[test suite] added portrange bpf filter test
authorMichael Rash <mbr@cipherdyne.org>
Fri, 7 Feb 2014 03:12:23 +0000 (22:12 -0500)
committerMichael Rash <mbr@cipherdyne.org>
Fri, 7 Feb 2014 12:49:50 +0000 (07:49 -0500)
Makefile.am
test/conf/portrange_fwknopd.conf [new file with mode: 0644]
test/test-fwknop.pl
test/tests/rijndael_hmac.pl

index ab2da43..9b3ae5d 100644 (file)
@@ -138,6 +138,7 @@ EXTRA_DIST = \
     test/conf/ctr_mode_access.conf \
     test/conf/default_access.conf \
     test/conf/default_fwknopd.conf \
+    test/conf/portrange_fwknopd.conf \
     test/conf/custom_input_chain_fwknopd.conf \
     test/conf/custom_nat_chain_fwknopd.conf \
     test/conf/disable_aging_fwknopd.conf \
diff --git a/test/conf/portrange_fwknopd.conf b/test/conf/portrange_fwknopd.conf
new file mode 100644 (file)
index 0000000..f9c3246
--- /dev/null
@@ -0,0 +1 @@
+PCAP_FILTER         udp dst portrange 10000-65535;
index ade533b..97c189f 100755 (executable)
@@ -41,6 +41,7 @@ our %cf = (
     'snat_no_translate_ip'         => "$conf_dir/snat_no_translate_ip_fwknopd.conf",
     'def'                          => "$conf_dir/default_fwknopd.conf",
     'def_access'                   => "$conf_dir/default_access.conf",
+    'portrange_filter'             => "$conf_dir/portrange_fwknopd.conf",
     'hmac_access'                  => "$conf_dir/hmac_access.conf",
     'hmac_get_key_access'          => "$conf_dir/hmac_get_key_access.conf",
     'hmac_equal_keys_access'       => "$conf_dir/hmac_equal_keys_access.conf",
index 34d07bc..df2919c 100644 (file)
     {
         'category' => 'Rijndael+HMAC',
         'subcategory' => 'client+server',
+        'detail'   => 'random SPA port (portrange filter)',
+        'function' => \&spa_cycle,
+        'cmdline'  => "$default_client_hmac_args -r",
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'portrange_filter'} -a $cf{'hmac_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'key_file' => $cf{'rc_hmac_b64_key'},
+    },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
         'detail'   => 'random SPA port (via rc RAND_PORT)',
         'function' => \&spa_cycle,
         'cmdline' => "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " .