From 26aceb9db6d4872960c37cf8d4e11e6bc912660e Mon Sep 17 00:00:00 2001
From: Michael Rash <mbr@cipherdyne.org>
Date: Sat, 7 Mar 2015 19:12:39 -0800
Subject: [PATCH] [test suite] add more rigorous multi-port tests with per-rule
 regex search criteria

---
 test/tests/rijndael.pl      | 27 +++++++++++++++++++++++++++
 test/tests/rijndael_hmac.pl | 16 ++++++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/test/tests/rijndael.pl b/test/tests/rijndael.pl
index 65c72e96..b7fbd341 100644
--- a/test/tests/rijndael.pl
+++ b/test/tests/rijndael.pl
@@ -1143,6 +1143,20 @@
         'fw_rule_created' => $NEW_RULE_REQUIRED,
         'fw_rule_removed' => $NEW_RULE_REMOVED,
     },
+    {
+        'category' => 'Rijndael',
+        'subcategory' => 'client+server',
+        'detail'   => "$FW_TYPE multi port re search (1)",
+        'function' => \&spa_cycle,
+        'cmdline' => "$fwknopCmd -A tcp/60001,udp/60001 -a $fake_ip -D $loopback_ip --get-key " .
+            "$local_key_file $verbose_str",
+        'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str",
+        'server_positive_output_matches' => [qr/^1\s+ACCEPT\s+tcp.*dpt:60001/,
+            qr/^2\s+ACCEPT\s+udp.*dpt:60001/],
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+    },
+
     {
         'category' => 'Rijndael',
         'subcategory' => 'client+server',
@@ -1154,6 +1168,19 @@
         'fw_rule_created' => $NEW_RULE_REQUIRED,
         'fw_rule_removed' => $NEW_RULE_REMOVED,
     },
+    {
+        'category' => 'Rijndael',
+        'subcategory' => 'client+server',
+        'detail'   => "$FW_TYPE multi port re search (2)",
+        'function' => \&spa_cycle,
+        'cmdline' => "$fwknopCmd -A tcp/22,udp/53,tcp/1234 -a $fake_ip -D $loopback_ip --get-key " .
+            "$local_key_file $verbose_str",
+        'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str",
+        'server_positive_output_matches' => [qr/^1\s+ACCEPT\s+tcp.*dpt:22\s/,
+            qr/^2\s+ACCEPT\s+udp.*dpt:53\s/, qr/^3\s+ACCEPT\s+tcp.*dpt:1234\s/],
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+    },
 
     {
         'category' => 'Rijndael',
diff --git a/test/tests/rijndael_hmac.pl b/test/tests/rijndael_hmac.pl
index 3a1fe721..ff87cfe0 100644
--- a/test/tests/rijndael_hmac.pl
+++ b/test/tests/rijndael_hmac.pl
@@ -600,6 +600,22 @@
         'fw_rule_removed' => $NEW_RULE_REMOVED,
         'key_file' => $cf{'rc_hmac_b64_key'},
     },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => "$FW_TYPE multi port re search (1)",
+        'function' => \&spa_cycle,
+        'cmdline' => "$fwknopCmd -A tcp/60001,udp/60001 -a $fake_ip -D $loopback_ip --rc-file " .
+            "$cf{'rc_hmac_b64_key'} $verbose_str",
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'server_positive_output_matches' => [qr/^1\s+ACCEPT\s+tcp.*dpt:60001/,
+            qr/^2\s+ACCEPT\s+udp.*dpt:60001/],
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'key_file' => $cf{'rc_hmac_b64_key'},
+    },
+
     {
         'category' => 'Rijndael+HMAC',
         'subcategory' => 'client+server',