testing and cleanup

author: netblue30 <netblue30@yahoo.com> 2016-11-29 10:04:43 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-11-29 10:04:43 -0500
commit: d3b6581db7fcd0fb0897ada9910140f0e43f4ed1 (patch)
tree: 1c4409a84665834736370f89dcf915a12f173ef5 /test/network
parent: Merge pull request #945 from Fred-Barclay/cryptocat (diff)
download: firejail-d3b6581db7fcd0fb0897ada9910140f0e43f4ed1.tar.gz
firejail-d3b6581db7fcd0fb0897ada9910140f0e43f4ed1.tar.zst
firejail-d3b6581db7fcd0fb0897ada9910140f0e43f4ed1.zip
7 files changed, 234 insertions, 0 deletions
diff --git a/test/network/ip6.exp b/test/network/ip6.exp
index f0fcebcf8..1db16c28a 100755
--- a/test/network/ip6.exp
+++ b/test/network/ip6.exp
@@ -43,6 +43,46 @@ expect {
 }
 send -- "exit\r"
+sleep 2
+send -- "firejail --debug --profile=ip6.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "Installing network filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "DROP"
+}
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        "unable to initialize table 'filter'" {puts "\nTESTING SKIP 2: no IPv6 support\n"; exit}
+        "2001:db8:1f0a:3ec::2"
+}
+expect {
+        timeout {puts "TESTING ERROR 13\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "/sbin/ifconfig\r"
+expect {
+        timeout {puts "TESTING ERROR 14\n";exit}
+        "inet6"
+}
+expect {
+        timeout {puts "TESTING ERROR 15\n";exit}
+        "2001:db8:0:f101::1"
+}
+expect {
+        timeout {puts "TESTING ERROR 16\n";exit}
+        "Scope:Global" { puts "Debian\n"}
+        "scopeid 0x0<global>" { puts "Arch\n"}
+}
+send -- "exit\r"
 after 100
 puts "\nall done\n"
diff --git a/test/network/ip6.profile b/test/network/ip6.profile
new file mode 100644
index 000000000..87afa3941
--- /dev/null
+++ b/test/network/ip6.profile
@@ -0,0 +1,3 @@
+net br0
+ip6 2001:0db8:0:f101::1/64
+netfilter6 ipv6.net
diff --git a/test/network/iprange.exp b/test/network/iprange.exp
new file mode 100755
index 000000000..a1b2ccab4
--- /dev/null
+++ b/test/network/iprange.exp
@@ -0,0 +1,103 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --net=br1 --iprange=10.10.30.50,10.10.30.55\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "10.10.30.50" {puts "10.10.30.50\n"}
+        "10.10.30.51" {puts "10.10.30.51\n"}
+        "10.10.30.52" {puts "10.10.30.52\n"}
+        "10.10.30.53" {puts "10.10.30.53\n"}
+        "10.10.30.54" {puts "10.10.30.54\n"}
+        "10.10.30.55" {puts "10.10.30.55\n"}
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "255.255.255.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "exit\r"
+sleep 2
+send -- "firejail --profile=iprange.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "10.10.30.50" {puts "10.10.30.50\n"}
+        "10.10.30.51" {puts "10.10.30.51\n"}
+        "10.10.30.52" {puts "10.10.30.52\n"}
+        "10.10.30.53" {puts "10.10.30.53\n"}
+        "10.10.30.54" {puts "10.10.30.54\n"}
+        "10.10.30.55" {puts "10.10.30.55\n"}
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "255.255.255.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "exit\r"
+sleep 2
+send -- "firejail --iprange=10.10.30.50,10.10.30.55\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "no network device configured"
+}
+after 100
+send -- "firejail --net=br1 --iprange=10.10.30.50,10.10.30.55 --iprange=10.10.30.50,10.10.30.55\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "cannot configure the IP range twice for the same interface"
+}
+after 100
+send -- "firejail --net=br1 --iprange=10.10.30.50\r"
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "invalid IP range"
+}
+after 100
+send -- "firejail --net=br0 --iprange=10.10.30.50,10.10.30.55\r"
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        "IP range addresses not in network range"
+}
+after 100
+send -- "firejail --net=br1 --iprange=10.10.30.55,10.10.30.50\r"
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        "invalid IP range"
+}
+after 100
+after 100
+puts "\nall done\n"
diff --git a/test/network/iprange.profile b/test/network/iprange.profile
new file mode 100644
index 000000000..ecc01cd93
--- /dev/null
+++ b/test/network/iprange.profile
@@ -0,0 +1,2 @@
+net br1
+iprange 10.10.30.50,10.10.30.55
diff --git a/test/network/network.sh b/test/network/network.sh
index e1646d64a..bea5dfb26 100755
--- a/test/network/network.sh
+++ b/test/network/network.sh
@@ -78,6 +78,12 @@ echo "TESTING: veth (net_veth.exp)"
 echo "TESTING: netfilter (net_netfilter.exp)"
 ./net_netfilter.exp
+echo "TESTING: iprange (iprange.exp)"
+./iprange.exp
+echo "TESTING: veth-name (veth-name.exp)"
+./veth-name.exp
 echo "TESTING: 4 bridges ARP (4bridges_arp.exp)"
 ./4bridges_arp.exp
diff --git a/test/network/veth-name.exp b/test/network/veth-name.exp
new file mode 100755
index 000000000..36ed41d92
--- /dev/null
+++ b/test/network/veth-name.exp
@@ -0,0 +1,77 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+# 
+send -- "firejail --net=br1 --ip=10.10.30.50 --veth-name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "10.10.30.50"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "255.255.255.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Child process initialized"
+}
+sleep 1
+spawn $env(SHELL)
+send -- "ip link show\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "blablabla"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "master br1 state UP"
+}
+sleep 1
+send -- "firejail --profile=veth-name.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "10.10.60.51"
+}
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "255.255.255.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Child process initialized"
+}
+sleep 1
+spawn $env(SHELL)
+send -- "ip link show\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "bingo"
+}
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "master br4 state UP"
+}
+sleep 1
+after 100
+puts "\nall done\n"
diff --git a/test/network/veth-name.profile b/test/network/veth-name.profile
new file mode 100644
index 000000000..f00a74d63
--- /dev/null
+++ b/test/network/veth-name.profile
@@ -0,0 +1,3 @@
+net br4
+ip 10.10.60.51
+veth-name bingo
author	netblue30 <netblue30@yahoo.com>	2016-11-29 10:04:43 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-11-29 10:04:43 -0500
commit	d3b6581db7fcd0fb0897ada9910140f0e43f4ed1 (patch)
tree	1c4409a84665834736370f89dcf915a12f173ef5 /test/network
parent	Merge pull request #945 from Fred-Barclay/cryptocat (diff)
download	firejail-d3b6581db7fcd0fb0897ada9910140f0e43f4ed1.tar.gz firejail-d3b6581db7fcd0fb0897ada9910140f0e43f4ed1.tar.zst firejail-d3b6581db7fcd0fb0897ada9910140f0e43f4ed1.zip

diff --git a/test/network/ip6.exp b/test/network/ip6.exp index f0fcebcf8..1db16c28a 100755 --- a/test/network/ip6.exp +++ b/test/network/ip6.exp
@@ -43,6 +43,46 @@ expect {
43	}	43	}
44		44
45	send -- "exit\r"	45	send -- "exit\r"
		46	sleep 2
		47
		48
		49	send -- "firejail --debug --profile=ip6.profile\r"
		50	expect {
		51	timeout {puts "TESTING ERROR 10\n";exit}
		52	"Installing network filter"
		53	}
		54	expect {
		55	timeout {puts "TESTING ERROR 11\n";exit}
		56	"DROP"
		57	}
		58	expect {
		59	timeout {puts "TESTING ERROR 12\n";exit}
		60	"unable to initialize table 'filter'" {puts "\nTESTING SKIP 2: no IPv6 support\n"; exit}
		61	"2001:db8:1f0a:3ec::2"
		62	}
		63	expect {
		64	timeout {puts "TESTING ERROR 13\n";exit}
		65	"Child process initialized"
		66	}
		67	sleep 2
		68
		69	send -- "/sbin/ifconfig\r"
		70	expect {
		71	timeout {puts "TESTING ERROR 14\n";exit}
		72	"inet6"
		73	}
		74	expect {
		75	timeout {puts "TESTING ERROR 15\n";exit}
		76	"2001:db8:0:f101::1"
		77	}
		78	expect {
		79	timeout {puts "TESTING ERROR 16\n";exit}
		80	"Scope:Global" { puts "Debian\n"}
		81	"scopeid 0x0<global>" { puts "Arch\n"}
		82	}
		83
		84	send -- "exit\r"
		85
46	after 100	86	after 100
47		87
48	puts "\nall done\n"	88	puts "\nall done\n"


diff --git a/test/network/ip6.profile b/test/network/ip6.profile new file mode 100644 index 000000000..87afa3941 --- /dev/null +++ b/test/network/ip6.profile
@@ -0,0 +1,3 @@
		1	net br0
		2	ip6 2001:0db8:0:f101::1/64
		3	netfilter6 ipv6.net


diff --git a/test/network/iprange.exp b/test/network/iprange.exp new file mode 100755 index 000000000..a1b2ccab4 --- /dev/null +++ b/test/network/iprange.exp
@@ -0,0 +1,103 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --net=br1 --iprange=10.10.30.50,10.10.30.55\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"eth0"
		14	}
		15	expect {
		16	timeout {puts "TESTING ERROR 1\n";exit}
		17	"10.10.30.50" {puts "10.10.30.50\n"}
		18	"10.10.30.51" {puts "10.10.30.51\n"}
		19	"10.10.30.52" {puts "10.10.30.52\n"}
		20	"10.10.30.53" {puts "10.10.30.53\n"}
		21	"10.10.30.54" {puts "10.10.30.54\n"}
		22	"10.10.30.55" {puts "10.10.30.55\n"}
		23	}
		24	expect {
		25	timeout {puts "TESTING ERROR 2\n";exit}
		26	"255.255.255.0"
		27	}
		28	expect {
		29	timeout {puts "TESTING ERROR 3\n";exit}
		30	"Child process initialized"
		31	}
		32	sleep 1
		33	send -- "exit\r"
		34	sleep 2
		35
		36	send -- "firejail --profile=iprange.profile\r"
		37	expect {
		38	timeout {puts "TESTING ERROR 5\n";exit}
		39	"eth0"
		40	}
		41	expect {
		42	timeout {puts "TESTING ERROR 6\n";exit}
		43	"10.10.30.50" {puts "10.10.30.50\n"}
		44	"10.10.30.51" {puts "10.10.30.51\n"}
		45	"10.10.30.52" {puts "10.10.30.52\n"}
		46	"10.10.30.53" {puts "10.10.30.53\n"}
		47	"10.10.30.54" {puts "10.10.30.54\n"}
		48	"10.10.30.55" {puts "10.10.30.55\n"}
		49	}
		50	expect {
		51	timeout {puts "TESTING ERROR 7\n";exit}
		52	"255.255.255.0"
		53	}
		54	expect {
		55	timeout {puts "TESTING ERROR 8\n";exit}
		56	"Child process initialized"
		57	}
		58	sleep 1
		59	send -- "exit\r"
		60	sleep 2
		61
		62
		63
		64	send -- "firejail --iprange=10.10.30.50,10.10.30.55\r"
		65	expect {
		66	timeout {puts "TESTING ERROR 9\n";exit}
		67	"no network device configured"
		68	}
		69	after 100
		70
		71	send -- "firejail --net=br1 --iprange=10.10.30.50,10.10.30.55 --iprange=10.10.30.50,10.10.30.55\r"
		72	expect {
		73	timeout {puts "TESTING ERROR 10\n";exit}
		74	"cannot configure the IP range twice for the same interface"
		75	}
		76	after 100
		77
		78	send -- "firejail --net=br1 --iprange=10.10.30.50\r"
		79	expect {
		80	timeout {puts "TESTING ERROR 11\n";exit}
		81	"invalid IP range"
		82	}
		83	after 100
		84
		85	send -- "firejail --net=br0 --iprange=10.10.30.50,10.10.30.55\r"
		86	expect {
		87	timeout {puts "TESTING ERROR 12\n";exit}
		88	"IP range addresses not in network range"
		89	}
		90	after 100
		91
		92	send -- "firejail --net=br1 --iprange=10.10.30.55,10.10.30.50\r"
		93	expect {
		94	timeout {puts "TESTING ERROR 12\n";exit}
		95	"invalid IP range"
		96	}
		97	after 100
		98
		99
		100	after 100
		101
		102	puts "\nall done\n"
		103


diff --git a/test/network/iprange.profile b/test/network/iprange.profile new file mode 100644 index 000000000..ecc01cd93 --- /dev/null +++ b/test/network/iprange.profile
@@ -0,0 +1,2 @@
		1	net br1
		2	iprange 10.10.30.50,10.10.30.55


diff --git a/test/network/network.sh b/test/network/network.sh index e1646d64a..bea5dfb26 100755 --- a/test/network/network.sh +++ b/test/network/network.sh
@@ -78,6 +78,12 @@ echo "TESTING: veth (net_veth.exp)"
78	echo "TESTING: netfilter (net_netfilter.exp)"	78	echo "TESTING: netfilter (net_netfilter.exp)"
79	./net_netfilter.exp	79	./net_netfilter.exp
80		80
		81	echo "TESTING: iprange (iprange.exp)"
		82	./iprange.exp
		83
		84	echo "TESTING: veth-name (veth-name.exp)"
		85	./veth-name.exp
		86
81	echo "TESTING: 4 bridges ARP (4bridges_arp.exp)"	87	echo "TESTING: 4 bridges ARP (4bridges_arp.exp)"
82	./4bridges_arp.exp	88	./4bridges_arp.exp
83		89


diff --git a/test/network/veth-name.exp b/test/network/veth-name.exp new file mode 100755 index 000000000..36ed41d92 --- /dev/null +++ b/test/network/veth-name.exp
@@ -0,0 +1,77 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	#
		11	send -- "firejail --net=br1 --ip=10.10.30.50 --veth-name=blablabla\r"
		12	expect {
		13	timeout {puts "TESTING ERROR 0\n";exit}
		14	"eth0"
		15	}
		16	expect {
		17	timeout {puts "TESTING ERROR 1\n";exit}
		18	"10.10.30.50"
		19	}
		20	expect {
		21	timeout {puts "TESTING ERROR 2\n";exit}
		22	"255.255.255.0"
		23	}
		24	expect {
		25	timeout {puts "TESTING ERROR 3\n";exit}
		26	"Child process initialized"
		27	}
		28	sleep 1
		29
		30	spawn $env(SHELL)
		31	send -- "ip link show\r"
		32	expect {
		33	timeout {puts "TESTING ERROR 4\n";exit}
		34	"blablabla"
		35	}
		36	expect {
		37	timeout {puts "TESTING ERROR 5\n";exit}
		38	"master br1 state UP"
		39	}
		40	sleep 1
		41
		42
		43	send -- "firejail --profile=veth-name.profile\r"
		44	expect {
		45	timeout {puts "TESTING ERROR 6\n";exit}
		46	"eth0"
		47	}
		48	expect {
		49	timeout {puts "TESTING ERROR 7\n";exit}
		50	"10.10.60.51"
		51	}
		52	expect {
		53	timeout {puts "TESTING ERROR 8\n";exit}
		54	"255.255.255.0"
		55	}
		56	expect {
		57	timeout {puts "TESTING ERROR 9\n";exit}
		58	"Child process initialized"
		59	}
		60	sleep 1
		61
		62	spawn $env(SHELL)
		63	send -- "ip link show\r"
		64	expect {
		65	timeout {puts "TESTING ERROR 10\n";exit}
		66	"bingo"
		67	}
		68	expect {
		69	timeout {puts "TESTING ERROR 11\n";exit}
		70	"master br4 state UP"
		71	}
		72	sleep 1
		73
		74
		75	after 100
		76	puts "\nall done\n"
		77


diff --git a/test/network/veth-name.profile b/test/network/veth-name.profile new file mode 100644 index 000000000..f00a74d63 --- /dev/null +++ b/test/network/veth-name.profile
@@ -0,0 +1,3 @@
		1	net br4
		2	ip 10.10.60.51
		3	veth-name bingo