diff options
-rwxr-xr-x | gcov.sh | 142 | ||||
-rw-r--r-- | src/firejail/network.c | 46 | ||||
-rwxr-xr-x | test/network/ip6.exp | 48 | ||||
-rw-r--r-- | test/network/ip6.profile | 3 | ||||
-rwxr-xr-x | test/network/net-print.exp | 34 | ||||
-rwxr-xr-x | test/network/network.sh | 6 |
6 files changed, 153 insertions, 126 deletions
@@ -3,111 +3,47 @@ | |||
3 | # Copyright (C) 2014-2023 Firejail Authors | 3 | # Copyright (C) 2014-2023 Firejail Authors |
4 | # License GPL v2 | 4 | # License GPL v2 |
5 | 5 | ||
6 | gcov_init() { | 6 | # GCOV test setup |
7 | USER="$(whoami)" | 7 | # required: sudo, lcov (apt-get install lcov) |
8 | firejail --help > /dev/null | 8 | # setup: make distclean && ./configure --prefix=/usr --enable-apparmor --enable-gcov && make -j4 && sudo make install |
9 | firemon --help > /dev/null | 9 | # run as regular user: ./gcov.sh |
10 | /usr/lib/firejail/fnet --help > /dev/null | 10 | # result in gcov-dir/index.html |
11 | /usr/lib/firejail/fseccomp --help > /dev/null | ||
12 | /usr/lib/firejail/ftee --help > /dev/null | ||
13 | /usr/lib/firejail/fcopy --help > /dev/null | ||
14 | /usr/lib/firejail/fldd --help > /dev/null | ||
15 | firecfg --help > /dev/null | ||
16 | |||
17 | /usr/lib/firejail/fnetfilter --help > /dev/null | ||
18 | /usr/lib/firejail/fsec-print --help > /dev/null | ||
19 | /usr/lib/firejail/fsec-optimize --help > /dev/null | ||
20 | /usr/lib/firejail/faudit --help > /dev/null | ||
21 | /usr/lib/firejail/fbuilder --help > /dev/null | ||
22 | 11 | ||
12 | gcov_generate() { | ||
13 | USER="$(whoami)" | ||
23 | find . -exec sudo chown "$USER:$USER" '{}' + | 14 | find . -exec sudo chown "$USER:$USER" '{}' + |
24 | } | 15 | lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \ |
25 | 16 | -d src/fnet -d src/fnetfilter --output-file gcov-file | |
26 | generate() { | ||
27 | lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-new | ||
28 | lcov --add-tracefile gcov-file-old --add-tracefile gcov-file-new --output-file gcov-file | ||
29 | rm -fr gcov-dir | ||
30 | genhtml -q gcov-file --output-directory gcov-dir | 17 | genhtml -q gcov-file --output-directory gcov-dir |
31 | find . -name '*.gcda' -exec sudo rm '{}' + | ||
32 | cp gcov-file gcov-file-old | ||
33 | gcov_init | ||
34 | } | 18 | } |
35 | 19 | ||
36 | 20 | rm -fr gcov-dir gcov-file | |
37 | gcov_init | 21 | firejail --version |
38 | lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-old | 22 | gcov_generate |
39 | 23 | ||
40 | #make test-utils | 24 | #make test-firecfg | grep TESTING |
41 | #generate | 25 | #gcov_generate |
42 | #sleep 2 | 26 | #make test-apparmor | grep TESTING |
43 | #exit | 27 | #gcov_generate |
44 | 28 | make test-network | grep TESTING | |
45 | 29 | gcov_generate | |
46 | # running tests | 30 | #make test-appimage | grep TESTING |
47 | make test-root | 31 | #gcov_generate |
48 | generate | 32 | #make test-chroot | grep TESTING |
49 | sleep 2 | 33 | #gcov_generate |
50 | 34 | #make test-sysutils | grep TESTING | |
51 | make test-chroot | 35 | #gcov_generate |
52 | generate | 36 | #make test-private-etc | grep TESTING |
53 | sleep 2 | 37 | #gcov_generate |
54 | 38 | #make test-profiles | grep TESTING | |
55 | make test-network | 39 | #gcov_generate |
56 | generate | 40 | #make test-fcopy | grep TESTING |
57 | sleep 2 | 41 | #gcov_generate |
58 | 42 | make test-fnetfilter | grep TESTING | |
59 | make test-stress | 43 | gcov_generate |
60 | generate | 44 | #make test-fs | grep TESTING |
61 | sleep 2 | 45 | #gcov_generate |
62 | 46 | #make test-utils | grep TESTING | |
63 | make test-ssh | 47 | #gcov_generate |
64 | generate | 48 | #make test-environment | grep TESTING |
65 | sleep 2 | 49 | #gcov_generate |
66 | |||
67 | make test-appimage | ||
68 | generate | ||
69 | sleep 2 | ||
70 | |||
71 | make test-overlay | ||
72 | generate | ||
73 | sleep 2 | ||
74 | |||
75 | make test-fcopy | ||
76 | generate | ||
77 | sleep 2 | ||
78 | |||
79 | make test-profiles | ||
80 | generate | ||
81 | sleep 2 | ||
82 | |||
83 | make test-fs | ||
84 | generate | ||
85 | sleep 2 | ||
86 | |||
87 | make test-utils | ||
88 | generate | ||
89 | sleep 2 | ||
90 | |||
91 | make test-environment | ||
92 | generate | ||
93 | sleep 2 | ||
94 | |||
95 | make test-apps | ||
96 | generate | ||
97 | sleep 2 | ||
98 | |||
99 | make test-apps-x11 | ||
100 | generate | ||
101 | sleep 2 | ||
102 | |||
103 | make test-apps-x11-xorg | ||
104 | generate | ||
105 | sleep 2 | ||
106 | |||
107 | make test-filters | ||
108 | generate | ||
109 | sleep 2 | ||
110 | |||
111 | make test-arguments | ||
112 | generate | ||
113 | sleep 2 | ||
diff --git a/src/firejail/network.c b/src/firejail/network.c index c1adf87cc..19c4b5244 100644 --- a/src/firejail/network.c +++ b/src/firejail/network.c | |||
@@ -89,29 +89,29 @@ int net_get_mtu(const char *ifname) { | |||
89 | return mtu; | 89 | return mtu; |
90 | } | 90 | } |
91 | 91 | ||
92 | void net_set_mtu(const char *ifname, int mtu) { | 92 | //void net_set_mtu(const char *ifname, int mtu) { |
93 | if (strlen(ifname) > IFNAMSIZ) { | 93 | // if (strlen(ifname) > IFNAMSIZ) { |
94 | fprintf(stderr, "Error: invalid network device name %s\n", ifname); | 94 | // fprintf(stderr, "Error: invalid network device name %s\n", ifname); |
95 | exit(1); | 95 | // exit(1); |
96 | } | 96 | // } |
97 | 97 | // | |
98 | if (arg_debug) | 98 | // if (arg_debug) |
99 | printf("set interface %s MTU %d.\n", ifname, mtu); | 99 | // printf("set interface %s MTU %d.\n", ifname, mtu); |
100 | 100 | // | |
101 | int s; | 101 | // int s; |
102 | struct ifreq ifr; | 102 | // struct ifreq ifr; |
103 | 103 | // | |
104 | if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) | 104 | // if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) |
105 | errExit("socket"); | 105 | // errExit("socket"); |
106 | 106 | // | |
107 | memset(&ifr, 0, sizeof(ifr)); | 107 | // memset(&ifr, 0, sizeof(ifr)); |
108 | ifr.ifr_addr.sa_family = AF_INET; | 108 | // ifr.ifr_addr.sa_family = AF_INET; |
109 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); | 109 | // strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); |
110 | ifr.ifr_mtu = mtu; | 110 | // ifr.ifr_mtu = mtu; |
111 | if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) != 0) | 111 | // if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) != 0) |
112 | fwarning("cannot set mtu for interface %s\n", ifname); | 112 | // fwarning("cannot set mtu for interface %s\n", ifname); |
113 | close(s); | 113 | // close(s); |
114 | } | 114 | //} |
115 | 115 | ||
116 | // return -1 if the interface was not found; if the interface was found retrn 0 and fill in IP address and mask | 116 | // return -1 if the interface was not found; if the interface was found retrn 0 and fill in IP address and mask |
117 | int net_get_if_addr(const char *bridge, uint32_t *ip, uint32_t *mask, uint8_t mac[6], int *mtu) { | 117 | int net_get_if_addr(const char *bridge, uint32_t *ip, uint32_t *mask, uint8_t mac[6], int *mtu) { |
diff --git a/test/network/ip6.exp b/test/network/ip6.exp new file mode 100755 index 000000000..e2e83fe0e --- /dev/null +++ b/test/network/ip6.exp | |||
@@ -0,0 +1,48 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2022 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --noprofile --net=br0 --ip6=2001:0db8:0:f101::1/64 ip addr show\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "eth0" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "inet6" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | "2001:db8:0:f101::1/64" | ||
26 | } | ||
27 | sleep 1 | ||
28 | |||
29 | send -- "firejail --profile=ip6.profile ip addr show\r" | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 4\n";exit} | ||
32 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
33 | } | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 5\n";exit} | ||
36 | "eth0" | ||
37 | } | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 6\n";exit} | ||
40 | "inet6" | ||
41 | } | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 7\n";exit} | ||
44 | "2001:db8:0:f101::1/64" | ||
45 | } | ||
46 | after 500 | ||
47 | puts "\nall done\n" | ||
48 | exit | ||
diff --git a/test/network/ip6.profile b/test/network/ip6.profile new file mode 100644 index 000000000..d4611ec41 --- /dev/null +++ b/test/network/ip6.profile | |||
@@ -0,0 +1,3 @@ | |||
1 | net br0 | ||
2 | ip6 2001:0db8:0:f101::1/64 | ||
3 | #netfilter6 ipv6.net | ||
diff --git a/test/network/net-print.exp b/test/network/net-print.exp new file mode 100755 index 000000000..691114cf4 --- /dev/null +++ b/test/network/net-print.exp | |||
@@ -0,0 +1,34 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --net=br0 --ip=10.10.20.9\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firejail --net.print=test\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "lo" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 2\n";exit} | ||
25 | "eth0" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3\n";exit} | ||
29 | "10.10.20.9" | ||
30 | } | ||
31 | |||
32 | after 500 | ||
33 | |||
34 | puts "\nall done\n" | ||
diff --git a/test/network/network.sh b/test/network/network.sh index 319927493..877f16156 100755 --- a/test/network/network.sh +++ b/test/network/network.sh | |||
@@ -27,8 +27,14 @@ echo "TESTING: network scan (net_scan.exp)" | |||
27 | echo "TESTING: netfilter (net_netfilter.exp)" | 27 | echo "TESTING: netfilter (net_netfilter.exp)" |
28 | ./net_netfilter.exp | 28 | ./net_netfilter.exp |
29 | 29 | ||
30 | echo "TESTING: print network (net-print.exp)" | ||
31 | ./net-print.exp | ||
32 | |||
30 | echo "TESTING: print dns (dns-print.exp)" | 33 | echo "TESTING: print dns (dns-print.exp)" |
31 | ./dns-print.exp | 34 | ./dns-print.exp |
32 | 35 | ||
36 | echo "TESTING: ipv6 (ip6.exp)" | ||
37 | ./ip6.exp | ||
38 | |||
33 | sudo ip link set br0 down | 39 | sudo ip link set br0 down |
34 | sudo brctl delbr br0 | 40 | sudo brctl delbr br0 |