From 57bea6c8c4d1bd666ce57057b1cbb681b3cc4afc Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 3 May 2016 08:41:24 -0400 Subject: networking features testing --- test/network/4bridges_arp.exp | 170 ++++++++++++++++++++++++++++++++++++++ test/network/4bridges_ip.exp | 174 +++++++++++++++++++++++++++++++++++++++ test/network/bandwidth.exp | 62 ++++++++++++++ test/network/hostname.exp | 25 ++++++ test/network/ip6.exp | 43 ++++++++++ test/network/ipv6.net | 8 ++ test/network/net-profile.profile | 10 +++ test/network/net_arp.exp | 71 ++++++++++++++++ test/network/net_badip.exp | 16 ++++ test/network/net_defaultgw.exp | 46 +++++++++++ test/network/net_defaultgw2.exp | 40 +++++++++ test/network/net_defaultgw3.exp | 17 ++++ test/network/net_interface.exp | 88 ++++++++++++++++++++ test/network/net_ip.exp | 72 ++++++++++++++++ test/network/net_local.exp | 45 ++++++++++ test/network/net_mac.exp | 36 ++++++++ test/network/net_macvlan.exp | 88 ++++++++++++++++++++ test/network/net_mtu.exp | 30 +++++++ test/network/net_netfilter.exp | 88 ++++++++++++++++++++ test/network/net_noip.exp | 41 +++++++++ test/network/net_noip2.exp | 41 +++++++++ test/network/net_none.exp | 68 +++++++++++++++ test/network/net_none.profile | 1 + test/network/net_profile.exp | 73 ++++++++++++++++ test/network/netfilter.filter | 6 ++ test/network/netfilter.profile | 1 + 26 files changed, 1360 insertions(+) create mode 100755 test/network/4bridges_arp.exp create mode 100755 test/network/4bridges_ip.exp create mode 100755 test/network/bandwidth.exp create mode 100755 test/network/hostname.exp create mode 100755 test/network/ip6.exp create mode 100644 test/network/ipv6.net create mode 100644 test/network/net-profile.profile create mode 100755 test/network/net_arp.exp create mode 100755 test/network/net_badip.exp create mode 100755 test/network/net_defaultgw.exp create mode 100755 test/network/net_defaultgw2.exp create mode 100755 test/network/net_defaultgw3.exp create mode 100755 test/network/net_interface.exp create mode 100755 test/network/net_ip.exp create mode 100755 test/network/net_local.exp create mode 100755 test/network/net_mac.exp create mode 100755 test/network/net_macvlan.exp create mode 100755 test/network/net_mtu.exp create mode 100755 test/network/net_netfilter.exp create mode 100755 test/network/net_noip.exp create mode 100755 test/network/net_noip2.exp create mode 100755 test/network/net_none.exp create mode 100644 test/network/net_none.profile create mode 100755 test/network/net_profile.exp create mode 100644 test/network/netfilter.filter create mode 100644 test/network/netfilter.profile (limited to 'test/network') diff --git a/test/network/4bridges_arp.exp b/test/network/4bridges_arp.exp new file mode 100755 index 000000000..6a3e6db2a --- /dev/null +++ b/test/network/4bridges_arp.exp @@ -0,0 +1,170 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check eth0 +send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" +expect { + timeout {puts "TESTING ERROR 0.0\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 0.1\n";exit} + "10.10.20" +} +expect { + timeout {puts "TESTING ERROR 0.2\n";exit} + "255.255.255.248" +} +expect { + timeout {puts "TESTING ERROR 0.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 0.4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + +# check eth1 +send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" +expect { + timeout {puts "TESTING ERROR 1.0\n";exit} + "eth1" +} +expect { + timeout {puts "TESTING ERROR 1.1\n";exit} + "10.10.30" +} +expect { + timeout {puts "TESTING ERROR 1.2\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 1.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 1.4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + + +# check eth2 +send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" +expect { + timeout {puts "TESTING ERROR 2.0\n";exit} + "eth2" +} +expect { + timeout {puts "TESTING ERROR 2.1\n";exit} + "10.10.40" +} +expect { + timeout {puts "TESTING ERROR 2.2\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 2.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 2.4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + + + +# check eth3 +send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" +expect { + timeout {puts "TESTING ERROR 3.0\n";exit} + "eth3" +} +expect { + timeout {puts "TESTING ERROR 3.1\n";exit} + "10.10.50" +} +expect { + timeout {puts "TESTING ERROR 3.2\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 3.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + + + + +# check loopback +send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3 --protocol=unix,inet,netlink\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "lo" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "127.0.0.1" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "255.0.0.0" +} +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "Child process initialized" +} +sleep 1 + +# check default gateway +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.1\n";exit} + "default via 10.10.20.1 dev eth0" +} +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.20.0/29 dev eth0 proto kernel scope link" +} +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.30.0/24 dev eth1 proto kernel scope link" +} +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.40.0/24 dev eth2 proto kernel scope link" +} +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.50.0/24 dev eth3 proto kernel scope link" +} +sleep 1 + +puts "\nall done\n" + diff --git a/test/network/4bridges_ip.exp b/test/network/4bridges_ip.exp new file mode 100755 index 000000000..8068aeebb --- /dev/null +++ b/test/network/4bridges_ip.exp @@ -0,0 +1,174 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check eth0 +send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" +expect { + timeout {puts "TESTING ERROR 0.0\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 0.1\n";exit} + "10.10.20" +} +expect { + timeout {puts "TESTING ERROR 0.2\n";exit} + "255.255.255.248" +} +expect { + timeout {puts "TESTING ERROR 0.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 0.4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + +# check eth1 +send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" +expect { + timeout {puts "TESTING ERROR 1.0\n";exit} + "eth1" +} +expect { + timeout {puts "TESTING ERROR 1.1\n";exit} + "10.10.30.50" +} +expect { + timeout {puts "TESTING ERROR 1.2\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 1.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 1.4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + + +# check eth2 +send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" +expect { + timeout {puts "TESTING ERROR 2.0\n";exit} + "eth2" +} +expect { + timeout {puts "TESTING ERROR 2.1\n";exit} + "10.10.40.100" +} +expect { + timeout {puts "TESTING ERROR 2.2\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 2.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 2.4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + + + +# check eth3 +send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" +expect { + timeout {puts "TESTING ERROR 3.0\n";exit} + "eth3" +} +expect { + timeout {puts "TESTING ERROR 3.1\n";exit} + "10.10.50" +} +expect { + timeout {puts "TESTING ERROR 3.2\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 3.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + + + + +# check loopback +send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3 --protocol=unix,inet,netlink\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "lo" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "127.0.0.1" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "255.0.0.0" +} +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "Child process initialized" +} + +# check default gateway +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.1\n";exit} + "default via 10.10.20.1 dev eth0" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.20.0/29 dev eth0 proto kernel scope link" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.3\n";exit} + "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.4\n";exit} + "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.5\n";exit} + "10.10.50.0/24 dev eth3 proto kernel scope link" +} + +sleep 1 + +puts "\nall done\n" + diff --git a/test/network/bandwidth.exp b/test/network/bandwidth.exp new file mode 100755 index 000000000..33b351296 --- /dev/null +++ b/test/network/bandwidth.exp @@ -0,0 +1,62 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --name=test --net=br0\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 2 + +spawn $env(SHELL) +send -- "firejail --bandwidth=test status\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "qdisc noqueue 0: dev eth0" +} +sleep 1 + +send -- "firejail --bandwidth=test set br0 50 10\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Configuring interface eth0" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "configuring tc ingress" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "configuring tc egress" +} + +send -- "firejail --bandwidth=test status\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "dev eth0" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "rate 80Kbit burst 10Kb" +} +sleep 1 + +send -- "firejail --bandwidth=test clear br0\r" +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "Removing bandwith limits" +} +sleep 1 + +send -- "firejail --bandwidth=test status; pwd\r" +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "rate 80Kbit burst 10Kb" {puts "TESTING ERROR 9\n";exit} + "home" {puts "ok\n"} +} +sleep 1 + +puts "\nall done\n" diff --git a/test/network/hostname.exp b/test/network/hostname.exp new file mode 100755 index 000000000..4e5c7e073 --- /dev/null +++ b/test/network/hostname.exp @@ -0,0 +1,25 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --hostname=baluba --noprofile\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ping -c 3 baluba;pwd\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "3 packets transmitted, 3 received" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "home" +} +sleep 1 + +puts "all done\n" diff --git a/test/network/ip6.exp b/test/network/ip6.exp new file mode 100755 index 000000000..fba47d095 --- /dev/null +++ b/test/network/ip6.exp @@ -0,0 +1,43 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --debug --noprofile --net=br0 --ip6=2001:0db8:0:f101::1/64 --netfilter6=ipv6.net\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Installing network filter" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "DROP" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "2001:db8:1f0a:3ec::2" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "Child process initialized" +} +sleep 2 + +send -- "/sbin/ifconfig\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "inet6" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "2001:db8:0:f101::1" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "Scope:Global" { puts "Debian\n"} + "scopeid 0x0" { puts "Arch\n"} +} + + +puts "\nall done\n" + diff --git a/test/network/ipv6.net b/test/network/ipv6.net new file mode 100644 index 000000000..cc8f22943 --- /dev/null +++ b/test/network/ipv6.net @@ -0,0 +1,8 @@ +# Generated by ip6tables-save v1.4.14 on Wed Jan 13 10:53:40 2016 +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -s 2001:db8:1f0a:3ec::2/128 -j DROP +COMMIT +# Completed on Wed Jan 13 10:53:40 2016 diff --git a/test/network/net-profile.profile b/test/network/net-profile.profile new file mode 100644 index 000000000..05052b6dc --- /dev/null +++ b/test/network/net-profile.profile @@ -0,0 +1,10 @@ +net br0 +mac 00:11:22:33:44:55 +mtu 1000 +net br1 +ip 10.10.30.50 +net br2 +ip 10.10.40.100 +net br3 +defaultgw 10.10.20.2 + diff --git a/test/network/net_arp.exp b/test/network/net_arp.exp new file mode 100755 index 000000000..9e07744f3 --- /dev/null +++ b/test/network/net_arp.exp @@ -0,0 +1,71 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --net=br0 sleep 20 &\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +send -- "firejail --net=br0 sleep 20 &\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Child process initialized" +} +send -- "firejail --net=br0 sleep 20 &\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Child process initialized" +} +send -- "firejail --net=br0 sleep 20 &\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "Child process initialized" +} +send -- "firejail --net=br0 sleep 20 &\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} + +# will fail +send -- "firejail --net=br0 sleep 20 &\r" +expect { + timeout {puts "TESTING ERROR 5n";exit} + "cannot assign an IP address" +} + +send -- "firejail --net=br0 sleep 20 &\r" +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "cannot assign an IP address" +} + +# check firejail --list +send -- "firejail --list\r" +expect { + timeout {puts "TESTING ERROR 7.1\n";exit} + "sleep 20" +} +expect { + timeout {puts "TESTING ERROR 7.2\n";exit} + "sleep 20" +} +expect { + timeout {puts "TESTING ERROR 7.3\n";exit} + "sleep 20" +} +expect { + timeout {puts "TESTING ERROR 7.4\n";exit} + "sleep 20" +} +expect { + timeout {puts "TESTING ERROR 7.5\n";exit} + "sleep 20" +} + +# wait for snadboxes to be shutdown +sleep 30 +puts "\n" diff --git a/test/network/net_badip.exp b/test/network/net_badip.exp new file mode 100755 index 000000000..71b69e104 --- /dev/null +++ b/test/network/net_badip.exp @@ -0,0 +1,16 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check eth0 +send -- "firejail --net=br0 --net=br1 --ip=10.100.10.47\r" +expect { + timeout {puts "TESTING ERROR 0.0\n";exit} + "the IP address is not" +} +sleep 1 + +puts "\n" + diff --git a/test/network/net_defaultgw.exp b/test/network/net_defaultgw.exp new file mode 100755 index 000000000..840f2ccac --- /dev/null +++ b/test/network/net_defaultgw.exp @@ -0,0 +1,46 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --net=br0 --ip=10.10.20.5 --defaultgw=10.10.20.2 --protocol=unix,inet,netlink\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "10.10.20.5" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "255.255.255.248" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 1 + +# check default gateway +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.1\n";exit} + "default via 10.10.20.2 dev eth0" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.20.0/29 dev eth0 proto kernel scope link" +} +sleep 1 + +puts "\nall done\n" + diff --git a/test/network/net_defaultgw2.exp b/test/network/net_defaultgw2.exp new file mode 100755 index 000000000..db14e17cb --- /dev/null +++ b/test/network/net_defaultgw2.exp @@ -0,0 +1,40 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.30.89 --protocol=unix,inet,netlink\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "eth1" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 1 + +# check default gateway +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.1\n";exit} + "default via 10.10.30.89 dev eth1" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.20.0/29 dev eth0 proto kernel scope link" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.3\n";exit} + "10.10.30.0/24 dev eth1 proto kernel scope link" +} +sleep 1 + +puts "\nall done\n" + diff --git a/test/network/net_defaultgw3.exp b/test/network/net_defaultgw3.exp new file mode 100755 index 000000000..64da9dfca --- /dev/null +++ b/test/network/net_defaultgw3.exp @@ -0,0 +1,17 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.95.89\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "default gateway 10.10.95.89 is not in the range of any network" +} + +sleep 1 + +puts "\n" + diff --git a/test/network/net_interface.exp b/test/network/net_interface.exp new file mode 100755 index 000000000..4b55187ff --- /dev/null +++ b/test/network/net_interface.exp @@ -0,0 +1,88 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "ip link add link eth0 name eth0.100 type vlan id 100\r" +sleep 1 +send -- "ip link add link eth0 name eth0.101 type vlan id 101\r" +sleep 1 +send -- "ip link add link eth0 name eth0.102 type vlan id 102\r" +sleep 1 +send -- "ip link add link eth0 name eth0.103 type vlan id 103\r" +sleep 1 +send -- "ip link add link eth0 name eth0.104 type vlan id 104\r" +sleep 1 +puts "\n" + +send -- "/sbin/ifconfig eth0.100 10.200.0.1/24\r" +sleep 1 +send -- "/sbin/ifconfig eth0.101 10.200.1.1/24\r" +sleep 1 +send -- "/sbin/ifconfig eth0.102 10.200.2.1/24\r" +sleep 1 +send -- "/sbin/ifconfig eth0.103 10.200.3.1/24\r" +sleep 1 +send -- "/sbin/ifconfig eth0.104 10.200.4.1/24\r" +sleep 1 +puts "\n" + + + +send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103 --interface=eth0.104\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "maximum 4 interfaces are allowed" +} +sleep 1 + +send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "eth0.100" +} +expect { + timeout {puts "TESTING ERROR 1.1\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "eth0.101" +} +expect { + timeout {puts "TESTING ERROR 2.2\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "eth0.102" +} +expect { + timeout {puts "TESTING ERROR 3.1\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "eth0.103" +} +expect { + timeout {puts "TESTING ERROR 4.1\n";exit} + "UP" +} +sleep 1 +send -- "exit\r" +sleep 1 + +send -- "firejail --noprofile --interface=eth0.104\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "eth0.104" +} +expect { + timeout {puts "TESTING ERROR 5.1\n";exit} + "UP" +} + +puts "all done\n" + diff --git a/test/network/net_ip.exp b/test/network/net_ip.exp new file mode 100755 index 000000000..f5d487ecc --- /dev/null +++ b/test/network/net_ip.exp @@ -0,0 +1,72 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --net=br0 --ip=10.10.20.5\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "10.10.20.5" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "255.255.255.248" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + +# check loopback +send -- "firejail --net=br0 --ip=10.10.20.5 --protocol=unix,inet,netlink\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "lo" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "127.0.0.1" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "255.0.0.0" +} +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "Child process initialized" +} +sleep 1 + +# check default gateway +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.1\n";exit} + "default via 10.10.20.1 dev eth0" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10\n";exit} + "10.10.20.0/29 dev eth0 proto kernel scope link" +} +sleep 1 + +puts "\n" + diff --git a/test/network/net_local.exp b/test/network/net_local.exp new file mode 100755 index 000000000..642213658 --- /dev/null +++ b/test/network/net_local.exp @@ -0,0 +1,45 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --noprofile --debug\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Using the local network stack" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + +# check loopback +send -- "firejail --noprofile\r" +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "Child process initialized" +} +sleep 1 + + +send -- "/sbin/ifconfig\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "lo" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "127.0.0.1" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "255.0.0.0" +} + +puts "all done\n" + diff --git a/test/network/net_mac.exp b/test/network/net_mac.exp new file mode 100755 index 000000000..076634730 --- /dev/null +++ b/test/network/net_mac.exp @@ -0,0 +1,36 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --net=br0 --ip=10.10.20.5 --mac=00:11:22:33:44:55\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 0.1\n";exit} + "00:11:22:33:44:55" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "10.10.20.5" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "255.255.255.248" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 1 + +puts "\nall done\n" + diff --git a/test/network/net_macvlan.exp b/test/network/net_macvlan.exp new file mode 100755 index 000000000..20d022de9 --- /dev/null +++ b/test/network/net_macvlan.exp @@ -0,0 +1,88 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check the existing address +spawn $env(SHELL) +send -- "firejail --net=eth0 --ip=192.168.1.60\r" +expect { + timeout {puts "TESTING ERROR 1.1\n";puts "Please open a sandbox on 192.168.1.60\n";exit} + "the address 192.168.1.60 is already in use" +} + + + +# grab 30 ip addresses +set MAXi 229 +set i 200 +while { $i <= $MAXi } { + spawn $env(SHELL) + send -- "firejail --net=eth0 --ip=192.168.1.$i\r" + expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" + } + incr i + after 100 +} + + +# check an existing address +spawn $env(SHELL) +send -- "firejail --net=eth0 --ip=192.168.1.200\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "the address 192.168.1.200 is already in use" +} + + +set MAXi 254 +set i 2 +while { $i <= $MAXi } { + spawn $env(SHELL) + send -- "firejail --net=eth0\r" + expect { + timeout {puts "TESTING ERROR 2.1\n";exit} + "192.168.1.60" {puts "TESTING ERROR 2.2\n";exit} + "192.168.1.200" {puts "TESTING ERROR 3\n";exit} + "192.168.1.201" {puts "TESTING ERROR 3\n";exit} + "192.168.1.202" {puts "TESTING ERROR 3\n";exit} + "192.168.1.203" {puts "TESTING ERROR 3\n";exit} + "192.168.1.204" {puts "TESTING ERROR 3\n";exit} + "192.168.1.205" {puts "TESTING ERROR 3\n";exit} + "192.168.1.206" {puts "TESTING ERROR 3\n";exit} + "192.168.1.207" {puts "TESTING ERROR 3\n";exit} + "192.168.1.208" {puts "TESTING ERROR 3\n";exit} + "192.168.1.209" {puts "TESTING ERROR 3\n";exit} + "192.168.1.210" {puts "TESTING ERROR 3\n";exit} + "192.168.1.211" {puts "TESTING ERROR 3\n";exit} + "192.168.1.212" {puts "TESTING ERROR 3\n";exit} + "192.168.1.213" {puts "TESTING ERROR 3\n";exit} + "192.168.1.214" {puts "TESTING ERROR 3\n";exit} + "192.168.1.215" {puts "TESTING ERROR 3\n";exit} + "192.168.1.216" {puts "TESTING ERROR 3\n";exit} + "192.168.1.217" {puts "TESTING ERROR 3\n";exit} + "192.168.1.218" {puts "TESTING ERROR 3\n";exit} + "192.168.1.219" {puts "TESTING ERROR 3\n";exit} + "192.168.1.220" {puts "TESTING ERROR 3\n";exit} + "192.168.1.221" {puts "TESTING ERROR 3\n";exit} + "192.168.1.222" {puts "TESTING ERROR 3\n";exit} + "192.168.1.223" {puts "TESTING ERROR 3\n";exit} + "192.168.1.224" {puts "TESTING ERROR 3\n";exit} + "192.168.1.225" {puts "TESTING ERROR 3\n";exit} + "192.168.1.226" {puts "TESTING ERROR 3\n";exit} + "192.168.1.227" {puts "TESTING ERROR 3\n";exit} + "192.168.1.228" {puts "TESTING ERROR 3\n";exit} + "192.168.1.229" {puts "TESTING ERROR 3\n";exit} + "Child process initialized" + } + puts "************ $i ******************\n" + incr i + after 100 +# sleep 1 +} + +puts "\n" + diff --git a/test/network/net_mtu.exp b/test/network/net_mtu.exp new file mode 100755 index 000000000..7943b2866 --- /dev/null +++ b/test/network/net_mtu.exp @@ -0,0 +1,30 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --net=br0 --mtu=1000 --noprofile\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ip link show\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "mtu 1000" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "state UP" +} + +puts "\nall done\n" + diff --git a/test/network/net_netfilter.exp b/test/network/net_netfilter.exp new file mode 100755 index 000000000..989fcc407 --- /dev/null +++ b/test/network/net_netfilter.exp @@ -0,0 +1,88 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check default netfilter on br0 +send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Installing network filter" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Chain INPUT (policy DROP" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "ACCEPT all -- any any anywhere" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "ACCEPT icmp -- any any anywhere" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 1 + +# check default netfilter no new network +send -- "firejail --debug --noprofile --netfilter\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "Installing network filter" {puts "TESTING ERROR 5.1\n";exit} + "Chain INPUT (policy DROP" {puts "TESTING ERROR 5.1\n";exit} + "ACCEPT all -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} + "ACCEPT icmp -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 1 + +# check file filter netfilter on br0 +send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter=netfilter.filter\r" +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "Installing network filter" +} +expect { + timeout {puts "TESTING ERROR 6.1\n";exit} + "Child process initialized" +} +sleep 2 +send -- "ping -c 1 -w 3 10.10.20.1\r" +expect { + timeout {puts "TESTING ERROR 6.2\n";exit} + "0 received, 100% packet loss" +} + +send -- "exit\r" +sleep 1 + +# check profile netfilter on br0 +send -- "firejail --debug --net=br0 --ip=10.10.20.5 --profile=netfilter.profile\r" +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "Installing network filter" +} +expect { + timeout {puts "TESTING ERROR 7.1\n";exit} + "Child process initialized" +} +sleep 2 +send -- "ping -c 1 -w 3 10.10.20.1\r" +expect { + timeout {puts "TESTING ERROR 7.2\n";exit} + "0 received, 100% packet loss" +} + +send -- "exit\r" +after 100 + +puts "all done\n" + diff --git a/test/network/net_noip.exp b/test/network/net_noip.exp new file mode 100755 index 000000000..8d28adb39 --- /dev/null +++ b/test/network/net_noip.exp @@ -0,0 +1,41 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --noprofile --net=br0 --ip=none\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "eth0" {puts "TESTING ERROR 1\n";exit} + "Child process initialized" +} +sleep 1 +send -- "bash\r" +sleep 1 + +# no default gateway configured +send -- "netstat -rn;pwd\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "0.0.0.0" {puts "TESTING ERROR 3\n";exit} + "eth0" {puts "TESTING ERROR 4\n";exit} + "home" +} +sleep 1 + +# eth0 configured +send -- "/sbin/ifconfig;pwd\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "home" +} +after 100 + +puts "all done\n" + diff --git a/test/network/net_noip2.exp b/test/network/net_noip2.exp new file mode 100755 index 000000000..58f90422b --- /dev/null +++ b/test/network/net_noip2.exp @@ -0,0 +1,41 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --noprofile --net=br1 --ip=none --defaultgw=10.10.30.78\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "eth0" {puts "TESTING ERROR 1\n";exit} + "Child process initialized" +} +sleep 1 +send -- "bash\r" +sleep 1 + +# no default gateway configured +send -- "netstat -rn;pwd\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "0.0.0.0" {puts "TESTING ERROR 3\n";exit} + "eth0" {puts "TESTING ERROR 4\n";exit} + "home" +} +sleep 1 + +# eth0 configured +send -- "/sbin/ifconfig;pwd\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "home" +} +after 100 + +puts "all done\n" + diff --git a/test/network/net_none.exp b/test/network/net_none.exp new file mode 100755 index 000000000..54b6cb946 --- /dev/null +++ b/test/network/net_none.exp @@ -0,0 +1,68 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# options +send -- "firejail --net=none\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "eth0" {puts "TESTING ERROR 0.1\n";exit} + "Child process initialized" +} +sleep 1 + +# test default gw +send -- "bash\r" +sleep 1 +send -- "netstat -rn; pwd\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "0.0.0.0" {puts "TESTING ERROR 1.1\n";exit} + "home" +} +sleep 1 + +# check again devices +send -- "cat /proc/1/net/dev;pwd\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "eth0" {puts "TESTING ERROR 2.1\n";exit} + "home" +} +send -- "exit\r" +sleep 1 +send -- "exit\r" +sleep 1 + +# profile +send -- "firejail --profile=net_none.profile\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "eth0" {puts "TESTING ERROR 3.1\n";exit} + "Child process initialized" +} +sleep 1 + +# test default gw +send -- "bash\r" +sleep 1 +send -- "netstat -rn; pwd\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "0.0.0.0" {puts "TESTING ERROR 4.1\n";exit} + "home" +} +sleep 1 + +# check again devices +send -- "cat /proc/1/net/dev;pwd\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "eth0" {puts "TESTING ERROR 5.1\n";exit} + "home" +} +sleep 1 + +puts "\n" diff --git a/test/network/net_none.profile b/test/network/net_none.profile new file mode 100644 index 000000000..079c08ea8 --- /dev/null +++ b/test/network/net_none.profile @@ -0,0 +1 @@ +net none diff --git a/test/network/net_profile.exp b/test/network/net_profile.exp new file mode 100755 index 000000000..37043c906 --- /dev/null +++ b/test/network/net_profile.exp @@ -0,0 +1,73 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check eth0 +send -- "firejail --profile=net-profile.profile\r" +expect { + timeout {puts "TESTING ERROR 0.0\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 0.1\n";exit} + "00:11:22:33:44:55" +} +expect { + timeout {puts "TESTING ERROR 0.1\n";exit} + "10.10.20" +} +expect { + timeout {puts "TESTING ERROR 0.2\n";exit} + "255.255.255.248" +} +expect { + timeout {puts "TESTING ERROR 0.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 0.4\n";exit} + "Child process initialized" +} +sleep 2 + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" +} + + +# check default gw +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "default via 10.10.20.2 dev eth0" +} + +# check mtu +send -- "ip link show\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "mtu 1000" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "state UP" +} + +sleep 1 + +puts "\nall done\n" + diff --git a/test/network/netfilter.filter b/test/network/netfilter.filter new file mode 100644 index 000000000..3e232065c --- /dev/null +++ b/test/network/netfilter.filter @@ -0,0 +1,6 @@ +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -i lo -j ACCEPT +COMMIT diff --git a/test/network/netfilter.profile b/test/network/netfilter.profile new file mode 100644 index 000000000..824c6cd0f --- /dev/null +++ b/test/network/netfilter.profile @@ -0,0 +1 @@ +netfilter netfilter.filter -- cgit v1.2.3-54-g00ecf