From 3c59fd09783cfafc0e624805c9a6788054bb5202 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Mon, 18 Mar 2019 15:22:56 -0400 Subject: [PATCH 23/23] tests/regression: coverage for enabling IP forwarding via forward-ports Coverage for issue 335 and rhbz 1679610. (cherry picked from commit 84e290a3faf1b0a2f7cd3521f8395cdedb57bf30) --- src/tests/regression.at | 1 + src/tests/regression/gh335.at | 47 +++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 src/tests/regression/gh335.at diff --git a/src/tests/regression.at b/src/tests/regression.at index 38e266021416..36e10eeb52d5 100644 --- a/src/tests/regression.at +++ b/src/tests/regression.at @@ -15,3 +15,4 @@ m4_include([regression/rhbz1404076.at]) m4_include([regression/gh366.at]) m4_include([regression/rhbz1601610.at]) m4_include([regression/gh303.at]) +m4_include([regression/gh335.at]) diff --git a/src/tests/regression/gh335.at b/src/tests/regression/gh335.at new file mode 100644 index 000000000000..901e2fa04f69 --- /dev/null +++ b/src/tests/regression/gh335.at @@ -0,0 +1,47 @@ +FWD_START_TEST([forward-port toaddr enables IP forwarding]) + +NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) +NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) +FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toaddr=10.10.10.10]) +NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) +NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) +FWD_RELOAD + +NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) +NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) +FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr="1234:5678::4321"]) +NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) +NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) +FWD_RELOAD + +NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) +NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) +FWD_CHECK([-q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="10.10.10.10"']) +NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) +NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) +FWD_RELOAD + +NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) +NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) +FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="1234:5678::4321"']) +NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) +NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) +FWD_RELOAD + +dnl following tests should _not_ enable IP forwarding +NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) +NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) + +FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toport=54321]) +NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) +NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) + +FWD_CHECK([-q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321"']) +NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) +NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) + +FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321"']) +NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) +NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) + +FWD_END_TEST -- 2.20.1