From c79beb5a151e28e1185e380638073d259f0da24b Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 6 Mar 2023 16:09:33 -0500 Subject: testing --- gcov.sh | 142 +++++++++++++-------------------------------- src/firejail/network.c | 46 +++++++-------- test/network/ip6.exp | 48 +++++++++++++++ test/network/ip6.profile | 3 + test/network/net-print.exp | 34 +++++++++++ test/network/network.sh | 6 ++ 6 files changed, 153 insertions(+), 126 deletions(-) create mode 100755 test/network/ip6.exp create mode 100644 test/network/ip6.profile create mode 100755 test/network/net-print.exp diff --git a/gcov.sh b/gcov.sh index 34fb6e03e..9b02d801c 100755 --- a/gcov.sh +++ b/gcov.sh @@ -3,111 +3,47 @@ # Copyright (C) 2014-2023 Firejail Authors # License GPL v2 -gcov_init() { - USER="$(whoami)" - firejail --help > /dev/null - firemon --help > /dev/null - /usr/lib/firejail/fnet --help > /dev/null - /usr/lib/firejail/fseccomp --help > /dev/null - /usr/lib/firejail/ftee --help > /dev/null - /usr/lib/firejail/fcopy --help > /dev/null - /usr/lib/firejail/fldd --help > /dev/null - firecfg --help > /dev/null - - /usr/lib/firejail/fnetfilter --help > /dev/null - /usr/lib/firejail/fsec-print --help > /dev/null - /usr/lib/firejail/fsec-optimize --help > /dev/null - /usr/lib/firejail/faudit --help > /dev/null - /usr/lib/firejail/fbuilder --help > /dev/null +# GCOV test setup +# required: sudo, lcov (apt-get install lcov) +# setup: make distclean && ./configure --prefix=/usr --enable-apparmor --enable-gcov && make -j4 && sudo make install +# run as regular user: ./gcov.sh +# result in gcov-dir/index.html +gcov_generate() { + USER="$(whoami)" find . -exec sudo chown "$USER:$USER" '{}' + -} - -generate() { - lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-new - lcov --add-tracefile gcov-file-old --add-tracefile gcov-file-new --output-file gcov-file - rm -fr gcov-dir + lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \ + -d src/fnet -d src/fnetfilter --output-file gcov-file genhtml -q gcov-file --output-directory gcov-dir - find . -name '*.gcda' -exec sudo rm '{}' + - cp gcov-file gcov-file-old - gcov_init } - -gcov_init -lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-old - -#make test-utils -#generate -#sleep 2 -#exit - - -# running tests -make test-root -generate -sleep 2 - -make test-chroot -generate -sleep 2 - -make test-network -generate -sleep 2 - -make test-stress -generate -sleep 2 - -make test-ssh -generate -sleep 2 - -make test-appimage -generate -sleep 2 - -make test-overlay -generate -sleep 2 - -make test-fcopy -generate -sleep 2 - -make test-profiles -generate -sleep 2 - -make test-fs -generate -sleep 2 - -make test-utils -generate -sleep 2 - -make test-environment -generate -sleep 2 - -make test-apps -generate -sleep 2 - -make test-apps-x11 -generate -sleep 2 - -make test-apps-x11-xorg -generate -sleep 2 - -make test-filters -generate -sleep 2 - -make test-arguments -generate -sleep 2 +rm -fr gcov-dir gcov-file +firejail --version +gcov_generate + +#make test-firecfg | grep TESTING +#gcov_generate +#make test-apparmor | grep TESTING +#gcov_generate +make test-network | grep TESTING +gcov_generate +#make test-appimage | grep TESTING +#gcov_generate +#make test-chroot | grep TESTING +#gcov_generate +#make test-sysutils | grep TESTING +#gcov_generate +#make test-private-etc | grep TESTING +#gcov_generate +#make test-profiles | grep TESTING +#gcov_generate +#make test-fcopy | grep TESTING +#gcov_generate +make test-fnetfilter | grep TESTING +gcov_generate +#make test-fs | grep TESTING +#gcov_generate +#make test-utils | grep TESTING +#gcov_generate +#make test-environment | grep TESTING +#gcov_generate diff --git a/src/firejail/network.c b/src/firejail/network.c index c1adf87cc..19c4b5244 100644 --- a/src/firejail/network.c +++ b/src/firejail/network.c @@ -89,29 +89,29 @@ int net_get_mtu(const char *ifname) { return mtu; } -void net_set_mtu(const char *ifname, int mtu) { - if (strlen(ifname) > IFNAMSIZ) { - fprintf(stderr, "Error: invalid network device name %s\n", ifname); - exit(1); - } - - if (arg_debug) - printf("set interface %s MTU %d.\n", ifname, mtu); - - int s; - struct ifreq ifr; - - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) - errExit("socket"); - - memset(&ifr, 0, sizeof(ifr)); - ifr.ifr_addr.sa_family = AF_INET; - strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); - ifr.ifr_mtu = mtu; - if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) != 0) - fwarning("cannot set mtu for interface %s\n", ifname); - close(s); -} +//void net_set_mtu(const char *ifname, int mtu) { +// if (strlen(ifname) > IFNAMSIZ) { +// fprintf(stderr, "Error: invalid network device name %s\n", ifname); +// exit(1); +// } +// +// if (arg_debug) +// printf("set interface %s MTU %d.\n", ifname, mtu); +// +// int s; +// struct ifreq ifr; +// +// if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) +// errExit("socket"); +// +// memset(&ifr, 0, sizeof(ifr)); +// ifr.ifr_addr.sa_family = AF_INET; +// strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); +// ifr.ifr_mtu = mtu; +// if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) != 0) +// fwarning("cannot set mtu for interface %s\n", ifname); +// close(s); +//} // return -1 if the interface was not found; if the interface was found retrn 0 and fill in IP address and mask int net_get_if_addr(const char *bridge, uint32_t *ip, uint32_t *mask, uint8_t mac[6], int *mtu) { diff --git a/test/network/ip6.exp b/test/network/ip6.exp new file mode 100755 index 000000000..e2e83fe0e --- /dev/null +++ b/test/network/ip6.exp @@ -0,0 +1,48 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2022 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --noprofile --net=br0 --ip6=2001:0db8:0:f101::1/64 ip addr show\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "inet6" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "2001:db8:0:f101::1/64" +} +sleep 1 + +send -- "firejail --profile=ip6.profile ip addr show\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "inet6" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "2001:db8:0:f101::1/64" +} +after 500 +puts "\nall done\n" +exit diff --git a/test/network/ip6.profile b/test/network/ip6.profile new file mode 100644 index 000000000..d4611ec41 --- /dev/null +++ b/test/network/ip6.profile @@ -0,0 +1,3 @@ +net br0 +ip6 2001:0db8:0:f101::1/64 +#netfilter6 ipv6.net diff --git a/test/network/net-print.exp b/test/network/net-print.exp new file mode 100755 index 000000000..691114cf4 --- /dev/null +++ b/test/network/net-print.exp @@ -0,0 +1,34 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2023 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --name=test --net=br0 --ip=10.10.20.9\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +sleep 1 + +spawn $env(SHELL) +send -- "firejail --net.print=test\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "lo" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "10.10.20.9" +} + +after 500 + +puts "\nall done\n" diff --git a/test/network/network.sh b/test/network/network.sh index 319927493..877f16156 100755 --- a/test/network/network.sh +++ b/test/network/network.sh @@ -27,8 +27,14 @@ echo "TESTING: network scan (net_scan.exp)" echo "TESTING: netfilter (net_netfilter.exp)" ./net_netfilter.exp +echo "TESTING: print network (net-print.exp)" +./net-print.exp + echo "TESTING: print dns (dns-print.exp)" ./dns-print.exp +echo "TESTING: ipv6 (ip6.exp)" +./ip6.exp + sudo ip link set br0 down sudo brctl delbr br0 -- cgit v1.2.3-70-g09d2