diff options
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/inc/disable-programs.inc | 4 | ||||
-rw-r--r-- | etc/profile-a-l/ani-cli.profile | 41 | ||||
-rw-r--r-- | etc/profile-a-l/lobster.profile | 41 | ||||
-rw-r--r-- | etc/profile-m-z/porn-cli.profile | 14 | ||||
-rwxr-xr-x | gcov.sh | 46 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 3 | ||||
-rw-r--r-- | src/firejail/netfilter.c | 2 | ||||
-rw-r--r-- | src/firejail/network.c | 24 | ||||
-rw-r--r-- | src/firejail/sbox.c | 2 | ||||
-rw-r--r-- | src/firemon/firemon.c | 15 | ||||
-rw-r--r-- | src/firemon/firemon.h | 3 | ||||
-rw-r--r-- | src/firemon/interface.c | 175 | ||||
-rw-r--r-- | src/fnet/interface.c | 17 | ||||
-rw-r--r-- | src/man/firemon.txt | 3 | ||||
-rwxr-xr-x | test/network/firemon-arp.exp | 28 | ||||
-rwxr-xr-x | test/network/firemon-route.exp | 40 | ||||
-rwxr-xr-x | test/network/ip6_netfilter.exp | 31 | ||||
-rw-r--r-- | test/network/ip6_netfilter.profile | 8 | ||||
-rwxr-xr-x | test/network/net_bandwidth.exp | 51 | ||||
-rwxr-xr-x | test/network/net_ip.exp | 40 | ||||
-rw-r--r-- | test/network/net_ip.profile | 6 | ||||
-rwxr-xr-x | test/network/net_netfilter.exp | 22 | ||||
-rwxr-xr-x | test/network/netstats.exp | 30 | ||||
-rwxr-xr-x | test/network/network.sh | 15 |
25 files changed, 419 insertions, 244 deletions
@@ -4,6 +4,8 @@ firejail (0.9.73) baseline; urgency=low | |||
4 | * feature: Print the argument when failing with "too long arguments" (#5677) | 4 | * feature: Print the argument when failing with "too long arguments" (#5677) |
5 | * feature: a random hostname is assigned to each sandbox unless | 5 | * feature: a random hostname is assigned to each sandbox unless |
6 | overwritten using --hostname command | 6 | overwritten using --hostname command |
7 | * feature: add IPv6 support for --net.print option | ||
8 | * modif: remove firemon --interface option (duplicating --net.print option) | ||
7 | * modif: Stop forwarding own double-dash to the shell (#5599 #5600) | 9 | * modif: Stop forwarding own double-dash to the shell (#5599 #5600) |
8 | * modif: Prevent sandbox name (--name=) and host name (--hostname=) | 10 | * modif: Prevent sandbox name (--name=) and host name (--hostname=) |
9 | from containing only digits (#5578) | 11 | from containing only digits (#5578) |
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index a2e788f9b..40c123968 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -84,6 +84,7 @@ blacklist ${HOME}/.cache/Tox | |||
84 | blacklist ${HOME}/.cache/Zeal | 84 | blacklist ${HOME}/.cache/Zeal |
85 | blacklist ${HOME}/.cache/agenda | 85 | blacklist ${HOME}/.cache/agenda |
86 | blacklist ${HOME}/.cache/akonadi* | 86 | blacklist ${HOME}/.cache/akonadi* |
87 | blacklist ${HOME}/.cache/ani-cli | ||
87 | blacklist ${HOME}/.cache/atril | 88 | blacklist ${HOME}/.cache/atril |
88 | blacklist ${HOME}/.cache/attic | 89 | blacklist ${HOME}/.cache/attic |
89 | blacklist ${HOME}/.cache/audacity | 90 | blacklist ${HOME}/.cache/audacity |
@@ -518,6 +519,7 @@ blacklist ${HOME}/.config/leafpad | |||
518 | blacklist ${HOME}/.config/libreoffice | 519 | blacklist ${HOME}/.config/libreoffice |
519 | blacklist ${HOME}/.config/liferea | 520 | blacklist ${HOME}/.config/liferea |
520 | blacklist ${HOME}/.config/linphone | 521 | blacklist ${HOME}/.config/linphone |
522 | blacklist ${HOME}/.config/lobster | ||
521 | blacklist ${HOME}/.config/lugaru | 523 | blacklist ${HOME}/.config/lugaru |
522 | blacklist ${HOME}/.config/lutris | 524 | blacklist ${HOME}/.config/lutris |
523 | blacklist ${HOME}/.config/lximage-qt | 525 | blacklist ${HOME}/.config/lximage-qt |
@@ -953,6 +955,7 @@ blacklist ${HOME}/.local/share/kwrite | |||
953 | blacklist ${HOME}/.local/share/kxmlgui5/* | 955 | blacklist ${HOME}/.local/share/kxmlgui5/* |
954 | blacklist ${HOME}/.local/share/liferea | 956 | blacklist ${HOME}/.local/share/liferea |
955 | blacklist ${HOME}/.local/share/linphone | 957 | blacklist ${HOME}/.local/share/linphone |
958 | blacklist ${HOME}/.local/share/lobster | ||
956 | blacklist ${HOME}/.local/share/local-mail | 959 | blacklist ${HOME}/.local/share/local-mail |
957 | blacklist ${HOME}/.local/share/lollypop | 960 | blacklist ${HOME}/.local/share/lollypop |
958 | blacklist ${HOME}/.local/share/love | 961 | blacklist ${HOME}/.local/share/love |
@@ -1028,6 +1031,7 @@ blacklist ${HOME}/.local/share/wormux | |||
1028 | blacklist ${HOME}/.local/share/xplayer | 1031 | blacklist ${HOME}/.local/share/xplayer |
1029 | blacklist ${HOME}/.local/share/xreader | 1032 | blacklist ${HOME}/.local/share/xreader |
1030 | blacklist ${HOME}/.local/share/zathura | 1033 | blacklist ${HOME}/.local/share/zathura |
1034 | blacklist ${HOME}/.local/state/ani-cli | ||
1031 | blacklist ${HOME}/.local/state/audacity | 1035 | blacklist ${HOME}/.local/state/audacity |
1032 | blacklist ${HOME}/.local/state/pipewire | 1036 | blacklist ${HOME}/.local/state/pipewire |
1033 | blacklist ${HOME}/.lv2 | 1037 | blacklist ${HOME}/.lv2 |
diff --git a/etc/profile-a-l/ani-cli.profile b/etc/profile-a-l/ani-cli.profile new file mode 100644 index 000000000..270dffaed --- /dev/null +++ b/etc/profile-a-l/ani-cli.profile | |||
@@ -0,0 +1,41 @@ | |||
1 | # Firejail profile for ani-cli | ||
2 | # Description: Shell script to watch Anime from the terminal | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include ani-cli.local | ||
7 | # Persistent global definitions | ||
8 | # added by included profile | ||
9 | #include globals.local | ||
10 | |||
11 | noblacklist ${HOME}/.cache/ani-cli | ||
12 | noblacklist ${HOME}/.local/state/ani-cli | ||
13 | |||
14 | # Allow /bin/sh (blacklisted by disable-shell.inc) | ||
15 | include allow-bin-sh.inc | ||
16 | |||
17 | include disable-proc.inc | ||
18 | include disable-xdg.inc | ||
19 | |||
20 | mkdir ${HOME}/.cache/ani-cli | ||
21 | mkdir ${HOME}/.local/state/ani-cli | ||
22 | whitelist ${HOME}/.cache/ani-cli | ||
23 | whitelist ${HOME}/.local/state/ani-cli | ||
24 | include whitelist-run-common.inc | ||
25 | include whitelist-runuser-common.inc | ||
26 | |||
27 | #machine-id | ||
28 | nodvd | ||
29 | noprinters | ||
30 | notv | ||
31 | |||
32 | disable-mnt | ||
33 | private-bin ani-cli,aria2c,cat,cp,curl,cut,ffmpeg,fzf,grep,head,mkdir,mv,nl,sed,sh,sort,tput,tr,uname,wc | ||
34 | #private-cache | ||
35 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg | ||
36 | private-tmp | ||
37 | |||
38 | read-only ${HOME}/.config/mpv | ||
39 | |||
40 | # Redirect | ||
41 | include mpv.profile | ||
diff --git a/etc/profile-a-l/lobster.profile b/etc/profile-a-l/lobster.profile new file mode 100644 index 000000000..01928c775 --- /dev/null +++ b/etc/profile-a-l/lobster.profile | |||
@@ -0,0 +1,41 @@ | |||
1 | # Firejail profile for lobster | ||
2 | # Description: Shell script to watch Movies/Webseries/Shows from the terminal | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include lobster.local | ||
7 | # Persistent global definitions | ||
8 | # added by included profile | ||
9 | #include globals.local | ||
10 | |||
11 | noblacklist ${HOME}/.config/lobster | ||
12 | noblacklist ${HOME}/.local/share/lobster | ||
13 | |||
14 | # Allow /bin/sh (blacklisted by disable-shell.inc) | ||
15 | include allow-bin-sh.inc | ||
16 | |||
17 | include disable-proc.inc | ||
18 | include disable-xdg.inc | ||
19 | |||
20 | mkdir ${HOME}/.config/lobster | ||
21 | mkdir ${HOME}/.local/share/lobster | ||
22 | whitelist ${HOME}/.config/lobster | ||
23 | whitelist ${HOME}/.local/share/lobster | ||
24 | include whitelist-run-common.inc | ||
25 | include whitelist-runuser-common.inc | ||
26 | |||
27 | #machine-id | ||
28 | nodvd | ||
29 | noprinters | ||
30 | notv | ||
31 | |||
32 | disable-mnt | ||
33 | private-bin curl,cut,fzf,grep,head,lobster,mv,patch,rm,sed,sh,tail,tput,tr,uname | ||
34 | #private-cache | ||
35 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg | ||
36 | private-tmp | ||
37 | |||
38 | read-only ${HOME}/.config/mpv | ||
39 | |||
40 | # Redirect | ||
41 | include mpv.profile | ||
diff --git a/etc/profile-m-z/porn-cli.profile b/etc/profile-m-z/porn-cli.profile new file mode 100644 index 000000000..f33ff439c --- /dev/null +++ b/etc/profile-m-z/porn-cli.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for porn-cli | ||
2 | # Description: Python script for watching porn via the terminal | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include porn-cli.local | ||
7 | # Persistent global definitions | ||
8 | # added by included profile | ||
9 | #include globals.local | ||
10 | |||
11 | private-bin porn-cli | ||
12 | |||
13 | # Redirect | ||
14 | include mov-cli.profile | ||
@@ -13,7 +13,7 @@ gcov_generate() { | |||
13 | USER="$(whoami)" | 13 | USER="$(whoami)" |
14 | find . -exec sudo chown "$USER:$USER" '{}' + | 14 | find . -exec sudo chown "$USER:$USER" '{}' + |
15 | lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \ | 15 | lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \ |
16 | -d src/fnet -d src/fnetfilter --output-file gcov-file | 16 | -d src/fnet -d src/fnetfilter -d src/fcopy --output-file gcov-file |
17 | genhtml -q gcov-file --output-directory gcov-dir | 17 | genhtml -q gcov-file --output-directory gcov-dir |
18 | } | 18 | } |
19 | 19 | ||
@@ -21,29 +21,29 @@ rm -fr gcov-dir gcov-file | |||
21 | firejail --version | 21 | firejail --version |
22 | gcov_generate | 22 | gcov_generate |
23 | 23 | ||
24 | #make test-firecfg | grep TESTING | 24 | make test-firecfg | grep TESTING |
25 | #gcov_generate | 25 | gcov_generate |
26 | #make test-apparmor | grep TESTING | 26 | make test-apparmor | grep TESTING |
27 | #gcov_generate | 27 | gcov_generate |
28 | make test-network | grep TESTING | 28 | make test-network | grep TESTING |
29 | gcov_generate | 29 | gcov_generate |
30 | #make test-appimage | grep TESTING | 30 | make test-appimage | grep TESTING |
31 | #gcov_generate | 31 | gcov_generate |
32 | #make test-chroot | grep TESTING | 32 | make test-chroot | grep TESTING |
33 | #gcov_generate | 33 | gcov_generate |
34 | #make test-sysutils | grep TESTING | 34 | make test-sysutils | grep TESTING |
35 | #gcov_generate | 35 | gcov_generate |
36 | #make test-private-etc | grep TESTING | 36 | make test-private-etc | grep TESTING |
37 | #gcov_generate | 37 | gcov_generate |
38 | #make test-profiles | grep TESTING | 38 | make test-profiles | grep TESTING |
39 | #gcov_generate | 39 | gcov_generate |
40 | #make test-fcopy | grep TESTING | 40 | make test-fcopy | grep TESTING |
41 | #gcov_generate | 41 | gcov_generate |
42 | make test-fnetfilter | grep TESTING | 42 | make test-fnetfilter | grep TESTING |
43 | gcov_generate | 43 | gcov_generate |
44 | #make test-fs | grep TESTING | 44 | make test-fs | grep TESTING |
45 | #gcov_generate | 45 | gcov_generate |
46 | #make test-utils | grep TESTING | 46 | make test-utils | grep TESTING |
47 | #gcov_generate | 47 | gcov_generate |
48 | #make test-environment | grep TESTING | 48 | make test-environment | grep TESTING |
49 | #gcov_generate | 49 | gcov_generate |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 45457fb47..7f85ea40a 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -44,6 +44,7 @@ amarok | |||
44 | amule | 44 | amule |
45 | amuled | 45 | amuled |
46 | android-studio | 46 | android-studio |
47 | ani-cli | ||
47 | anydesk | 48 | anydesk |
48 | apktool | 49 | apktool |
49 | apostrophe | 50 | apostrophe |
@@ -483,6 +484,7 @@ linphone | |||
483 | linuxqq | 484 | linuxqq |
484 | lmms | 485 | lmms |
485 | lobase | 486 | lobase |
487 | lobster | ||
486 | localc | 488 | localc |
487 | lodraw | 489 | lodraw |
488 | loffice | 490 | loffice |
@@ -676,6 +678,7 @@ pluma | |||
676 | plv | 678 | plv |
677 | pngquant | 679 | pngquant |
678 | polari | 680 | polari |
681 | porn-cli | ||
679 | ppsspp | 682 | ppsspp |
680 | pragha | 683 | pragha |
681 | presentations18 | 684 | presentations18 |
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c index b4deda562..32fdd6218 100644 --- a/src/firejail/netfilter.c +++ b/src/firejail/netfilter.c | |||
@@ -248,5 +248,5 @@ void netfilter_print(pid_t pid, int ipv6) { | |||
248 | exit(1); | 248 | exit(1); |
249 | } | 249 | } |
250 | 250 | ||
251 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 2, iptables, "-vL"); | 251 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 2, iptables, "-nvL"); |
252 | } | 252 | } |
diff --git a/src/firejail/network.c b/src/firejail/network.c index 0d2d53fca..3da51e195 100644 --- a/src/firejail/network.c +++ b/src/firejail/network.c | |||
@@ -89,30 +89,6 @@ int net_get_mtu(const char *ifname) { | |||
89 | return mtu; | 89 | return mtu; |
90 | } | 90 | } |
91 | 91 | ||
92 | //void net_set_mtu(const char *ifname, int mtu) { | ||
93 | // if (strlen(ifname) > IFNAMSIZ) { | ||
94 | // fprintf(stderr, "Error: invalid network device name %s\n", ifname); | ||
95 | // exit(1); | ||
96 | // } | ||
97 | // | ||
98 | // if (arg_debug) | ||
99 | // printf("set interface %s MTU %d.\n", ifname, mtu); | ||
100 | // | ||
101 | // int s; | ||
102 | // struct ifreq ifr; | ||
103 | // | ||
104 | // if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) | ||
105 | // errExit("socket"); | ||
106 | // | ||
107 | // memset(&ifr, 0, sizeof(ifr)); | ||
108 | // ifr.ifr_addr.sa_family = AF_INET; | ||
109 | // strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); | ||
110 | // ifr.ifr_mtu = mtu; | ||
111 | // if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) != 0) | ||
112 | // fwarning("cannot set mtu for interface %s\n", ifname); | ||
113 | // close(s); | ||
114 | //} | ||
115 | |||
116 | // return -1 if the interface was not found; if the interface was found return 0 and fill in IP address and mask | 92 | // return -1 if the interface was not found; if the interface was found return 0 and fill in IP address and mask |
117 | int net_get_if_addr(const char *bridge, uint32_t *ip, uint32_t *mask, uint8_t mac[6], int *mtu) { | 93 | int net_get_if_addr(const char *bridge, uint32_t *ip, uint32_t *mask, uint8_t mac[6], int *mtu) { |
118 | assert(bridge); | 94 | assert(bridge); |
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index 11ea5b036..ce43b4832 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
@@ -26,6 +26,7 @@ | |||
26 | #include <sys/resource.h> | 26 | #include <sys/resource.h> |
27 | #include <sys/wait.h> | 27 | #include <sys/wait.h> |
28 | #include "../include/seccomp.h" | 28 | #include "../include/seccomp.h" |
29 | #include "../include/gcov_wrapper.h" | ||
29 | 30 | ||
30 | #include <fcntl.h> | 31 | #include <fcntl.h> |
31 | #ifndef O_PATH | 32 | #ifndef O_PATH |
@@ -238,6 +239,7 @@ static int __attribute__((noreturn)) sbox_do_exec_v(unsigned filtermask, char * | |||
238 | fprintf(stderr, "Error: %s is world writable, refusing to execute\n", arg[0]); | 239 | fprintf(stderr, "Error: %s is world writable, refusing to execute\n", arg[0]); |
239 | exit(1); | 240 | exit(1); |
240 | } | 241 | } |
242 | __gcov_dump(); | ||
241 | fexecve(fd, arg, new_environment); | 243 | fexecve(fd, arg, new_environment); |
242 | } else { | 244 | } else { |
243 | assert(0); | 245 | assert(0); |
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index 01167e555..d82f387ff 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c | |||
@@ -30,7 +30,6 @@ int arg_debug = 0; | |||
30 | static int arg_route = 0; | 30 | static int arg_route = 0; |
31 | static int arg_arp = 0; | 31 | static int arg_arp = 0; |
32 | static int arg_tree = 0; | 32 | static int arg_tree = 0; |
33 | static int arg_interface = 0; | ||
34 | static int arg_seccomp = 0; | 33 | static int arg_seccomp = 0; |
35 | static int arg_caps = 0; | 34 | static int arg_caps = 0; |
36 | static int arg_cpu = 0; | 35 | static int arg_cpu = 0; |
@@ -178,13 +177,6 @@ int main(int argc, char **argv) { | |||
178 | arg_seccomp = 1; | 177 | arg_seccomp = 1; |
179 | else if (strcmp(argv[i], "--caps") == 0) | 178 | else if (strcmp(argv[i], "--caps") == 0) |
180 | arg_caps = 1; | 179 | arg_caps = 1; |
181 | else if (strcmp(argv[i], "--interface") == 0) { | ||
182 | if (getuid() != 0) { | ||
183 | fprintf(stderr, "Error: you need to be root to run this command\n"); | ||
184 | exit(1); | ||
185 | } | ||
186 | arg_interface = 1; | ||
187 | } | ||
188 | #ifdef HAVE_NETWORK | 180 | #ifdef HAVE_NETWORK |
189 | else if (strcmp(argv[i], "--route") == 0) | 181 | else if (strcmp(argv[i], "--route") == 0) |
190 | arg_route = 1; | 182 | arg_route = 1; |
@@ -261,13 +253,12 @@ int main(int argc, char **argv) { | |||
261 | 253 | ||
262 | // if --name requested without other options, print all data | 254 | // if --name requested without other options, print all data |
263 | if (pid && !arg_cpu && !arg_seccomp && !arg_caps && !arg_apparmor && | 255 | if (pid && !arg_cpu && !arg_seccomp && !arg_caps && !arg_apparmor && |
264 | !arg_x11 && !arg_interface && !arg_route && !arg_arp) { | 256 | !arg_x11 && !arg_route && !arg_arp) { |
265 | arg_tree = 1; | 257 | arg_tree = 1; |
266 | arg_cpu = 1; | 258 | arg_cpu = 1; |
267 | arg_seccomp = 1; | 259 | arg_seccomp = 1; |
268 | arg_caps = 1; | 260 | arg_caps = 1; |
269 | arg_x11 = 1; | 261 | arg_x11 = 1; |
270 | arg_interface = 1; | ||
271 | arg_route = 1; | 262 | arg_route = 1; |
272 | arg_arp = 1; | 263 | arg_arp = 1; |
273 | arg_apparmor = 1; | 264 | arg_apparmor = 1; |
@@ -295,10 +286,6 @@ int main(int argc, char **argv) { | |||
295 | x11((pid_t) pid, print_procs); | 286 | x11((pid_t) pid, print_procs); |
296 | print_procs = 0; | 287 | print_procs = 0; |
297 | } | 288 | } |
298 | if (arg_interface && getuid() == 0) { | ||
299 | interface((pid_t) pid, print_procs); | ||
300 | print_procs = 0; | ||
301 | } | ||
302 | if (arg_route) { | 289 | if (arg_route) { |
303 | route((pid_t) pid, print_procs); | 290 | route((pid_t) pid, print_procs); |
304 | print_procs = 0; | 291 | print_procs = 0; |
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h index dae071e89..8b6e75fc3 100644 --- a/src/firemon/firemon.h +++ b/src/firemon/firemon.h | |||
@@ -57,9 +57,6 @@ void top(void) __attribute__((noreturn)); | |||
57 | // list.c | 57 | // list.c |
58 | void list(void); | 58 | void list(void); |
59 | 59 | ||
60 | // interface.c | ||
61 | void interface(pid_t pid, int print_procs); | ||
62 | |||
63 | // arp.c | 60 | // arp.c |
64 | void arp(pid_t pid, int print_procs); | 61 | void arp(pid_t pid, int print_procs); |
65 | 62 | ||
diff --git a/src/firemon/interface.c b/src/firemon/interface.c deleted file mode 100644 index a8e78133b..000000000 --- a/src/firemon/interface.c +++ /dev/null | |||
@@ -1,175 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2023 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #include "firemon.h" | ||
21 | #include "../include/gcov_wrapper.h" | ||
22 | #include <sys/types.h> | ||
23 | #include <sys/wait.h> | ||
24 | #include <netdb.h> | ||
25 | #include <arpa/inet.h> | ||
26 | #include <ifaddrs.h> | ||
27 | #include <net/if.h> | ||
28 | #include <linux/connector.h> | ||
29 | #include <linux/netlink.h> | ||
30 | #include <linux/if_link.h> | ||
31 | #include <linux/sockios.h> | ||
32 | #include <sys/ioctl.h> | ||
33 | |||
34 | //#include <net/route.h> | ||
35 | //#include <linux/if_bridge.h> | ||
36 | |||
37 | // print IP addresses for all interfaces | ||
38 | static void net_ifprint(void) { | ||
39 | uint32_t ip; | ||
40 | uint32_t mask; | ||
41 | struct ifaddrs *ifaddr, *ifa; | ||
42 | |||
43 | int fd; | ||
44 | if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { | ||
45 | fprintf(stderr, "Error: cannot open AF_INET socket\n"); | ||
46 | exit(1); | ||
47 | } | ||
48 | |||
49 | if (getifaddrs(&ifaddr) == -1) | ||
50 | errExit("getifaddrs"); | ||
51 | |||
52 | // walk through the linked list | ||
53 | printf(" Link status:\n"); | ||
54 | for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) { | ||
55 | if (ifa->ifa_addr == NULL) | ||
56 | continue; | ||
57 | |||
58 | if (ifa->ifa_addr->sa_family == AF_PACKET) { | ||
59 | if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP) { | ||
60 | if (ifa->ifa_data != NULL) { | ||
61 | struct rtnl_link_stats *stats = ifa->ifa_data; | ||
62 | |||
63 | // extract mac address | ||
64 | struct ifreq ifr; | ||
65 | memset(&ifr, 0, sizeof(ifr)); | ||
66 | strncpy(ifr.ifr_name, ifa->ifa_name, IFNAMSIZ - 1); | ||
67 | int rv = ioctl (fd, SIOCGIFHWADDR, &ifr); | ||
68 | |||
69 | if (rv == 0) | ||
70 | printf(" %s UP, %02x:%02x:%02x:%02x:%02x:%02x\n", | ||
71 | ifa->ifa_name, PRINT_MAC((unsigned char *) &ifr.ifr_hwaddr.sa_data)); | ||
72 | else | ||
73 | printf(" %s UP\n", ifa->ifa_name); | ||
74 | |||
75 | printf(" tx/rx: %u/%u packets, %u/%u bytes\n", | ||
76 | stats->tx_packets, stats->rx_packets, | ||
77 | stats->tx_bytes, stats->rx_bytes); | ||
78 | } | ||
79 | } | ||
80 | else | ||
81 | printf(" %s DOWN\n", ifa->ifa_name); | ||
82 | } | ||
83 | } | ||
84 | |||
85 | |||
86 | // walk through the linked list | ||
87 | printf(" IPv4 status:\n"); | ||
88 | for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) { | ||
89 | if (ifa->ifa_addr == NULL) | ||
90 | continue; | ||
91 | |||
92 | if (ifa->ifa_addr->sa_family == AF_INET) { | ||
93 | struct sockaddr_in *si = (struct sockaddr_in *) ifa->ifa_netmask; | ||
94 | mask = ntohl(si->sin_addr.s_addr); | ||
95 | si = (struct sockaddr_in *) ifa->ifa_addr; | ||
96 | ip = ntohl(si->sin_addr.s_addr); | ||
97 | |||
98 | char *status; | ||
99 | if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP) | ||
100 | status = "UP"; | ||
101 | else | ||
102 | status = "DOWN"; | ||
103 | |||
104 | printf(" %s %s, %d.%d.%d.%d/%u\n", | ||
105 | ifa->ifa_name, status, PRINT_IP(ip), mask2bits(mask)); | ||
106 | } | ||
107 | } | ||
108 | |||
109 | |||
110 | // walk through the linked list | ||
111 | printf(" IPv6 status:\n"); | ||
112 | for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) { | ||
113 | if (ifa->ifa_addr == NULL) | ||
114 | continue; | ||
115 | |||
116 | if (ifa->ifa_addr->sa_family == AF_INET6) { | ||
117 | char host[NI_MAXHOST]; | ||
118 | int s = getnameinfo(ifa->ifa_addr, sizeof(struct sockaddr_in6), | ||
119 | host, NI_MAXHOST, NULL, 0, NI_NUMERICHOST); | ||
120 | if (s == 0) { | ||
121 | char *ptr; | ||
122 | if ((ptr = strchr(host, '%')) != NULL) | ||
123 | *ptr = '\0'; | ||
124 | char *status; | ||
125 | if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP) | ||
126 | status = "UP"; | ||
127 | else | ||
128 | status = "DOWN"; | ||
129 | |||
130 | printf(" %s %s, %s\n", ifa->ifa_name, status, host); | ||
131 | } | ||
132 | } | ||
133 | } | ||
134 | |||
135 | freeifaddrs(ifaddr); | ||
136 | close(fd); | ||
137 | } | ||
138 | |||
139 | static void print_sandbox(pid_t pid) { | ||
140 | pid_t child = fork(); | ||
141 | if (child == -1) | ||
142 | return; | ||
143 | |||
144 | if (child == 0) { | ||
145 | int rv = join_namespace(pid, "net"); | ||
146 | if (rv) | ||
147 | return; | ||
148 | net_ifprint(); | ||
149 | |||
150 | __gcov_flush(); | ||
151 | |||
152 | _exit(0); | ||
153 | } | ||
154 | |||
155 | // wait for the child to finish | ||
156 | waitpid(child, NULL, 0); | ||
157 | } | ||
158 | |||
159 | void interface(pid_t pid, int print_procs) { | ||
160 | pid_read(pid); // a pid of 0 will include all processes | ||
161 | |||
162 | // print processes | ||
163 | int i; | ||
164 | for (i = 0; i < max_pids; i++) { | ||
165 | if (pids[i].level == 1) { | ||
166 | if (print_procs || pid == 0) | ||
167 | pid_print_list(i, arg_wrap); | ||
168 | int child = find_child(i); | ||
169 | if (child != -1) { | ||
170 | print_sandbox(child); | ||
171 | } | ||
172 | } | ||
173 | } | ||
174 | printf("\n"); | ||
175 | } | ||
diff --git a/src/fnet/interface.c b/src/fnet/interface.c index ca7c744ed..50e1beaa0 100644 --- a/src/fnet/interface.c +++ b/src/fnet/interface.c | |||
@@ -213,6 +213,23 @@ void net_ifprint(int scan) { | |||
213 | fmessage("%-17.17s%-19.19s%-17.17s%-17.17s%-6.6s\n", | 213 | fmessage("%-17.17s%-19.19s%-17.17s%-17.17s%-6.6s\n", |
214 | ifa->ifa_name, macstr, ipstr, maskstr, status); | 214 | ifa->ifa_name, macstr, ipstr, maskstr, status); |
215 | 215 | ||
216 | // print ipv6 address | ||
217 | if (!scan) { | ||
218 | struct ifaddrs *ptr = ifa->ifa_next; | ||
219 | while (ptr) { | ||
220 | if (ptr->ifa_addr->sa_family == AF_INET6 && strcmp(ifa->ifa_name, ptr->ifa_name) == 0) { | ||
221 | struct sockaddr_in6 *s6 = (struct sockaddr_in6 *)ptr->ifa_addr; | ||
222 | struct in6_addr *in_addr = &s6->sin6_addr; | ||
223 | char buf[64]; | ||
224 | if(inet_ntop(ptr->ifa_addr->sa_family, in_addr, buf, sizeof(buf))) { | ||
225 | fmessage("%-35.35s %s\n", " ", buf); | ||
226 | break; | ||
227 | } | ||
228 | } | ||
229 | ptr = ptr->ifa_next; | ||
230 | } | ||
231 | } | ||
232 | |||
216 | // network scanning | 233 | // network scanning |
217 | if (!scan) // scanning disabled | 234 | if (!scan) // scanning disabled |
218 | continue; | 235 | continue; |
diff --git a/src/man/firemon.txt b/src/man/firemon.txt index 9d0785a4a..fb0cf1175 100644 --- a/src/man/firemon.txt +++ b/src/man/firemon.txt | |||
@@ -30,9 +30,6 @@ Print debug messages | |||
30 | \fB\-?\fR, \fB\-\-help\fR | 30 | \fB\-?\fR, \fB\-\-help\fR |
31 | Print options end exit. | 31 | Print options end exit. |
32 | .TP | 32 | .TP |
33 | \fB\-\-interface | ||
34 | Print network interface information for each sandbox. | ||
35 | .TP | ||
36 | \fB\-\-list | 33 | \fB\-\-list |
37 | List all sandboxes. | 34 | List all sandboxes. |
38 | .TP | 35 | .TP |
diff --git a/test/network/firemon-arp.exp b/test/network/firemon-arp.exp new file mode 100755 index 000000000..87f0ddf4e --- /dev/null +++ b/test/network/firemon-arp.exp | |||
@@ -0,0 +1,28 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --net=br0 --ip=10.10.20.50\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firemon --arp\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "firejail --name=test --net=br0 --ip=10.10.20.50" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | "ARP Table:" | ||
26 | } | ||
27 | after 500 | ||
28 | puts "\nall done\n" | ||
diff --git a/test/network/firemon-route.exp b/test/network/firemon-route.exp new file mode 100755 index 000000000..2ca6f2fca --- /dev/null +++ b/test/network/firemon-route.exp | |||
@@ -0,0 +1,40 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --net=br0 --ip=10.10.20.50\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firemon --route\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "firejail --name=test --net=br0 --ip=10.10.20.50" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | "Route table:" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 4\n";exit} | ||
29 | "0.0.0.0/0 via 10.10.20.1" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 5\n";exit} | ||
33 | "10.10.20.0/24, dev eth0" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 6\n";exit} | ||
37 | "src 10.10.20.50" | ||
38 | } | ||
39 | after 500 | ||
40 | puts "\nall done\n" | ||
diff --git a/test/network/ip6_netfilter.exp b/test/network/ip6_netfilter.exp new file mode 100755 index 000000000..6c478d9e7 --- /dev/null +++ b/test/network/ip6_netfilter.exp | |||
@@ -0,0 +1,31 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # check default netfilter on br0 | ||
11 | send -- "firejail --name=test --net=br0 --netfilter6=ip6_netfilter.profile\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
15 | } | ||
16 | sleep 2 | ||
17 | spawn $env(SHELL) | ||
18 | |||
19 | # check default netfilter no new network | ||
20 | send -- "firejail --netfilter6.print=test\r" | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 1\n";exit} | ||
23 | "DROP" | ||
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "2001:db8:1f0a:3ec::2" | ||
28 | } | ||
29 | |||
30 | after 500 | ||
31 | puts "all done\n" | ||
diff --git a/test/network/ip6_netfilter.profile b/test/network/ip6_netfilter.profile new file mode 100644 index 000000000..cc8f22943 --- /dev/null +++ b/test/network/ip6_netfilter.profile | |||
@@ -0,0 +1,8 @@ | |||
1 | # Generated by ip6tables-save v1.4.14 on Wed Jan 13 10:53:40 2016 | ||
2 | *filter | ||
3 | :INPUT ACCEPT [0:0] | ||
4 | :FORWARD ACCEPT [0:0] | ||
5 | :OUTPUT ACCEPT [0:0] | ||
6 | -A INPUT -s 2001:db8:1f0a:3ec::2/128 -j DROP | ||
7 | COMMIT | ||
8 | # Completed on Wed Jan 13 10:53:40 2016 | ||
diff --git a/test/network/net_bandwidth.exp b/test/network/net_bandwidth.exp new file mode 100755 index 000000000..0ec3b59ef --- /dev/null +++ b/test/network/net_bandwidth.exp | |||
@@ -0,0 +1,51 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --net=br0\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firejail --bandwidth=test set br0 10 20\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "Download speed 80kbps" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | "Upload speed 160kbps" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 4\n";exit} | ||
29 | "configuring tc ingress" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 5\n";exit} | ||
33 | "configuring tc egress" | ||
34 | } | ||
35 | after 500 | ||
36 | |||
37 | send -- "firejail --bandwidth=test status\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 6\n";exit} | ||
40 | "rate 160Kbit burst 10Kb" | ||
41 | } | ||
42 | after 500 | ||
43 | |||
44 | send -- "firejail --bandwidth=test clear br0\r" | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 7\n";exit} | ||
47 | "Removing bandwidth limits" | ||
48 | } | ||
49 | sleep 1 | ||
50 | |||
51 | puts "\nall done\n" | ||
diff --git a/test/network/net_ip.exp b/test/network/net_ip.exp index 251b55362..0cccf93a0 100755 --- a/test/network/net_ip.exp +++ b/test/network/net_ip.exp | |||
@@ -130,4 +130,44 @@ expect { | |||
130 | } | 130 | } |
131 | 131 | ||
132 | after 500 | 132 | after 500 |
133 | |||
134 | send -- "firejail --profile=net_ip.profile ip addr show\r" | ||
135 | expect { | ||
136 | timeout {puts "TESTING ERROR 26\n";exit} | ||
137 | "eth0" | ||
138 | } | ||
139 | expect { | ||
140 | timeout {puts "TESTING ERROR 27\n";exit} | ||
141 | "00:11:22:33:44:55" | ||
142 | } | ||
143 | expect { | ||
144 | timeout {puts "TESTING ERROR 28\n";exit} | ||
145 | "10.10.20.55" | ||
146 | } | ||
147 | expect { | ||
148 | timeout {puts "TESTING ERROR 29\n";exit} | ||
149 | "Default gateway 10.10.20.9" | ||
150 | } | ||
151 | expect { | ||
152 | timeout {puts "TESTING ERROR 30\n";exit} | ||
153 | "00:11:22:33:44:55" | ||
154 | } | ||
155 | expect { | ||
156 | timeout {puts "TESTING ERROR 31\n";exit} | ||
157 | "10.10.20.55" | ||
158 | } | ||
159 | after 500 | ||
160 | |||
161 | send -- "firejail --profile=net_ip.profile ip route show\r" | ||
162 | expect { | ||
163 | timeout {puts "TESTING ERROR 32\n";exit} | ||
164 | "default via 10.10.20.9" | ||
165 | } | ||
166 | expect { | ||
167 | timeout {puts "TESTING ERROR 33\n";exit} | ||
168 | "10.10.20.0/24 dev eth0 proto kernel scope link src 10.10.20.55" | ||
169 | } | ||
170 | after 500 | ||
171 | |||
172 | |||
133 | puts "\nall done\n" | 173 | puts "\nall done\n" |
diff --git a/test/network/net_ip.profile b/test/network/net_ip.profile new file mode 100644 index 000000000..72910d77e --- /dev/null +++ b/test/network/net_ip.profile | |||
@@ -0,0 +1,6 @@ | |||
1 | net br0 | ||
2 | ip 10.10.20.55 | ||
3 | defaultgw 10.10.20.9 | ||
4 | mac 00:11:22:33:44:55 | ||
5 | mtu 1000 | ||
6 | |||
diff --git a/test/network/net_netfilter.exp b/test/network/net_netfilter.exp index 56480251e..ac144e19d 100755 --- a/test/network/net_netfilter.exp +++ b/test/network/net_netfilter.exp | |||
@@ -20,7 +20,27 @@ spawn $env(SHELL) | |||
20 | send -- "firejail --netfilter.print=test\r" | 20 | send -- "firejail --netfilter.print=test\r" |
21 | expect { | 21 | expect { |
22 | timeout {puts "TESTING ERROR 1\n";exit} | 22 | timeout {puts "TESTING ERROR 1\n";exit} |
23 | "ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED" | 23 | "ACCEPT" |
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1\n";exit} | ||
27 | "lo" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 1\n";exit} | ||
31 | "ACCEPT" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 1\n";exit} | ||
35 | "state RELATED,ESTABLISHED" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 1\n";exit} | ||
39 | "ACCEPT" | ||
40 | } | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 1\n";exit} | ||
43 | "icmptype 8" | ||
24 | } | 44 | } |
25 | 45 | ||
26 | after 500 | 46 | after 500 |
diff --git a/test/network/netstats.exp b/test/network/netstats.exp new file mode 100755 index 000000000..0d1bc4c2c --- /dev/null +++ b/test/network/netstats.exp | |||
@@ -0,0 +1,30 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --net=br0\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firejail --netstats\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "statistics only for sandboxes using a new network namespace" | ||
22 | } | ||
23 | sleep 4 | ||
24 | |||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 3\n";exit} | ||
27 | "firejail --name=test --net=br0" | ||
28 | } | ||
29 | after 500 | ||
30 | puts "\nall done\n" | ||
diff --git a/test/network/network.sh b/test/network/network.sh index 877f16156..e029722ba 100755 --- a/test/network/network.sh +++ b/test/network/network.sh | |||
@@ -33,8 +33,23 @@ echo "TESTING: print network (net-print.exp)" | |||
33 | echo "TESTING: print dns (dns-print.exp)" | 33 | echo "TESTING: print dns (dns-print.exp)" |
34 | ./dns-print.exp | 34 | ./dns-print.exp |
35 | 35 | ||
36 | echo "TESTING: bandwidth (net_bandwidth.exp)" | ||
37 | ./net_bandwidth.exp | ||
38 | |||
36 | echo "TESTING: ipv6 (ip6.exp)" | 39 | echo "TESTING: ipv6 (ip6.exp)" |
37 | ./ip6.exp | 40 | ./ip6.exp |
38 | 41 | ||
42 | echo "TESTING: ipv6 netfilter (ip6_netfilter.exp)" | ||
43 | ./ip6_netfilter.exp | ||
44 | |||
45 | echo "TESTING: netstats (netstats.exp)" | ||
46 | ./netstats.exp | ||
47 | |||
48 | echo "TESTING: firemon arp (firemon-arp.exp)" | ||
49 | ./firemon-arp.exp | ||
50 | |||
51 | echo "TESTING: firemon route (firemon-route.exp)" | ||
52 | ./firemon-route.exp | ||
53 | |||
39 | sudo ip link set br0 down | 54 | sudo ip link set br0 down |
40 | sudo brctl delbr br0 | 55 | sudo brctl delbr br0 |