6 files changed, 153 insertions, 126 deletions
diff --git a/gcov.sh b/gcov.sh
index 34fb6e03e..9b02d801c 100755
--- a/gcov.sh
+++ b/gcov.sh
@@ -3,111 +3,47 @@
 # Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
-gcov_init() {
+# GCOV test setup
-        USER="$(whoami)"
+# required: sudo, lcov (apt-get install lcov)
-        firejail --help > /dev/null
+# setup: make distclean && ./configure --prefix=/usr --enable-apparmor --enable-gcov && make -j4 && sudo make install
-        firemon --help > /dev/null
+# run as regular user: ./gcov.sh
-        /usr/lib/firejail/fnet --help > /dev/null
+# result in gcov-dir/index.html
-        /usr/lib/firejail/fseccomp --help > /dev/null
-        /usr/lib/firejail/ftee --help > /dev/null
-        /usr/lib/firejail/fcopy --help > /dev/null
-        /usr/lib/firejail/fldd --help > /dev/null
-        firecfg --help > /dev/null
-        /usr/lib/firejail/fnetfilter --help > /dev/null
-        /usr/lib/firejail/fsec-print --help > /dev/null
-        /usr/lib/firejail/fsec-optimize --help > /dev/null
-        /usr/lib/firejail/faudit --help > /dev/null
-        /usr/lib/firejail/fbuilder --help > /dev/null
+gcov_generate() {
+        USER="$(whoami)"
        find . -exec sudo chown "$USER:$USER" '{}' +
-}
+        lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \
+                -d src/fnet -d src/fnetfilter --output-file gcov-file
-generate() {
-        lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-new
-        lcov --add-tracefile gcov-file-old --add-tracefile gcov-file-new --output-file gcov-file
-        rm -fr gcov-dir
        genhtml -q gcov-file --output-directory gcov-dir
-        find . -name '*.gcda' -exec sudo rm '{}' +
-        cp gcov-file gcov-file-old
-        gcov_init
 }
+rm -fr gcov-dir gcov-file
-gcov_init
+firejail --version
-lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-old
+gcov_generate
-#make test-utils
+#make test-firecfg | grep TESTING
-#generate
+#gcov_generate
-#sleep 2
+#make test-apparmor | grep TESTING
-#exit
+#gcov_generate
+make test-network | grep TESTING
+gcov_generate
-# running tests
+#make test-appimage | grep TESTING
-make test-root
+#gcov_generate
-generate
+#make test-chroot | grep TESTING
-sleep 2
+#gcov_generate
+#make test-sysutils | grep TESTING
-make test-chroot
+#gcov_generate
-generate
+#make test-private-etc | grep TESTING
-sleep 2
+#gcov_generate
+#make test-profiles | grep TESTING
-make test-network
+#gcov_generate
-generate
+#make test-fcopy | grep TESTING
-sleep 2
+#gcov_generate
+make test-fnetfilter | grep TESTING
-make test-stress
+gcov_generate
-generate
+#make test-fs | grep TESTING
-sleep 2
+#gcov_generate
+#make test-utils | grep TESTING
-make test-ssh
+#gcov_generate
-generate
+#make test-environment | grep TESTING
-sleep 2
+#gcov_generate
-make test-appimage
-generate
-sleep 2
-make test-overlay
-generate
-sleep 2
-make test-fcopy
-generate
-sleep 2
-make test-profiles
-generate
-sleep 2
-make test-fs
-generate
-sleep 2
-make test-utils
-generate
-sleep 2
-make test-environment
-generate
-sleep 2
-make test-apps
-generate
-sleep 2
-make test-apps-x11
-generate
-sleep 2
-make test-apps-x11-xorg
-generate
-sleep 2
-make test-filters
-generate
-sleep 2
-make test-arguments
-generate
-sleep 2
diff --git a/src/firejail/network.c b/src/firejail/network.c
index c1adf87cc..19c4b5244 100644
--- a/src/firejail/network.c
+++ b/src/firejail/network.c
@@ -89,29 +89,29 @@ int net_get_mtu(const char *ifname) {
        return mtu;
 }
-void net_set_mtu(const char *ifname, int mtu) {
+//void net_set_mtu(const char *ifname, int mtu) {
-        if (strlen(ifname) > IFNAMSIZ) {
+//      if (strlen(ifname) > IFNAMSIZ) {
-                fprintf(stderr, "Error: invalid network device name %s\n", ifname);
+//              fprintf(stderr, "Error: invalid network device name %s\n", ifname);
-                exit(1);
+//              exit(1);
-        }
+//      }
+//
-        if (arg_debug)
+//      if (arg_debug)
-                printf("set interface %s MTU %d.\n", ifname, mtu);
+//              printf("set interface %s MTU %d.\n", ifname, mtu);
+//
-        int s;
+//      int s;
-        struct ifreq ifr;
+//      struct ifreq ifr;
+//
-        if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+//      if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
-                errExit("socket");
+//              errExit("socket");
+//
-        memset(&ifr, 0, sizeof(ifr));
+//      memset(&ifr, 0, sizeof(ifr));
-        ifr.ifr_addr.sa_family = AF_INET;
+//      ifr.ifr_addr.sa_family = AF_INET;
-        strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
+//      strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
-        ifr.ifr_mtu = mtu;
+//      ifr.ifr_mtu = mtu;
-        if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) != 0)
+//      if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) != 0)
-                fwarning("cannot set mtu for interface %s\n", ifname);
+//              fwarning("cannot set mtu for interface %s\n", ifname);
-        close(s);
+//      close(s);
-}
+//}
 // return -1 if the interface was not found; if the interface was found retrn 0 and fill in IP address and mask
 int net_get_if_addr(const char *bridge, uint32_t *ip, uint32_t *mask, uint8_t mac[6], int *mtu) {
diff --git a/test/network/ip6.exp b/test/network/ip6.exp
new file mode 100755
index 000000000..e2e83fe0e
--- /dev/null
+++ b/test/network/ip6.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2022 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --noprofile --net=br0 --ip6=2001:0db8:0:f101::1/64 ip addr show\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "inet6"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "2001:db8:0:f101::1/64"
+}
+sleep 1
+send -- "firejail --profile=ip6.profile ip addr show\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "inet6"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "2001:db8:0:f101::1/64"
+}
+after 500
+puts "\nall done\n"
+exit
diff --git a/test/network/ip6.profile b/test/network/ip6.profile
new file mode 100644
index 000000000..d4611ec41
--- /dev/null
+++ b/test/network/ip6.profile
@@ -0,0 +1,3 @@
+net br0
+ip6 2001:0db8:0:f101::1/64
+#netfilter6 ipv6.net
diff --git a/test/network/net-print.exp b/test/network/net-print.exp
new file mode 100755
index 000000000..691114cf4
--- /dev/null
+++ b/test/network/net-print.exp
@@ -0,0 +1,34 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send --  "firejail --name=test --net=br0 --ip=10.10.20.9\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 1
+spawn $env(SHELL)
+send --  "firejail --net.print=test\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "lo"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "10.10.20.9"
+}
+after 500
+puts "\nall done\n"
diff --git a/test/network/network.sh b/test/network/network.sh
index 319927493..877f16156 100755
--- a/test/network/network.sh
+++ b/test/network/network.sh
@@ -27,8 +27,14 @@ echo "TESTING: network scan (net_scan.exp)"
 echo "TESTING: netfilter (net_netfilter.exp)"
 ./net_netfilter.exp
+echo "TESTING: print network (net-print.exp)"
+./net-print.exp
 echo "TESTING: print dns (dns-print.exp)"
 ./dns-print.exp
+echo "TESTING: ipv6 (ip6.exp)"
+./ip6.exp
 sudo ip link set br0 down
 sudo brctl delbr br0

diff --git a/gcov.sh b/gcov.sh index 34fb6e03e..9b02d801c 100755 --- a/gcov.sh +++ b/gcov.sh
@@ -3,111 +3,47 @@
3	# Copyright (C) 2014-2023 Firejail Authors	3	# Copyright (C) 2014-2023 Firejail Authors
4	# License GPL v2	4	# License GPL v2
5		5
6	gcov_init() {	6	# GCOV test setup
7	USER="$(whoami)"	7	# required: sudo, lcov (apt-get install lcov)
8	firejail --help > /dev/null	8	# setup: make distclean && ./configure --prefix=/usr --enable-apparmor --enable-gcov && make -j4 && sudo make install
9	firemon --help > /dev/null	9	# run as regular user: ./gcov.sh
10	/usr/lib/firejail/fnet --help > /dev/null	10	# result in gcov-dir/index.html
11	/usr/lib/firejail/fseccomp --help > /dev/null
12	/usr/lib/firejail/ftee --help > /dev/null
13	/usr/lib/firejail/fcopy --help > /dev/null
14	/usr/lib/firejail/fldd --help > /dev/null
15	firecfg --help > /dev/null
16
17	/usr/lib/firejail/fnetfilter --help > /dev/null
18	/usr/lib/firejail/fsec-print --help > /dev/null
19	/usr/lib/firejail/fsec-optimize --help > /dev/null
20	/usr/lib/firejail/faudit --help > /dev/null
21	/usr/lib/firejail/fbuilder --help > /dev/null
22		11
		12	gcov_generate() {
		13	USER="$(whoami)"
23	find . -exec sudo chown "$USER:$USER" '{}' +	14	find . -exec sudo chown "$USER:$USER" '{}' +
24	}	15	lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \
25		16	-d src/fnet -d src/fnetfilter --output-file gcov-file
26	generate() {
27	lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-new
28	lcov --add-tracefile gcov-file-old --add-tracefile gcov-file-new --output-file gcov-file
29	rm -fr gcov-dir
30	genhtml -q gcov-file --output-directory gcov-dir	17	genhtml -q gcov-file --output-directory gcov-dir
31	find . -name '*.gcda' -exec sudo rm '{}' +
32	cp gcov-file gcov-file-old
33	gcov_init
34	}	18	}
35		19
36		20	rm -fr gcov-dir gcov-file
37	gcov_init	21	firejail --version
38	lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-old	22	gcov_generate
39		23
40	#make test-utils	24	#make test-firecfg \| grep TESTING
41	#generate	25	#gcov_generate
42	#sleep 2	26	#make test-apparmor \| grep TESTING
43	#exit	27	#gcov_generate
44		28	make test-network \| grep TESTING
45		29	gcov_generate
46	# running tests	30	#make test-appimage \| grep TESTING
47	make test-root	31	#gcov_generate
48	generate	32	#make test-chroot \| grep TESTING
49	sleep 2	33	#gcov_generate
50		34	#make test-sysutils \| grep TESTING
51	make test-chroot	35	#gcov_generate
52	generate	36	#make test-private-etc \| grep TESTING
53	sleep 2	37	#gcov_generate
54		38	#make test-profiles \| grep TESTING
55	make test-network	39	#gcov_generate
56	generate	40	#make test-fcopy \| grep TESTING
57	sleep 2	41	#gcov_generate
58		42	make test-fnetfilter \| grep TESTING
59	make test-stress	43	gcov_generate
60	generate	44	#make test-fs \| grep TESTING
61	sleep 2	45	#gcov_generate
62		46	#make test-utils \| grep TESTING
63	make test-ssh	47	#gcov_generate
64	generate	48	#make test-environment \| grep TESTING
65	sleep 2	49	#gcov_generate
66
67	make test-appimage
68	generate
69	sleep 2
70
71	make test-overlay
72	generate
73	sleep 2
74
75	make test-fcopy
76	generate
77	sleep 2
78
79	make test-profiles
80	generate
81	sleep 2
82
83	make test-fs
84	generate
85	sleep 2
86
87	make test-utils
88	generate
89	sleep 2
90
91	make test-environment
92	generate
93	sleep 2
94
95	make test-apps
96	generate
97	sleep 2
98
99	make test-apps-x11
100	generate
101	sleep 2
102
103	make test-apps-x11-xorg
104	generate
105	sleep 2
106
107	make test-filters
108	generate
109	sleep 2
110
111	make test-arguments
112	generate
113	sleep 2


diff --git a/src/firejail/network.c b/src/firejail/network.c index c1adf87cc..19c4b5244 100644 --- a/src/firejail/network.c +++ b/src/firejail/network.c
@@ -89,29 +89,29 @@ int net_get_mtu(const char *ifname) {
89	return mtu;	89	return mtu;
90	}	90	}
91		91
92	void net_set_mtu(const char *ifname, int mtu) {	92	//void net_set_mtu(const char *ifname, int mtu) {
93	if (strlen(ifname) > IFNAMSIZ) {	93	// if (strlen(ifname) > IFNAMSIZ) {
94	fprintf(stderr, "Error: invalid network device name %s\n", ifname);	94	// fprintf(stderr, "Error: invalid network device name %s\n", ifname);
95	exit(1);	95	// exit(1);
96	}	96	// }
97		97	//
98	if (arg_debug)	98	// if (arg_debug)
99	printf("set interface %s MTU %d.\n", ifname, mtu);	99	// printf("set interface %s MTU %d.\n", ifname, mtu);
100		100	//
101	int s;	101	// int s;
102	struct ifreq ifr;	102	// struct ifreq ifr;
103		103	//
104	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)	104	// if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
105	errExit("socket");	105	// errExit("socket");
106		106	//
107	memset(&ifr, 0, sizeof(ifr));	107	// memset(&ifr, 0, sizeof(ifr));
108	ifr.ifr_addr.sa_family = AF_INET;	108	// ifr.ifr_addr.sa_family = AF_INET;
109	strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);	109	// strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
110	ifr.ifr_mtu = mtu;	110	// ifr.ifr_mtu = mtu;
111	if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) != 0)	111	// if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) != 0)
112	fwarning("cannot set mtu for interface %s\n", ifname);	112	// fwarning("cannot set mtu for interface %s\n", ifname);
113	close(s);	113	// close(s);
114	}	114	//}
115		115
116	// return -1 if the interface was not found; if the interface was found retrn 0 and fill in IP address and mask	116	// return -1 if the interface was not found; if the interface was found retrn 0 and fill in IP address and mask
117	int net_get_if_addr(const char bridge, uint32_t ip, uint32_t mask, uint8_t mac[6], int mtu) {	117	int net_get_if_addr(const char bridge, uint32_t ip, uint32_t mask, uint8_t mac[6], int mtu) {


diff --git a/test/network/ip6.exp b/test/network/ip6.exp new file mode 100755 index 000000000..e2e83fe0e --- /dev/null +++ b/test/network/ip6.exp
@@ -0,0 +1,48 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2022 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --noprofile --net=br0 --ip6=2001:0db8:0:f101::1/64 ip addr show\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		14	}
		15	expect {
		16	timeout {puts "TESTING ERROR 1\n";exit}
		17	"eth0"
		18	}
		19	expect {
		20	timeout {puts "TESTING ERROR 2\n";exit}
		21	"inet6"
		22	}
		23	expect {
		24	timeout {puts "TESTING ERROR 3\n";exit}
		25	"2001:db8:0:f101::1/64"
		26	}
		27	sleep 1
		28
		29	send -- "firejail --profile=ip6.profile ip addr show\r"
		30	expect {
		31	timeout {puts "TESTING ERROR 4\n";exit}
		32	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		33	}
		34	expect {
		35	timeout {puts "TESTING ERROR 5\n";exit}
		36	"eth0"
		37	}
		38	expect {
		39	timeout {puts "TESTING ERROR 6\n";exit}
		40	"inet6"
		41	}
		42	expect {
		43	timeout {puts "TESTING ERROR 7\n";exit}
		44	"2001:db8:0:f101::1/64"
		45	}
		46	after 500
		47	puts "\nall done\n"
		48	exit


diff --git a/test/network/ip6.profile b/test/network/ip6.profile new file mode 100644 index 000000000..d4611ec41 --- /dev/null +++ b/test/network/ip6.profile
@@ -0,0 +1,3 @@
		1	net br0
		2	ip6 2001:0db8:0:f101::1/64
		3	#netfilter6 ipv6.net


diff --git a/test/network/net-print.exp b/test/network/net-print.exp new file mode 100755 index 000000000..691114cf4 --- /dev/null +++ b/test/network/net-print.exp
@@ -0,0 +1,34 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2023 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --name=test --net=br0 --ip=10.10.20.9\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		14	}
		15	sleep 1
		16
		17	spawn $env(SHELL)
		18	send -- "firejail --net.print=test\r"
		19	expect {
		20	timeout {puts "TESTING ERROR 1\n";exit}
		21	"lo"
		22	}
		23	expect {
		24	timeout {puts "TESTING ERROR 2\n";exit}
		25	"eth0"
		26	}
		27	expect {
		28	timeout {puts "TESTING ERROR 3\n";exit}
		29	"10.10.20.9"
		30	}
		31
		32	after 500
		33
		34	puts "\nall done\n"


diff --git a/test/network/network.sh b/test/network/network.sh index 319927493..877f16156 100755 --- a/test/network/network.sh +++ b/test/network/network.sh
@@ -27,8 +27,14 @@ echo "TESTING: network scan (net_scan.exp)"
27	echo "TESTING: netfilter (net_netfilter.exp)"	27	echo "TESTING: netfilter (net_netfilter.exp)"
28	./net_netfilter.exp	28	./net_netfilter.exp
29		29
		30	echo "TESTING: print network (net-print.exp)"
		31	./net-print.exp
		32
30	echo "TESTING: print dns (dns-print.exp)"	33	echo "TESTING: print dns (dns-print.exp)"
31	./dns-print.exp	34	./dns-print.exp
32		35
		36	echo "TESTING: ipv6 (ip6.exp)"
		37	./ip6.exp
		38
33	sudo ip link set br0 down	39	sudo ip link set br0 down
34	sudo brctl delbr br0	40	sudo brctl delbr br0