[test suite] started on SNAT tests
authorMichael Rash <mbr@cipherdyne.org>
Sat, 3 Aug 2013 17:36:32 +0000 (13:36 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Sat, 3 Aug 2013 17:36:32 +0000 (13:36 -0400)
test/conf/snat_fwknopd.conf [new file with mode: 0644]
test/conf/snat_no_translate_ip_fwknopd.conf [new file with mode: 0644]
test/test-fwknop.pl
test/tests/basic_operations.pl
test/tests/rijndael_hmac.pl

diff --git a/test/conf/snat_fwknopd.conf b/test/conf/snat_fwknopd.conf
new file mode 100644 (file)
index 0000000..9da1b34
--- /dev/null
@@ -0,0 +1,3 @@
+ENABLE_IPT_FORWARDING       Y;
+ENABLE_IPT_SNAT             Y;
+SNAT_TRANSLATE_IP           10.1.2.3;
diff --git a/test/conf/snat_no_translate_ip_fwknopd.conf b/test/conf/snat_no_translate_ip_fwknopd.conf
new file mode 100644 (file)
index 0000000..86df28a
--- /dev/null
@@ -0,0 +1,2 @@
+ENABLE_IPT_FORWARDING       Y;
+ENABLE_IPT_SNAT             Y;
index 69e9638..44e4fa7 100755 (executable)
@@ -37,6 +37,8 @@ our $lib_dir = '../lib/.libs';
 
 our %cf = (
     'nat'                          => "$conf_dir/nat_fwknopd.conf",
+    'snat'                         => "$conf_dir/snat_fwknopd.conf",
+    'snat_no_translate_ip'         => "$conf_dir/snat_no_translate_ip_fwknopd.conf",
     'def'                          => "$conf_dir/default_fwknopd.conf",
     'def_access'                   => "$conf_dir/default_access.conf",
     'hmac_access'                  => "$conf_dir/hmac_access.conf",
index d00d7fc..5f607e4 100644 (file)
     },
     {
         'category' => 'basic operations',
+        'subcategory' => 'server',
+        'detail'   => 'SNAT require translate IP',
+        'function' => \&generic_exec,
+        'cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'snat_no_translate_ip'} -f -a $cf{'def_access'} -d " .
+            "$default_digest_file -p $default_pid_file --packet-limit 1 $intf_str ",
+        'positive_output_matches' => [qr/Must\sspecify\sSNAT_TRANSLATE_IP/],
+        'exec_err' => $YES,
+        'fatal'    => $NO
+    },
+
+    {
+        'category' => 'basic operations',
         'subcategory' => 'client',
         'detail'   => 'encryption mode CBC',
         'function' => \&generic_exec,
index 61208a6..62ffaeb 100644 (file)
     {
         'category' => 'Rijndael+HMAC',
         'subcategory' => 'client+server',
+        'detail'   => "SNAT $internal_nat_host (tcp/22 ssh)",
+        'function' => \&spa_cycle,
+        'cmdline'  => "$default_client_args_no_get_key --rc-file " .
+            "$cf{'rc_hmac_b64_key'} -N $internal_nat_host:22",
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'snat'} -a $cf{'hmac_open_ports_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'server_positive_output_matches' => [
+            qr/FWKNOP_FORWARD\s.*dport\s22\s/,
+            qr/to\:$internal_nat_host\:22/i],
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'key_file' => $cf{'rc_hmac_b64_key'},
+        'server_conf' => $cf{'snat'},
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
         'detail'   => "iptables NAT custom chain",
         'function' => \&spa_cycle,
         'cmdline'  => "$default_client_args_no_get_key --rc-file " .