[PATCH v0 10/10] test-iptables: Add firewall API tests

Daniel Wagner Wed, 13 Mar 2013 09:11:28 -0700

From: Daniel Wagner <daniel.wag...@bmw-carit.de>

---
 Makefile.am           |  2 +-
 tools/iptables-unit.c | 95 +++++++++++++++++++++++++++++++++++++++++++++++----
 2 files changed, 90 insertions(+), 7 deletions(-)


diff --git a/Makefile.am b/Makefile.am
index 4c99ff5..78b1b33 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -312,7 +312,7 @@ tools_session_test_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ -ldl
 tools_iptables_unit_CFLAGS = @DBUS_CFLAGS@ @GLIB_CFLAGS@ @XTABLES_CFLAGS@ \
                -DIPTABLES_SAVE=\""${IPTABLES_SAVE}"\"
 tools_iptables_unit_SOURCES = $(gdbus_sources) src/log.c \
-                src/iptables.c src/nat.c tools/iptables-unit.c
+                src/iptables.c src/firewall.c src/nat.c tools/iptables-unit.c
 tools_iptables_unit_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ @XTABLES_LIBS@ -ldl
 
 endif
diff --git a/tools/iptables-unit.c b/tools/iptables-unit.c
index 14f58ad..3af6374 100644
--- a/tools/iptables-unit.c
+++ b/tools/iptables-unit.c
@@ -33,6 +33,7 @@ static connman_bool_t assert_rule(const char *table_name, 
const char *rule)
 {
        char *cmd, *output, **lines;
        GError **error = NULL;
+       connman_bool_t found = FALSE;
        int i;
 
        cmd = g_strdup_printf(IPTABLES_SAVE " -t %s", table_name);
@@ -43,16 +44,14 @@ static connman_bool_t assert_rule(const char *table_name, 
const char *rule)
        g_free(output);
 
        for (i = 0; lines[i] != NULL; i++) {
-               DBG("lines[%02d]: %s\n", i, lines[i]);
+               DBG("%s\n", lines[i]);
+
                if (g_strcmp0(lines[i], rule) == 0)
-                       break;
+                       found = TRUE;
        }
        g_strfreev(lines);
 
-       if (lines[i] == NULL)
-               return FALSE;
-
-       return TRUE;
+       return found;
 }
 
 static void assert_rule_exists(const char *table_name, const char *rule)
@@ -406,6 +405,85 @@ static void test_nat_basic1(void)
        g_free(service);
 }
 
+static void test_firewall_basic0(void)
+{
+       struct firewall_context *ctx;
+       int err;
+
+       ctx = __connman_firewall_create();
+       g_assert(ctx != NULL);
+
+       err = __connman_firewall_add_rule(ctx, "filter", "INPUT",
+                                       "-m mark --mark 999 -j LOG");
+       g_assert(err == 0);
+
+       err = __connman_firewall_enable(ctx);
+       g_assert(err == 0);
+
+       assert_rule_exists("filter", ":connman-INPUT - [0:0]");
+       assert_rule_exists("filter", "-A INPUT -j connman-INPUT");
+       assert_rule_exists("filter", "-A connman-INPUT -m mark --mark 0x3e7 -j 
LOG");
+
+       err = __connman_firewall_disable(ctx);
+       g_assert(err == 0);
+
+       assert_rule_not_exists("filter", ":connman-INPUT - [0:0]");
+       assert_rule_not_exists("filter", "-A INPUT -j connman-INPUT");
+       assert_rule_not_exists("filter", "-A connman-INPUT -m mark --mark 0x3e7 
-j LOG");
+
+       __connman_firewall_destroy(ctx);
+}
+
+static void test_firewall_basic1(void)
+{
+       struct firewall_context *ctx;
+       int err;
+
+       ctx = __connman_firewall_create();
+       g_assert(ctx != NULL);
+
+       err = __connman_firewall_add_rule(ctx, "filter", "INPUT",
+                                       "-m mark --mark 999 -j LOG");
+       g_assert(err == 0);
+
+       err = __connman_firewall_add_rule(ctx, "filter", "OUTPUT",
+                                       "-m mark --mark 999 -j LOG");
+       g_assert(err == 0);
+
+       err = __connman_firewall_enable(ctx);
+       g_assert(err == 0);
+
+       err = __connman_firewall_disable(ctx);
+       g_assert(err == 0);
+
+       __connman_firewall_destroy(ctx);
+}
+
+static void test_firewall_basic2(void)
+{
+       struct firewall_context *ctx;
+       int err;
+
+       ctx = __connman_firewall_create();
+       g_assert(ctx != NULL);
+
+       err = __connman_firewall_add_rule(ctx, "mangle", "INPUT",
+                                       "-j CONNMARK --restore-mark");
+       g_assert(err == 0);
+
+       err = __connman_firewall_add_rule(ctx, "mangle", "POSTROUTING",
+                                       "-j CONNMARK --save-mark");
+       g_assert(err == 0);
+
+       err = __connman_firewall_enable(ctx);
+       g_assert(err == 0);
+
+       err = __connman_firewall_disable(ctx);
+       g_assert(err == 0);
+
+       __connman_firewall_destroy(ctx);
+}
+
 static gchar *option_debug = NULL;
 
 static gboolean parse_debug(const char *key, const char *value,
@@ -452,6 +530,7 @@ int main(int argc, char *argv[])
                        "Unit Tests Connection Manager", VERSION);
 
        __connman_iptables_init();
+       __connman_firewall_init();
        __connman_nat_init();
 
        g_test_add_func("/iptables/chain0", test_iptables_chain0);
@@ -464,10 +543,14 @@ int main(int argc, char *argv[])
        g_test_add_func("/iptables/target0", test_iptables_target0);
        g_test_add_func("/nat/basic0", test_nat_basic0);
        g_test_add_func("/nat/basic1", test_nat_basic1);
+       g_test_add_func("/firewall/basic0", test_firewall_basic0);
+       g_test_add_func("/firewall/basic1", test_firewall_basic1);
+       g_test_add_func("/firewall/basic2", test_firewall_basic2);
 
        err = g_test_run();
 
        __connman_nat_cleanup();
+       __connman_firewall_cleanup();
        __connman_iptables_cleanup();
 
        g_free(option_debug);
-- 
1.8.2.rc3.16.gce432ca

_______________________________________________
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman

[PATCH v0 10/10] test-iptables: Add firewall API tests

Reply via email to