added test for invalid SOURCE access lines
authorMichael Rash <mbr@cipherdyne.org>
Sun, 17 Jun 2012 17:57:06 +0000 (13:57 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Sun, 17 Jun 2012 17:57:06 +0000 (13:57 -0400)
test/conf/invalid_source_access.conf [new file with mode: 0644]
test/test-fwknop.pl

diff --git a/test/conf/invalid_source_access.conf b/test/conf/invalid_source_access.conf
new file mode 100644 (file)
index 0000000..10a72b5
--- /dev/null
@@ -0,0 +1,7 @@
+SOURCE :ANY;
+KEY: fwknoptest;
+FW_ACCESS_TIMEOUT:  3;
+
+SOURCE: ANY;
+KEY: fwknoptest2;
+FW_ACCESS_TIMEOUT:  3;
index f59e5c0..b919582 100755 (executable)
@@ -31,6 +31,7 @@ my $expired_access_conf = "$conf_dir/expired_stanza_access.conf";
 my $future_expired_access_conf = "$conf_dir/future_expired_stanza_access.conf";
 my $expired_epoch_access_conf = "$conf_dir/expired_epoch_stanza_access.conf";
 my $invalid_expire_access_conf = "$conf_dir/invalid_expire_access.conf";
+my $invalid_source_access_conf = "$conf_dir/invalid_source_access.conf";
 my $force_nat_access_conf = "$conf_dir/force_nat_access.conf";
 my $gpg_access_conf     = "$conf_dir/gpg_access.conf";
 my $default_digest_file = "$run_dir/digest.cache";
@@ -627,6 +628,20 @@ my @tests = (
     {
         'category' => 'Rijndael SPA',
         'subcategory' => 'client+server',
+        'detail'   => 'invalid SOURCE (tcp/22 ssh)',
+        'err_msg'  => 'SPA packet accepted',
+        'function' => \&spa_cycle,
+        'cmdline'  => $default_client_args,
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $default_conf -a $invalid_source_access_conf " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'server_positive_output_matches' => [qr/Fatal\serror\sparsing\sIP\sto\sint/],
+        'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'Rijndael SPA',
+        'subcategory' => 'client+server',
         'detail'   => 'expired stanza (tcp/22 ssh)',
         'err_msg'  => 'SPA packet accepted',
         'function' => \&spa_cycle,