[test suite] SNAT MASQUERADE test
authorMichael Rash <mbr@cipherdyne.org>
Sun, 4 Aug 2013 00:52:27 +0000 (20:52 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Sun, 4 Aug 2013 00:52:27 +0000 (20:52 -0400)
test/tests/basic_operations.pl
test/tests/rijndael_hmac.pl

index 5f607e4..f442763 100644 (file)
             qq|-P "udp port $non_std_spa_port"|,
         'fatal'    => $NO
     },
-    {
-        'category' => 'basic operations',
-        'subcategory' => 'server',
-        'detail'   => 'SNAT require translate IP',
-        'function' => \&generic_exec,
-        'cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
-            "$fwknopdCmd -c $cf{'snat_no_translate_ip'} -f -a $cf{'def_access'} -d " .
-            "$default_digest_file -p $default_pid_file --packet-limit 1 $intf_str ",
-        'positive_output_matches' => [qr/Must\sspecify\sSNAT_TRANSLATE_IP/],
-        'exec_err' => $YES,
-        'fatal'    => $NO
-    },
 
     {
         'category' => 'basic operations',
index 62ffaeb..fd8e793 100644 (file)
     {
         'category' => 'Rijndael+HMAC',
         'subcategory' => 'client+server',
-        'detail'   => "SNAT $internal_nat_host (tcp/22 ssh)",
+        'detail'   => "iptables SNAT $internal_nat_host",
         'function' => \&spa_cycle,
         'cmdline'  => "$default_client_args_no_get_key --rc-file " .
             "$cf{'rc_hmac_b64_key'} -N $internal_nat_host:22",
     {
         'category' => 'Rijndael+HMAC',
         'subcategory' => 'client+server',
+        'detail'   => "iptables SNAT MASQUERADE",
+        'function' => \&spa_cycle,
+        'cmdline'  => "$default_client_args_no_get_key --rc-file " .
+            "$cf{'rc_hmac_b64_key'} -N $internal_nat_host:22",
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'snat_no_translate_ip'} -a $cf{'hmac_open_ports_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'server_positive_output_matches' => [
+            qr/FWKNOP_FORWARD\s.*dport\s22\s/,
+            qr/to\:$internal_nat_host\:22/i,
+            qr/MASQUERADE\s.*to\-ports/,
+        ],
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'key_file' => $cf{'rc_hmac_b64_key'},
+        'server_conf' => $cf{'snat_no_translate_ip'},
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
         'detail'   => "iptables NAT custom chain",
         'function' => \&spa_cycle,
         'cmdline'  => "$default_client_args_no_get_key --rc-file " .