[test suite] added invalid IPT input chain specification tests
authorMichael Rash <mbr@cipherdyne.org>
Mon, 5 Aug 2013 01:22:35 +0000 (21:22 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Mon, 5 Aug 2013 01:22:35 +0000 (21:22 -0400)
Makefile.am
test/conf/invalid_ipt_input_chain_2_fwknopd.conf [new file with mode: 0644]
test/conf/invalid_ipt_input_chain_3_fwknopd.conf [new file with mode: 0644]
test/conf/invalid_ipt_input_chain_4_fwknopd.conf [new file with mode: 0644]
test/conf/invalid_ipt_input_chain_5_fwknopd.conf [new file with mode: 0644]
test/conf/invalid_ipt_input_chain_6_fwknopd.conf [new file with mode: 0644]
test/conf/invalid_ipt_input_chain_fwknopd.conf [new file with mode: 0644]
test/test-fwknop.pl
test/tests/basic_operations.pl

index cbbab74..4ff5d4e 100644 (file)
@@ -212,6 +212,12 @@ EXTRA_DIST = \
     test/conf/icmp_pcap_filter_fwknopd.conf \
     test/conf/invalid_expire_access.conf \
     test/conf/invalid_source_access.conf \
+    test/conf/invalid_ipt_input_chain_fwknopd.conf \
+    test/conf/invalid_ipt_input_chain_2_fwknopd.conf \
+    test/conf/invalid_ipt_input_chain_3_fwknopd.conf \
+    test/conf/invalid_ipt_input_chain_4_fwknopd.conf \
+    test/conf/invalid_ipt_input_chain_5_fwknopd.conf \
+    test/conf/invalid_ipt_input_chain_6_fwknopd.conf \
     test/conf/ipfw_active_expire_equal_fwknopd.conf \
     test/conf/ip_source_match_access.conf \
     test/conf/legacy_iv_access.conf \
@@ -237,6 +243,8 @@ EXTRA_DIST = \
     test/conf/subnet_source_match_access.conf \
     test/conf/tcp_pcap_filter_fwknopd.conf \
     test/conf/tcp_server_fwknopd.conf \
+    test/conf/snat_fwknopd.conf \
+    test/conf/snat_no_translate_ip_fwknopd.conf \
     test/conf/spa_replay.pcap \
     test/fko-wrapper/Makefile \
     test/fko-wrapper/fko_wrapper.c \
diff --git a/test/conf/invalid_ipt_input_chain_2_fwknopd.conf b/test/conf/invalid_ipt_input_chain_2_fwknopd.conf
new file mode 100644 (file)
index 0000000..32cd897
--- /dev/null
@@ -0,0 +1,2 @@
+# default config - no variables set to allow defaults to be preserved
+IPT_INPUT_ACCESS        AACCEPT, filter, INPUT, 1, FWKNOP_INPUT_TEST, 1;
diff --git a/test/conf/invalid_ipt_input_chain_3_fwknopd.conf b/test/conf/invalid_ipt_input_chain_3_fwknopd.conf
new file mode 100644 (file)
index 0000000..39f0722
--- /dev/null
@@ -0,0 +1,2 @@
+# default config - no variables set to allow defaults to be preserved
+IPT_INPUT_ACCESS        ACCEPT, ffilter, INPUT, 1, FWKNOP_INPUT_TEST, 1;
diff --git a/test/conf/invalid_ipt_input_chain_4_fwknopd.conf b/test/conf/invalid_ipt_input_chain_4_fwknopd.conf
new file mode 100644 (file)
index 0000000..5b598ac
--- /dev/null
@@ -0,0 +1,2 @@
+# default config - no variables set to allow defaults to be preserved
+IPT_INPUT_ACCESS        ACCEPT, filter, IINPUT, 1, FWKNOP_INPUT_TEST, 1;
diff --git a/test/conf/invalid_ipt_input_chain_5_fwknopd.conf b/test/conf/invalid_ipt_input_chain_5_fwknopd.conf
new file mode 100644 (file)
index 0000000..61176d4
--- /dev/null
@@ -0,0 +1,2 @@
+# default config - no variables set to allow defaults to be preserved
+IPT_INPUT_ACCESS        ACCEPT, filter, INPUT, -1, FWKNOP_INPUT_TEST, 1;
diff --git a/test/conf/invalid_ipt_input_chain_6_fwknopd.conf b/test/conf/invalid_ipt_input_chain_6_fwknopd.conf
new file mode 100644 (file)
index 0000000..cae5175
--- /dev/null
@@ -0,0 +1,2 @@
+# default config - no variables set to allow defaults to be preserved
+IPT_INPUT_ACCESS        ACCEPT, filter, INPUT, 1, FWKNOP_INPUT_TEST, -1;
diff --git a/test/conf/invalid_ipt_input_chain_fwknopd.conf b/test/conf/invalid_ipt_input_chain_fwknopd.conf
new file mode 100644 (file)
index 0000000..3a426df
--- /dev/null
@@ -0,0 +1,2 @@
+# default config - no variables set to allow defaults to be preserved
+IPT_INPUT_ACCESS        ACCEPT, filter, INPUT, 1 FWKNOP_INPUT_TEST, 1;
index 0c87474..1c6b595 100755 (executable)
@@ -68,6 +68,12 @@ our %cf = (
     'future_exp_access'            => "$conf_dir/future_expired_stanza_access.conf",
     'exp_epoch_access'             => "$conf_dir/expired_epoch_stanza_access.conf",
     'invalid_exp_access'           => "$conf_dir/invalid_expire_access.conf",
+    'invalid_ipt_input_chain'      => "$conf_dir/invalid_ipt_input_chain_fwknopd.conf",
+    'invalid_ipt_input_chain2'     => "$conf_dir/invalid_ipt_input_chain_2_fwknopd.conf",
+    'invalid_ipt_input_chain3'     => "$conf_dir/invalid_ipt_input_chain_3_fwknopd.conf",
+    'invalid_ipt_input_chain4'     => "$conf_dir/invalid_ipt_input_chain_4_fwknopd.conf",
+    'invalid_ipt_input_chain5'     => "$conf_dir/invalid_ipt_input_chain_5_fwknopd.conf",
+    'invalid_ipt_input_chain6'     => "$conf_dir/invalid_ipt_input_chain_6_fwknopd.conf",
     'force_nat_access'             => "$conf_dir/force_nat_access.conf",
     'hmac_force_nat_access'        => "$conf_dir/hmac_force_nat_access.conf",
     'cmd_access'                   => "$conf_dir/cmd_access.conf",
index f442763..83a72ce 100644 (file)
             qq|-P "udp port $non_std_spa_port"|,
         'fatal'    => $NO
     },
+    {
+        'category' => 'basic operations',
+        'subcategory' => 'server',
+        'detail'   => 'invalid iptables INPUT spec',
+        'function' => \&generic_exec,
+        'cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'invalid_ipt_input_chain'} -a $cf{'def_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'function' => \&generic_exec,
+        'positive_output_matches' => [qr/Wrong\snumber\sof\sfields/],
+        'exec_err' => $YES,
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'basic operations',
+        'subcategory' => 'server',
+        'detail'   => 'invalid iptables INPUT spec (2)',
+        'function' => \&generic_exec,
+        'cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'invalid_ipt_input_chain2'} -a $cf{'def_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'function' => \&generic_exec,
+        'positive_output_matches' => [qr/load\starget.*AACCEPT/],
+        'exec_err' => $YES,
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'basic operations',
+        'subcategory' => 'server',
+        'detail'   => 'invalid iptables INPUT spec (3)',
+        'function' => \&generic_exec,
+        'cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'invalid_ipt_input_chain3'} -a $cf{'def_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'function' => \&generic_exec,
+        'positive_output_matches' => [qr/Table\sdoes\snot\sexist/],
+        'exec_err' => $YES,
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'basic operations',
+        'subcategory' => 'server',
+        'detail'   => 'invalid iptables INPUT spec (4)',
+        'function' => \&generic_exec,
+        'cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'invalid_ipt_input_chain4'} -a $cf{'def_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'function' => \&generic_exec,
+        'exec_err' => $YES,
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'basic operations',
+        'subcategory' => 'server',
+        'detail'   => 'invalid iptables INPUT spec (5)',
+        'function' => \&generic_exec,
+        'cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'invalid_ipt_input_chain5'} -a $cf{'def_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'function' => \&generic_exec,
+        'positive_output_matches' => [qr/invalid.*position/],
+        'exec_err' => $YES,
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'basic operations',
+        'subcategory' => 'server',
+        'detail'   => 'invalid iptables INPUT spec (6)',
+        'function' => \&generic_exec,
+        'cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'invalid_ipt_input_chain6'} -a $cf{'def_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'function' => \&generic_exec,
+        'positive_output_matches' => [qr/invalid.*position/],
+        'exec_err' => $YES,
+        'fatal'    => $NO
+    },
 
     {
         'category' => 'basic operations',