aboutsummaryrefslogtreecommitdiffstats
path: root/test/network
diff options
context:
space:
mode:
Diffstat (limited to 'test/network')
-rwxr-xr-xtest/network/4bridges_arp.exp174
-rwxr-xr-xtest/network/4bridges_ip.exp178
-rw-r--r--test/network/README14
-rwxr-xr-xtest/network/bandwidth.exp65
-rwxr-xr-xtest/network/configure27
-rwxr-xr-xtest/network/firemon-arp.exp50
-rwxr-xr-xtest/network/firemon-interfaces.exp67
-rwxr-xr-xtest/network/firemon-route.exp49
-rwxr-xr-xtest/network/hostname.exp29
-rwxr-xr-xtest/network/interface.exp66
-rwxr-xr-xtest/network/ip6.exp49
-rw-r--r--test/network/ipv6.net8
-rw-r--r--test/network/net-profile.profile10
-rwxr-xr-xtest/network/net_arp.exp74
-rwxr-xr-xtest/network/net_badip.exp19
-rwxr-xr-xtest/network/net_defaultgw.exp50
-rwxr-xr-xtest/network/net_defaultgw2.exp44
-rwxr-xr-xtest/network/net_defaultgw3.exp21
-rwxr-xr-xtest/network/net_ip.exp76
-rwxr-xr-xtest/network/net_local.exp50
-rwxr-xr-xtest/network/net_mac.exp40
-rwxr-xr-xtest/network/net_macvlan.exp93
-rwxr-xr-xtest/network/net_mtu.exp35
-rwxr-xr-xtest/network/net_netfilter.exp91
-rwxr-xr-xtest/network/net_noip.exp45
-rwxr-xr-xtest/network/net_noip2.exp45
-rwxr-xr-xtest/network/net_none.exp72
-rw-r--r--test/network/net_none.profile1
-rwxr-xr-xtest/network/net_profile.exp77
-rwxr-xr-xtest/network/net_scan.exp75
-rwxr-xr-xtest/network/net_veth.exp130
-rw-r--r--test/network/netfilter.filter6
-rw-r--r--test/network/netfilter.profile1
-rwxr-xr-xtest/network/netstats.exp39
-rwxr-xr-xtest/network/network.sh85
35 files changed, 1955 insertions, 0 deletions
diff --git a/test/network/4bridges_arp.exp b/test/network/4bridges_arp.exp
new file mode 100755
index 000000000..6383aad5e
--- /dev/null
+++ b/test/network/4bridges_arp.exp
@@ -0,0 +1,174 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# check eth0
11send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r"
12expect {
13 timeout {puts "TESTING ERROR 0.0\n";exit}
14 "eth0"
15}
16expect {
17 timeout {puts "TESTING ERROR 0.1\n";exit}
18 "10.10.20"
19}
20expect {
21 timeout {puts "TESTING ERROR 0.2\n";exit}
22 "255.255.255.248"
23}
24expect {
25 timeout {puts "TESTING ERROR 0.3\n";exit}
26 "UP"
27}
28expect {
29 timeout {puts "TESTING ERROR 0.4\n";exit}
30 "Child process initialized"
31}
32sleep 1
33send -- "exit\r"
34sleep 1
35
36# check eth1
37send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r"
38expect {
39 timeout {puts "TESTING ERROR 1.0\n";exit}
40 "eth1"
41}
42expect {
43 timeout {puts "TESTING ERROR 1.1\n";exit}
44 "10.10.30"
45}
46expect {
47 timeout {puts "TESTING ERROR 1.2\n";exit}
48 "255.255.255.0"
49}
50expect {
51 timeout {puts "TESTING ERROR 1.3\n";exit}
52 "UP"
53}
54expect {
55 timeout {puts "TESTING ERROR 1.4\n";exit}
56 "Child process initialized"
57}
58sleep 1
59send -- "exit\r"
60sleep 1
61
62
63# check eth2
64send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r"
65expect {
66 timeout {puts "TESTING ERROR 2.0\n";exit}
67 "eth2"
68}
69expect {
70 timeout {puts "TESTING ERROR 2.1\n";exit}
71 "10.10.40"
72}
73expect {
74 timeout {puts "TESTING ERROR 2.2\n";exit}
75 "255.255.255.0"
76}
77expect {
78 timeout {puts "TESTING ERROR 2.3\n";exit}
79 "UP"
80}
81expect {
82 timeout {puts "TESTING ERROR 2.4\n";exit}
83 "Child process initialized"
84}
85sleep 1
86send -- "exit\r"
87sleep 1
88
89
90
91# check eth3
92send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r"
93expect {
94 timeout {puts "TESTING ERROR 3.0\n";exit}
95 "eth3"
96}
97expect {
98 timeout {puts "TESTING ERROR 3.1\n";exit}
99 "10.10.50"
100}
101expect {
102 timeout {puts "TESTING ERROR 3.2\n";exit}
103 "255.255.255.0"
104}
105expect {
106 timeout {puts "TESTING ERROR 3.3\n";exit}
107 "UP"
108}
109expect {
110 timeout {puts "TESTING ERROR 4\n";exit}
111 "Child process initialized"
112}
113sleep 1
114send -- "exit\r"
115sleep 1
116
117
118
119
120# check loopback
121send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3 --protocol=unix,inet,netlink\r"
122expect {
123 timeout {puts "TESTING ERROR 5\n";exit}
124 "lo"
125}
126expect {
127 timeout {puts "TESTING ERROR 6\n";exit}
128 "127.0.0.1"
129}
130expect {
131 timeout {puts "TESTING ERROR 7\n";exit}
132 "255.0.0.0"
133}
134expect {
135 timeout {puts "TESTING ERROR 8\n";exit}
136 "UP"
137}
138expect {
139 timeout {puts "TESTING ERROR 9\n";exit}
140 "Child process initialized"
141}
142sleep 1
143
144# check default gateway
145send -- "ip route show\r"
146expect {
147 timeout {puts "TESTING ERROR 10.1\n";exit}
148 "default via 10.10.20.1 dev eth0"
149}
150send -- "ip route show\r"
151expect {
152 timeout {puts "TESTING ERROR 10.2\n";exit}
153 "10.10.20.0/29 dev eth0 proto kernel scope link"
154}
155send -- "ip route show\r"
156expect {
157 timeout {puts "TESTING ERROR 10.2\n";exit}
158 "10.10.30.0/24 dev eth1 proto kernel scope link"
159}
160send -- "ip route show\r"
161expect {
162 timeout {puts "TESTING ERROR 10.2\n";exit}
163 "10.10.40.0/24 dev eth2 proto kernel scope link"
164}
165send -- "ip route show\r"
166expect {
167 timeout {puts "TESTING ERROR 10.2\n";exit}
168 "10.10.50.0/24 dev eth3 proto kernel scope link"
169}
170send -- "exit\r"
171after 100
172
173puts "\nall done\n"
174
diff --git a/test/network/4bridges_ip.exp b/test/network/4bridges_ip.exp
new file mode 100755
index 000000000..e762ac285
--- /dev/null
+++ b/test/network/4bridges_ip.exp
@@ -0,0 +1,178 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# check eth0
11send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r"
12expect {
13 timeout {puts "TESTING ERROR 0.0\n";exit}
14 "eth0"
15}
16expect {
17 timeout {puts "TESTING ERROR 0.1\n";exit}
18 "10.10.20"
19}
20expect {
21 timeout {puts "TESTING ERROR 0.2\n";exit}
22 "255.255.255.248"
23}
24expect {
25 timeout {puts "TESTING ERROR 0.3\n";exit}
26 "UP"
27}
28expect {
29 timeout {puts "TESTING ERROR 0.4\n";exit}
30 "Child process initialized"
31}
32sleep 1
33send -- "exit\r"
34sleep 1
35
36# check eth1
37send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r"
38expect {
39 timeout {puts "TESTING ERROR 1.0\n";exit}
40 "eth1"
41}
42expect {
43 timeout {puts "TESTING ERROR 1.1\n";exit}
44 "10.10.30.50"
45}
46expect {
47 timeout {puts "TESTING ERROR 1.2\n";exit}
48 "255.255.255.0"
49}
50expect {
51 timeout {puts "TESTING ERROR 1.3\n";exit}
52 "UP"
53}
54expect {
55 timeout {puts "TESTING ERROR 1.4\n";exit}
56 "Child process initialized"
57}
58sleep 1
59send -- "exit\r"
60sleep 1
61
62
63# check eth2
64send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r"
65expect {
66 timeout {puts "TESTING ERROR 2.0\n";exit}
67 "eth2"
68}
69expect {
70 timeout {puts "TESTING ERROR 2.1\n";exit}
71 "10.10.40.100"
72}
73expect {
74 timeout {puts "TESTING ERROR 2.2\n";exit}
75 "255.255.255.0"
76}
77expect {
78 timeout {puts "TESTING ERROR 2.3\n";exit}
79 "UP"
80}
81expect {
82 timeout {puts "TESTING ERROR 2.4\n";exit}
83 "Child process initialized"
84}
85sleep 1
86send -- "exit\r"
87sleep 1
88
89
90
91# check eth3
92send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r"
93expect {
94 timeout {puts "TESTING ERROR 3.0\n";exit}
95 "eth3"
96}
97expect {
98 timeout {puts "TESTING ERROR 3.1\n";exit}
99 "10.10.50"
100}
101expect {
102 timeout {puts "TESTING ERROR 3.2\n";exit}
103 "255.255.255.0"
104}
105expect {
106 timeout {puts "TESTING ERROR 3.3\n";exit}
107 "UP"
108}
109expect {
110 timeout {puts "TESTING ERROR 4\n";exit}
111 "Child process initialized"
112}
113sleep 1
114send -- "exit\r"
115sleep 1
116
117
118
119
120# check loopback
121send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3 --protocol=unix,inet,netlink\r"
122expect {
123 timeout {puts "TESTING ERROR 5\n";exit}
124 "lo"
125}
126expect {
127 timeout {puts "TESTING ERROR 6\n";exit}
128 "127.0.0.1"
129}
130expect {
131 timeout {puts "TESTING ERROR 7\n";exit}
132 "255.0.0.0"
133}
134expect {
135 timeout {puts "TESTING ERROR 8\n";exit}
136 "UP"
137}
138expect {
139 timeout {puts "TESTING ERROR 9\n";exit}
140 "Child process initialized"
141}
142
143# check default gateway
144send -- "ip route show\r"
145expect {
146 timeout {puts "TESTING ERROR 10.1\n";exit}
147 "default via 10.10.20.1 dev eth0"
148}
149
150send -- "ip route show\r"
151expect {
152 timeout {puts "TESTING ERROR 10.2\n";exit}
153 "10.10.20.0/29 dev eth0 proto kernel scope link"
154}
155
156send -- "ip route show\r"
157expect {
158 timeout {puts "TESTING ERROR 10.3\n";exit}
159 "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50"
160}
161
162send -- "ip route show\r"
163expect {
164 timeout {puts "TESTING ERROR 10.4\n";exit}
165 "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100"
166}
167
168send -- "ip route show\r"
169expect {
170 timeout {puts "TESTING ERROR 10.5\n";exit}
171 "10.10.50.0/24 dev eth3 proto kernel scope link"
172}
173
174send -- "exit\r"
175after 100
176
177puts "\nall done\n"
178
diff --git a/test/network/README b/test/network/README
new file mode 100644
index 000000000..4404c53b0
--- /dev/null
+++ b/test/network/README
@@ -0,0 +1,14 @@
1Warning: this test requires root access to configure a number of bridge, mac
2and vlan devices. Please take a look at configure file. By the time you are
3finished testing, you'll probably have to reboot the computer to get your
4networking subsytem back to normal.
5
6Limitations - to be investigated and fixed:
7 - the test is assuming an eth0 wired interface to be present
8 - using netstat and ifconfig - this needs to be moved to iproute2
9 - configure script inserts an entry in system netfilter configuration
10 - the test will probably not work on grsecurity settings
11 - macvlan interfaces don't seem to work correctly under VirtualBox
12
13Run the test:
14 $ ./network.sh | grep TESTING
diff --git a/test/network/bandwidth.exp b/test/network/bandwidth.exp
new file mode 100755
index 000000000..8a2e46e04
--- /dev/null
+++ b/test/network/bandwidth.exp
@@ -0,0 +1,65 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --name=test --net=br0\r"
11expect {
12 timeout {puts "TESTING ERROR 0\n";exit}
13 "Child process initialized"
14}
15sleep 1
16
17spawn $env(SHELL)
18send -- "firejail --bandwidth=test status\r"
19expect {
20 timeout {puts "TESTING ERROR 1\n";exit}
21 "qdisc * 0: dev eth0"
22}
23sleep 1
24
25send -- "firejail --bandwidth=test set br0 50 10\r"
26expect {
27 timeout {puts "TESTING ERROR 2\n";exit}
28 "Configuring interface eth0"
29}
30expect {
31 timeout {puts "TESTING ERROR 3\n";exit}
32 "configuring tc ingress"
33}
34expect {
35 timeout {puts "TESTING ERROR 4\n";exit}
36 "configuring tc egress"
37}
38
39send -- "firejail --bandwidth=test status\r"
40expect {
41 timeout {puts "TESTING ERROR 5\n";exit}
42 "dev eth0"
43}
44expect {
45 timeout {puts "TESTING ERROR 6\n";exit}
46 "rate 80Kbit burst 10Kb"
47}
48sleep 1
49
50send -- "firejail --bandwidth=test clear br0\r"
51expect {
52 timeout {puts "TESTING ERROR 7\n";exit}
53 "Removing bandwith limits"
54}
55sleep 1
56
57send -- "firejail --bandwidth=test status; echo done\r"
58expect {
59 timeout {puts "TESTING ERROR 8\n";exit}
60 "rate 80Kbit burst 10Kb" {puts "TESTING ERROR 9\n";exit}
61 "done"
62}
63after 100
64
65puts "\nall done\n"
diff --git a/test/network/configure b/test/network/configure
new file mode 100755
index 000000000..35d938340
--- /dev/null
+++ b/test/network/configure
@@ -0,0 +1,27 @@
1#!/bin/bash
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6brctl addbr br0
7ifconfig br0 10.10.20.1/29 up
8# NAT masquerade
9iptables -t nat -A POSTROUTING -o eth0 -s 10.10.20.0/29 -j MASQUERADE
10# port forwarding
11# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.10.20.2:80
12
13brctl addbr br1
14ifconfig br1 10.10.30.1/24 up
15brctl addbr br2
16ifconfig br2 10.10.40.1/24 up
17brctl addbr br3
18ifconfig br3 10.10.50.1/24 up
19brctl addbr br4
20ifconfig br4 10.10.60.1/24 up
21ip link add link eth0 name eth0.5 type vlan id 5
22/sbin/ifconfig eth0.5 10.10.205.10/24 up
23ip link add link eth0 name eth0.6 type vlan id 6
24/sbin/ifconfig eth0.6 10.10.206.10/24 up
25ip link add link eth0 name eth0.7 type vlan id 7
26/sbin/ifconfig eth0.7 10.10.207.10/24 up
27
diff --git a/test/network/firemon-arp.exp b/test/network/firemon-arp.exp
new file mode 100755
index 000000000..71fa1660f
--- /dev/null
+++ b/test/network/firemon-arp.exp
@@ -0,0 +1,50 @@
1#!/usr/bin/expect -f
2
3set timeout 10
4spawn $env(SHELL)
5match_max 100000
6
7#send -- "ping -c 3 192.168.1.1\r"
8#expect {
9# timeout {puts "TESTING ERROR 0\n";exit}
10# "3 packets transmitted"
11#}
12#sleep 1
13
14send -- "firejail --name=test1\r"
15expect {
16 timeout {puts "TESTING ERROR 1\n";exit}
17 "Child process initialized"
18}
19sleep 1
20
21spawn $env(SHELL)
22send -- "firejail --name=test2\r"
23expect {
24 timeout {puts "TESTING ERROR 2\n";exit}
25 "Child process initialized"
26}
27sleep 1
28
29spawn $env(SHELL)
30send -- "firemon --arp\r"
31expect {
32 timeout {puts "TESTING ERROR 3\n";exit}
33 "name=test1"
34}
35expect {
36 timeout {puts "TESTING ERROR 4\n";exit}
37 "192.168.1.1 dev eth0 lladdr" {puts "Debian testing\n";}
38 "192.168.1.1 dev enp0s3 lladdr" {puts "Centos 7 testing\n";}
39}
40expect {
41 timeout {puts "TESTING ERROR 5\n";exit}
42 "REACHABLE"
43}
44expect {
45 timeout {puts "TESTING ERROR 6\n";exit}
46 "name=test2"
47}
48after 100
49
50puts "\nall done\n"
diff --git a/test/network/firemon-interfaces.exp b/test/network/firemon-interfaces.exp
new file mode 100755
index 000000000..deb8594af
--- /dev/null
+++ b/test/network/firemon-interfaces.exp
@@ -0,0 +1,67 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --net=eth0 --name=test1\r"
11expect {
12 timeout {puts "TESTING ERROR 9\n";exit}
13 "Child process initialized"
14}
15sleep 1
16
17spawn $env(SHELL)
18send -- "firejail --net=eth0 --name=test2\r"
19expect {
20 timeout {puts "TESTING ERROR 9\n";exit}
21 "Child process initialized"
22}
23sleep 1
24
25spawn $env(SHELL)
26send -- "firemon --interface\r"
27expect {
28 timeout {puts "TESTING ERROR 9\n";exit}
29 "Link status"
30}
31expect {
32 timeout {puts "TESTING ERROR 9\n";exit}
33 "lo UP"
34}
35expect {
36 timeout {puts "TESTING ERROR 9\n";exit}
37 "eth0-"
38}
39expect {
40 timeout {puts "TESTING ERROR 9\n";exit}
41 "IPv4 status"
42}
43expect {
44 timeout {puts "TESTING ERROR 9\n";exit}
45 "lo UP"
46}
47expect {
48 timeout {puts "TESTING ERROR 9\n";exit}
49 "eth0-"
50}
51expect {
52 timeout {puts "TESTING ERROR 9\n";exit}
53 "IPv6 status"
54}
55expect {
56 timeout {puts "TESTING ERROR 9\n";exit}
57 "lo UP"
58}
59expect {
60 timeout {puts "TESTING ERROR 9\n";exit}
61 "eth0-"
62}
63
64after 100
65
66puts "\n"
67
diff --git a/test/network/firemon-route.exp b/test/network/firemon-route.exp
new file mode 100755
index 000000000..19a705778
--- /dev/null
+++ b/test/network/firemon-route.exp
@@ -0,0 +1,49 @@
1#!/usr/bin/expect -f
2
3set timeout 10
4spawn $env(SHELL)
5match_max 100000
6
7send -- "firejail --name=test1\r"
8expect {
9 timeout {puts "TESTING ERROR 0\n";exit}
10 "Child process initialized"
11}
12sleep 1
13
14spawn $env(SHELL)
15send -- "firejail --name=test2\r"
16expect {
17 timeout {puts "TESTING ERROR 1\n";exit}
18 "Child process initialized"
19}
20sleep 1
21
22spawn $env(SHELL)
23send -- "firemon --route\r"
24expect {
25 timeout {puts "TESTING ERROR 2\n";exit}
26 "name=test1"
27}
28expect {
29 timeout {puts "TESTING ERROR 3\n";exit}
30 "0.0.0.0/0 via 192.168.1.1, dev eth0, metric 0" {puts "Debian testing\n";}
31 "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 1024" {puts "Centos 7 testing\n";}
32 "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 0" {puts "OpenSUSE testing\n";}
33 "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 100" {puts "Arch testing\n";}
34}
35expect {
36 timeout {puts "TESTING ERROR 4\n";exit}
37 "10.10.30.0/24, dev br1, scope link src 10.10.30.1"
38}
39expect {
40 timeout {puts "TESTING ERROR 5\n";exit}
41 "10.10.50.0/24, dev br3, scope link src 10.10.50.1"
42}
43expect {
44 timeout {puts "TESTING ERROR 6\n";exit}
45 "name=test2"
46}
47after 100
48
49puts "\nalldone\n"
diff --git a/test/network/hostname.exp b/test/network/hostname.exp
new file mode 100755
index 000000000..73d06725f
--- /dev/null
+++ b/test/network/hostname.exp
@@ -0,0 +1,29 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --hostname=bingo --noprofile\r"
11expect {
12 timeout {puts "TESTING ERROR 1\n";exit}
13 "Child process initialized"
14}
15sleep 1
16
17send -- "ping -c 3 bingo; echo done\r"
18expect {
19 timeout {puts "TESTING ERROR 2\n";exit}
20 "3 packets transmitted, 3 received"
21}
22expect {
23 timeout {puts "TESTING ERROR 3\n";exit}
24 "done"
25}
26send -- "exit\r"
27after 100
28
29puts "all done\n"
diff --git a/test/network/interface.exp b/test/network/interface.exp
new file mode 100755
index 000000000..bd8777c33
--- /dev/null
+++ b/test/network/interface.exp
@@ -0,0 +1,66 @@
1#!/usr/bin/expect -f
2#
3# interface
4#
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9set overlay [lindex $argv 0]
10set chroot [lindex $argv 1]
11
12#
13# N
14#
15# todo: seems to be unable to find interface eth0.7
16#send -- "firejail --noprofile --interface=eth0.5 --interface=eth0.6 --interface=eth0.7\r"
17send -- "firejail --noprofile --interface=eth0.5 --interface=eth0.6\r"
18expect {
19 timeout {puts "TESTING ERROR 0\n";exit}
20 "Child process initialized"
21}
22sleep 1
23
24send -- "/sbin/ifconfig\r"
25expect {
26 timeout {puts "TESTING ERROR 1\n";exit}
27 "eth0.5"
28}
29expect {
30 timeout {puts "TESTING ERROR 2n";exit}
31 "Link"
32}
33expect {
34 timeout {puts "TESTING ERROR 3\n";exit}
35 "10.10.205.10"
36}
37expect {
38 timeout {puts "TESTING ERROR 4\n";exit}
39 "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1"
40}
41after 100
42
43send -- "/sbin/ifconfig\r"
44expect {
45 timeout {puts "TESTING ERROR 5\n";exit}
46 "eth0.6"
47}
48expect {
49 timeout {puts "TESTING ERROR 6\n";exit}
50 "Link"
51}
52expect {
53 timeout {puts "TESTING ERROR 7\n";exit}
54 "10.10.206.10"
55}
56expect {
57 timeout {puts "TESTING ERROR 8\n";exit}
58 "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1"
59}
60after 100
61
62send -- "exit\r"
63sleep 1
64
65
66puts "\nall done\n"
diff --git a/test/network/ip6.exp b/test/network/ip6.exp
new file mode 100755
index 000000000..f0fcebcf8
--- /dev/null
+++ b/test/network/ip6.exp
@@ -0,0 +1,49 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --debug --noprofile --net=br0 --ip6=2001:0db8:0:f101::1/64 --netfilter6=ipv6.net\r"
11expect {
12 timeout {puts "TESTING ERROR 0\n";exit}
13 "Installing network filter"
14}
15expect {
16 timeout {puts "TESTING ERROR 1\n";exit}
17 "DROP"
18}
19expect {
20 timeout {puts "TESTING ERROR 2\n";exit}
21 "unable to initialize table 'filter'" {puts "\nTESTING SKIP 2: no IPv6 support\n"; exit}
22 "2001:db8:1f0a:3ec::2"
23}
24expect {
25 timeout {puts "TESTING ERROR 3\n";exit}
26 "Child process initialized"
27}
28sleep 2
29
30send -- "/sbin/ifconfig\r"
31expect {
32 timeout {puts "TESTING ERROR 4\n";exit}
33 "inet6"
34}
35expect {
36 timeout {puts "TESTING ERROR 5\n";exit}
37 "2001:db8:0:f101::1"
38}
39expect {
40 timeout {puts "TESTING ERROR 6\n";exit}
41 "Scope:Global" { puts "Debian\n"}
42 "scopeid 0x0<global>" { puts "Arch\n"}
43}
44
45send -- "exit\r"
46after 100
47
48puts "\nall done\n"
49
diff --git a/test/network/ipv6.net b/test/network/ipv6.net
new file mode 100644
index 000000000..cc8f22943
--- /dev/null
+++ b/test/network/ipv6.net
@@ -0,0 +1,8 @@
1# Generated by ip6tables-save v1.4.14 on Wed Jan 13 10:53:40 2016
2*filter
3:INPUT ACCEPT [0:0]
4:FORWARD ACCEPT [0:0]
5:OUTPUT ACCEPT [0:0]
6-A INPUT -s 2001:db8:1f0a:3ec::2/128 -j DROP
7COMMIT
8# Completed on Wed Jan 13 10:53:40 2016
diff --git a/test/network/net-profile.profile b/test/network/net-profile.profile
new file mode 100644
index 000000000..05052b6dc
--- /dev/null
+++ b/test/network/net-profile.profile
@@ -0,0 +1,10 @@
1net br0
2mac 00:11:22:33:44:55
3mtu 1000
4net br1
5ip 10.10.30.50
6net br2
7ip 10.10.40.100
8net br3
9defaultgw 10.10.20.2
10
diff --git a/test/network/net_arp.exp b/test/network/net_arp.exp
new file mode 100755
index 000000000..fdd30f218
--- /dev/null
+++ b/test/network/net_arp.exp
@@ -0,0 +1,74 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --net=br0 sleep 20 &\r"
11expect {
12 timeout {puts "TESTING ERROR 0\n";exit}
13 "Child process initialized"
14}
15send -- "firejail --net=br0 sleep 20 &\r"
16expect {
17 timeout {puts "TESTING ERROR 1\n";exit}
18 "Child process initialized"
19}
20send -- "firejail --net=br0 sleep 20 &\r"
21expect {
22 timeout {puts "TESTING ERROR 2\n";exit}
23 "Child process initialized"
24}
25send -- "firejail --net=br0 sleep 20 &\r"
26expect {
27 timeout {puts "TESTING ERROR 3\n";exit}
28 "Child process initialized"
29}
30send -- "firejail --net=br0 sleep 20 &\r"
31expect {
32 timeout {puts "TESTING ERROR 4\n";exit}
33 "Child process initialized"
34}
35
36# will fail
37send -- "firejail --net=br0 sleep 20 &\r"
38expect {
39 timeout {puts "TESTING ERROR 5n";exit}
40 "cannot assign an IP address"
41}
42
43send -- "firejail --net=br0 sleep 20 &\r"
44expect {
45 timeout {puts "TESTING ERROR 6\n";exit}
46 "cannot assign an IP address"
47}
48
49# check firejail --list
50send -- "firejail --list\r"
51expect {
52 timeout {puts "TESTING ERROR 7.1\n";exit}
53 "sleep 20"
54}
55expect {
56 timeout {puts "TESTING ERROR 7.2\n";exit}
57 "sleep 20"
58}
59expect {
60 timeout {puts "TESTING ERROR 7.3\n";exit}
61 "sleep 20"
62}
63expect {
64 timeout {puts "TESTING ERROR 7.4\n";exit}
65 "sleep 20"
66}
67expect {
68 timeout {puts "TESTING ERROR 7.5\n";exit}
69 "sleep 20"
70}
71
72# wait for sandboxes to be shutdown
73sleep 30
74puts "\n"
diff --git a/test/network/net_badip.exp b/test/network/net_badip.exp
new file mode 100755
index 000000000..d13a6144e
--- /dev/null
+++ b/test/network/net_badip.exp
@@ -0,0 +1,19 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# check eth0
11send -- "firejail --net=br0 --net=br1 --ip=10.100.10.47\r"
12expect {
13 timeout {puts "TESTING ERROR 0.0\n";exit}
14 "the IP address is not"
15}
16after 100
17
18puts "\n"
19
diff --git a/test/network/net_defaultgw.exp b/test/network/net_defaultgw.exp
new file mode 100755
index 000000000..6291ae5ba
--- /dev/null
+++ b/test/network/net_defaultgw.exp
@@ -0,0 +1,50 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# check ip address
11send -- "firejail --net=br0 --ip=10.10.20.5 --defaultgw=10.10.20.2 --protocol=unix,inet,netlink\r"
12expect {
13 timeout {puts "TESTING ERROR 0\n";exit}
14 "eth0"
15}
16expect {
17 timeout {puts "TESTING ERROR 1\n";exit}
18 "10.10.20.5"
19}
20expect {
21 timeout {puts "TESTING ERROR 2\n";exit}
22 "255.255.255.248"
23}
24expect {
25 timeout {puts "TESTING ERROR 3\n";exit}
26 "UP"
27}
28expect {
29 timeout {puts "TESTING ERROR 4\n";exit}
30 "Child process initialized"
31}
32sleep 1
33
34# check default gateway
35send -- "ip route show\r"
36expect {
37 timeout {puts "TESTING ERROR 10.1\n";exit}
38 "default via 10.10.20.2 dev eth0"
39}
40
41send -- "ip route show\r"
42expect {
43 timeout {puts "TESTING ERROR 10.2\n";exit}
44 "10.10.20.0/29 dev eth0 proto kernel scope link"
45}
46send -- "exit\r"
47after 100
48
49puts "\nall done\n"
50
diff --git a/test/network/net_defaultgw2.exp b/test/network/net_defaultgw2.exp
new file mode 100755
index 000000000..7620e4899
--- /dev/null
+++ b/test/network/net_defaultgw2.exp
@@ -0,0 +1,44 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# check ip address
11send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.30.89 --protocol=unix,inet,netlink\r"
12expect {
13 timeout {puts "TESTING ERROR 0\n";exit}
14 "eth1"
15}
16expect {
17 timeout {puts "TESTING ERROR 4\n";exit}
18 "Child process initialized"
19}
20sleep 1
21
22# check default gateway
23send -- "ip route show\r"
24expect {
25 timeout {puts "TESTING ERROR 10.1\n";exit}
26 "default via 10.10.30.89 dev eth1"
27}
28
29send -- "ip route show\r"
30expect {
31 timeout {puts "TESTING ERROR 10.2\n";exit}
32 "10.10.20.0/29 dev eth0 proto kernel scope link"
33}
34
35send -- "ip route show\r"
36expect {
37 timeout {puts "TESTING ERROR 10.3\n";exit}
38 "10.10.30.0/24 dev eth1 proto kernel scope link"
39}
40send -- "exit\r"
41after 100
42
43puts "\nall done\n"
44
diff --git a/test/network/net_defaultgw3.exp b/test/network/net_defaultgw3.exp
new file mode 100755
index 000000000..a47324adc
--- /dev/null
+++ b/test/network/net_defaultgw3.exp
@@ -0,0 +1,21 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# check ip address
11send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.95.89\r"
12expect {
13 timeout {puts "TESTING ERROR 0\n";exit}
14 "default gateway 10.10.95.89 is not in the range of any network"
15}
16
17after 100
18
19
20puts "\n"
21
diff --git a/test/network/net_ip.exp b/test/network/net_ip.exp
new file mode 100755
index 000000000..0fa84243a
--- /dev/null
+++ b/test/network/net_ip.exp
@@ -0,0 +1,76 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# check ip address
11send -- "firejail --net=br0 --ip=10.10.20.5\r"
12expect {
13 timeout {puts "TESTING ERROR 0\n";exit}
14 "eth0"
15}
16expect {
17 timeout {puts "TESTING ERROR 1\n";exit}
18 "10.10.20.5"
19}
20expect {
21 timeout {puts "TESTING ERROR 2\n";exit}
22 "255.255.255.248"
23}
24expect {
25 timeout {puts "TESTING ERROR 3\n";exit}
26 "UP"
27}
28expect {
29 timeout {puts "TESTING ERROR 4\n";exit}
30 "Child process initialized"
31}
32sleep 1
33send -- "exit\r"
34sleep 1
35
36# check loopback
37send -- "firejail --net=br0 --ip=10.10.20.5 --protocol=unix,inet,netlink\r"
38expect {
39 timeout {puts "TESTING ERROR 5\n";exit}
40 "lo"
41}
42expect {
43 timeout {puts "TESTING ERROR 6\n";exit}
44 "127.0.0.1"
45}
46expect {
47 timeout {puts "TESTING ERROR 7\n";exit}
48 "255.0.0.0"
49}
50expect {
51 timeout {puts "TESTING ERROR 8\n";exit}
52 "UP"
53}
54expect {
55 timeout {puts "TESTING ERROR 9\n";exit}
56 "Child process initialized"
57}
58sleep 1
59
60# check default gateway
61send -- "ip route show\r"
62expect {
63 timeout {puts "TESTING ERROR 10.1\n";exit}
64 "default via 10.10.20.1 dev eth0"
65}
66
67send -- "ip route show\r"
68expect {
69 timeout {puts "TESTING ERROR 10\n";exit}
70 "10.10.20.0/29 dev eth0 proto kernel scope link"
71}
72send -- "exit\r"
73after 100
74
75puts "\n"
76
diff --git a/test/network/net_local.exp b/test/network/net_local.exp
new file mode 100755
index 000000000..d58135785
--- /dev/null
+++ b/test/network/net_local.exp
@@ -0,0 +1,50 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# check ip address
11send -- "firejail --noprofile --debug\r"
12expect {
13 timeout {puts "TESTING ERROR 0\n";exit}
14 "Using the local network stack"
15}
16expect {
17 timeout {puts "TESTING ERROR 4\n";exit}
18 "Child process initialized"
19}
20sleep 1
21send -- "exit\r"
22sleep 1
23
24# check loopback
25send -- "firejail --noprofile\r"
26expect {
27 timeout {puts "TESTING ERROR 9\n";exit}
28 "Child process initialized"
29}
30sleep 1
31
32
33send -- "/sbin/ifconfig\r"
34expect {
35 timeout {puts "TESTING ERROR 5\n";exit}
36 "lo"
37}
38expect {
39 timeout {puts "TESTING ERROR 6\n";exit}
40 "127.0.0.1"
41}
42expect {
43 timeout {puts "TESTING ERROR 7\n";exit}
44 "255.0.0.0"
45}
46send -- "exit\r"
47after 100
48
49puts "all done\n"
50
diff --git a/test/network/net_mac.exp b/test/network/net_mac.exp
new file mode 100755
index 000000000..d3cd8163f
--- /dev/null
+++ b/test/network/net_mac.exp
@@ -0,0 +1,40 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# check ip address
11send -- "firejail --net=br0 --ip=10.10.20.5 --mac=00:11:22:33:44:55\r"
12expect {
13 timeout {puts "TESTING ERROR 0\n";exit}
14 "eth0"
15}
16expect {
17 timeout {puts "TESTING ERROR 0.1\n";exit}
18 "00:11:22:33:44:55"
19}
20expect {
21 timeout {puts "TESTING ERROR 1\n";exit}
22 "10.10.20.5"
23}
24expect {
25 timeout {puts "TESTING ERROR 2\n";exit}
26 "255.255.255.248"
27}
28expect {
29 timeout {puts "TESTING ERROR 3\n";exit}
30 "UP"
31}
32expect {
33 timeout {puts "TESTING ERROR 4\n";exit}
34 "Child process initialized"
35}
36send -- "exit\r"
37after 100
38
39puts "\nall done\n"
40
diff --git a/test/network/net_macvlan.exp b/test/network/net_macvlan.exp
new file mode 100755
index 000000000..f457ea98f
--- /dev/null
+++ b/test/network/net_macvlan.exp
@@ -0,0 +1,93 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# check the existing address
11spawn $env(SHELL)
12send -- "firejail --net=eth0 --ip=192.168.1.60\r"
13expect {
14 timeout {puts "TESTING ERROR 1.1\n";puts "Please open a sandbox on 192.168.1.60\n";exit}
15 "the address 192.168.1.60 is already in use"
16}
17
18
19
20# grab 30 ip addresses
21set MAXi 229
22set i 200
23while { $i <= $MAXi } {
24 spawn $env(SHELL)
25 send -- "firejail --net=eth0 --ip=192.168.1.$i\r"
26 expect {
27 timeout {puts "TESTING ERROR 0\n";exit}
28 "Child process initialized"
29 }
30 incr i
31 after 100
32}
33
34
35# check an existing address
36spawn $env(SHELL)
37send -- "firejail --net=eth0 --ip=192.168.1.200\r"
38expect {
39 timeout {puts "TESTING ERROR 1\n";exit}
40 "the address 192.168.1.200 is already in use"
41}
42
43
44set MAXi 254
45set i 2
46while { $i <= $MAXi } {
47 spawn $env(SHELL)
48 send -- "firejail --net=eth0\r"
49 expect {
50 timeout {puts "TESTING ERROR 2.1\n";exit}
51 "192.168.1.60" {puts "TESTING ERROR 2.2\n";exit}
52 "192.168.1.200" {puts "TESTING ERROR 3\n";exit}
53 "192.168.1.201" {puts "TESTING ERROR 3\n";exit}
54 "192.168.1.202" {puts "TESTING ERROR 3\n";exit}
55 "192.168.1.203" {puts "TESTING ERROR 3\n";exit}
56 "192.168.1.204" {puts "TESTING ERROR 3\n";exit}
57 "192.168.1.205" {puts "TESTING ERROR 3\n";exit}
58 "192.168.1.206" {puts "TESTING ERROR 3\n";exit}
59 "192.168.1.207" {puts "TESTING ERROR 3\n";exit}
60 "192.168.1.208" {puts "TESTING ERROR 3\n";exit}
61 "192.168.1.209" {puts "TESTING ERROR 3\n";exit}
62 "192.168.1.210" {puts "TESTING ERROR 3\n";exit}
63 "192.168.1.211" {puts "TESTING ERROR 3\n";exit}
64 "192.168.1.212" {puts "TESTING ERROR 3\n";exit}
65 "192.168.1.213" {puts "TESTING ERROR 3\n";exit}
66 "192.168.1.214" {puts "TESTING ERROR 3\n";exit}
67 "192.168.1.215" {puts "TESTING ERROR 3\n";exit}
68 "192.168.1.216" {puts "TESTING ERROR 3\n";exit}
69 "192.168.1.217" {puts "TESTING ERROR 3\n";exit}
70 "192.168.1.218" {puts "TESTING ERROR 3\n";exit}
71 "192.168.1.219" {puts "TESTING ERROR 3\n";exit}
72 "192.168.1.220" {puts "TESTING ERROR 3\n";exit}
73 "192.168.1.221" {puts "TESTING ERROR 3\n";exit}
74 "192.168.1.222" {puts "TESTING ERROR 3\n";exit}
75 "192.168.1.223" {puts "TESTING ERROR 3\n";exit}
76 "192.168.1.224" {puts "TESTING ERROR 3\n";exit}
77 "192.168.1.225" {puts "TESTING ERROR 3\n";exit}
78 "192.168.1.226" {puts "TESTING ERROR 3\n";exit}
79 "192.168.1.227" {puts "TESTING ERROR 3\n";exit}
80 "192.168.1.228" {puts "TESTING ERROR 3\n";exit}
81 "192.168.1.229" {puts "TESTING ERROR 3\n";exit}
82 "Child process initialized"
83 }
84 puts "************ $i ******************\n"
85 incr i
86 after 100
87# sleep 1
88}
89send -- "exit\r"
90after 100
91
92puts "\n"
93
diff --git a/test/network/net_mtu.exp b/test/network/net_mtu.exp
new file mode 100755
index 000000000..eb9c5d08c
--- /dev/null
+++ b/test/network/net_mtu.exp
@@ -0,0 +1,35 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# check ip address
11send -- "firejail --net=br0 --mtu=1000 --noprofile\r"
12expect {
13 timeout {puts "TESTING ERROR 1\n";exit}
14 "Child process initialized"
15}
16sleep 1
17
18send -- "ip link show\r"
19expect {
20 timeout {puts "TESTING ERROR 2\n";exit}
21 "eth0"
22}
23expect {
24 timeout {puts "TESTING ERROR 3\n";exit}
25 "mtu 1000"
26}
27expect {
28 timeout {puts "TESTING ERROR 4\n";exit}
29 "state UP"
30}
31send -- "exit\r"
32after 100
33
34puts "\nall done\n"
35
diff --git a/test/network/net_netfilter.exp b/test/network/net_netfilter.exp
new file mode 100755
index 000000000..737485d07
--- /dev/null
+++ b/test/network/net_netfilter.exp
@@ -0,0 +1,91 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# check default netfilter on br0
11send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter\r"
12expect {
13 timeout {puts "TESTING ERROR 0\n";exit}
14 "Installing network filter"
15}
16expect {
17 timeout {puts "TESTING ERROR 1\n";exit}
18 "Chain INPUT (policy DROP"
19}
20expect {
21 timeout {puts "TESTING ERROR 2\n";exit}
22 "ACCEPT all -- any any anywhere"
23}
24expect {
25 timeout {puts "TESTING ERROR 3\n";exit}
26 "ACCEPT icmp -- any any anywhere"
27}
28expect {
29 timeout {puts "TESTING ERROR 4\n";exit}
30 "Child process initialized"
31}
32sleep 1
33send -- "exit\r"
34sleep 1
35
36# check default netfilter no new network
37send -- "firejail --debug --noprofile --netfilter\r"
38expect {
39 timeout {puts "TESTING ERROR 5\n";exit}
40 "Installing network filter" {puts "TESTING ERROR 5.1\n";exit}
41 "Chain INPUT (policy DROP" {puts "TESTING ERROR 5.1\n";exit}
42 "ACCEPT all -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit}
43 "ACCEPT icmp -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit}
44 "Child process initialized"
45}
46sleep 1
47send -- "exit\r"
48sleep 1
49
50# check file filter netfilter on br0
51send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter=netfilter.filter\r"
52expect {
53 timeout {puts "TESTING ERROR 6\n";exit}
54 "Installing network filter"
55}
56expect {
57 timeout {puts "TESTING ERROR 6.1\n";exit}
58 "Child process initialized"
59}
60sleep 1
61send -- "ping -c 1 -w 3 10.10.20.1\r"
62expect {
63 timeout {puts "TESTING ERROR 6.2\n";exit}
64 "0 received, 100% packet loss"
65}
66
67send -- "exit\r"
68sleep 1
69
70# check profile netfilter on br0
71send -- "firejail --debug --net=br0 --ip=10.10.20.5 --profile=netfilter.profile\r"
72expect {
73 timeout {puts "TESTING ERROR 7\n";exit}
74 "Installing network filter"
75}
76expect {
77 timeout {puts "TESTING ERROR 7.1\n";exit}
78 "Child process initialized"
79}
80sleep 2
81send -- "ping -c 1 -w 3 10.10.20.1\r"
82expect {
83 timeout {puts "TESTING ERROR 7.2\n";exit}
84 "0 received, 100% packet loss"
85}
86
87send -- "exit\r"
88after 100
89
90puts "all done\n"
91
diff --git a/test/network/net_noip.exp b/test/network/net_noip.exp
new file mode 100755
index 000000000..b557d116c
--- /dev/null
+++ b/test/network/net_noip.exp
@@ -0,0 +1,45 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# check ip address
11send -- "firejail --noprofile --net=br0 --ip=none\r"
12expect {
13 timeout {puts "TESTING ERROR 0\n";exit}
14 "eth0" {puts "TESTING ERROR 1\n";exit}
15 "Child process initialized"
16}
17sleep 1
18send -- "bash\r"
19sleep 1
20
21# no default gateway configured
22send -- "netstat -rn;echo done\r"
23expect {
24 timeout {puts "TESTING ERROR 2\n";exit}
25 "0.0.0.0" {puts "TESTING ERROR 3\n";exit}
26 "eth0" {puts "TESTING ERROR 4\n";exit}
27 "done"
28}
29sleep 1
30
31# eth0 configured
32send -- "/sbin/ifconfig;echo done\r"
33expect {
34 timeout {puts "TESTING ERROR 5\n";exit}
35 "eth0"
36}
37expect {
38 timeout {puts "TESTING ERROR 6\n";exit}
39 "done"
40}
41send -- "exit\r"
42after 100
43
44puts "all done\n"
45
diff --git a/test/network/net_noip2.exp b/test/network/net_noip2.exp
new file mode 100755
index 000000000..c86ea4900
--- /dev/null
+++ b/test/network/net_noip2.exp
@@ -0,0 +1,45 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# check ip address
11send -- "firejail --noprofile --net=br1 --ip=none --defaultgw=10.10.30.78\r"
12expect {
13 timeout {puts "TESTING ERROR 0\n";exit}
14 "eth0" {puts "TESTING ERROR 1\n";exit}
15 "Child process initialized"
16}
17sleep 1
18send -- "bash\r"
19sleep 1
20
21# no default gateway configured
22send -- "netstat -rn;echo done\r"
23expect {
24 timeout {puts "TESTING ERROR 2\n";exit}
25 "0.0.0.0" {puts "TESTING ERROR 3\n";exit}
26 "eth0" {puts "TESTING ERROR 4\n";exit}
27 "done"
28}
29sleep 1
30
31# eth0 configured
32send -- "/sbin/ifconfig;echo done\r"
33expect {
34 timeout {puts "TESTING ERROR 5\n";exit}
35 "eth0"
36}
37expect {
38 timeout {puts "TESTING ERROR 6\n";exit}
39 "done"
40}
41send -- "exit\r"
42after 100
43
44puts "all done\n"
45
diff --git a/test/network/net_none.exp b/test/network/net_none.exp
new file mode 100755
index 000000000..1761eb423
--- /dev/null
+++ b/test/network/net_none.exp
@@ -0,0 +1,72 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# options
11send -- "firejail --net=none\r"
12expect {
13 timeout {puts "TESTING ERROR 0\n";exit}
14 "eth0" {puts "TESTING ERROR 0.1\n";exit}
15 "Child process initialized"
16}
17sleep 1
18
19# test default gw
20send -- "bash\r"
21sleep 1
22send -- "netstat -rn; echo done\r"
23expect {
24 timeout {puts "TESTING ERROR 1\n";exit}
25 "0.0.0.0" {puts "TESTING ERROR 1.1\n";exit}
26 "done"
27}
28sleep 1
29
30# check again devices
31send -- "cat /proc/1/net/dev;echo done\r"
32expect {
33 timeout {puts "TESTING ERROR 2\n";exit}
34 "eth0" {puts "TESTING ERROR 2.1\n";exit}
35 "done"
36}
37send -- "exit\r"
38sleep 1
39send -- "exit\r"
40sleep 1
41
42# profile
43send -- "firejail --profile=net_none.profile\r"
44expect {
45 timeout {puts "TESTING ERROR 3\n";exit}
46 "eth0" {puts "TESTING ERROR 3.1\n";exit}
47 "Child process initialized"
48}
49sleep 1
50
51# test default gw
52send -- "bash\r"
53sleep 1
54send -- "netstat -rn; echo done\r"
55expect {
56 timeout {puts "TESTING ERROR 4\n";exit}
57 "0.0.0.0" {puts "TESTING ERROR 4.1\n";exit}
58 "done"
59}
60sleep 1
61
62# check again devices
63send -- "cat /proc/1/net/dev;echo done\r"
64expect {
65 timeout {puts "TESTING ERROR 5\n";exit}
66 "eth0" {puts "TESTING ERROR 5.1\n";exit}
67 "done"
68}
69send -- "exit\r"
70after 100
71
72puts "\nall done\n"
diff --git a/test/network/net_none.profile b/test/network/net_none.profile
new file mode 100644
index 000000000..079c08ea8
--- /dev/null
+++ b/test/network/net_none.profile
@@ -0,0 +1 @@
net none
diff --git a/test/network/net_profile.exp b/test/network/net_profile.exp
new file mode 100755
index 000000000..29008d811
--- /dev/null
+++ b/test/network/net_profile.exp
@@ -0,0 +1,77 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# check eth0
11send -- "firejail --profile=net-profile.profile\r"
12expect {
13 timeout {puts "TESTING ERROR 0.0\n";exit}
14 "eth0"
15}
16expect {
17 timeout {puts "TESTING ERROR 0.1\n";exit}
18 "00:11:22:33:44:55"
19}
20expect {
21 timeout {puts "TESTING ERROR 0.1\n";exit}
22 "10.10.20"
23}
24expect {
25 timeout {puts "TESTING ERROR 0.2\n";exit}
26 "255.255.255.248"
27}
28expect {
29 timeout {puts "TESTING ERROR 0.3\n";exit}
30 "UP"
31}
32expect {
33 timeout {puts "TESTING ERROR 0.4\n";exit}
34 "Child process initialized"
35}
36sleep 1
37
38send -- "ip route show\r"
39expect {
40 timeout {puts "TESTING ERROR 1\n";exit}
41 "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50"
42}
43
44send -- "ip route show\r"
45expect {
46 timeout {puts "TESTING ERROR 2\n";exit}
47 "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100"
48}
49
50
51# check default gw
52send -- "ip route show\r"
53expect {
54 timeout {puts "TESTING ERROR 3\n";exit}
55 "default via 10.10.20.2 dev eth0"
56}
57
58# check mtu
59send -- "ip link show\r"
60expect {
61 timeout {puts "TESTING ERROR 4\n";exit}
62 "eth0"
63}
64expect {
65 timeout {puts "TESTING ERROR 5\n";exit}
66 "mtu 1000"
67}
68expect {
69 timeout {puts "TESTING ERROR 6\n";exit}
70 "state UP"
71}
72
73send -- "exit\r"
74after 100
75
76puts "\nall done\n"
77
diff --git a/test/network/net_scan.exp b/test/network/net_scan.exp
new file mode 100755
index 000000000..5afbbeea6
--- /dev/null
+++ b/test/network/net_scan.exp
@@ -0,0 +1,75 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10#
11send -- "firejail --net=br1 --ip=10.10.30.50\r"
12expect {
13 timeout {puts "TESTING ERROR 0\n";exit}
14 "eth0"
15}
16expect {
17 timeout {puts "TESTING ERROR 1\n";exit}
18 "10.10.30.50"
19}
20expect {
21 timeout {puts "TESTING ERROR 2\n";exit}
22 "255.255.255.0"
23}
24expect {
25 timeout {puts "TESTING ERROR 3\n";exit}
26 "Child process initialized"
27}
28sleep 1
29
30spawn $env(SHELL)
31send -- "firejail --net=br1 --ip=10.10.30.51\r"
32expect {
33 timeout {puts "TESTING ERROR 4\n";exit}
34 "eth0"
35}
36expect {
37 timeout {puts "TESTING ERROR 5\n";exit}
38 "10.10.30.51"
39}
40expect {
41 timeout {puts "TESTING ERROR 6\n";exit}
42 "255.255.255.0"
43}
44expect {
45 timeout {puts "TESTING ERROR 7\n";exit}
46 "Child process initialized"
47}
48sleep 1
49
50spawn $env(SHELL)
51send -- "firejail --net=br1 --scan\r"
52expect {
53 timeout {puts "TESTING ERROR 8\n";exit}
54 "eth0"
55}
56expect {
57 timeout {puts "TESTING ERROR 9\n";exit}
58 "10.10.30.50"
59}
60expect {
61 timeout {puts "TESTING ERROR 10\n";exit}
62 "10.10.30.51"
63}
64expect {
65 timeout {puts "TESTING ERROR 11\n";exit}
66 "Child process initialized"
67}
68sleep 1
69
70
71
72after 100
73
74puts "\nall done\n"
75
diff --git a/test/network/net_veth.exp b/test/network/net_veth.exp
new file mode 100755
index 000000000..89dedcb24
--- /dev/null
+++ b/test/network/net_veth.exp
@@ -0,0 +1,130 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --net=eth0\r"
11expect {
12 timeout {puts "TESTING ERROR 1\n";exit}
13 "lo"
14}
15expect {
16 timeout {puts "TESTING ERROR 2\n";exit}
17 "127.0.0.1"
18}
19expect {
20 timeout {puts "TESTING ERROR 3\n";exit}
21 "255.0.0.0"
22}
23expect {
24 timeout {puts "TESTING ERROR 4\n";exit}
25 "UP"
26}
27expect {
28 timeout {puts "TESTING ERROR 5\n";exit}
29 "eth0-"
30}
31expect {
32 timeout {puts "TESTING ERROR 6\n";exit}
33 "255.255.255.0"
34}
35expect {
36 timeout {puts "TESTING ERROR 7\n";exit}
37 "UP"
38}
39expect {
40 timeout {puts "TESTING ERROR 8\n";exit}
41 "Default gateway"
42}
43expect {
44 timeout {puts "TESTING ERROR 9\n";exit}
45 "Child process initialized"
46}
47sleep 1
48send -- "exit\r"
49sleep 1
50
51send -- "firejail --net=eth0 --net=eth0 --net=eth0 --net=eth0\r"
52expect {
53 timeout {puts "TESTING ERROR 11\n";exit}
54 "lo"
55}
56expect {
57 timeout {puts "TESTING ERROR 12\n";exit}
58 "127.0.0.1"
59}
60expect {
61 timeout {puts "TESTING ERROR 13\n";exit}
62 "255.0.0.0"
63}
64expect {
65 timeout {puts "TESTING ERROR 14\n";exit}
66 "UP"
67}
68expect {
69 timeout {puts "TESTING ERROR 15\n";exit}
70 "eth0-"
71}
72expect {
73 timeout {puts "TESTING ERROR 16\n";exit}
74 "255.255.255.0"
75}
76expect {
77 timeout {puts "TESTING ERROR 17\n";exit}
78 "UP"
79}
80expect {
81 timeout {puts "TESTING ERROR 18\n";exit}
82 "eth1-"
83}
84expect {
85 timeout {puts "TESTING ERROR 19\n";exit}
86 "255.255.255.0"
87}
88expect {
89 timeout {puts "TESTING ERROR 20\n";exit}
90 "UP"
91}
92expect {
93 timeout {puts "TESTING ERROR 5\n";exit}
94 "eth2-"
95}
96expect {
97 timeout {puts "TESTING ERROR 21\n";exit}
98 "255.255.255.0"
99}
100expect {
101 timeout {puts "TESTING ERROR 22\n";exit}
102 "UP"
103}
104expect {
105 timeout {puts "TESTING ERROR 23\n";exit}
106 "eth3-"
107}
108expect {
109 timeout {puts "TESTING ERROR 24\n";exit}
110 "255.255.255.0"
111}
112expect {
113 timeout {puts "TESTING ERROR 25\n";exit}
114 "UP"
115}
116expect {
117 timeout {puts "TESTING ERROR 26\n";exit}
118 "Default gateway"
119}
120expect {
121 timeout {puts "TESTING ERROR 27\n";exit}
122 "Child process initialized"
123}
124sleep 1
125send -- "exit\r"
126
127after 100
128
129puts "\n"
130
diff --git a/test/network/netfilter.filter b/test/network/netfilter.filter
new file mode 100644
index 000000000..3e232065c
--- /dev/null
+++ b/test/network/netfilter.filter
@@ -0,0 +1,6 @@
1*filter
2:INPUT DROP [0:0]
3:FORWARD DROP [0:0]
4:OUTPUT ACCEPT [0:0]
5-A INPUT -i lo -j ACCEPT
6COMMIT
diff --git a/test/network/netfilter.profile b/test/network/netfilter.profile
new file mode 100644
index 000000000..824c6cd0f
--- /dev/null
+++ b/test/network/netfilter.profile
@@ -0,0 +1 @@
netfilter netfilter.filter
diff --git a/test/network/netstats.exp b/test/network/netstats.exp
new file mode 100755
index 000000000..41232061d
--- /dev/null
+++ b/test/network/netstats.exp
@@ -0,0 +1,39 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --net=eth0 --name=test1\r"
11expect {
12 timeout {puts "TESTING ERROR 9\n";exit}
13 "Child process initialized"
14}
15sleep 1
16
17spawn $env(SHELL)
18send -- "firejail --net=eth0 --name=test2\r"
19expect {
20 timeout {puts "TESTING ERROR 9\n";exit}
21 "Child process initialized"
22}
23sleep 1
24
25spawn $env(SHELL)
26send -- "firejail --netstats\r"
27sleep 4
28expect {
29 timeout {puts "TESTING ERROR 9\n";exit}
30 "name=test1"
31}
32expect {
33 timeout {puts "TESTING ERROR 9\n";exit}
34 "name=test2"
35}
36after 100
37
38puts "\n"
39
diff --git a/test/network/network.sh b/test/network/network.sh
new file mode 100755
index 000000000..e1646d64a
--- /dev/null
+++ b/test/network/network.sh
@@ -0,0 +1,85 @@
1#!/bin/bash
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6export MALLOC_CHECK_=3
7export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
8
9sudo ./configure
10
11echo "TESTING: firemon interface (firemon-interfaces.exp)"
12sudo ./firemon-interfaces.exp
13
14echo "TESTING: firemon arp (firemon-arp.exp)"
15./firemon-arp.exp
16
17echo "TESTING: firemon netstats (netstats.exp)"
18./netstats.exp
19
20echo "TESTING: firemon route (firemon-route.exp)"
21./firemon-route.exp
22
23echo "TESTING: network profile (net_profile.exp)"
24./net_profile.exp
25
26echo "TESTING: bandwidth (bandwidth.exp)"
27./bandwidth.exp
28
29echo "TESTING: IPv6 support (ip6.exp)"
30./ip6.exp
31
32echo "TESTING: local network (net_local.exp)"
33./net_local.exp
34
35echo "TESTING: no network (net_none.exp)"
36./net_none.exp
37
38echo "TESTING: network IP (net_ip.exp)"
39./net_ip.exp
40
41echo "TESTING: network MAC (net_mac.exp)"
42sleep 2
43./net_mac.exp
44
45echo "TESTING: network MTU (net_mtu.exp)"
46./net_mtu.exp
47
48echo "TESTING: network hostname (hostname.exp)"
49./hostname.exp
50
51echo "TESTING: network bad IP (net_badip.exp)"
52./net_badip.exp
53
54echo "TESTING: network no IP test 1 (net_noip.exp)"
55./net_noip.exp
56
57echo "TESTING: network no IP test 2 (net_noip2.exp)"
58./net_noip2.exp
59
60echo "TESTING: network default gateway test 1 (net_defaultgw.exp)"
61./net_defaultgw.exp
62
63echo "TESTING: network default gateway test 2 (net_defaultgw2.exp)"
64./net_defaultgw2.exp
65
66echo "TESTING: network default gateway test 3 (net_defaultgw3.exp)"
67./net_defaultgw3.exp
68
69echo "TESTING: scan (net_scan.exp)"
70./net_scan.exp
71
72echo "TESTING: interface (interface.exp)"
73./interface.exp
74
75echo "TESTING: veth (net_veth.exp)"
76./net_veth.exp
77
78echo "TESTING: netfilter (net_netfilter.exp)"
79./net_netfilter.exp
80
81echo "TESTING: 4 bridges ARP (4bridges_arp.exp)"
82./4bridges_arp.exp
83
84echo "TESTING: 4 bridges IP (4bridges_ip.exp)"
85./4bridges_ip.exp
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-12 16:48:13 +0000