[test suite] more NAT DNS coverage

2016-05-28 05:06:07 -07:00 · 2016-05-28 05:06:07 -07:00 · 7f12fc72d1
commit 7f12fc72d1
parent 8514061681
6 changed files with 45 additions and 1 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -145,6 +145,8 @@ EXTRA_DIST = \
    test/conf/ipt_custom_nat_chain_fwknopd.conf \
    test/conf/firewd_custom_nat_chain_fwknopd.conf \
    test/conf/gpg_invalid_exe_access.conf \
+    test/conf/ipt_nat_disable_aging_fwknopd.conf \
+    test/conf/firewd_nat_disable_aging_fwknopd.conf \
    test/conf/disable_aging_fwknopd.conf \
    test/conf/disable_aging_nat_fwknopd.conf \
    test/conf/dual_key_usage_access.conf \
--- a/test/conf/firewd_nat_disable_aging_fwknopd.conf
+++ b/test/conf/firewd_nat_disable_aging_fwknopd.conf
@ -0,0 +1,2 @@
+ENABLE_SPA_PACKET_AGING         N;
+ENABLE_FIREWD_FORWARDING           Y;
--- a/test/conf/ipt_nat_disable_aging_fwknopd.conf
+++ b/test/conf/ipt_nat_disable_aging_fwknopd.conf
@ -0,0 +1,2 @@
+ENABLE_SPA_PACKET_AGING         N;
+ENABLE_IPT_FORWARDING           Y;
--- a/test/conf/ipt_no_nat_dns_fwknopd.conf
+++ b/test/conf/ipt_no_nat_dns_fwknopd.conf
@ -1,2 +1,2 @@
-ENABLE_FIREWD_FORWARDING           Y;
+ENABLE_IPT_FORWARDING           Y;
 ENABLE_NAT_DNS         N;
--- a/test/test-fwknop.pl
+++ b/test/test-fwknop.pl
@ -420,6 +420,7 @@ exit 1 unless GetOptions(
 ### main configuration file paths
 our %cf = (
    "${fw_conf_prefix}_nat"                  => "$conf_dir/${fw_conf_prefix}_nat_fwknopd.conf",
+    "${fw_conf_prefix}_nat_disable_aging"    => "$conf_dir/${fw_conf_prefix}_nat_disable_aging_fwknopd.conf",
    "${fw_conf_prefix}_snat"                 => "$conf_dir/${fw_conf_prefix}_snat_fwknopd.conf",
    "${fw_conf_prefix}_snat_no_translate_ip" => "$conf_dir/${fw_conf_prefix}_snat_no_translate_ip_fwknopd.conf",
    "${fw_conf_prefix}_snat_translate_ip"    => "$conf_dir/${fw_conf_prefix}_snat_translate_ip_fwknopd.conf",
--- a/test/tests/rijndael_hmac.pl
+++ b/test/tests/rijndael_hmac.pl
@ -1638,6 +1638,43 @@
        'key_file' => $cf{'rc_hmac_b64_key'},
        'server_conf' => $cf{"${fw_conf_prefix}_no_nat_dns_fwknopd"}
    },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => "NAT_DNS invalid host",
+        'function' => \&spa_cycle,
+        'cmdline'  => "$default_client_args_no_get_key --rc-file " .
+            "$cf{'rc_hmac_b64_key'} -N bad%host:22",
+        'pkt' =>
+            '86uMfbb7AitlOEck6O0qJDtKK+GyTSnpxaL3iyCTzg+P0iRgMLRjt3Og4YmrG' .
+            '54AqaCg5M3tsqr3lF0E+mlMnNDtTy40nPc46psbreD1GqZ5fQkxri2IhhCSbA' .
+            'PeivyVE2cTB223gk9RDhaOMoHd8HtqwhMNiSGy8hU1dwCXo1Sjmx5kZ8Nnt91' .
+            'U82wW4jFTUObg83iJqz72xPw6sf7bvnZWeIbgE56pA',
+        'fwknopd_cmdline' => qq/$fwknopdCmd -c $cf{"${fw_conf_prefix}_nat_disable_aging"} -a $cf{'hmac_open_ports_access'} / .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'server_positive_output_matches' => [
+            qr/Invalid Hostname in NAT SPA message/
+        ],
+        'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
+        'key_file' => $cf{'rc_hmac_b64_key'},
+        'server_conf' => $cf{"${fw_conf_prefix}_nat_disable_aging"}
+    },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => "NAT_DNS resolution error",
+        'function' => \&spa_cycle,
+        'cmdline'  => "$default_client_args_no_get_key --rc-file " .
+            "$cf{'rc_hmac_b64_key'} -N somehost:22",
+        'fwknopd_cmdline' => qq/$fwknopdCmd -c $cf{"${fw_conf_prefix}_nat"} -a $cf{'hmac_open_ports_access'} / .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'server_positive_output_matches' => [
+            qr/Unable to resolve Hostname/
+        ],
+        'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
+        'key_file' => $cf{'rc_hmac_b64_key'},
+        'server_conf' => $cf{"${fw_conf_prefix}_nat"}
+    },

    {
        'category' => 'Rijndael+HMAC',