From 54fc70b7bf4e3f74c63d068a873de5a9ddf78330 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 4 Apr 2016 22:01:33 -0400 Subject: grsecurity: network testing --- test/4bridges_arp.exp | 37 ++++++++++++++++--------------------- test/4bridges_ip.exp | 35 +++++++++++++++++------------------ test/net_defaultgw.exp | 35 ++++++++--------------------------- test/net_defaultgw2.exp | 47 +++++++++++------------------------------------ test/net_ip.exp | 33 +++++++-------------------------- 5 files changed, 59 insertions(+), 128 deletions(-) diff --git a/test/4bridges_arp.exp b/test/4bridges_arp.exp index 3004082e6..6a3e6db2a 100755 --- a/test/4bridges_arp.exp +++ b/test/4bridges_arp.exp @@ -115,7 +115,7 @@ sleep 2 # check loopback -send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" +send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3 --protocol=unix,inet,netlink\r" expect { timeout {puts "TESTING ERROR 5\n";exit} "lo" @@ -136,40 +136,35 @@ expect { timeout {puts "TESTING ERROR 9\n";exit} "Child process initialized" } +sleep 1 # check default gateway -send -- "bash\r" -sleep 1 -send -- "netstat -rn;pwd\r" +send -- "ip route show\r" expect { timeout {puts "TESTING ERROR 10.1\n";exit} - "0.0.0.0" + "default via 10.10.20.1 dev eth0" } +send -- "ip route show\r" expect { timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.20.1" -} -expect { - timeout {puts "TESTING ERROR 10.3\n";exit} - "eth0" + "10.10.20.0/29 dev eth0 proto kernel scope link" } +send -- "ip route show\r" expect { - timeout {puts "TESTING ERROR 10.4\n";exit} - "10.10.20.0" -} -expect { - timeout {puts "TESTING ERROR 10.5\n";exit} - "0.0.0.0" + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.30.0/24 dev eth1 proto kernel scope link" } +send -- "ip route show\r" expect { - timeout {puts "TESTING ERROR 10.6\n";exit} - "eth0" + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.40.0/24 dev eth2 proto kernel scope link" } +send -- "ip route show\r" expect { - timeout {puts "TESTING ERROR 10\n";exit} - "home" + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.50.0/24 dev eth3 proto kernel scope link" } sleep 1 -puts "\n" +puts "\nall done\n" diff --git a/test/4bridges_ip.exp b/test/4bridges_ip.exp index 9e37b4ff4..8068aeebb 100755 --- a/test/4bridges_ip.exp +++ b/test/4bridges_ip.exp @@ -115,7 +115,7 @@ sleep 2 # check loopback -send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" +send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3 --protocol=unix,inet,netlink\r" expect { timeout {puts "TESTING ERROR 5\n";exit} "lo" @@ -138,38 +138,37 @@ expect { } # check default gateway -send -- "bash\r" -sleep 1 -send -- "netstat -rn;pwd\r" +send -- "ip route show\r" expect { timeout {puts "TESTING ERROR 10.1\n";exit} - "0.0.0.0" + "default via 10.10.20.1 dev eth0" } + +send -- "ip route show\r" expect { timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.20.1" + "10.10.20.0/29 dev eth0 proto kernel scope link" } + +send -- "ip route show\r" expect { timeout {puts "TESTING ERROR 10.3\n";exit} - "eth0" + "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" } + +send -- "ip route show\r" expect { timeout {puts "TESTING ERROR 10.4\n";exit} - "10.10.20.0" + "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" } + +send -- "ip route show\r" expect { timeout {puts "TESTING ERROR 10.5\n";exit} - "0.0.0.0" -} -expect { - timeout {puts "TESTING ERROR 10.6\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 10\n";exit} - "home" + "10.10.50.0/24 dev eth3 proto kernel scope link" } + sleep 1 -puts "\n" +puts "\nall done\n" diff --git a/test/net_defaultgw.exp b/test/net_defaultgw.exp index 9820660b7..840f2ccac 100755 --- a/test/net_defaultgw.exp +++ b/test/net_defaultgw.exp @@ -5,7 +5,7 @@ spawn $env(SHELL) match_max 100000 # check ip address -send -- "firejail --net=br0 --ip=10.10.20.5 --defaultgw=10.10.20.2\r" +send -- "firejail --net=br0 --ip=10.10.20.5 --defaultgw=10.10.20.2 --protocol=unix,inet,netlink\r" expect { timeout {puts "TESTING ERROR 0\n";exit} "eth0" @@ -26,40 +26,21 @@ expect { timeout {puts "TESTING ERROR 4\n";exit} "Child process initialized" } +sleep 1 # check default gateway -send -- "bash\r" -sleep 1 -send -- "netstat -rn;pwd\r" +send -- "ip route show\r" expect { timeout {puts "TESTING ERROR 10.1\n";exit} - "0.0.0.0" + "default via 10.10.20.2 dev eth0" } + +send -- "ip route show\r" expect { timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.20.2" -} -expect { - timeout {puts "TESTING ERROR 10.3\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 10.4\n";exit} - "10.10.20.0" -} -expect { - timeout {puts "TESTING ERROR 10.5\n";exit} - "0.0.0.0" -} -expect { - timeout {puts "TESTING ERROR 10.6\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 10\n";exit} - "home" + "10.10.20.0/29 dev eth0 proto kernel scope link" } sleep 1 -puts "\n" +puts "\nall done\n" diff --git a/test/net_defaultgw2.exp b/test/net_defaultgw2.exp index be9b4882a..db14e17cb 100755 --- a/test/net_defaultgw2.exp +++ b/test/net_defaultgw2.exp @@ -5,7 +5,7 @@ spawn $env(SHELL) match_max 100000 # check ip address -send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.30.89\r" +send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.30.89 --protocol=unix,inet,netlink\r" expect { timeout {puts "TESTING ERROR 0\n";exit} "eth1" @@ -14,52 +14,27 @@ expect { timeout {puts "TESTING ERROR 4\n";exit} "Child process initialized" } +sleep 1 # check default gateway -send -- "bash\r" -sleep 1 -send -- "netstat -rn;pwd\r" +send -- "ip route show\r" expect { timeout {puts "TESTING ERROR 10.1\n";exit} - "0.0.0.0" + "default via 10.10.30.89 dev eth1" } + +send -- "ip route show\r" expect { timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.30.89" + "10.10.20.0/29 dev eth0 proto kernel scope link" } + +send -- "ip route show\r" expect { timeout {puts "TESTING ERROR 10.3\n";exit} - "eth1" -} -expect { - timeout {puts "TESTING ERROR 10.4\n";exit} - "10.10.20.0" -} -expect { - timeout {puts "TESTING ERROR 10.5\n";exit} - "0.0.0.0" -} -expect { - timeout {puts "TESTING ERROR 10.6\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 10.4\n";exit} - "10.10.30.0" -} -expect { - timeout {puts "TESTING ERROR 10.5\n";exit} - "0.0.0.0" -} -expect { - timeout {puts "TESTING ERROR 10.6\n";exit} - "eth1" -} -expect { - timeout {puts "TESTING ERROR 10\n";exit} - "home" + "10.10.30.0/24 dev eth1 proto kernel scope link" } sleep 1 -puts "\n" +puts "\nall done\n" diff --git a/test/net_ip.exp b/test/net_ip.exp index 5995296c7..f5d487ecc 100755 --- a/test/net_ip.exp +++ b/test/net_ip.exp @@ -31,7 +31,7 @@ send -- "exit\r" sleep 2 # check loopback -send -- "firejail --net=br0 --ip=10.10.20.5\r" +send -- "firejail --net=br0 --ip=10.10.20.5 --protocol=unix,inet,netlink\r" expect { timeout {puts "TESTING ERROR 5\n";exit} "lo" @@ -52,38 +52,19 @@ expect { timeout {puts "TESTING ERROR 9\n";exit} "Child process initialized" } +sleep 1 # check default gateway -send -- "bash\r" -sleep 1 -send -- "netstat -rn;pwd\r" +send -- "ip route show\r" expect { timeout {puts "TESTING ERROR 10.1\n";exit} - "0.0.0.0" -} -expect { - timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.20.1" -} -expect { - timeout {puts "TESTING ERROR 10.3\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 10.4\n";exit} - "10.10.20.0" -} -expect { - timeout {puts "TESTING ERROR 10.5\n";exit} - "0.0.0.0" -} -expect { - timeout {puts "TESTING ERROR 10.6\n";exit} - "eth0" + "default via 10.10.20.1 dev eth0" } + +send -- "ip route show\r" expect { timeout {puts "TESTING ERROR 10\n";exit} - "home" + "10.10.20.0/29 dev eth0 proto kernel scope link" } sleep 1 -- cgit v1.2.3-54-g00ecf