diff options
Diffstat (limited to 'unit')
-rw-r--r-- | unit/test-iptables.c | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/unit/test-iptables.c b/unit/test-iptables.c index f11ed551..d9170125 100644 --- a/unit/test-iptables.c +++ b/unit/test-iptables.c @@ -100,6 +100,139 @@ static void test_iptables_basic2(void) g_assert(err == 0); } +static void test_iptables_chain0(void) +{ + int err; + + err = __connman_iptables_new_chain("filter", "foo"); + g_assert(err == 0); + + err = __connman_iptables_commit("filter"); + g_assert(err == 0); + + err = __connman_iptables_delete_chain("filter", "foo"); + g_assert(err == 0); + + err = __connman_iptables_commit("filter"); + g_assert(err == 0); +} + +static void test_iptables_chain1(void) +{ + int err; + + err = __connman_iptables_new_chain("filter", "foo"); + g_assert(err == 0); + + err = __connman_iptables_commit("filter"); + g_assert(err == 0); + + err = __connman_iptables_flush_chain("filter", "foo"); + g_assert(err == 0); + + err = __connman_iptables_commit("filter"); + g_assert(err == 0); + + err = __connman_iptables_delete_chain("filter", "foo"); + g_assert(err == 0); + + err = __connman_iptables_commit("filter"); + g_assert(err == 0); +} + +static void test_iptables_chain2(void) +{ + int err; + + err = __connman_iptables_change_policy("filter", "INPUT", "DROP"); + g_assert(err == 0); + + err = __connman_iptables_commit("filter"); + g_assert(err == 0); + + err = __connman_iptables_change_policy("filter", "INPUT", "ACCEPT"); + g_assert(err == 0); + + err = __connman_iptables_commit("filter"); + g_assert(err == 0); +} + +static void test_iptables_rule0(void) +{ + int err; + + /* Test simple appending and removing a rule */ + + err = __connman_iptables_append("filter", "INPUT", + "-m mark --mark 1 -j LOG"); + g_assert(err == 0); + + err = __connman_iptables_commit("filter"); + g_assert(err == 0); + + err = __connman_iptables_delete("filter", "INPUT", + "-m mark --mark 1 -j LOG"); + g_assert(err == 0); + + err = __connman_iptables_commit("filter"); + g_assert(err == 0); +} + + +static void test_iptables_rule1(void) +{ + int err; + + /* Test if we can do NAT stuff */ + + err = __connman_iptables_append("nat", "POSTROUTING", + "-s 10.10.1.0/24 -o eth0 -j MASQUERADE"); + + err = __connman_iptables_commit("nat"); + g_assert(err == 0); + + err = __connman_iptables_delete("nat", "POSTROUTING", + "-s 10.10.1.0/24 -o eth0 -j MASQUERADE"); + + err = __connman_iptables_commit("nat"); + g_assert(err == 0); +} + +static void test_iptables_rule2(void) +{ + int err; + + /* Test if the right rule is removed */ + + err = __connman_iptables_append("filter", "INPUT", + "-m mark --mark 1 -j LOG"); + g_assert(err == 0); + + err = __connman_iptables_commit("filter"); + g_assert(err == 0); + + err = __connman_iptables_append("filter", "INPUT", + "-m mark --mark 2 -j LOG"); + g_assert(err == 0); + + err = __connman_iptables_commit("filter"); + g_assert(err == 0); + + err = __connman_iptables_delete("filter", "INPUT", + "-m mark --mark 2 -j LOG"); + g_assert(err == 0); + + err = __connman_iptables_commit("filter"); + g_assert(err == 0); + + err = __connman_iptables_delete("filter", "INPUT", + "-m mark --mark 1 -j LOG"); + g_assert(err == 0); + + err = __connman_iptables_commit("filter"); + g_assert(err == 0); +} + int main(int argc, char *argv[]) { int err; @@ -113,6 +246,12 @@ int main(int argc, char *argv[]) g_test_add_func("/iptables/basic0", test_iptables_basic0); g_test_add_func("/iptables/basic1", test_iptables_basic1); g_test_add_func("/iptables/basic2", test_iptables_basic2); + g_test_add_func("/iptables/chain0", test_iptables_chain0); + g_test_add_func("/iptables/chain1", test_iptables_chain1); + g_test_add_func("/iptables/chain2", test_iptables_chain2); + g_test_add_func("/iptables/rule0", test_iptables_rule0); + g_test_add_func("/iptables/rule1", test_iptables_rule1); + g_test_add_func("/iptables/rule2", test_iptables_rule2); err = g_test_run(); |