From a12601f02aecefd6fde2f227bd3536840f7f7b14 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 7 Mar 2023 08:30:53 -0500 Subject: testing --- test/network/ip6_netfilter.exp | 31 +++++++++++++++++++++++ test/network/ip6_netfilter.profile | 8 ++++++ test/network/net_bandwidth.exp | 51 ++++++++++++++++++++++++++++++++++++++ test/network/net_ip.exp | 40 ++++++++++++++++++++++++++++++ test/network/net_ip.profile | 6 +++++ test/network/network.sh | 6 +++++ 6 files changed, 142 insertions(+) create mode 100755 test/network/ip6_netfilter.exp create mode 100644 test/network/ip6_netfilter.profile create mode 100755 test/network/net_bandwidth.exp create mode 100644 test/network/net_ip.profile (limited to 'test/network') diff --git a/test/network/ip6_netfilter.exp b/test/network/ip6_netfilter.exp new file mode 100755 index 000000000..6c478d9e7 --- /dev/null +++ b/test/network/ip6_netfilter.exp @@ -0,0 +1,31 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2023 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check default netfilter on br0 +send -- "firejail --name=test --net=br0 --netfilter6=ip6_netfilter.profile\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +sleep 2 +spawn $env(SHELL) + +# check default netfilter no new network +send -- "firejail --netfilter6.print=test\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "DROP" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "2001:db8:1f0a:3ec::2" +} + +after 500 +puts "all done\n" diff --git a/test/network/ip6_netfilter.profile b/test/network/ip6_netfilter.profile new file mode 100644 index 000000000..cc8f22943 --- /dev/null +++ b/test/network/ip6_netfilter.profile @@ -0,0 +1,8 @@ +# Generated by ip6tables-save v1.4.14 on Wed Jan 13 10:53:40 2016 +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -s 2001:db8:1f0a:3ec::2/128 -j DROP +COMMIT +# Completed on Wed Jan 13 10:53:40 2016 diff --git a/test/network/net_bandwidth.exp b/test/network/net_bandwidth.exp new file mode 100755 index 000000000..0ec3b59ef --- /dev/null +++ b/test/network/net_bandwidth.exp @@ -0,0 +1,51 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2023 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --name=test --net=br0\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +sleep 2 + +spawn $env(SHELL) +send -- "firejail --bandwidth=test set br0 10 20\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Download speed 80kbps" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "Upload speed 160kbps" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "configuring tc ingress" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "configuring tc egress" +} +after 500 + +send -- "firejail --bandwidth=test status\r" +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "rate 160Kbit burst 10Kb" +} +after 500 + +send -- "firejail --bandwidth=test clear br0\r" +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "Removing bandwidth limits" +} +sleep 1 + +puts "\nall done\n" diff --git a/test/network/net_ip.exp b/test/network/net_ip.exp index 251b55362..0cccf93a0 100755 --- a/test/network/net_ip.exp +++ b/test/network/net_ip.exp @@ -130,4 +130,44 @@ expect { } after 500 + +send -- "firejail --profile=net_ip.profile ip addr show\r" +expect { + timeout {puts "TESTING ERROR 26\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 27\n";exit} + "00:11:22:33:44:55" +} +expect { + timeout {puts "TESTING ERROR 28\n";exit} + "10.10.20.55" +} +expect { + timeout {puts "TESTING ERROR 29\n";exit} + "Default gateway 10.10.20.9" +} +expect { + timeout {puts "TESTING ERROR 30\n";exit} + "00:11:22:33:44:55" +} +expect { + timeout {puts "TESTING ERROR 31\n";exit} + "10.10.20.55" +} +after 500 + +send -- "firejail --profile=net_ip.profile ip route show\r" +expect { + timeout {puts "TESTING ERROR 32\n";exit} + "default via 10.10.20.9" +} +expect { + timeout {puts "TESTING ERROR 33\n";exit} + "10.10.20.0/24 dev eth0 proto kernel scope link src 10.10.20.55" +} +after 500 + + puts "\nall done\n" diff --git a/test/network/net_ip.profile b/test/network/net_ip.profile new file mode 100644 index 000000000..72910d77e --- /dev/null +++ b/test/network/net_ip.profile @@ -0,0 +1,6 @@ +net br0 +ip 10.10.20.55 +defaultgw 10.10.20.9 +mac 00:11:22:33:44:55 +mtu 1000 + diff --git a/test/network/network.sh b/test/network/network.sh index 877f16156..e062358d4 100755 --- a/test/network/network.sh +++ b/test/network/network.sh @@ -33,8 +33,14 @@ echo "TESTING: print network (net-print.exp)" echo "TESTING: print dns (dns-print.exp)" ./dns-print.exp +echo "TESTING: bandwidth (net_bandwidth.exp)" +./net_bandwidth.exp + echo "TESTING: ipv6 (ip6.exp)" ./ip6.exp +#echo "TESTING: ipv6 netfilter(ip6_netfilter.exp)" +#./ip6_netfilter.exp + sudo ip link set br0 down sudo brctl delbr br0 -- cgit v1.2.3-54-g00ecf