From 555f962dc5f75a9a54fa79257f348a6c46be0f5e Mon Sep 17 00:00:00 2001 From: Daniel Wagner Date: Tue, 19 Mar 2013 13:46:34 +0100 Subject: [PATCH] iptables-unit: Add firewall API tests --- Makefile.am | 2 +- tools/iptables-unit.c | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 4c99ff5..78b1b33 100644 --- a/Makefile.am +++ b/Makefile.am @@ -312,7 +312,7 @@ tools_session_test_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ -ldl tools_iptables_unit_CFLAGS = @DBUS_CFLAGS@ @GLIB_CFLAGS@ @XTABLES_CFLAGS@ \ -DIPTABLES_SAVE=\""${IPTABLES_SAVE}"\" tools_iptables_unit_SOURCES = $(gdbus_sources) src/log.c \ - src/iptables.c src/nat.c tools/iptables-unit.c + src/iptables.c src/firewall.c src/nat.c tools/iptables-unit.c tools_iptables_unit_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ @XTABLES_LIBS@ -ldl endif diff --git a/tools/iptables-unit.c b/tools/iptables-unit.c index e8616ef..8ddd919 100644 --- a/tools/iptables-unit.c +++ b/tools/iptables-unit.c @@ -402,6 +402,85 @@ static void test_nat_basic1(void) g_free(service); } +static void test_firewall_basic0(void) +{ + struct firewall_context *ctx; + int err; + + ctx = __connman_firewall_create(); + g_assert(ctx != NULL); + + err = __connman_firewall_add_rule(ctx, "filter", "INPUT", + "-m mark --mark 999 -j LOG"); + g_assert(err == 0); + + err = __connman_firewall_enable(ctx); + g_assert(err == 0); + + assert_rule_exists("filter", ":connman-INPUT - [0:0]"); + assert_rule_exists("filter", "-A INPUT -j connman-INPUT"); + assert_rule_exists("filter", "-A connman-INPUT -m mark --mark 0x3e7 -j LOG"); + + err = __connman_firewall_disable(ctx); + g_assert(err == 0); + + assert_rule_not_exists("filter", ":connman-INPUT - [0:0]"); + assert_rule_not_exists("filter", "-A INPUT -j connman-INPUT"); + assert_rule_not_exists("filter", "-A connman-INPUT -m mark --mark 0x3e7 -j LOG"); + + __connman_firewall_destroy(ctx); +} + +static void test_firewall_basic1(void) +{ + struct firewall_context *ctx; + int err; + + ctx = __connman_firewall_create(); + g_assert(ctx != NULL); + + err = __connman_firewall_add_rule(ctx, "filter", "INPUT", + "-m mark --mark 999 -j LOG"); + g_assert(err == 0); + + err = __connman_firewall_add_rule(ctx, "filter", "OUTPUT", + "-m mark --mark 999 -j LOG"); + g_assert(err == 0); + + err = __connman_firewall_enable(ctx); + g_assert(err == 0); + + err = __connman_firewall_disable(ctx); + g_assert(err == 0); + + __connman_firewall_destroy(ctx); +} + +static void test_firewall_basic2(void) +{ + struct firewall_context *ctx; + int err; + + ctx = __connman_firewall_create(); + g_assert(ctx != NULL); + + err = __connman_firewall_add_rule(ctx, "mangle", "INPUT", + "-j CONNMARK --restore-mark"); + g_assert(err == 0); + + err = __connman_firewall_add_rule(ctx, "mangle", "POSTROUTING", + "-j CONNMARK --save-mark"); + g_assert(err == 0); + + err = __connman_firewall_enable(ctx); + g_assert(err == 0); + + err = __connman_firewall_disable(ctx); + g_assert(err == 0); + + __connman_firewall_destroy(ctx); +} + static gchar *option_debug = NULL; static gboolean parse_debug(const char *key, const char *value, @@ -448,6 +527,7 @@ int main(int argc, char *argv[]) "Unit Tests Connection Manager", VERSION); __connman_iptables_init(); + __connman_firewall_init(); __connman_nat_init(); g_test_add_func("/iptables/chain0", test_iptables_chain0); @@ -460,10 +540,14 @@ int main(int argc, char *argv[]) g_test_add_func("/iptables/target0", test_iptables_target0); g_test_add_func("/nat/basic0", test_nat_basic0); g_test_add_func("/nat/basic1", test_nat_basic1); + g_test_add_func("/firewall/basic0", test_firewall_basic0); + g_test_add_func("/firewall/basic1", test_firewall_basic1); + g_test_add_func("/firewall/basic2", test_firewall_basic2); err = g_test_run(); __connman_nat_cleanup(); + __connman_firewall_cleanup(); __connman_iptables_cleanup(); g_free(option_debug); -- 2.7.4