diff options
author | Daniel Wagner <daniel.wagner@bmw-carit.de> | 2013-03-19 13:46:34 +0100 |
---|---|---|
committer | Patrik Flykt <patrik.flykt@linux.intel.com> | 2013-03-25 13:17:58 +0200 |
commit | 555f962dc5f75a9a54fa79257f348a6c46be0f5e (patch) | |
tree | a8c7a6518936ccdc7175aa0bfcdee413ac1d66e5 /tools | |
parent | ea307271bf2ed3cb3f594fdbcd461d939b5565fb (diff) | |
download | connman-555f962dc5f75a9a54fa79257f348a6c46be0f5e.tar.gz connman-555f962dc5f75a9a54fa79257f348a6c46be0f5e.tar.bz2 connman-555f962dc5f75a9a54fa79257f348a6c46be0f5e.zip |
iptables-unit: Add firewall API tests
Diffstat (limited to 'tools')
-rw-r--r-- | tools/iptables-unit.c | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/tools/iptables-unit.c b/tools/iptables-unit.c index e8616ef0..8ddd9198 100644 --- a/tools/iptables-unit.c +++ b/tools/iptables-unit.c @@ -402,6 +402,85 @@ static void test_nat_basic1(void) g_free(service); } +static void test_firewall_basic0(void) +{ + struct firewall_context *ctx; + int err; + + ctx = __connman_firewall_create(); + g_assert(ctx != NULL); + + err = __connman_firewall_add_rule(ctx, "filter", "INPUT", + "-m mark --mark 999 -j LOG"); + g_assert(err == 0); + + err = __connman_firewall_enable(ctx); + g_assert(err == 0); + + assert_rule_exists("filter", ":connman-INPUT - [0:0]"); + assert_rule_exists("filter", "-A INPUT -j connman-INPUT"); + assert_rule_exists("filter", "-A connman-INPUT -m mark --mark 0x3e7 -j LOG"); + + err = __connman_firewall_disable(ctx); + g_assert(err == 0); + + assert_rule_not_exists("filter", ":connman-INPUT - [0:0]"); + assert_rule_not_exists("filter", "-A INPUT -j connman-INPUT"); + assert_rule_not_exists("filter", "-A connman-INPUT -m mark --mark 0x3e7 -j LOG"); + + __connman_firewall_destroy(ctx); +} + +static void test_firewall_basic1(void) +{ + struct firewall_context *ctx; + int err; + + ctx = __connman_firewall_create(); + g_assert(ctx != NULL); + + err = __connman_firewall_add_rule(ctx, "filter", "INPUT", + "-m mark --mark 999 -j LOG"); + g_assert(err == 0); + + err = __connman_firewall_add_rule(ctx, "filter", "OUTPUT", + "-m mark --mark 999 -j LOG"); + g_assert(err == 0); + + err = __connman_firewall_enable(ctx); + g_assert(err == 0); + + err = __connman_firewall_disable(ctx); + g_assert(err == 0); + + __connman_firewall_destroy(ctx); +} + +static void test_firewall_basic2(void) +{ + struct firewall_context *ctx; + int err; + + ctx = __connman_firewall_create(); + g_assert(ctx != NULL); + + err = __connman_firewall_add_rule(ctx, "mangle", "INPUT", + "-j CONNMARK --restore-mark"); + g_assert(err == 0); + + err = __connman_firewall_add_rule(ctx, "mangle", "POSTROUTING", + "-j CONNMARK --save-mark"); + g_assert(err == 0); + + err = __connman_firewall_enable(ctx); + g_assert(err == 0); + + err = __connman_firewall_disable(ctx); + g_assert(err == 0); + + __connman_firewall_destroy(ctx); +} + static gchar *option_debug = NULL; static gboolean parse_debug(const char *key, const char *value, @@ -448,6 +527,7 @@ int main(int argc, char *argv[]) "Unit Tests Connection Manager", VERSION); __connman_iptables_init(); + __connman_firewall_init(); __connman_nat_init(); g_test_add_func("/iptables/chain0", test_iptables_chain0); @@ -460,10 +540,14 @@ int main(int argc, char *argv[]) g_test_add_func("/iptables/target0", test_iptables_target0); g_test_add_func("/nat/basic0", test_nat_basic0); g_test_add_func("/nat/basic1", test_nat_basic1); + g_test_add_func("/firewall/basic0", test_firewall_basic0); + g_test_add_func("/firewall/basic1", test_firewall_basic1); + g_test_add_func("/firewall/basic2", test_firewall_basic2); err = g_test_run(); __connman_nat_cleanup(); + __connman_firewall_cleanup(); __connman_iptables_cleanup(); g_free(option_debug); |