diff options
Diffstat (limited to 'test/network')
-rwxr-xr-x | test/network/netfilter-template.exp | 44 | ||||
-rwxr-xr-x | test/network/network.sh | 6 | ||||
-rw-r--r-- | test/network/tcpserver.c | 108 |
3 files changed, 158 insertions, 0 deletions
diff --git a/test/network/netfilter-template.exp b/test/network/netfilter-template.exp new file mode 100755 index 000000000..637b32468 --- /dev/null +++ b/test/network/netfilter-template.exp | |||
@@ -0,0 +1,44 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2017 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --net=br1 --ip=10.10.30.10 --name=test1 --netfilter=/etc/firejail/tcpserver.net,5555 ./tcpserver 5555\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "telnet 10.10.30.10 5555\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "Connected to 10.10.30.10" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | send "sdfklsjadfl;ksadjfl;sdkfj\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 3\n";exit} | ||
28 | "response" | ||
29 | } | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 4\n";exit} | ||
32 | "Connection closed" | ||
33 | } | ||
34 | sleep 1 | ||
35 | |||
36 | send -- "telnet 10.10.30.10 5556\r" | ||
37 | expect { | ||
38 | timeout {puts "OK\n"} | ||
39 | "Connected to 10.10.30.10" {puts "TESTING ERROR 6\n";exit} | ||
40 | "dikasdfjasdjf" | ||
41 | } | ||
42 | |||
43 | after 100 | ||
44 | puts "all done\n" | ||
diff --git a/test/network/network.sh b/test/network/network.sh index 739644c8e..83a70f1e3 100755 --- a/test/network/network.sh +++ b/test/network/network.sh | |||
@@ -8,6 +8,12 @@ export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | |||
8 | 8 | ||
9 | sudo ./configure | 9 | sudo ./configure |
10 | 10 | ||
11 | echo "TESTING: netfilter template (netfilter-template.exp)" | ||
12 | rm -f ./tcpserver | ||
13 | gcc -o tcpserver tcpserver.c | ||
14 | ./netfilter-template.exp | ||
15 | rm ./tcpserver | ||
16 | |||
11 | echo "TESTING: firemon interface (firemon-interfaces.exp)" | 17 | echo "TESTING: firemon interface (firemon-interfaces.exp)" |
12 | sudo ./firemon-interfaces.exp | 18 | sudo ./firemon-interfaces.exp |
13 | 19 | ||
diff --git a/test/network/tcpserver.c b/test/network/tcpserver.c new file mode 100644 index 000000000..b2395a4ad --- /dev/null +++ b/test/network/tcpserver.c | |||
@@ -0,0 +1,108 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2017 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #include <stdio.h> | ||
21 | #include <stdlib.h> | ||
22 | #include <unistd.h> | ||
23 | #include <netdb.h> | ||
24 | #include <netinet/in.h> | ||
25 | #include <string.h> | ||
26 | |||
27 | |||
28 | int main(int argc, char **argv) { | ||
29 | int fd, newfd, client_len; | ||
30 | struct sockaddr_in serv_addr, client_addr; | ||
31 | int n, pid; | ||
32 | |||
33 | if (argc < 2) { | ||
34 | printf("Usage: ./server port-number\n"); | ||
35 | return 1; | ||
36 | } | ||
37 | int portno = atoi(argv[1]); | ||
38 | |||
39 | // init socket | ||
40 | fd = socket(AF_INET, SOCK_STREAM, 0); | ||
41 | if (fd < 0) { | ||
42 | perror("ERROR opening socket"); | ||
43 | return 1; | ||
44 | } | ||
45 | |||
46 | // Initialize socket structure | ||
47 | memset(&serv_addr, 0, sizeof(serv_addr)); | ||
48 | |||
49 | serv_addr.sin_family = AF_INET; | ||
50 | serv_addr.sin_addr.s_addr = INADDR_ANY; | ||
51 | serv_addr.sin_port = htons(portno); | ||
52 | |||
53 | // bind | ||
54 | if (bind(fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) { | ||
55 | perror("bind"); | ||
56 | return 1; | ||
57 | } | ||
58 | |||
59 | // listen - 5 pending conncections | ||
60 | if (listen(fd, 5) < 0) { | ||
61 | perror("listen"); | ||
62 | return 1; | ||
63 | } | ||
64 | client_len = sizeof(client_addr); | ||
65 | |||
66 | while (1) { | ||
67 | newfd = accept(fd, (struct sockaddr *) &client_addr, &client_len); | ||
68 | |||
69 | if (newfd < 0) { | ||
70 | perror("accept"); | ||
71 | return 1; | ||
72 | } | ||
73 | |||
74 | /* Create child process */ | ||
75 | pid = fork(); | ||
76 | |||
77 | if (pid < 0) { | ||
78 | perror("fork"); | ||
79 | return 1; | ||
80 | } | ||
81 | |||
82 | if (pid == 0) { | ||
83 | // child | ||
84 | close(fd); | ||
85 | #define MAXBUF 4096 | ||
86 | char buf[MAXBUF]; | ||
87 | memset(buf, 0, MAXBUF); | ||
88 | |||
89 | int rcv = read(newfd, buf, MAXBUF - 1); | ||
90 | if (rcv < 0) { | ||
91 | perror("read"); | ||
92 | exit(1); | ||
93 | } | ||
94 | |||
95 | int sent = write(newfd, "response\n", 9); | ||
96 | if (sent < 9) { | ||
97 | perror("write"); | ||
98 | return 1; | ||
99 | } | ||
100 | |||
101 | exit(0); | ||
102 | } | ||
103 | else | ||
104 | close(newfd); | ||
105 | } | ||
106 | |||
107 | return 0; | ||
108 | } | ||