[test suite] bug fix to ensure multiple SPA packets are sent for iptables duplicated...
authorMichael Rash <mbr@cipherdyne.org>
Sun, 14 Jul 2013 03:22:58 +0000 (23:22 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Sun, 14 Jul 2013 03:22:58 +0000 (23:22 -0400)
test/test-fwknop.pl
test/tests/rijndael.pl
test/tests/rijndael_hmac.pl

index 78d3f7e..0f021f0 100755 (executable)
@@ -4268,65 +4268,57 @@ sub send_packets() {
     print F Dumper $pkts_ar;
     close F;
 
-    my $received_first_packet = 0;
-
     if (-e $server_cmd_tmp) {
-        for my $pkt_hr (@$pkts_ar) {
-            my $tries = 0;
-            while (not &file_find_regex(
-                    [qr/stanza\s.*\sSPA Packet from IP/],
-                    $MATCH_ALL, $NO_APPEND_RESULTS, $server_cmd_tmp)) {
-
-                &write_test_file("[.] send_packets() looking for " .
-                    "fwknopd to receive packet, try: $tries\n",
-                    $curr_test_file);
 
-                if ($pkt_hr->{'proto'} eq 'tcp' or $pkt_hr->{'proto'} eq 'udp') {
-                    my $socket = IO::Socket::INET->new(
-                        PeerAddr => $pkt_hr->{'dst_ip'},
-                        PeerPort => $pkt_hr->{'port'},
-                        Proto    => $pkt_hr->{'proto'},
-                        Timeout  => 1
-                    ) or die "[*] Could not acquire $pkt_hr->{'proto'}/$pkt_hr->{'port'} " .
-                        "socket to $pkt_hr->{'dst_ip'}: $!";
-
-                    $socket->send($pkt_hr->{'data'});
-                    undef $socket;
-
-                } elsif ($pkt_hr->{'proto'} eq 'http') {
-                    ### FIXME
-                } elsif ($pkt_hr->{'proto'} eq 'icmp') {
-                    ### FIXME
-                }
-                last if $received_first_packet;
-                $tries++;
-                last if $tries == 10;   ### should be plenty of time
-                sleep 1;
-            }
-            $received_first_packet = 1;
-            sleep $pkt_hr->{'delay'} if defined $pkt_hr->{'delay'};
+        &send_all_pkts($pkts_ar);
+        sleep 1;
+
+        my $tries = 0;
+        while (not &file_find_regex(
+                [qr/stanza\s.*\sSPA Packet from IP/],
+                $MATCH_ALL, $NO_APPEND_RESULTS, $server_cmd_tmp)) {
+
+            &write_test_file("[.] send_packets() looking for " .
+                "fwknopd to receive packet(s), try: $tries\n",
+                $curr_test_file);
+
+            &send_all_pkts($pkts_ar);
+
+            $tries++;
+            last if $tries == 10;   ### should be plenty of time
+            sleep 1;
         }
     } else {
-        for my $pkt_hr (@$pkts_ar) {
-            if ($pkt_hr->{'proto'} eq 'tcp' or $pkt_hr->{'proto'} eq 'udp') {
-                my $socket = IO::Socket::INET->new(
-                    PeerAddr => $pkt_hr->{'dst_ip'},
-                    PeerPort => $pkt_hr->{'port'},
-                    Proto    => $pkt_hr->{'proto'},
-                    Timeout  => 1
-                ) or die "[*] Could not acquire $pkt_hr->{'proto'}/$pkt_hr->{'port'} " .
-                    "socket to $pkt_hr->{'dst_ip'}: $!";
-
-                $socket->send($pkt_hr->{'data'});
-                undef $socket;
-
-            } elsif ($pkt_hr->{'proto'} eq 'http') {
-                ### FIXME
-            } elsif ($pkt_hr->{'proto'} eq 'icmp') {
-                ### FIXME
-            }
-            sleep $pkt_hr->{'delay'} if defined $pkt_hr->{'delay'};
-        }
+        &send_all_pkts($pkts_ar);
+    }
+    return;
+}
+
+sub send_all_pkts() {
+    my $pkts_ar = shift;
+    for my $pkt_hr (@$pkts_ar) {
+        my $sent = 0;
+        if ($pkt_hr->{'proto'} eq 'tcp' or $pkt_hr->{'proto'} eq 'udp') {
+            my $socket = IO::Socket::INET->new(
+                PeerAddr => $pkt_hr->{'dst_ip'},
+                PeerPort => $pkt_hr->{'port'},
+                Proto    => $pkt_hr->{'proto'},
+                Timeout  => 1
+            ) or die "[*] Could not acquire $pkt_hr->{'proto'}/$pkt_hr->{'port'} " .
+                "socket to $pkt_hr->{'dst_ip'}: $!";
+
+            $socket->send($pkt_hr->{'data'});
+            undef $socket;
+            $sent = 1;
+        } elsif ($pkt_hr->{'proto'} eq 'http') {
+            ### FIXME
+        } elsif ($pkt_hr->{'proto'} eq 'icmp') {
+            ### FIXME
+        }
+        &write_test_file("    send_all_pkts() sent packet: $pkt_hr->{'data'}\n",
+            $curr_test_file) if $sent;
+
+        sleep $pkt_hr->{'delay'} if defined $pkt_hr->{'delay'};
     }
     return;
 }
index c3dc2b8..92f1fe9 100644 (file)
         'fatal'    => $NO
     },
 
-    ### ensure iptables rules are not duplicated for identical access requests
+    ### ensure iptables rules are not duplicated for identical (and non-replayed)
+    ### access requests
     {
         'category' => 'Rijndael',
         'subcategory' => 'client+server',
         'cmdline'  => "$default_client_args --test",
         'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
             "$fwknopdCmd $default_server_conf_args $intf_str",
-        'server_negative_output_matches' => [qr/^2\s+ACCEPT\s.*$fake_ip/],
         'fatal'    => $NO
     },
 
index 90557b8..c675707 100644 (file)
         'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
             "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " .
             "-d $default_digest_file -p $default_pid_file $intf_str",
-        'server_negative_output_matches' => [qr/^2\s+ACCEPT\s.*$fake_ip/],
         'key_file' => $cf{'rc_hmac_b64_key'},
         'fatal'    => $NO
     },