child process initialized" | ||
| 31 | } | ||
| 32 | |||
| 33 | # will fail | ||
| 34 | send -- "firejail --net=br0 sleep 20 &\r" | ||
| 35 | expect { | ||
| 36 | timeout {puts "TESTING ERROR 5n";exit} | ||
| 37 | "cannot assign an IP address" | ||
| 38 | } | ||
| 39 | |||
| 40 | send -- "firejail --net=br0 sleep 20 &\r" | ||
| 41 | expect { | ||
| 42 | timeout {puts "TESTING ERROR 6\n";exit} | ||
| 43 | "cannot assign an IP address" | ||
| 44 | } | ||
| 45 | |||
| 46 | # check firejail --list | ||
| 47 | send -- "firejail --list\r" | ||
| 48 | expect { | ||
| 49 | timeout {puts "TESTING ERROR 7.1\n";exit} | ||
| 50 | "sleep 20" | ||
| 51 | } | ||
| 52 | expect { | ||
| 53 | timeout {puts "TESTING ERROR 7.2\n";exit} | ||
| 54 | "sleep 20" | ||
| 55 | } | ||
| 56 | expect { | ||
| 57 | timeout {puts "TESTING ERROR 7.3\n";exit} | ||
| 58 | "sleep 20" | ||
| 59 | } | ||
| 60 | expect { | ||
| 61 | timeout {puts "TESTING ERROR 7.4\n";exit} | ||
| 62 | "sleep 20" | ||
| 63 | } | ||
| 64 | expect { | ||
| 65 | timeout {puts "TESTING ERROR 7.5\n";exit} | ||
| 66 | "sleep 20" | ||
| 67 | } | ||
| 68 | |||
| 69 | # wait for snadboxes to be shutdown | ||
| 70 | sleep 30 | ||
| 71 | puts "\n" | ||
diff --git a/test/network/net_badip.exp b/test/network/net_badip.exp new file mode 100755 index 000000000..71b69e104 --- /dev/null +++ b/test/network/net_badip.exp | |||
| @@ -0,0 +1,16 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # check eth0 | ||
| 8 | send -- "firejail --net=br0 --net=br1 --ip=10.100.10.47\r" | ||
| 9 | expect { | ||
| 10 | timeout {puts "TESTING ERROR 0.0\n";exit} | ||
| 11 | "the IP address is not" | ||
| 12 | } | ||
| 13 | sleep 1 | ||
| 14 | |||
| 15 | puts "\n" | ||
| 16 | |||
diff --git a/test/network/net_defaultgw.exp b/test/network/net_defaultgw.exp new file mode 100755 index 000000000..840f2ccac --- /dev/null +++ b/test/network/net_defaultgw.exp | |||
| @@ -0,0 +1,46 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # check ip address | ||
| 8 | send -- "firejail --net=br0 --ip=10.10.20.5 --defaultgw=10.10.20.2 --protocol=unix,inet,netlink\r" | ||
| 9 | expect { | ||
| 10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 11 | "eth0" | ||
| 12 | } | ||
| 13 | expect { | ||
| 14 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 15 | "10.10.20.5" | ||
| 16 | } | ||
| 17 | expect { | ||
| 18 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 19 | "255.255.255.248" | ||
| 20 | } | ||
| 21 | expect { | ||
| 22 | timeout {puts "TESTING ERROR 3\n";exit} | ||
| 23 | "UP" | ||
| 24 | } | ||
| 25 | expect { | ||
| 26 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 27 | "Child process initialized" | ||
| 28 | } | ||
| 29 | sleep 1 | ||
| 30 | |||
| 31 | # check default gateway | ||
| 32 | send -- "ip route show\r" | ||
| 33 | expect { | ||
| 34 | timeout {puts "TESTING ERROR 10.1\n";exit} | ||
| 35 | "default via 10.10.20.2 dev eth0" | ||
| 36 | } | ||
| 37 | |||
| 38 | send -- "ip route show\r" | ||
| 39 | expect { | ||
| 40 | timeout {puts "TESTING ERROR 10.2\n";exit} | ||
| 41 | "10.10.20.0/29 dev eth0 proto kernel scope link" | ||
| 42 | } | ||
| 43 | sleep 1 | ||
| 44 | |||
| 45 | puts "\nall done\n" | ||
| 46 | |||
diff --git a/test/network/net_defaultgw2.exp b/test/network/net_defaultgw2.exp new file mode 100755 index 000000000..db14e17cb --- /dev/null +++ b/test/network/net_defaultgw2.exp | |||
| @@ -0,0 +1,40 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # check ip address | ||
| 8 | send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.30.89 --protocol=unix,inet,netlink\r" | ||
| 9 | expect { | ||
| 10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 11 | "eth1" | ||
| 12 | } | ||
| 13 | expect { | ||
| 14 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 15 | "Child process initialized" | ||
| 16 | } | ||
| 17 | sleep 1 | ||
| 18 | |||
| 19 | # check default gateway | ||
| 20 | send -- "ip route show\r" | ||
| 21 | expect { | ||
| 22 | timeout {puts "TESTING ERROR 10.1\n";exit} | ||
| 23 | "default via 10.10.30.89 dev eth1" | ||
| 24 | } | ||
| 25 | |||
| 26 | send -- "ip route show\r" | ||
| 27 | expect { | ||
| 28 | timeout {puts "TESTING ERROR 10.2\n";exit} | ||
| 29 | "10.10.20.0/29 dev eth0 proto kernel scope link" | ||
| 30 | } | ||
| 31 | |||
| 32 | send -- "ip route show\r" | ||
| 33 | expect { | ||
| 34 | timeout {puts "TESTING ERROR 10.3\n";exit} | ||
| 35 | "10.10.30.0/24 dev eth1 proto kernel scope link" | ||
| 36 | } | ||
| 37 | sleep 1 | ||
| 38 | |||
| 39 | puts "\nall done\n" | ||
| 40 | |||
diff --git a/test/network/net_defaultgw3.exp b/test/network/net_defaultgw3.exp new file mode 100755 index 000000000..64da9dfca --- /dev/null +++ b/test/network/net_defaultgw3.exp | |||
| @@ -0,0 +1,17 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # check ip address | ||
| 8 | send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.95.89\r" | ||
| 9 | expect { | ||
| 10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 11 | "default gateway 10.10.95.89 is not in the range of any network" | ||
| 12 | } | ||
| 13 | |||
| 14 | sleep 1 | ||
| 15 | |||
| 16 | puts "\n" | ||
| 17 | |||
diff --git a/test/network/net_interface.exp b/test/network/net_interface.exp new file mode 100755 index 000000000..4b55187ff --- /dev/null +++ b/test/network/net_interface.exp | |||
| @@ -0,0 +1,88 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | send -- "ip link add link eth0 name eth0.100 type vlan id 100\r" | ||
| 8 | sleep 1 | ||
| 9 | send -- "ip link add link eth0 name eth0.101 type vlan id 101\r" | ||
| 10 | sleep 1 | ||
| 11 | send -- "ip link add link eth0 name eth0.102 type vlan id 102\r" | ||
| 12 | sleep 1 | ||
| 13 | send -- "ip link add link eth0 name eth0.103 type vlan id 103\r" | ||
| 14 | sleep 1 | ||
| 15 | send -- "ip link add link eth0 name eth0.104 type vlan id 104\r" | ||
| 16 | sleep 1 | ||
| 17 | puts "\n" | ||
| 18 | |||
| 19 | send -- "/sbin/ifconfig eth0.100 10.200.0.1/24\r" | ||
| 20 | sleep 1 | ||
| 21 | send -- "/sbin/ifconfig eth0.101 10.200.1.1/24\r" | ||
| 22 | sleep 1 | ||
| 23 | send -- "/sbin/ifconfig eth0.102 10.200.2.1/24\r" | ||
| 24 | sleep 1 | ||
| 25 | send -- "/sbin/ifconfig eth0.103 10.200.3.1/24\r" | ||
| 26 | sleep 1 | ||
| 27 | send -- "/sbin/ifconfig eth0.104 10.200.4.1/24\r" | ||
| 28 | sleep 1 | ||
| 29 | puts "\n" | ||
| 30 | |||
| 31 | |||
| 32 | |||
| 33 | send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103 --interface=eth0.104\r" | ||
| 34 | expect { | ||
| 35 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 36 | "maximum 4 interfaces are allowed" | ||
| 37 | } | ||
| 38 | sleep 1 | ||
| 39 | |||
| 40 | send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103\r" | ||
| 41 | expect { | ||
| 42 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 43 | "eth0.100" | ||
| 44 | } | ||
| 45 | expect { | ||
| 46 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
| 47 | "UP" | ||
| 48 | } | ||
| 49 | expect { | ||
| 50 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 51 | "eth0.101" | ||
| 52 | } | ||
| 53 | expect { | ||
| 54 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
| 55 | "UP" | ||
| 56 | } | ||
| 57 | expect { | ||
| 58 | timeout {puts "TESTING ERROR 3\n";exit} | ||
| 59 | "eth0.102" | ||
| 60 | } | ||
| 61 | expect { | ||
| 62 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
| 63 | "UP" | ||
| 64 | } | ||
| 65 | expect { | ||
| 66 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 67 | "eth0.103" | ||
| 68 | } | ||
| 69 | expect { | ||
| 70 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
| 71 | "UP" | ||
| 72 | } | ||
| 73 | sleep 1 | ||
| 74 | send -- "exit\r" | ||
| 75 | sleep 1 | ||
| 76 | |||
| 77 | send -- "firejail --noprofile --interface=eth0.104\r" | ||
| 78 | expect { | ||
| 79 | timeout {puts "TESTING ERROR 5\n";exit} | ||
| 80 | "eth0.104" | ||
| 81 | } | ||
| 82 | expect { | ||
| 83 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
| 84 | "UP" | ||
| 85 | } | ||
| 86 | |||
| 87 | puts "all done\n" | ||
| 88 | |||
diff --git a/test/network/net_ip.exp b/test/network/net_ip.exp new file mode 100755 index 000000000..f5d487ecc --- /dev/null +++ b/test/network/net_ip.exp | |||
| @@ -0,0 +1,72 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # check ip address | ||
| 8 | send -- "firejail --net=br0 --ip=10.10.20.5\r" | ||
| 9 | expect { | ||
| 10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 11 | "eth0" | ||
| 12 | } | ||
| 13 | expect { | ||
| 14 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 15 | "10.10.20.5" | ||
| 16 | } | ||
| 17 | expect { | ||
| 18 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 19 | "255.255.255.248" | ||
| 20 | } | ||
| 21 | expect { | ||
| 22 | timeout {puts "TESTING ERROR 3\n";exit} | ||
| 23 | "UP" | ||
| 24 | } | ||
| 25 | expect { | ||
| 26 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 27 | "Child process initialized" | ||
| 28 | } | ||
| 29 | sleep 2 | ||
| 30 | send -- "exit\r" | ||
| 31 | sleep 2 | ||
| 32 | |||
| 33 | # check loopback | ||
| 34 | send -- "firejail --net=br0 --ip=10.10.20.5 --protocol=unix,inet,netlink\r" | ||
| 35 | expect { | ||
| 36 | timeout {puts "TESTING ERROR 5\n";exit} | ||
| 37 | "lo" | ||
| 38 | } | ||
| 39 | expect { | ||
| 40 | timeout {puts "TESTING ERROR 6\n";exit} | ||
| 41 | "127.0.0.1" | ||
| 42 | } | ||
| 43 | expect { | ||
| 44 | timeout {puts "TESTING ERROR 7\n";exit} | ||
| 45 | "255.0.0.0" | ||
| 46 | } | ||
| 47 | expect { | ||
| 48 | timeout {puts "TESTING ERROR 8\n";exit} | ||
| 49 | "UP" | ||
| 50 | } | ||
| 51 | expect { | ||
| 52 | timeout {puts "TESTING ERROR 9\n";exit} | ||
| 53 | "Child process initialized" | ||
| 54 | } | ||
| 55 | sleep 1 | ||
| 56 | |||
| 57 | # check default gateway | ||
| 58 | send -- "ip route show\r" | ||
| 59 | expect { | ||
| 60 | timeout {puts "TESTING ERROR 10.1\n";exit} | ||
| 61 | "default via 10.10.20.1 dev eth0" | ||
| 62 | } | ||
| 63 | |||
| 64 | send -- "ip route show\r" | ||
| 65 | expect { | ||
| 66 | timeout {puts "TESTING ERROR 10\n";exit} | ||
| 67 | "10.10.20.0/29 dev eth0 proto kernel scope link" | ||
| 68 | } | ||
| 69 | sleep 1 | ||
| 70 | |||
| 71 | puts "\n" | ||
| 72 | |||
diff --git a/test/network/net_local.exp b/test/network/net_local.exp new file mode 100755 index 000000000..642213658 --- /dev/null +++ b/test/network/net_local.exp | |||
| @@ -0,0 +1,45 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # check ip address | ||
| 8 | send -- "firejail --noprofile --debug\r" | ||
| 9 | expect { | ||
| 10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 11 | "Using the local network stack" | ||
| 12 | } | ||
| 13 | expect { | ||
| 14 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 15 | "Child process initialized" | ||
| 16 | } | ||
| 17 | sleep 2 | ||
| 18 | send -- "exit\r" | ||
| 19 | sleep 2 | ||
| 20 | |||
| 21 | # check loopback | ||
| 22 | send -- "firejail --noprofile\r" | ||
| 23 | expect { | ||
| 24 | timeout {puts "TESTING ERROR 9\n";exit} | ||
| 25 | "Child process initialized" | ||
| 26 | } | ||
| 27 | sleep 1 | ||
| 28 | |||
| 29 | |||
| 30 | send -- "/sbin/ifconfig\r" | ||
| 31 | expect { | ||
| 32 | timeout {puts "TESTING ERROR 5\n";exit} | ||
| 33 | "lo" | ||
| 34 | } | ||
| 35 | expect { | ||
| 36 | timeout {puts "TESTING ERROR 6\n";exit} | ||
| 37 | "127.0.0.1" | ||
| 38 | } | ||
| 39 | expect { | ||
| 40 | timeout {puts "TESTING ERROR 7\n";exit} | ||
| 41 | "255.0.0.0" | ||
| 42 | } | ||
| 43 | |||
| 44 | puts "all done\n" | ||
| 45 | |||
diff --git a/test/network/net_mac.exp b/test/network/net_mac.exp new file mode 100755 index 000000000..076634730 --- /dev/null +++ b/test/network/net_mac.exp | |||
| @@ -0,0 +1,36 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # check ip address | ||
| 8 | send -- "firejail --net=br0 --ip=10.10.20.5 --mac=00:11:22:33:44:55\r" | ||
| 9 | expect { | ||
| 10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 11 | "eth0" | ||
| 12 | } | ||
| 13 | expect { | ||
| 14 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
| 15 | "00:11:22:33:44:55" | ||
| 16 | } | ||
| 17 | expect { | ||
| 18 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 19 | "10.10.20.5" | ||
| 20 | } | ||
| 21 | expect { | ||
| 22 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 23 | "255.255.255.248" | ||
| 24 | } | ||
| 25 | expect { | ||
| 26 | timeout {puts "TESTING ERROR 3\n";exit} | ||
| 27 | "UP" | ||
| 28 | } | ||
| 29 | expect { | ||
| 30 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 31 | "Child process initialized" | ||
| 32 | } | ||
| 33 | sleep 1 | ||
| 34 | |||
| 35 | puts "\nall done\n" | ||
| 36 | |||
diff --git a/test/network/net_macvlan.exp b/test/network/net_macvlan.exp new file mode 100755 index 000000000..20d022de9 --- /dev/null +++ b/test/network/net_macvlan.exp | |||
| @@ -0,0 +1,88 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # check the existing address | ||
| 8 | spawn $env(SHELL) | ||
| 9 | send -- "firejail --net=eth0 --ip=192.168.1.60\r" | ||
| 10 | expect { | ||
| 11 | timeout {puts "TESTING ERROR 1.1\n";puts "Please open a sandbox on 192.168.1.60\n";exit} | ||
| 12 | "the address 192.168.1.60 is already in use" | ||
| 13 | } | ||
| 14 | |||
| 15 | |||
| 16 | |||
| 17 | # grab 30 ip addresses | ||
| 18 | set MAXi 229 | ||
| 19 | set i 200 | ||
| 20 | while { $i <= $MAXi } { | ||
| 21 | spawn $env(SHELL) | ||
| 22 | send -- "firejail --net=eth0 --ip=192.168.1.$i\r" | ||
| 23 | expect { | ||
| 24 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 25 | "Child process initialized" | ||
| 26 | } | ||
| 27 | incr i | ||
| 28 | after 100 | ||
| 29 | } | ||
| 30 | |||
| 31 | |||
| 32 | # check an existing address | ||
| 33 | spawn $env(SHELL) | ||
| 34 | send -- "firejail --net=eth0 --ip=192.168.1.200\r" | ||
| 35 | expect { | ||
| 36 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 37 | "the address 192.168.1.200 is already in use" | ||
| 38 | } | ||
| 39 | |||
| 40 | |||
| 41 | set MAXi 254 | ||
| 42 | set i 2 | ||
| 43 | while { $i <= $MAXi } { | ||
| 44 | spawn $env(SHELL) | ||
| 45 | send -- "firejail --net=eth0\r" | ||
| 46 | expect { | ||
| 47 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
| 48 | "192.168.1.60" {puts "TESTING ERROR 2.2\n";exit} | ||
| 49 | "192.168.1.200" {puts "TESTING ERROR 3\n";exit} | ||
| 50 | "192.168.1.201" {puts "TESTING ERROR 3\n";exit} | ||
| 51 | "192.168.1.202" {puts "TESTING ERROR 3\n";exit} | ||
| 52 | "192.168.1.203" {puts "TESTING ERROR 3\n";exit} | ||
| 53 | "192.168.1.204" {puts "TESTING ERROR 3\n";exit} | ||
| 54 | "192.168.1.205" {puts "TESTING ERROR 3\n";exit} | ||
| 55 | "192.168.1.206" {puts "TESTING ERROR 3\n";exit} | ||
| 56 | "192.168.1.207" {puts "TESTING ERROR 3\n";exit} | ||
| 57 | "192.168.1.208" {puts "TESTING ERROR 3\n";exit} | ||
| 58 | "192.168.1.209" {puts "TESTING ERROR 3\n";exit} | ||
| 59 | "192.168.1.210" {puts "TESTING ERROR 3\n";exit} | ||
| 60 | "192.168.1.211" {puts "TESTING ERROR 3\n";exit} | ||
| 61 | "192.168.1.212" {puts "TESTING ERROR 3\n";exit} | ||
| 62 | "192.168.1.213" {puts "TESTING ERROR 3\n";exit} | ||
| 63 | "192.168.1.214" {puts "TESTING ERROR 3\n";exit} | ||
| 64 | "192.168.1.215" {puts "TESTING ERROR 3\n";exit} | ||
| 65 | "192.168.1.216" {puts "TESTING ERROR 3\n";exit} | ||
| 66 | "192.168.1.217" {puts "TESTING ERROR 3\n";exit} | ||
| 67 | "192.168.1.218" {puts "TESTING ERROR 3\n";exit} | ||
| 68 | "192.168.1.219" {puts "TESTING ERROR 3\n";exit} | ||
| 69 | "192.168.1.220" {puts "TESTING ERROR 3\n";exit} | ||
| 70 | "192.168.1.221" {puts "TESTING ERROR 3\n";exit} | ||
| 71 | "192.168.1.222" {puts "TESTING ERROR 3\n";exit} | ||
| 72 | "192.168.1.223" {puts "TESTING ERROR 3\n";exit} | ||
| 73 | "192.168.1.224" {puts "TESTING ERROR 3\n";exit} | ||
| 74 | "192.168.1.225" {puts "TESTING ERROR 3\n";exit} | ||
| 75 | "192.168.1.226" {puts "TESTING ERROR 3\n";exit} | ||
| 76 | "192.168.1.227" {puts "TESTING ERROR 3\n";exit} | ||
| 77 | "192.168.1.228" {puts "TESTING ERROR 3\n";exit} | ||
| 78 | "192.168.1.229" {puts "TESTING ERROR 3\n";exit} | ||
| 79 | "Child process initialized" | ||
| 80 | } | ||
| 81 | puts "************ $i ******************\n" | ||
| 82 | incr i | ||
| 83 | after 100 | ||
| 84 | # sleep 1 | ||
| 85 | } | ||
| 86 | |||
| 87 | puts "\n" | ||
| 88 | |||
diff --git a/test/network/net_mtu.exp b/test/network/net_mtu.exp new file mode 100755 index 000000000..7943b2866 --- /dev/null +++ b/test/network/net_mtu.exp | |||
| @@ -0,0 +1,30 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # check ip address | ||
| 8 | send -- "firejail --net=br0 --mtu=1000 --noprofile\r" | ||
| 9 | expect { | ||
| 10 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 11 | "Child process initialized" | ||
| 12 | } | ||
| 13 | sleep 1 | ||
| 14 | |||
| 15 | send -- "ip link show\r" | ||
| 16 | expect { | ||
| 17 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 18 | "eth0" | ||
| 19 | } | ||
| 20 | expect { | ||
| 21 | timeout {puts "TESTING ERROR 3\n";exit} | ||
| 22 | "mtu 1000" | ||
| 23 | } | ||
| 24 | expect { | ||
| 25 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 26 | "state UP" | ||
| 27 | } | ||
| 28 | |||
| 29 | puts "\nall done\n" | ||
| 30 | |||
diff --git a/test/network/net_netfilter.exp b/test/network/net_netfilter.exp new file mode 100755 index 000000000..989fcc407 --- /dev/null +++ b/test/network/net_netfilter.exp | |||
| @@ -0,0 +1,88 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # check default netfilter on br0 | ||
| 8 | send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter\r" | ||
| 9 | expect { | ||
| 10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 11 | "Installing network filter" | ||
| 12 | } | ||
| 13 | expect { | ||
| 14 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 15 | "Chain INPUT (policy DROP" | ||
| 16 | } | ||
| 17 | expect { | ||
| 18 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 19 | "ACCEPT all -- any any anywhere" | ||
| 20 | } | ||
| 21 | expect { | ||
| 22 | timeout {puts "TESTING ERROR 3\n";exit} | ||
| 23 | "ACCEPT icmp -- any any anywhere" | ||
| 24 | } | ||
| 25 | expect { | ||
| 26 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 27 | "Child process initialized" | ||
| 28 | } | ||
| 29 | sleep 2 | ||
| 30 | send -- "exit\r" | ||
| 31 | sleep 1 | ||
| 32 | |||
| 33 | # check default netfilter no new network | ||
| 34 | send -- "firejail --debug --noprofile --netfilter\r" | ||
| 35 | expect { | ||
| 36 | timeout {puts "TESTING ERROR 5\n";exit} | ||
| 37 | "Installing network filter" {puts "TESTING ERROR 5.1\n";exit} | ||
| 38 | "Chain INPUT (policy DROP" {puts "TESTING ERROR 5.1\n";exit} | ||
| 39 | "ACCEPT all -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} | ||
| 40 | "ACCEPT icmp -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} | ||
| 41 | "Child process initialized" | ||
| 42 | } | ||
| 43 | sleep 2 | ||
| 44 | send -- "exit\r" | ||
| 45 | sleep 1 | ||
| 46 | |||
| 47 | # check file filter netfilter on br0 | ||
| 48 | send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter=netfilter.filter\r" | ||
| 49 | expect { | ||
| 50 | timeout {puts "TESTING ERROR 6\n";exit} | ||
| 51 | "Installing network filter" | ||
| 52 | } | ||
| 53 | expect { | ||
| 54 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
| 55 | "Child process initialized" | ||
| 56 | } | ||
| 57 | sleep 2 | ||
| 58 | send -- "ping -c 1 -w 3 10.10.20.1\r" | ||
| 59 | expect { | ||
| 60 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
| 61 | "0 received, 100% packet loss" | ||
| 62 | } | ||
| 63 | |||
| 64 | send -- "exit\r" | ||
| 65 | sleep 1 | ||
| 66 | |||
| 67 | # check profile netfilter on br0 | ||
| 68 | send -- "firejail --debug --net=br0 --ip=10.10.20.5 --profile=netfilter.profile\r" | ||
| 69 | expect { | ||
| 70 | timeout {puts "TESTING ERROR 7\n";exit} | ||
| 71 | "Installing network filter" | ||
| 72 | } | ||
| 73 | expect { | ||
| 74 | timeout {puts "TESTING ERROR 7.1\n";exit} | ||
| 75 | "Child process initialized" | ||
| 76 | } | ||
| 77 | sleep 2 | ||
| 78 | send -- "ping -c 1 -w 3 10.10.20.1\r" | ||
| 79 | expect { | ||
| 80 | timeout {puts "TESTING ERROR 7.2\n";exit} | ||
| 81 | "0 received, 100% packet loss" | ||
| 82 | } | ||
| 83 | |||
| 84 | send -- "exit\r" | ||
| 85 | after 100 | ||
| 86 | |||
| 87 | puts "all done\n" | ||
| 88 | |||
diff --git a/test/network/net_noip.exp b/test/network/net_noip.exp new file mode 100755 index 000000000..8d28adb39 --- /dev/null +++ b/test/network/net_noip.exp | |||
| @@ -0,0 +1,41 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # check ip address | ||
| 8 | send -- "firejail --noprofile --net=br0 --ip=none\r" | ||
| 9 | expect { | ||
| 10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 11 | "eth0" {puts "TESTING ERROR 1\n";exit} | ||
| 12 | "Child process initialized" | ||
| 13 | } | ||
| 14 | sleep 1 | ||
| 15 | send -- "bash\r" | ||
| 16 | sleep 1 | ||
| 17 | |||
| 18 | # no default gateway configured | ||
| 19 | send -- "netstat -rn;pwd\r" | ||
| 20 | expect { | ||
| 21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 22 | "0.0.0.0" {puts "TESTING ERROR 3\n";exit} | ||
| 23 | "eth0" {puts "TESTING ERROR 4\n";exit} | ||
| 24 | "home" | ||
| 25 | } | ||
| 26 | sleep 1 | ||
| 27 | |||
| 28 | # eth0 configured | ||
| 29 | send -- "/sbin/ifconfig;pwd\r" | ||
| 30 | expect { | ||
| 31 | timeout {puts "TESTING ERROR 5\n";exit} | ||
| 32 | "eth0" | ||
| 33 | } | ||
| 34 | expect { | ||
| 35 | timeout {puts "TESTING ERROR 6\n";exit} | ||
| 36 | "home" | ||
| 37 | } | ||
| 38 | after 100 | ||
| 39 | |||
| 40 | puts "all done\n" | ||
| 41 | |||
diff --git a/test/network/net_noip2.exp b/test/network/net_noip2.exp new file mode 100755 index 000000000..58f90422b --- /dev/null +++ b/test/network/net_noip2.exp | |||
| @@ -0,0 +1,41 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # check ip address | ||
| 8 | send -- "firejail --noprofile --net=br1 --ip=none --defaultgw=10.10.30.78\r" | ||
| 9 | expect { | ||
| 10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 11 | "eth0" {puts "TESTING ERROR 1\n";exit} | ||
| 12 | "Child process initialized" | ||
| 13 | } | ||
| 14 | sleep 1 | ||
| 15 | send -- "bash\r" | ||
| 16 | sleep 1 | ||
| 17 | |||
| 18 | # no default gateway configured | ||
| 19 | send -- "netstat -rn;pwd\r" | ||
| 20 | expect { | ||
| 21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 22 | "0.0.0.0" {puts "TESTING ERROR 3\n";exit} | ||
| 23 | "eth0" {puts "TESTING ERROR 4\n";exit} | ||
| 24 | "home" | ||
| 25 | } | ||
| 26 | sleep 1 | ||
| 27 | |||
| 28 | # eth0 configured | ||
| 29 | send -- "/sbin/ifconfig;pwd\r" | ||
| 30 | expect { | ||
| 31 | timeout {puts "TESTING ERROR 5\n";exit} | ||
| 32 | "eth0" | ||
| 33 | } | ||
| 34 | expect { | ||
| 35 | timeout {puts "TESTING ERROR 6\n";exit} | ||
| 36 | "home" | ||
| 37 | } | ||
| 38 | after 100 | ||
| 39 | |||
| 40 | puts "all done\n" | ||
| 41 | |||
diff --git a/test/network/net_none.exp b/test/network/net_none.exp new file mode 100755 index 000000000..54b6cb946 --- /dev/null +++ b/test/network/net_none.exp | |||
| @@ -0,0 +1,68 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # options | ||
| 8 | send -- "firejail --net=none\r" | ||
| 9 | expect { | ||
| 10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 11 | "eth0" {puts "TESTING ERROR 0.1\n";exit} | ||
| 12 | "Child process initialized" | ||
| 13 | } | ||
| 14 | sleep 1 | ||
| 15 | |||
| 16 | # test default gw | ||
| 17 | send -- "bash\r" | ||
| 18 | sleep 1 | ||
| 19 | send -- "netstat -rn; pwd\r" | ||
| 20 | expect { | ||
| 21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 22 | "0.0.0.0" {puts "TESTING ERROR 1.1\n";exit} | ||
| 23 | "home" | ||
| 24 | } | ||
| 25 | sleep 1 | ||
| 26 | |||
| 27 | # check again devices | ||
| 28 | send -- "cat /proc/1/net/dev;pwd\r" | ||
| 29 | expect { | ||
| 30 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 31 | "eth0" {puts "TESTING ERROR 2.1\n";exit} | ||
| 32 | "home" | ||
| 33 | } | ||
| 34 | send -- "exit\r" | ||
| 35 | sleep 1 | ||
| 36 | send -- "exit\r" | ||
| 37 | sleep 1 | ||
| 38 | |||
| 39 | # profile | ||
| 40 | send -- "firejail --profile=net_none.profile\r" | ||
| 41 | expect { | ||
| 42 | timeout {puts "TESTING ERROR 3\n";exit} | ||
| 43 | "eth0" {puts "TESTING ERROR 3.1\n";exit} | ||
| 44 | "Child process initialized" | ||
| 45 | } | ||
| 46 | sleep 1 | ||
| 47 | |||
| 48 | # test default gw | ||
| 49 | send -- "bash\r" | ||
| 50 | sleep 1 | ||
| 51 | send -- "netstat -rn; pwd\r" | ||
| 52 | expect { | ||
| 53 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 54 | "0.0.0.0" {puts "TESTING ERROR 4.1\n";exit} | ||
| 55 | "home" | ||
| 56 | } | ||
| 57 | sleep 1 | ||
| 58 | |||
| 59 | # check again devices | ||
| 60 | send -- "cat /proc/1/net/dev;pwd\r" | ||
| 61 | expect { | ||
| 62 | timeout {puts "TESTING ERROR 5\n";exit} | ||
| 63 | "eth0" {puts "TESTING ERROR 5.1\n";exit} | ||
| 64 | "home" | ||
| 65 | } | ||
| 66 | sleep 1 | ||
| 67 | |||
| 68 | puts "\n" | ||
diff --git a/test/network/net_none.profile b/test/network/net_none.profile new file mode 100644 index 000000000..079c08ea8 --- /dev/null +++ b/test/network/net_none.profile | |||
| @@ -0,0 +1 @@ | |||
| net none | |||
diff --git a/test/network/net_profile.exp b/test/network/net_profile.exp new file mode 100755 index 000000000..37043c906 --- /dev/null +++ b/test/network/net_profile.exp | |||
| @@ -0,0 +1,73 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # check eth0 | ||
| 8 | send -- "firejail --profile=net-profile.profile\r" | ||
| 9 | expect { | ||
| 10 | timeout {puts "TESTING ERROR 0.0\n";exit} | ||
| 11 | "eth0" | ||
| 12 | } | ||
| 13 | expect { | ||
| 14 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
| 15 | "00:11:22:33:44:55" | ||
| 16 | } | ||
| 17 | expect { | ||
| 18 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
| 19 | "10.10.20" | ||
| 20 | } | ||
| 21 | expect { | ||
| 22 | timeout {puts "TESTING ERROR 0.2\n";exit} | ||
| 23 | "255.255.255.248" | ||
| 24 | } | ||
| 25 | expect { | ||
| 26 | timeout {puts "TESTING ERROR 0.3\n";exit} | ||
| 27 | "UP" | ||
| 28 | } | ||
| 29 | expect { | ||
| 30 | timeout {puts "TESTING ERROR 0.4\n";exit} | ||
| 31 | "Child process initialized" | ||
| 32 | } | ||
| 33 | sleep 2 | ||
| 34 | |||
| 35 | send -- "ip route show\r" | ||
| 36 | expect { | ||
| 37 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 38 | "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" | ||
| 39 | } | ||
| 40 | |||
| 41 | send -- "ip route show\r" | ||
| 42 | expect { | ||
| 43 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 44 | "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" | ||
| 45 | } | ||
| 46 | |||
| 47 | |||
| 48 | # check default gw | ||
| 49 | send -- "ip route show\r" | ||
| 50 | expect { | ||
| 51 | timeout {puts "TESTING ERROR 3\n";exit} | ||
| 52 | "default via 10.10.20.2 dev eth0" | ||
| 53 | } | ||
| 54 | |||
| 55 | # check mtu | ||
| 56 | send -- "ip link show\r" | ||
| 57 | expect { | ||
| 58 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 59 | "eth0" | ||
| 60 | } | ||
| 61 | expect { | ||
| 62 | timeout {puts "TESTING ERROR 5\n";exit} | ||
| 63 | "mtu 1000" | ||
| 64 | } | ||
| 65 | expect { | ||
| 66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
| 67 | "state UP" | ||
| 68 | } | ||
| 69 | |||
| 70 | sleep 1 | ||
| 71 | |||
| 72 | puts "\nall done\n" | ||
| 73 | |||
diff --git a/test/network/netfilter.filter b/test/network/netfilter.filter new file mode 100644 index 000000000..3e232065c --- /dev/null +++ b/test/network/netfilter.filter | |||
| @@ -0,0 +1,6 @@ | |||
| 1 | *filter | ||
| 2 | :INPUT DROP [0:0] | ||
| 3 | :FORWARD DROP [0:0] | ||
| 4 | :OUTPUT ACCEPT [0:0] | ||
| 5 | -A INPUT -i lo -j ACCEPT | ||
| 6 | COMMIT | ||
diff --git a/test/network/netfilter.profile b/test/network/netfilter.profile new file mode 100644 index 000000000..824c6cd0f --- /dev/null +++ b/test/network/netfilter.profile | |||
| @@ -0,0 +1 @@ | |||
| netfilter netfilter.filter | |||