diff options
-rw-r--r-- | Makefile.am | 2 | ||||
-rw-r--r-- | tools/iptables-unit.c | 84 |
2 files changed, 85 insertions, 1 deletions
diff --git a/Makefile.am b/Makefile.am index 4c99ff58..78b1b337 100644 --- a/Makefile.am +++ b/Makefile.am @@ -312,7 +312,7 @@ tools_session_test_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ -ldl tools_iptables_unit_CFLAGS = @DBUS_CFLAGS@ @GLIB_CFLAGS@ @XTABLES_CFLAGS@ \ -DIPTABLES_SAVE=\""${IPTABLES_SAVE}"\" tools_iptables_unit_SOURCES = $(gdbus_sources) src/log.c \ - src/iptables.c src/nat.c tools/iptables-unit.c + src/iptables.c src/firewall.c src/nat.c tools/iptables-unit.c tools_iptables_unit_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ @XTABLES_LIBS@ -ldl endif diff --git a/tools/iptables-unit.c b/tools/iptables-unit.c index e8616ef0..8ddd9198 100644 --- a/tools/iptables-unit.c +++ b/tools/iptables-unit.c @@ -402,6 +402,85 @@ static void test_nat_basic1(void) g_free(service); } +static void test_firewall_basic0(void) +{ + struct firewall_context *ctx; + int err; + + ctx = __connman_firewall_create(); + g_assert(ctx != NULL); + + err = __connman_firewall_add_rule(ctx, "filter", "INPUT", + "-m mark --mark 999 -j LOG"); + g_assert(err == 0); + + err = __connman_firewall_enable(ctx); + g_assert(err == 0); + + assert_rule_exists("filter", ":connman-INPUT - [0:0]"); + assert_rule_exists("filter", "-A INPUT -j connman-INPUT"); + assert_rule_exists("filter", "-A connman-INPUT -m mark --mark 0x3e7 -j LOG"); + + err = __connman_firewall_disable(ctx); + g_assert(err == 0); + + assert_rule_not_exists("filter", ":connman-INPUT - [0:0]"); + assert_rule_not_exists("filter", "-A INPUT -j connman-INPUT"); + assert_rule_not_exists("filter", "-A connman-INPUT -m mark --mark 0x3e7 -j LOG"); + + __connman_firewall_destroy(ctx); +} + +static void test_firewall_basic1(void) +{ + struct firewall_context *ctx; + int err; + + ctx = __connman_firewall_create(); + g_assert(ctx != NULL); + + err = __connman_firewall_add_rule(ctx, "filter", "INPUT", + "-m mark --mark 999 -j LOG"); + g_assert(err == 0); + + err = __connman_firewall_add_rule(ctx, "filter", "OUTPUT", + "-m mark --mark 999 -j LOG"); + g_assert(err == 0); + + err = __connman_firewall_enable(ctx); + g_assert(err == 0); + + err = __connman_firewall_disable(ctx); + g_assert(err == 0); + + __connman_firewall_destroy(ctx); +} + +static void test_firewall_basic2(void) +{ + struct firewall_context *ctx; + int err; + + ctx = __connman_firewall_create(); + g_assert(ctx != NULL); + + err = __connman_firewall_add_rule(ctx, "mangle", "INPUT", + "-j CONNMARK --restore-mark"); + g_assert(err == 0); + + err = __connman_firewall_add_rule(ctx, "mangle", "POSTROUTING", + "-j CONNMARK --save-mark"); + g_assert(err == 0); + + err = __connman_firewall_enable(ctx); + g_assert(err == 0); + + err = __connman_firewall_disable(ctx); + g_assert(err == 0); + + __connman_firewall_destroy(ctx); +} + static gchar *option_debug = NULL; static gboolean parse_debug(const char *key, const char *value, @@ -448,6 +527,7 @@ int main(int argc, char *argv[]) "Unit Tests Connection Manager", VERSION); __connman_iptables_init(); + __connman_firewall_init(); __connman_nat_init(); g_test_add_func("/iptables/chain0", test_iptables_chain0); @@ -460,10 +540,14 @@ int main(int argc, char *argv[]) g_test_add_func("/iptables/target0", test_iptables_target0); g_test_add_func("/nat/basic0", test_nat_basic0); g_test_add_func("/nat/basic1", test_nat_basic1); + g_test_add_func("/firewall/basic0", test_firewall_basic0); + g_test_add_func("/firewall/basic1", test_firewall_basic1); + g_test_add_func("/firewall/basic2", test_firewall_basic2); err = g_test_run(); __connman_nat_cleanup(); + __connman_firewall_cleanup(); __connman_iptables_cleanup(); g_free(option_debug); |