From 336ecb5d651f22e5a3722ead843181a86dcc066d Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 2 Mar 2023 10:34:03 -0500 Subject: network testing; merges --- README | 4 +- RELNOTES | 7 +- test/network/4bridges_arp.exp | 177 -------------------------- test/network/4bridges_ip.exp | 181 -------------------------- test/network/README | 14 --- test/network/bandwidth.exp | 68 ---------- test/network/dns-print.exp | 12 +- test/network/firemon-arp.exp | 53 -------- test/network/firemon-interfaces.exp | 66 ---------- test/network/firemon-route.exp | 52 -------- test/network/interface.exp | 63 ---------- test/network/ip6.exp | 100 --------------- test/network/ip6.profile | 3 - test/network/iprange.exp | 102 --------------- test/network/iprange.profile | 2 - test/network/ipv6.net | 8 -- test/network/net-profile.profile | 9 -- test/network/net_arp.exp | 74 ----------- test/network/net_badip.exp | 18 --- test/network/net_defaultgw.exp | 50 -------- test/network/net_defaultgw2.exp | 45 ------- test/network/net_defaultgw3.exp | 20 --- test/network/net_ip.exp | 36 +++++- test/network/net_local.exp | 49 -------- test/network/net_macvlan2.exp | 42 ------- test/network/net_mtu.exp | 34 ----- test/network/net_netfilter.exp | 77 ++---------- test/network/net_noip.exp | 48 ------- test/network/net_noip2.exp | 47 ------- test/network/net_none.exp | 2 +- test/network/net_profile.exp | 78 ------------ test/network/net_scan.exp | 18 ++- test/network/net_unconfigured.exp | 244 ------------------------------------ test/network/net_veth.exp | 141 --------------------- test/network/netfilter-template.exp | 67 ---------- test/network/netfilter.filter | 6 - test/network/netfilter.profile | 1 - test/network/netns.exp | 34 ----- test/network/netstats.exp | 38 ------ test/network/network.sh | 99 ++------------- test/network/tcpserver.c | 108 ---------------- test/network/veth-name.exp | 76 ----------- test/network/veth-name.profile | 3 - 43 files changed, 73 insertions(+), 2303 deletions(-) delete mode 100755 test/network/4bridges_arp.exp delete mode 100755 test/network/4bridges_ip.exp delete mode 100644 test/network/README delete mode 100755 test/network/bandwidth.exp delete mode 100755 test/network/firemon-arp.exp delete mode 100755 test/network/firemon-interfaces.exp delete mode 100755 test/network/firemon-route.exp delete mode 100755 test/network/interface.exp delete mode 100755 test/network/ip6.exp delete mode 100644 test/network/ip6.profile delete mode 100755 test/network/iprange.exp delete mode 100644 test/network/iprange.profile delete mode 100644 test/network/ipv6.net delete mode 100644 test/network/net-profile.profile delete mode 100755 test/network/net_arp.exp delete mode 100755 test/network/net_badip.exp delete mode 100755 test/network/net_defaultgw.exp delete mode 100755 test/network/net_defaultgw2.exp delete mode 100755 test/network/net_defaultgw3.exp delete mode 100755 test/network/net_local.exp delete mode 100755 test/network/net_macvlan2.exp delete mode 100755 test/network/net_mtu.exp delete mode 100755 test/network/net_noip.exp delete mode 100755 test/network/net_noip2.exp delete mode 100755 test/network/net_profile.exp delete mode 100755 test/network/net_unconfigured.exp delete mode 100755 test/network/net_veth.exp delete mode 100755 test/network/netfilter-template.exp delete mode 100644 test/network/netfilter.filter delete mode 100644 test/network/netfilter.profile delete mode 100755 test/network/netns.exp delete mode 100755 test/network/netstats.exp delete mode 100644 test/network/tcpserver.c delete mode 100755 test/network/veth-name.exp delete mode 100644 test/network/veth-name.profile diff --git a/README b/README index dcdb3ecf6..bba54b562 100644 --- a/README +++ b/README @@ -701,7 +701,7 @@ Liorst4 (https://github.com/Liorst4) Lockdis (https://github.com/Lockdis) - Added crow, nyx, and google-earth-pro profiles Lukáš Krejčí (https://github.com/lskrejci) - - fixed parsing of --keep-var-tmp + - fixed parsing of --keep-var-tmp luzpaz (https://github.com/luzpaz) - code spelling fixes lxeiqr (https://github.com/lxeiqr) @@ -717,6 +717,8 @@ mahdi1234 (https://github.com/mahdi1234) - Seamonkey profiles Manuel Dipolt (https://github.com/xeniter) - stack alignment for the ARM Architecture +Marek Küthe (https://github.com/marek22k) + - allow loading plugins in gajim Martin Carpenter (https://github.com/mcarpenter) - security audit and bug fixes - Centos 6.x support diff --git a/RELNOTES b/RELNOTES index 19bd2aff3..c003c6185 100644 --- a/RELNOTES +++ b/RELNOTES @@ -2,12 +2,15 @@ firejail (0.9.73) baseline; urgency=low * work in progress * feature: Add "keep-shell-rc" command and option (#1127 #5634) * feature: Print the argument when failing with "too long arguments" (#5677) + * feature: a random hostname is assigned to each sandbox unless + overwritten using --hostname command * modif: Stop forwarding own double-dash to the shell (#5599 #5600) * modif: Prevent sandbox name (--name=) and host name (--hostname=) from containing only digits (#5578) * modif: Escape control characters of the command line (#5613) * modif: Allow only letters and digits for sandbox name (--name=) and host name (--hostname=) + * bugfix: fix --hostname and --hosts-file commands * bugfix: qutebrowser: links will not open in the existing instance (#5601 #5618) * build: auto-generate syntax files (#5627) @@ -15,11 +18,13 @@ firejail (0.9.73) baseline; urgency=low * build: mkdeb.sh: pass all arguments to ./configure (#5654) * build: deb: enable apparmor by default & remove deb-apparmor (#5668) * build: Fix whitespace and add .editorconfig (#5674) + * test: split individual test groups in github workflows + * test: add chroot, appimage and network tests in github workflows * docs: remove apparmor options in --help when building without apparmor support (#5589) * docs: selinux.c: Split Copyright notice & use same license as upstream (#5667) - * new profiles: fix-qdf, qpdf, zlib-flate + * new profiles: fix-qdf, qpdf, zlib-flate -- netblue30 Mon, 16 Jan 2023 09:00:00 -0500 firejail (0.9.72) baseline; urgency=low diff --git a/test/network/4bridges_arp.exp b/test/network/4bridges_arp.exp deleted file mode 100755 index ca326320a..000000000 --- a/test/network/4bridges_arp.exp +++ /dev/null @@ -1,177 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check eth0 -send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" -expect { - timeout {puts "TESTING ERROR 0.0\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 0.1\n";exit} - "10.10.20" -} -expect { - timeout {puts "TESTING ERROR 0.2\n";exit} - "255.255.255.248" -} -expect { - timeout {puts "TESTING ERROR 0.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 0.4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "exit\r" -sleep 1 - -# check eth1 -send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" -expect { - timeout {puts "TESTING ERROR 1.0\n";exit} - "eth1" -} -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "10.10.30" -} -expect { - timeout {puts "TESTING ERROR 1.2\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 1.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 1.4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "exit\r" -sleep 1 - - -# check eth2 -send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" -expect { - timeout {puts "TESTING ERROR 2.0\n";exit} - "eth2" -} -expect { - timeout {puts "TESTING ERROR 2.1\n";exit} - "10.10.40" -} -expect { - timeout {puts "TESTING ERROR 2.2\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 2.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 2.4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "exit\r" -sleep 1 - - - -# check eth3 -send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" -expect { - timeout {puts "TESTING ERROR 3.0\n";exit} - "eth3" -} -expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "10.10.50" -} -expect { - timeout {puts "TESTING ERROR 3.2\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 3.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "exit\r" -sleep 1 - - - - -# check loopback -send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3 --protocol=unix,inet,netlink\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "lo" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "127.0.0.1" -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "255.0.0.0" -} -expect { - timeout {puts "TESTING ERROR 8\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -# check default gateway -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.1\n";exit} - "default via 10.10.20.1 dev eth0" -} -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "old iproute2\n";} - "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "new iproute2\n";} -} -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.30.0/24 dev eth1 proto kernel scope link" {puts "old iproute2\n";} - "10.10.30.0/24 dev eth1 proto kernel scope link" {puts "new iproute2\n";} -} -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.40.0/24 dev eth2 proto kernel scope link" {puts "old iproute2\n";} - "10.10.40.0/24 dev eth2 proto kernel scope link" {puts "new iproute2\n";} -} -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.50.0/24 dev eth3 proto kernel scope link" {puts "old iproute2\n";} - "10.10.50.0/24 dev eth3 proto kernel scope link" {puts "new iproute2\n";} -} -send -- "exit\r" -after 100 - -puts "\nall done\n" diff --git a/test/network/4bridges_ip.exp b/test/network/4bridges_ip.exp deleted file mode 100755 index 135b1121c..000000000 --- a/test/network/4bridges_ip.exp +++ /dev/null @@ -1,181 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check eth0 -send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" -expect { - timeout {puts "TESTING ERROR 0.0\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 0.1\n";exit} - "10.10.20" -} -expect { - timeout {puts "TESTING ERROR 0.2\n";exit} - "255.255.255.248" -} -expect { - timeout {puts "TESTING ERROR 0.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 0.4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "exit\r" -sleep 1 - -# check eth1 -send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" -expect { - timeout {puts "TESTING ERROR 1.0\n";exit} - "eth1" -} -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "10.10.30.50" -} -expect { - timeout {puts "TESTING ERROR 1.2\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 1.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 1.4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "exit\r" -sleep 1 - - -# check eth2 -send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" -expect { - timeout {puts "TESTING ERROR 2.0\n";exit} - "eth2" -} -expect { - timeout {puts "TESTING ERROR 2.1\n";exit} - "10.10.40.100" -} -expect { - timeout {puts "TESTING ERROR 2.2\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 2.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 2.4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "exit\r" -sleep 1 - - - -# check eth3 -send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" -expect { - timeout {puts "TESTING ERROR 3.0\n";exit} - "eth3" -} -expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "10.10.50" -} -expect { - timeout {puts "TESTING ERROR 3.2\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 3.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "exit\r" -sleep 1 - - - - -# check loopback -send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3 --protocol=unix,inet,netlink\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "lo" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "127.0.0.1" -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "255.0.0.0" -} -expect { - timeout {puts "TESTING ERROR 8\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} - -# check default gateway -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.1\n";exit} - "default via 10.10.20.1 dev eth0" -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "old iproute2\n";} - "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "new iproute2\n";} -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.3\n";exit} - "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" {puts "old iproute2\n";} - "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" {puts "new iproute2\n";} -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.4\n";exit} - "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" {puts "old iproute2\n";} - "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" {puts "new iproute2\n";} -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.5\n";exit} - "10.10.50.0/24 dev eth3 proto kernel scope link" {puts "old iproute2\n";} - "10.10.50.0/24 dev eth3 proto kernel scope link" {puts "new iproute2\n";} -} - -send -- "exit\r" -after 100 - -puts "\nall done\n" diff --git a/test/network/README b/test/network/README deleted file mode 100644 index 1e215b41e..000000000 --- a/test/network/README +++ /dev/null @@ -1,14 +0,0 @@ -Warning: this test requires root access to configure a number of bridge, mac -and vlan devices. Please take a look at configure file. By the time you are -finished testing, you'll probably have to reboot the computer to get your -networking subsystem back to normal. - -Limitations - to be investigated and fixed: - - the test is assuming an eth0 wired interface to be present - - using netstat and ifconfig - this needs to be moved to iproute2 - - configure script inserts an entry in system netfilter configuration - - the test will probably not work on grsecurity settings - - macvlan interfaces don't seem to work correctly under VirtualBox - -Run the test: - $ ./network.sh | grep TESTING diff --git a/test/network/bandwidth.exp b/test/network/bandwidth.exp deleted file mode 100755 index ef68165b7..000000000 --- a/test/network/bandwidth.exp +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --name=test --net=br0\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -spawn $env(SHELL) -send -- "firejail --bandwidth=test status\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "qdisc * 0: dev eth0" -} -sleep 1 - -send -- "firejail --bandwidth=test set br0 50 10\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "Configuring interface eth0" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "configuring tc ingress" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "configuring tc egress" -} - -send -- "firejail --bandwidth=test status\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "dev eth0" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "rate 80Kbit burst 10Kb" -} -sleep 1 - -send -- "firejail --bandwidth=test clear br0\r" -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "Removing bandwidth limits" -} -sleep 1 - -send -- "stty -echo\r" -after 100 - -send -- "firejail --bandwidth=test status; echo done\r" -expect { - timeout {puts "TESTING ERROR 8\n";exit} - "rate 80Kbit burst 10Kb" {puts "TESTING ERROR 9\n";exit} - "done" -} -after 100 - -puts "\nall done\n" diff --git a/test/network/dns-print.exp b/test/network/dns-print.exp index 769d5431c..7d3da8ace 100755 --- a/test/network/dns-print.exp +++ b/test/network/dns-print.exp @@ -7,17 +7,17 @@ set timeout 10 spawn $env(SHELL) match_max 100000 -send -- "firejail --name=test-dns --net=eth0 --dns=1.2.3.4 --dns=2.3.4.5 --dns=3.4.5.6\r" +send -- "firejail --name=test --net=br0 --dns=1.2.3.4 --dns=2.3.4.5 --dns=3.4.5.6\r" expect { - timeout {puts "TESTING ERROR 1\n";exit} + timeout {puts "TESTING ERROR 0\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } sleep 1 spawn $env(SHELL) -send -- "firejail --dns.print=test-dns\r" +send -- "firejail --dns.print=test\r" expect { - timeout {puts "TESTING ERROR 2\n";exit} + timeout {puts "TESTING ERROR 1\n";exit} "nameserver 1.2.3.4" } expect { @@ -25,10 +25,10 @@ expect { "nameserver 2.3.4.5" } expect { - timeout {puts "TESTING ERROR 2\n";exit} + timeout {puts "TESTING ERROR 3\n";exit} "nameserver 3.4.5.6" } -after 100 +after 500 puts "\nall done\n" diff --git a/test/network/firemon-arp.exp b/test/network/firemon-arp.exp deleted file mode 100755 index 858c4a729..000000000 --- a/test/network/firemon-arp.exp +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -#send -- "ping -c 3 192.168.1.1\r" -#expect { -# timeout {puts "TESTING ERROR 0\n";exit} -# "3 packets transmitted" -#} -#sleep 1 - -send -- "firejail --name=test1\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -spawn $env(SHELL) -send -- "firejail --name=test2\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -spawn $env(SHELL) -send -- "firemon --arp\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "name=test1" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "192.168.1.1 dev eth0 lladdr" {puts "Debian testing\n";} - "192.168.1.1 dev enp0s3 lladdr" {puts "Centos 7 testing\n";} -} -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "REACHABLE" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "name=test2" -} -after 100 - -puts "\nall done\n" diff --git a/test/network/firemon-interfaces.exp b/test/network/firemon-interfaces.exp deleted file mode 100755 index 47e540cc5..000000000 --- a/test/network/firemon-interfaces.exp +++ /dev/null @@ -1,66 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --net=eth0 --name=test1\r" -expect { - timeout {puts "TESTING ERROR 9\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -spawn $env(SHELL) -send -- "firejail --net=eth0 --name=test2\r" -expect { - timeout {puts "TESTING ERROR 9\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -spawn $env(SHELL) -send -- "firemon --interface\r" -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "Link status" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "lo UP" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "eth0-" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "IPv4 status" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "lo UP" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "eth0-" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "IPv6 status" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "lo UP" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "eth0-" -} - -after 100 - -puts "\n" diff --git a/test/network/firemon-route.exp b/test/network/firemon-route.exp deleted file mode 100755 index 69cccfeae..000000000 --- a/test/network/firemon-route.exp +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --name=test1\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -spawn $env(SHELL) -send -- "firejail --name=test2\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -spawn $env(SHELL) -send -- "firemon --route\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "name=test1" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "0.0.0.0/0 via 192.168.1.1, dev eth0, metric 0" {puts "Debian testing\n";} - "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 1024" {puts "Centos 7 testing\n";} - "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 0" {puts "OpenSUSE testing\n";} - "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 100" {puts "Arch testing\n";} -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "10.10.30.0/24, dev br1, scope link src 10.10.30.1" -} -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "10.10.50.0/24, dev br3, scope link src 10.10.50.1" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "name=test2" -} -after 100 - -puts "\nalldone\n" diff --git a/test/network/interface.exp b/test/network/interface.exp deleted file mode 100755 index 2bcc6e88b..000000000 --- a/test/network/interface.exp +++ /dev/null @@ -1,63 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# interface -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -# todo: seems to be unable to find interface eth0.7 -#send -- "firejail --noprofile --interface=eth0.5 --interface=eth0.6 --interface=eth0.7\r" -send -- "firejail --noprofile --interface=eth0.5 --interface=eth0.6\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "/sbin/ifconfig\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "eth0.5" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "Link" {puts "old net-tools\n";} - "flags" {puts "new net-tools\n";} -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "10.10.205.10" -} -after 100 - -send -- "/sbin/ifconfig\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "eth0.6" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "Link" {puts "old net-tools\n";} - "flags" {puts "new net-tools\n";} -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "10.10.206.10" -} -after 100 - -send -- "exit\r" -sleep 1 - - -puts "\nall done\n" diff --git a/test/network/ip6.exp b/test/network/ip6.exp deleted file mode 100755 index 1f6581ae4..000000000 --- a/test/network/ip6.exp +++ /dev/null @@ -1,100 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --debug --noprofile --net=br0 --ip6=2001:0db8:0:f101::1/64 --netfilter6=ipv6.net\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Installing IPv6 firewall" -} -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "DROP" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "unable to initialize table 'filter'" {puts "\nTESTING SKIP 2: no IPv6 support\n"; exit} - "2001:db8:1f0a:3ec::2" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 2 - -send -- "/sbin/ifconfig\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "inet6" -} -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "2001:db8:0:f101::1" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "Scope:Global" { puts "Debian\n"} - "scopeid 0x0" { puts "Arch\n"} -} - -send -- "exit\r" -sleep 2 - - - - -send -- "firejail --debug --profile=ip6.profile\r" -expect { - timeout {puts "TESTING ERROR 10\n";exit} - "Installing IPv6 firewall" -} -expect { - timeout {puts "TESTING ERROR 11\n";exit} - "DROP" -} -expect { - timeout {puts "TESTING ERROR 12\n";exit} - "unable to initialize table 'filter'" {puts "\nTESTING SKIP 2: no IPv6 support\n"; exit} - "2001:db8:1f0a:3ec::2" -} -expect { - timeout {puts "TESTING ERROR 13\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 2 - -send -- "/sbin/ifconfig\r" -expect { - timeout {puts "TESTING ERROR 14\n";exit} - "inet6" -} -expect { - timeout {puts "TESTING ERROR 15\n";exit} - "2001:db8:0:f101::1" -} -expect { - timeout {puts "TESTING ERROR 16\n";exit} - "Scope:Global" { puts "Debian\n"} - "scopeid 0x0" { puts "Arch\n"} -} - -send -- "exit\r" -sleep 2 - -send -- "firejail --debug --netfilter6=ipv6.net\r" -expect { - timeout {puts "TESTING ERROR 11\n";exit} - "Installing IPv6 firewall" {puts "TESTING ERROR 12\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -after 100 -send -- "exit\r" - - -after 100 -puts "\nall done\n" diff --git a/test/network/ip6.profile b/test/network/ip6.profile deleted file mode 100644 index 87afa3941..000000000 --- a/test/network/ip6.profile +++ /dev/null @@ -1,3 +0,0 @@ -net br0 -ip6 2001:0db8:0:f101::1/64 -netfilter6 ipv6.net diff --git a/test/network/iprange.exp b/test/network/iprange.exp deleted file mode 100755 index a4e5560c1..000000000 --- a/test/network/iprange.exp +++ /dev/null @@ -1,102 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --net=br1 --iprange=10.10.30.50,10.10.30.55\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "10.10.30.50" {puts "10.10.30.50\n"} - "10.10.30.51" {puts "10.10.30.51\n"} - "10.10.30.52" {puts "10.10.30.52\n"} - "10.10.30.53" {puts "10.10.30.53\n"} - "10.10.30.54" {puts "10.10.30.54\n"} - "10.10.30.55" {puts "10.10.30.55\n"} -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -after 100 -send -- "exit\r" -sleep 1 - -send -- "firejail --profile=iprange.profile\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "10.10.30.50" {puts "10.10.30.50\n"} - "10.10.30.51" {puts "10.10.30.51\n"} - "10.10.30.52" {puts "10.10.30.52\n"} - "10.10.30.53" {puts "10.10.30.53\n"} - "10.10.30.54" {puts "10.10.30.54\n"} - "10.10.30.55" {puts "10.10.30.55\n"} -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 8\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -after 100 -send -- "exit\r" -sleep 1 - - - -send -- "firejail --iprange=10.10.30.50,10.10.30.55\r" -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "no network device configured" -} -after 100 - -send -- "firejail --net=br1 --iprange=10.10.30.50,10.10.30.55 --iprange=10.10.30.50,10.10.30.55\r" -expect { - timeout {puts "TESTING ERROR 10\n";exit} - "cannot configure the IP range twice for the same interface" -} -after 100 - -send -- "firejail --net=br1 --iprange=10.10.30.50\r" -expect { - timeout {puts "TESTING ERROR 11\n";exit} - "invalid IP range" -} -after 100 - -send -- "firejail --net=br0 --iprange=10.10.30.50,10.10.30.55\r" -expect { - timeout {puts "TESTING ERROR 12\n";exit} - "IP range addresses not in network range" -} -after 100 - -send -- "firejail --net=br1 --iprange=10.10.30.55,10.10.30.50\r" -expect { - timeout {puts "TESTING ERROR 12\n";exit} - "invalid IP range" -} -after 100 - - -after 100 - -puts "\nall done\n" diff --git a/test/network/iprange.profile b/test/network/iprange.profile deleted file mode 100644 index ecc01cd93..000000000 --- a/test/network/iprange.profile +++ /dev/null @@ -1,2 +0,0 @@ -net br1 -iprange 10.10.30.50,10.10.30.55 diff --git a/test/network/ipv6.net b/test/network/ipv6.net deleted file mode 100644 index cc8f22943..000000000 --- a/test/network/ipv6.net +++ /dev/null @@ -1,8 +0,0 @@ -# Generated by ip6tables-save v1.4.14 on Wed Jan 13 10:53:40 2016 -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] --A INPUT -s 2001:db8:1f0a:3ec::2/128 -j DROP -COMMIT -# Completed on Wed Jan 13 10:53:40 2016 diff --git a/test/network/net-profile.profile b/test/network/net-profile.profile deleted file mode 100644 index 89e431939..000000000 --- a/test/network/net-profile.profile +++ /dev/null @@ -1,9 +0,0 @@ -net br0 -mac 00:11:22:33:44:55 -mtu 1000 -net br1 -ip 10.10.30.50 -net br2 -ip 10.10.40.100 -net br3 -defaultgw 10.10.20.2 diff --git a/test/network/net_arp.exp b/test/network/net_arp.exp deleted file mode 100755 index f3e1f6e25..000000000 --- a/test/network/net_arp.exp +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --net=br0 sleep 20 &\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -send -- "firejail --net=br0 sleep 20 &\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -send -- "firejail --net=br0 sleep 20 &\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -send -- "firejail --net=br0 sleep 20 &\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -send -- "firejail --net=br0 sleep 20 &\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} - -# will fail -send -- "firejail --net=br0 sleep 20 &\r" -expect { - timeout {puts "TESTING ERROR 5n";exit} - "cannot assign an IP address" -} - -send -- "firejail --net=br0 sleep 20 &\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "cannot assign an IP address" -} - -# check firejail --list -send -- "firejail --list\r" -expect { - timeout {puts "TESTING ERROR 7.1\n";exit} - "sleep 20" -} -expect { - timeout {puts "TESTING ERROR 7.2\n";exit} - "sleep 20" -} -expect { - timeout {puts "TESTING ERROR 7.3\n";exit} - "sleep 20" -} -expect { - timeout {puts "TESTING ERROR 7.4\n";exit} - "sleep 20" -} -expect { - timeout {puts "TESTING ERROR 7.5\n";exit} - "sleep 20" -} - -# wait for sandboxes to be shutdown -sleep 30 -puts "\n" diff --git a/test/network/net_badip.exp b/test/network/net_badip.exp deleted file mode 100755 index 3a45496c7..000000000 --- a/test/network/net_badip.exp +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check eth0 -send -- "firejail --net=br0 --net=br1 --ip=10.100.10.47\r" -expect { - timeout {puts "TESTING ERROR 0.0\n";exit} - "the IP address is not" -} -after 100 - -puts "\n" diff --git a/test/network/net_defaultgw.exp b/test/network/net_defaultgw.exp deleted file mode 100755 index ee1ac9882..000000000 --- a/test/network/net_defaultgw.exp +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --net=br0 --ip=10.10.20.5 --defaultgw=10.10.20.2 --protocol=unix,inet,netlink\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "10.10.20.5" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "255.255.255.248" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -# check default gateway -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.1\n";exit} - "default via 10.10.20.2 dev eth0" -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "old iproute2\n";} - "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "new iproute2\n";} -} -send -- "exit\r" -after 100 - -puts "\nall done\n" diff --git a/test/network/net_defaultgw2.exp b/test/network/net_defaultgw2.exp deleted file mode 100755 index 30c945718..000000000 --- a/test/network/net_defaultgw2.exp +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.30.89 --protocol=unix,inet,netlink\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "eth1" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -# check default gateway -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.1\n";exit} - "default via 10.10.30.89 dev eth1" -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "old iproute2\n";} - "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "new iproute2\n";} -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.3\n";exit} - "10.10.30.0/24 dev eth1 proto kernel scope link" {puts "old iproute2\n";} - "10.10.30.0/24 dev eth1 proto kernel scope link" {puts "new iproute2\n";} -} -send -- "exit\r" -after 100 - -puts "\nall done\n" diff --git a/test/network/net_defaultgw3.exp b/test/network/net_defaultgw3.exp deleted file mode 100755 index aa9bac156..000000000 --- a/test/network/net_defaultgw3.exp +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.95.89\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "default gateway 10.10.95.89 is not in the range of any network" -} - -after 100 - - -puts "\n" diff --git a/test/network/net_ip.exp b/test/network/net_ip.exp index 304b71814..251b55362 100755 --- a/test/network/net_ip.exp +++ b/test/network/net_ip.exp @@ -94,8 +94,40 @@ expect { } after 500 +send -- "firejail --noprofile --net=br0 --ip=none ip addr show\r" +expect { + timeout {puts "TESTING ERROR 17\n";exit} + "eth0" {puts "TESTING ERROR 18\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +expect { + timeout {puts "TESTING ERROR 19\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 20\n";exit} + "inet " {puts "TESTING ERROR 21\n";exit} + "inet6" +} +after 500 +send -- "firejail --net=br0 --mtu=1000 --noprofile ip link show\r" +expect { + timeout {puts "TESTING ERROR 22\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +expect { + timeout {puts "TESTING ERROR 23\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 24\n";exit} + "mtu 1000" +} +expect { + timeout {puts "TESTING ERROR 25\n";exit} + "state UP" +} - -after 100 +after 500 puts "\nall done\n" diff --git a/test/network/net_local.exp b/test/network/net_local.exp deleted file mode 100755 index 117b94212..000000000 --- a/test/network/net_local.exp +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --noprofile --debug\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Using the local network stack" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "exit\r" -sleep 1 - -# check loopback -send -- "firejail --noprofile\r" -expect { - timeout {puts "TESTING ERROR 9\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - - -send -- "/sbin/ifconfig\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "lo" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "127.0.0.1" -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "255.0.0.0" -} -send -- "exit\r" -after 100 - -puts "all done\n" diff --git a/test/network/net_macvlan2.exp b/test/network/net_macvlan2.exp deleted file mode 100755 index 0fcea53dd..000000000 --- a/test/network/net_macvlan2.exp +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --net=eth0 --net=eth0 --net=eth0 --net=eth0\r" -expect { - timeout {puts "TESTING ERROR 0.1\n";exit} - "eth0-" -} -expect { - timeout {puts "TESTING ERROR 0.2\n";exit} - "eth1-" -} -expect { - timeout {puts "TESTING ERROR 0.3\n";exit} - "eth2-" -} -expect { - timeout {puts "TESTING ERROR 0.4\n";exit} - "eth3-" -} -expect { - timeout {puts "TESTING ERROR 0.5\n";exit} - "Default gateway 192.168.1.1" -} -expect { - timeout {puts "TESTING ERROR 0.6\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -after 100 -send -- "exit\r" -sleep 1 - - -after 100 - -puts "\nall done\n" diff --git a/test/network/net_mtu.exp b/test/network/net_mtu.exp deleted file mode 100755 index b87db1296..000000000 --- a/test/network/net_mtu.exp +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --net=br0 --mtu=1000 --noprofile\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ip link show\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "mtu 1000" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "state UP" -} -send -- "exit\r" -after 100 - -puts "\nall done\n" diff --git a/test/network/net_netfilter.exp b/test/network/net_netfilter.exp index 97170a1b9..56480251e 100755 --- a/test/network/net_netfilter.exp +++ b/test/network/net_netfilter.exp @@ -8,83 +8,20 @@ spawn $env(SHELL) match_max 100000 # check default netfilter on br0 -send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter\r" +send -- "firejail --name=test --net=br0 --netfilter\r" expect { timeout {puts "TESTING ERROR 0\n";exit} - "Installing firewall" -} -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "Chain INPUT (policy DROP" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "ACCEPT all -- any any anywhere" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "ACCEPT icmp -- any any anywhere" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } -sleep 1 -send -- "exit\r" -sleep 1 +sleep 2 +spawn $env(SHELL) # check default netfilter no new network -send -- "firejail --debug --noprofile --netfilter\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "Installing network filter" {puts "TESTING ERROR 5.1\n";exit} - "Chain INPUT (policy DROP" {puts "TESTING ERROR 5.1\n";exit} - "ACCEPT all -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} - "ACCEPT icmp -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "exit\r" -sleep 1 - -# check file filter netfilter on br0 -send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter=netfilter.filter\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "Installing firewall" -} -expect { - timeout {puts "TESTING ERROR 6.1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "ping -c 1 -w 3 10.10.20.1\r" -expect { - timeout {puts "TESTING ERROR 6.2\n";exit} - "0 received, 100% packet loss" -} - -send -- "exit\r" -sleep 1 - -# check profile netfilter on br0 -send -- "firejail --debug --net=br0 --ip=10.10.20.5 --profile=netfilter.profile\r" +send -- "firejail --netfilter.print=test\r" expect { - timeout {puts "TESTING ERROR 7\n";exit} - "Installing firewall" -} -expect { - timeout {puts "TESTING ERROR 7.1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 2 -send -- "ping -c 1 -w 3 10.10.20.1\r" -expect { - timeout {puts "TESTING ERROR 7.2\n";exit} - "0 received, 100% packet loss" + timeout {puts "TESTING ERROR 1\n";exit} + "ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED" } -send -- "exit\r" -after 100 - +after 500 puts "all done\n" diff --git a/test/network/net_noip.exp b/test/network/net_noip.exp deleted file mode 100755 index 7da2e85ef..000000000 --- a/test/network/net_noip.exp +++ /dev/null @@ -1,48 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --noprofile --net=br0 --ip=none\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "eth0" {puts "TESTING ERROR 1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "bash\r" -sleep 1 - -send -- "stty -echo\r" -after 100 - -# no default gateway configured -send -- "netstat -rn;echo done\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "0.0.0.0" {puts "TESTING ERROR 3\n";exit} - "eth0" {puts "TESTING ERROR 4\n";exit} - "done" -} -sleep 1 - -# eth0 configured -send -- "/sbin/ifconfig;echo done\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "10.10.20" {puts "TESTING ERROR 7\n";exit} - "done" -} -send -- "exit\r" -after 100 - -puts "all done\n" diff --git a/test/network/net_noip2.exp b/test/network/net_noip2.exp deleted file mode 100755 index a0828a0e7..000000000 --- a/test/network/net_noip2.exp +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --noprofile --net=br1 --ip=none --defaultgw=10.10.30.78\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "eth0" {puts "TESTING ERROR 1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "bash\r" -sleep 1 -send -- "stty -echo\r" -after 100 - -# no default gateway configured -send -- "netstat -rn;echo done\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "0.0.0.0" {puts "TESTING ERROR 3\n";exit} - "eth0" {puts "TESTING ERROR 4\n";exit} - "done" -} -sleep 1 - -# eth0 configured -send -- "/sbin/ifconfig;echo done\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "10.10.30" {puts "TESTING ERROR 7\n";exit} - "done" -} -send -- "exit\r" -after 100 - -puts "all done\n" diff --git a/test/network/net_none.exp b/test/network/net_none.exp index 6932c7e8a..24d11d383 100755 --- a/test/network/net_none.exp +++ b/test/network/net_none.exp @@ -38,6 +38,6 @@ expect { "3" } send -- "exit\r" -after 100 +after 500 puts "\nall done\n" diff --git a/test/network/net_profile.exp b/test/network/net_profile.exp deleted file mode 100755 index d9ce166fd..000000000 --- a/test/network/net_profile.exp +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check eth0 -send -- "firejail --profile=net-profile.profile\r" -expect { - timeout {puts "TESTING ERROR 0.0\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 0.1\n";exit} - "00:11:22:33:44:55" -} -expect { - timeout {puts "TESTING ERROR 0.1\n";exit} - "10.10.20" -} -expect { - timeout {puts "TESTING ERROR 0.2\n";exit} - "255.255.255.248" -} -expect { - timeout {puts "TESTING ERROR 0.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 0.4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" {puts "old iproute2\n";} - "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" {puts "new iproute2\n";} -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" {puts "old iproute2\n";} - "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" {puts "new iproute2\n";} -} - - -# check default gw -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "default via 10.10.20.2 dev eth0" -} - -# check mtu -send -- "ip link show\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "mtu 1000" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "state UP" -} - -send -- "exit\r" -after 100 - -puts "\nall done\n" diff --git a/test/network/net_scan.exp b/test/network/net_scan.exp index 8d3e95f29..0369ab9aa 100755 --- a/test/network/net_scan.exp +++ b/test/network/net_scan.exp @@ -8,14 +8,14 @@ spawn $env(SHELL) match_max 100000 # -send -- "firejail --net=br1 --ip=10.10.30.50\r" +send -- "firejail --net=br0 --ip=10.10.20.50\r" expect { timeout {puts "TESTING ERROR 0\n";exit} "eth0" } expect { timeout {puts "TESTING ERROR 1\n";exit} - "10.10.30.50" + "10.10.20.50" } expect { timeout {puts "TESTING ERROR 2\n";exit} @@ -28,14 +28,14 @@ expect { sleep 1 spawn $env(SHELL) -send -- "firejail --net=br1 --ip=10.10.30.51\r" +send -- "firejail --net=br0 --ip=10.10.20.60\r" expect { timeout {puts "TESTING ERROR 4\n";exit} "eth0" } expect { timeout {puts "TESTING ERROR 5\n";exit} - "10.10.30.51" + "10.10.20.60" } expect { timeout {puts "TESTING ERROR 6\n";exit} @@ -48,18 +48,18 @@ expect { sleep 1 spawn $env(SHELL) -send -- "firejail --net=br1 --scan\r" +send -- "firejail --net=br0 --scan\r" expect { timeout {puts "TESTING ERROR 8\n";exit} "eth0" } expect { timeout {puts "TESTING ERROR 9\n";exit} - "10.10.30.50" + "10.10.20.50" } expect { timeout {puts "TESTING ERROR 10\n";exit} - "10.10.30.51" + "10.10.20.60" } expect { timeout {puts "TESTING ERROR 11\n";exit} @@ -67,8 +67,4 @@ expect { } sleep 1 - - -after 100 - puts "\nall done\n" diff --git a/test/network/net_unconfigured.exp b/test/network/net_unconfigured.exp deleted file mode 100755 index 7a9f05236..000000000 --- a/test/network/net_unconfigured.exp +++ /dev/null @@ -1,244 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --noprofile --net=br-unconfigured --ip=none\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "eth0" {puts "TESTING ERROR 1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "bash\r" -sleep 1 - -send -- "stty -echo\r" -after 100 - -# no default gateway configured -send -- "netstat -rn;echo done\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "0.0.0.0" {puts "TESTING ERROR 3\n";exit} - "eth0" {puts "TESTING ERROR 4\n";exit} - "done" -} -sleep 1 - -# eth0 configured -send -- "/sbin/ifconfig;echo done\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "done" -} -send -- "exit\r" -after 100 -send -- "exit\r" -after 100 - - - -# check ip address -send -- "firejail --noprofile --net=br-unconfigured\r" -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "eth0" {puts "TESTING ERROR 8\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "bash\r" -sleep 1 - -send -- "stty -echo\r" -after 100 - -# no default gateway configured -send -- "netstat -rn;echo done\r" -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "0.0.0.0" {puts "TESTING ERROR 10\n";exit} - "eth0" {puts "TESTING ERROR 11\n";exit} - "done" -} -sleep 1 - -# eth0 configured -send -- "/sbin/ifconfig;echo done\r" -expect { - timeout {puts "TESTING ERROR 12\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 13\n";exit} - "done" -} -send -- "exit\r" -after 100 -send -- "exit\r" -after 100 - - -# check ip address -send -- "firejail --noprofile --net=br-unconfigured --defaultgw=10.10.80.1\r" -expect { - timeout {puts "TESTING ERROR 14\n";exit} - "eth0" {puts "TESTING ERROR 15\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "bash\r" -sleep 1 - -send -- "stty -echo\r" -after 100 - -# no default gateway configured -send -- "netstat -rn;echo done\r" -expect { - timeout {puts "TESTING ERROR 16\n";exit} - "0.0.0.0" {puts "TESTING ERROR 17\n";exit} - "eth0" {puts "TESTING ERROR 18\n";exit} - "done" -} -sleep 1 - -# eth0 configured -send -- "/sbin/ifconfig;echo done\r" -expect { - timeout {puts "TESTING ERROR 19\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 20\n";exit} - "done" -} -send -- "exit\r" -after 100 -send -- "exit\r" -after 100 - - -# check ip address -send -- "firejail --noprofile --net=br-unconfigured --ip=10.10.80.1 --defaultgw=10.10.80.1\r" -expect { - timeout {puts "TESTING ERROR 21\n";exit} - "eth0" {puts "TESTING ERROR 22\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "bash\r" -sleep 1 - -send -- "stty -echo\r" -after 100 - -# no default gateway configured -send -- "netstat -rn;echo done\r" -expect { - timeout {puts "TESTING ERROR 23\n";exit} - "0.0.0.0" {puts "TESTING ERROR 24\n";exit} - "eth0" {puts "TESTING ERROR 25\n";exit} - "done" -} -sleep 1 - -# eth0 configured -send -- "/sbin/ifconfig;echo done\r" -expect { - timeout {puts "TESTING ERROR 26\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 27\n";exit} - "done" -} -send -- "exit\r" -after 100 -send -- "exit\r" -after 100 - - -# check ip address -send -- "firejail --noprofile --net=br-unconfigured --ip=10.10.80.1 --netmask=255.255.255.0 --defaultgw=10.10.80.1\r" -expect { - timeout {puts "TESTING ERROR 28\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 29\n";exit} - "10.10.80.1" -} -expect { - timeout {puts "TESTING ERROR 30\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "bash\r" -sleep 1 - -send -- "stty -echo\r" -after 100 - -# no default gateway configured -send -- "netstat -rn;echo done\r" -expect { - timeout {puts "TESTING ERROR 31\n";exit} - "0.0.0.0" -} -expect { - timeout {puts "TESTING ERROR 32\n";exit} - "10.10.80.1" -} -expect { - timeout {puts "TESTING ERROR 33\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 34\n";exit} - "10.10.80.0" -} -expect { - timeout {puts "TESTING ERROR 35\n";exit} - "0.0.0.0" -} -expect { - timeout {puts "TESTING ERROR 36\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 37\n";exit} - "done" -} -sleep 1 - -# eth0 configured -send -- "/sbin/ifconfig;echo done\r" -expect { - timeout {puts "TESTING ERROR 38\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 39\n";exit} - "10.10.80.1" -} -expect { - timeout {puts "TESTING ERROR 40\n";exit} - "done" -} -send -- "exit\r" -after 100 -send -- "exit\r" -after 100 - - -puts "all done\n" diff --git a/test/network/net_veth.exp b/test/network/net_veth.exp deleted file mode 100755 index c8c0c47e1..000000000 --- a/test/network/net_veth.exp +++ /dev/null @@ -1,141 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --net=eth0\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "lo" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "127.0.0.1" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "255.0.0.0" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "eth0-" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 8\n";exit} - "Default gateway" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "exit\r" -sleep 1 - -send -- "firejail --net=eth0 --net=eth0 --net=eth0 --net=eth0\r" -expect { - timeout {puts "TESTING ERROR 11\n";exit} - "lo" -} -expect { - timeout {puts "TESTING ERROR 12\n";exit} - "127.0.0.1" -} -expect { - timeout {puts "TESTING ERROR 13\n";exit} - "255.0.0.0" -} -expect { - timeout {puts "TESTING ERROR 14\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 15\n";exit} - "eth0-" -} -expect { - timeout {puts "TESTING ERROR 16\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 17\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 18\n";exit} - "eth1-" -} -expect { - timeout {puts "TESTING ERROR 19\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 20\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "eth2-" -} -expect { - timeout {puts "TESTING ERROR 21\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 22\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 23\n";exit} - "eth3-" -} -expect { - timeout {puts "TESTING ERROR 24\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 25\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 26\n";exit} - "Default gateway" -} -expect { - timeout {puts "TESTING ERROR 27\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "exit\r" -sleep 1 - -send -- "firejail --net=eth0 --ip=10.10.20.1\r" -expect { - timeout {puts "TESTING ERROR 27\n";exit} - "the IP address is not in the interface range" -} - - - - - - -after 100 - -puts "\n" diff --git a/test/network/netfilter-template.exp b/test/network/netfilter-template.exp deleted file mode 100755 index 0a3386965..000000000 --- a/test/network/netfilter-template.exp +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - - -send -- "firejail --net=br1 --ip=10.10.30.10 --name=test1 --netfilter=/etc/firejail/blablabla\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "invalid network filter file" -} -sleep 1 - -send -- "firejail --net=br1 --ip=10.10.30.10 --name=test1 --netfilter=/etc/firejail/tcpserver.net,5555 ./tcpserver 5555\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -spawn $env(SHELL) -send -- "firejail --netfilter.print=test1\r" -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "Chain INPUT" -} -expect { - timeout {puts "TESTING ERROR 1.2\n";exit} - "Chain FORWARD" -} -expect { - timeout {puts "TESTING ERROR 1.3\n";exit} - "Chain OUTPUT" -} -sleep 1 - -send -- "telnet 10.10.30.10 5555\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "Connected to 10.10.30.10" -} -sleep 1 - -send "sdfklsjadfl;ksadjfl;sdkfj\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "response" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "Connection closed" -} -sleep 1 - -send -- "telnet 10.10.30.10 5556\r" -expect { - timeout {puts "OK\n"} - "Connected to 10.10.30.10" {puts "TESTING ERROR 6\n";exit} - "dikasdfjasdjf" -} - -after 100 -puts "all done\n" diff --git a/test/network/netfilter.filter b/test/network/netfilter.filter deleted file mode 100644 index 3e232065c..000000000 --- a/test/network/netfilter.filter +++ /dev/null @@ -1,6 +0,0 @@ -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] --A INPUT -i lo -j ACCEPT -COMMIT diff --git a/test/network/netfilter.profile b/test/network/netfilter.profile deleted file mode 100644 index 824c6cd0f..000000000 --- a/test/network/netfilter.profile +++ /dev/null @@ -1 +0,0 @@ -netfilter netfilter.filter diff --git a/test/network/netns.exp b/test/network/netns.exp deleted file mode 100755 index 048dbfa93..000000000 --- a/test/network/netns.exp +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --netns=red --noprofile\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -after 100 - -send -- "ip link show\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "LOOPBACK" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "DOWN" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "link/loopback" -} -after 100 -send -- "exit\r" -after 100 - -puts "all done\n" diff --git a/test/network/netstats.exp b/test/network/netstats.exp deleted file mode 100755 index a41acac68..000000000 --- a/test/network/netstats.exp +++ /dev/null @@ -1,38 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --net=eth0 --name=test1\r" -expect { - timeout {puts "TESTING ERROR 9\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -spawn $env(SHELL) -send -- "firejail --net=eth0 --name=test2\r" -expect { - timeout {puts "TESTING ERROR 9\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -spawn $env(SHELL) -send -- "firejail --netstats\r" -sleep 4 -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "name=test1" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "name=test2" -} -after 100 - -puts "\n" diff --git a/test/network/network.sh b/test/network/network.sh index 6bb8332ee..319927493 100755 --- a/test/network/network.sh +++ b/test/network/network.sh @@ -10,9 +10,6 @@ export LC_ALL=C sudo brctl addbr br0 sudo ip link set br0 up sudo ip addr add 10.10.20.1/24 dev br0 -sudo brctl addbr br1 -sudo ip link set br1 up -sudo ip addr add 10.10.30.1/24 dev br1 ip addr show echo "TESTING: no network (net_none.exp)" @@ -24,92 +21,14 @@ echo "TESTING: network IP (net_ip.exp)" echo "TESTING: network MAC (net_mac.exp)" ./net_mac.exp +echo "TESTING: network scan (net_scan.exp)" +./net_scan.exp +echo "TESTING: netfilter (net_netfilter.exp)" +./net_netfilter.exp -#echo "TESTING: unconfigured network (net_unconfigured.exp)" -#./net_unconfigured.exp -# -#echo "TESTING: netfilter template (netfilter-template.exp)" -#rm -f ./tcpserver -#gcc -o tcpserver tcpserver.c -#./netfilter-template.exp -#rm ./tcpserver -# -#echo "TESTING: firemon interface (firemon-interfaces.exp)" -#sudo ./firemon-interfaces.exp -# -#echo "TESTING: netns (netns.exp)" -#./netns.exp -# -#echo "TESTING: print dns (dns-print.exp)" -#./dns-print.exp -# -#echo "TESTING: firemon arp (firemon-arp.exp)" -#./firemon-arp.exp -# -#echo "TESTING: firemon netstats (netstats.exp)" -#./netstats.exp -# -#echo "TESTING: firemon route (firemon-route.exp)" -#./firemon-route.exp -# -#echo "TESTING: network profile (net_profile.exp)" -#./net_profile.exp -# -#echo "TESTING: bandwidth (bandwidth.exp)" -#./bandwidth.exp -# -#echo "TESTING: IPv6 support (ip6.exp)" -#./ip6.exp -# -#echo "TESTING: local network (net_local.exp)" -#./net_local.exp -# -# -#echo "TESTING: network MTU (net_mtu.exp)" -#./net_mtu.exp -# -#echo "TESTING: network bad IP (net_badip.exp)" -#./net_badip.exp -# -#echo "TESTING: network no IP test 1 (net_noip.exp)" -#./net_noip.exp -# -#echo "TESTING: network no IP test 2 (net_noip2.exp)" -#./net_noip2.exp -# -#echo "TESTING: network default gateway test 1 (net_defaultgw.exp)" -#./net_defaultgw.exp -# -#echo "TESTING: network default gateway test 2 (net_defaultgw2.exp)" -#./net_defaultgw2.exp -# -#echo "TESTING: network default gateway test 3 (net_defaultgw3.exp)" -#./net_defaultgw3.exp -# -#echo "TESTING: scan (net_scan.exp)" -#./net_scan.exp -# -#echo "TESTING: interface (interface.exp)" -#./interface.exp -# -#echo "TESTING: veth (net_veth.exp)" -#./net_veth.exp -# -#echo "TESTING: netfilter (net_netfilter.exp)" -#./net_netfilter.exp -# -#echo "TESTING: iprange (iprange.exp)" -#./iprange.exp -# -#echo "TESTING: veth-name (veth-name.exp)" -#./veth-name.exp -# -#echo "TESTING: macvlan2 (net_macvlan2.exp)" -#./net_macvlan2.exp -# -#echo "TESTING: 4 bridges ARP (4bridges_arp.exp)" -#./4bridges_arp.exp -# -#echo "TESTING: 4 bridges IP (4bridges_ip.exp)" -#./4bridges_ip.exp +echo "TESTING: print dns (dns-print.exp)" +./dns-print.exp + +sudo ip link set br0 down +sudo brctl delbr br0 diff --git a/test/network/tcpserver.c b/test/network/tcpserver.c deleted file mode 100644 index 639fbf868..000000000 --- a/test/network/tcpserver.c +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright (C) 2014-2023 Firejail Authors - * - * This file is part of firejail project - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -*/ -#include -#include -#include -#include -#include -#include - - -int main(int argc, char **argv) { - int fd, newfd, client_len; - struct sockaddr_in serv_addr, client_addr; - int n, pid; - - if (argc < 2) { - printf("Usage: ./server port-number\n"); - return 1; - } - int portno = atoi(argv[1]); - - // init socket - fd = socket(AF_INET, SOCK_STREAM, 0); - if (fd < 0) { - perror("ERROR opening socket"); - return 1; - } - - // Initialize socket structure - memset(&serv_addr, 0, sizeof(serv_addr)); - - serv_addr.sin_family = AF_INET; - serv_addr.sin_addr.s_addr = INADDR_ANY; - serv_addr.sin_port = htons(portno); - - // bind - if (bind(fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) { - perror("bind"); - return 1; - } - - // listen - 5 pending conncections - if (listen(fd, 5) < 0) { - perror("listen"); - return 1; - } - client_len = sizeof(client_addr); - - while (1) { - newfd = accept(fd, (struct sockaddr *) &client_addr, &client_len); - - if (newfd < 0) { - perror("accept"); - return 1; - } - - /* Create child process */ - pid = fork(); - - if (pid < 0) { - perror("fork"); - return 1; - } - - if (pid == 0) { - // child - close(fd); -#define MAXBUF 4096 - char buf[MAXBUF]; - memset(buf, 0, MAXBUF); - - int rcv = read(newfd, buf, MAXBUF - 1); - if (rcv < 0) { - perror("read"); - exit(1); - } - - int sent = write(newfd, "response\n", 9); - if (sent < 9) { - perror("write"); - return 1; - } - - exit(0); - } - else - close(newfd); - } - - return 0; -} diff --git a/test/network/veth-name.exp b/test/network/veth-name.exp deleted file mode 100755 index 14ab27850..000000000 --- a/test/network/veth-name.exp +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# -send -- "firejail --net=br1 --ip=10.10.30.50 --veth-name=blablabla\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "10.10.30.50" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -spawn $env(SHELL) -send -- "ip link show\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "blablabla" -} -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "master br1 state UP" -} -sleep 1 - - -send -- "firejail --profile=veth-name.profile\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "10.10.60.51" -} -expect { - timeout {puts "TESTING ERROR 8\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -spawn $env(SHELL) -send -- "ip link show\r" -expect { - timeout {puts "TESTING ERROR 10\n";exit} - "bingo" -} -expect { - timeout {puts "TESTING ERROR 11\n";exit} - "master br4 state UP" -} -sleep 1 - - -after 100 -puts "\nall done\n" diff --git a/test/network/veth-name.profile b/test/network/veth-name.profile deleted file mode 100644 index f00a74d63..000000000 --- a/test/network/veth-name.profile +++ /dev/null @@ -1,3 +0,0 @@ -net br4 -ip 10.10.60.51 -veth-name bingo -- cgit v1.2.3-54-g00ecf