testing

author: netblue30 <netblue30@protonmail.com> 2023-03-09 09:21:35 -0500
committer: netblue30 <netblue30@protonmail.com> 2023-03-09 09:21:35 -0500
commit: 18765f235857f5c4e11f5e39fcdc13b5c76759fa (patch)
tree: 2fa74ff3a2af81c924f1b15acccf38d65b0b4943 /test
parent: Merge branch 'master' of ssh://github.com/netblue30/firejail (diff)
download: firejail-18765f235857f5c4e11f5e39fcdc13b5c76759fa.tar.gz
firejail-18765f235857f5c4e11f5e39fcdc13b5c76759fa.tar.zst
firejail-18765f235857f5c4e11f5e39fcdc13b5c76759fa.zip
2 files changed, 52 insertions, 2 deletions
diff --git a/test/network/netfilter-template.exp b/test/network/netfilter-template.exp
new file mode 100755
index 000000000..2dc50cef7
--- /dev/null
+++ b/test/network/netfilter-template.exp
@@ -0,0 +1,41 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --net=br0 --ip=10.10.30.10 --name=test1 --netfilter=/etc/firejail/blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "invalid network filter file"
+}
+after 500
+send -- "firejail --net=br0 --ip=10.10.20.10 --name=test1 --netfilter=/etc/firejail/tcpserver.net,5678\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 2
+spawn $env(SHELL)
+send -- "firejail --netfilter.print=test1\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Chain INPUT"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "ACCEPT"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "tcp dpt:5678 state NEW,ESTABLISHED"
+}
+sleep 1
+puts "\nall done\n"
diff --git a/test/network/network.sh b/test/network/network.sh
index e029722ba..6d26e967f 100755
--- a/test/network/network.sh
+++ b/test/network/network.sh
@@ -42,8 +42,14 @@ echo "TESTING: ipv6 (ip6.exp)"
 echo "TESTING: ipv6 netfilter (ip6_netfilter.exp)"
 ./ip6_netfilter.exp
-echo "TESTING: netstats (netstats.exp)"
+# this test will fail on github!
-./netstats.exp
+USER=`whoami`
+if [[ $USER == "runner" ]]; then
+        echo "TESTING: skip over netstats test"
+else
+        echo "TESTING: netstats (netstats.exp)"
+        ./netstats.exp
+fi
 echo "TESTING: firemon arp (firemon-arp.exp)"
 ./firemon-arp.exp
@@ -51,5 +57,8 @@ echo "TESTING: firemon arp (firemon-arp.exp)"
 echo "TESTING: firemon route (firemon-route.exp)"
 ./firemon-route.exp
+echo "TESTING: netfilter-template (netfilter-template.exp)"
+./netfilter-template.exp
 sudo ip link set br0 down
 sudo brctl delbr br0
author	netblue30 <netblue30@protonmail.com>	2023-03-09 09:21:35 -0500
committer	netblue30 <netblue30@protonmail.com>	2023-03-09 09:21:35 -0500
commit	18765f235857f5c4e11f5e39fcdc13b5c76759fa (patch)
tree	2fa74ff3a2af81c924f1b15acccf38d65b0b4943 /test
parent	Merge branch 'master' of ssh://github.com/netblue30/firejail (diff)
download	firejail-18765f235857f5c4e11f5e39fcdc13b5c76759fa.tar.gz firejail-18765f235857f5c4e11f5e39fcdc13b5c76759fa.tar.zst firejail-18765f235857f5c4e11f5e39fcdc13b5c76759fa.zip

diff --git a/test/network/netfilter-template.exp b/test/network/netfilter-template.exp new file mode 100755 index 000000000..2dc50cef7 --- /dev/null +++ b/test/network/netfilter-template.exp
@@ -0,0 +1,41 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2023 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10
		11	send -- "firejail --net=br0 --ip=10.10.30.10 --name=test1 --netfilter=/etc/firejail/blablabla\r"
		12	expect {
		13	timeout {puts "TESTING ERROR 0\n";exit}
		14	"invalid network filter file"
		15	}
		16	after 500
		17
		18	send -- "firejail --net=br0 --ip=10.10.20.10 --name=test1 --netfilter=/etc/firejail/tcpserver.net,5678\r"
		19	expect {
		20	timeout {puts "TESTING ERROR 1\n";exit}
		21	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		22	}
		23	sleep 2
		24
		25	spawn $env(SHELL)
		26	send -- "firejail --netfilter.print=test1\r"
		27	expect {
		28	timeout {puts "TESTING ERROR 2\n";exit}
		29	"Chain INPUT"
		30	}
		31	expect {
		32	timeout {puts "TESTING ERROR 3\n";exit}
		33	"ACCEPT"
		34	}
		35	expect {
		36	timeout {puts "TESTING ERROR 4\n";exit}
		37	"tcp dpt:5678 state NEW,ESTABLISHED"
		38	}
		39	sleep 1
		40
		41	puts "\nall done\n"


diff --git a/test/network/network.sh b/test/network/network.sh index e029722ba..6d26e967f 100755 --- a/test/network/network.sh +++ b/test/network/network.sh
@@ -42,8 +42,14 @@ echo "TESTING: ipv6 (ip6.exp)"
42	echo "TESTING: ipv6 netfilter (ip6_netfilter.exp)"	42	echo "TESTING: ipv6 netfilter (ip6_netfilter.exp)"
43	./ip6_netfilter.exp	43	./ip6_netfilter.exp
44		44
45	echo "TESTING: netstats (netstats.exp)"	45	# this test will fail on github!
46	./netstats.exp	46	USER=`whoami`
		47	if [[ $USER == "runner" ]]; then
		48	echo "TESTING: skip over netstats test"
		49	else
		50	echo "TESTING: netstats (netstats.exp)"
		51	./netstats.exp
		52	fi
47		53
48	echo "TESTING: firemon arp (firemon-arp.exp)"	54	echo "TESTING: firemon arp (firemon-arp.exp)"
49	./firemon-arp.exp	55	./firemon-arp.exp
@@ -51,5 +57,8 @@ echo "TESTING: firemon arp (firemon-arp.exp)"
51	echo "TESTING: firemon route (firemon-route.exp)"	57	echo "TESTING: firemon route (firemon-route.exp)"
52	./firemon-route.exp	58	./firemon-route.exp
53		59
		60	echo "TESTING: netfilter-template (netfilter-template.exp)"
		61	./netfilter-template.exp
		62
54	sudo ip link set br0 down	63	sudo ip link set br0 down
55	sudo brctl delbr br0	64	sudo brctl delbr br0