rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/0023-tests-regression-coverage-for-enabling-IP-forwarding.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   0023-tests-regression-coverage-for-enabling-IP-forwarding.patch
Blob History Raw
24f428 
From 3c59fd09783cfafc0e624805c9a6788054bb5202 Mon Sep 17 00:00:00 2001
24f428 
From: Eric Garver <eric@garver.life>
24f428 
Date: Mon, 18 Mar 2019 15:22:56 -0400
24f428 
Subject: [PATCH 23/23] tests/regression: coverage for enabling IP forwarding
24f428 
 via forward-ports
24f428
24f428 
Coverage for issue 335 and rhbz 1679610.
24f428
24f428 
(cherry picked from commit 84e290a3faf1b0a2f7cd3521f8395cdedb57bf30)
24f428 
---
24f428 
 src/tests/regression.at       |  1 +
24f428 
 src/tests/regression/gh335.at | 47 +++++++++++++++++++++++++++++++++++
24f428 
 2 files changed, 48 insertions(+)
24f428 
 create mode 100644 src/tests/regression/gh335.at
24f428
24f428 
diff --git a/src/tests/regression.at b/src/tests/regression.at
24f428 
index 38e266021416..36e10eeb52d5 100644
24f428 
--- a/src/tests/regression.at
24f428 
+++ b/src/tests/regression.at
24f428 
@@ -15,3 +15,4 @@ m4_include([regression/rhbz1404076.at])
24f428 
 m4_include([regression/gh366.at])
24f428 
 m4_include([regression/rhbz1601610.at])
24f428 
 m4_include([regression/gh303.at])
24f428 
+m4_include([regression/gh335.at])
24f428 
diff --git a/src/tests/regression/gh335.at b/src/tests/regression/gh335.at
24f428 
new file mode 100644
24f428 
index 000000000000..901e2fa04f69
24f428 
--- /dev/null
24f428 
+++ b/src/tests/regression/gh335.at
24f428 
@@ -0,0 +1,47 @@
24f428 
+FWD_START_TEST([forward-port toaddr enables IP forwarding])
24f428 
+
24f428 
+NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
24f428 
+NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
24f428 
+FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toaddr=10.10.10.10])
24f428 
+NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore])
24f428 
+NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
24f428 
+FWD_RELOAD
24f428 
+
24f428 
+NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
24f428 
+NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
24f428 
+FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr="1234:5678::4321"])
24f428 
+NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
24f428 
+NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore])
24f428 
+FWD_RELOAD
24f428 
+
24f428 
+NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
24f428 
+NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
24f428 
+FWD_CHECK([-q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="10.10.10.10"'])
24f428 
+NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore])
24f428 
+NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
24f428 
+FWD_RELOAD
24f428 
+
24f428 
+NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
24f428 
+NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
24f428 
+FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="1234:5678::4321"'])
24f428 
+NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
24f428 
+NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore])
24f428 
+FWD_RELOAD
24f428 
+
24f428 
+dnl following tests should _not_ enable IP forwarding
24f428 
+NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
24f428 
+NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
24f428 
+
24f428 
+FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toport=54321])
24f428 
+NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
24f428 
+NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
24f428 
+
24f428 
+FWD_CHECK([-q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321"'])
24f428 
+NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
24f428 
+NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
24f428 
+
24f428 
+FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321"'])
24f428 
+NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
24f428 
+NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
24f428 
+
24f428 
+FWD_END_TEST
24f428 
--
24f428 
2.20.1
24f428

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation