rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/0023-tests-regression-coverage-for-enabling-IP-forwarding.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   c8bceb8bf3db2fe79739fc14eb36252dbd2fa1e2
  2.   SOURCES
  3.   0023-tests-regression-coverage-for-enabling-IP-forwarding.patch
Blob History Raw
c8bceb 
From 3c59fd09783cfafc0e624805c9a6788054bb5202 Mon Sep 17 00:00:00 2001
c8bceb 
From: Eric Garver <eric@garver.life>
c8bceb 
Date: Mon, 18 Mar 2019 15:22:56 -0400
c8bceb 
Subject: [PATCH 23/23] tests/regression: coverage for enabling IP forwarding
c8bceb 
 via forward-ports
c8bceb
c8bceb 
Coverage for issue 335 and rhbz 1679610.
c8bceb
c8bceb 
(cherry picked from commit 84e290a3faf1b0a2f7cd3521f8395cdedb57bf30)
c8bceb 
---
c8bceb 
 src/tests/regression.at       |  1 +
c8bceb 
 src/tests/regression/gh335.at | 47 +++++++++++++++++++++++++++++++++++
c8bceb 
 2 files changed, 48 insertions(+)
c8bceb 
 create mode 100644 src/tests/regression/gh335.at
c8bceb
c8bceb 
diff --git a/src/tests/regression.at b/src/tests/regression.at
c8bceb 
index 38e266021416..36e10eeb52d5 100644
c8bceb 
--- a/src/tests/regression.at
c8bceb 
+++ b/src/tests/regression.at
c8bceb 
@@ -15,3 +15,4 @@ m4_include([regression/rhbz1404076.at])
c8bceb 
 m4_include([regression/gh366.at])
c8bceb 
 m4_include([regression/rhbz1601610.at])
c8bceb 
 m4_include([regression/gh303.at])
c8bceb 
+m4_include([regression/gh335.at])
c8bceb 
diff --git a/src/tests/regression/gh335.at b/src/tests/regression/gh335.at
c8bceb 
new file mode 100644
c8bceb 
index 000000000000..901e2fa04f69
c8bceb 
--- /dev/null
c8bceb 
+++ b/src/tests/regression/gh335.at
c8bceb 
@@ -0,0 +1,47 @@
c8bceb 
+FWD_START_TEST([forward-port toaddr enables IP forwarding])
c8bceb 
+
c8bceb 
+NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
c8bceb 
+NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
c8bceb 
+FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toaddr=10.10.10.10])
c8bceb 
+NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore])
c8bceb 
+NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
c8bceb 
+FWD_RELOAD
c8bceb 
+
c8bceb 
+NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
c8bceb 
+NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
c8bceb 
+FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr="1234:5678::4321"])
c8bceb 
+NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
c8bceb 
+NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore])
c8bceb 
+FWD_RELOAD
c8bceb 
+
c8bceb 
+NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
c8bceb 
+NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
c8bceb 
+FWD_CHECK([-q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="10.10.10.10"'])
c8bceb 
+NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore])
c8bceb 
+NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
c8bceb 
+FWD_RELOAD
c8bceb 
+
c8bceb 
+NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
c8bceb 
+NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
c8bceb 
+FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="1234:5678::4321"'])
c8bceb 
+NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
c8bceb 
+NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore])
c8bceb 
+FWD_RELOAD
c8bceb 
+
c8bceb 
+dnl following tests should _not_ enable IP forwarding
c8bceb 
+NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
c8bceb 
+NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
c8bceb 
+
c8bceb 
+FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toport=54321])
c8bceb 
+NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
c8bceb 
+NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
c8bceb 
+
c8bceb 
+FWD_CHECK([-q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321"'])
c8bceb 
+NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
c8bceb 
+NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
c8bceb 
+
c8bceb 
+FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321"'])
c8bceb 
+NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
c8bceb 
+NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
c8bceb 
+
c8bceb 
+FWD_END_TEST
c8bceb 
--
c8bceb 
2.20.1
c8bceb

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation