[test suite] added iptables OUTPUT chain test

Makefile.am

@@ -245,6 +245,7 @@ EXTRA_DIST = \
     test/conf/icmp_pcap_filter_fwknopd.conf \
     test/conf/invalid_expire_access.conf \
     test/conf/invalid_source_access.conf \
+    test/conf/ipt_output_chain_fwknopd.conf \
     test/conf/invalid_ipt_input_chain_fwknopd.conf \
     test/conf/invalid_ipt_input_chain_2_fwknopd.conf \
     test/conf/invalid_ipt_input_chain_3_fwknopd.conf \

test/conf/invalid_ipt_input_chain_2_fwknopd.conf

@@ -1,2 +1 @@
-# default config - no variables set to allow defaults to be preserved
 IPT_INPUT_ACCESS        AACCEPT, filter, INPUT, 1, FWKNOP_INPUT_TEST, 1;

test/conf/invalid_ipt_input_chain_3_fwknopd.conf

@@ -1,2 +1 @@
-# default config - no variables set to allow defaults to be preserved
 IPT_INPUT_ACCESS        ACCEPT, ffilter, INPUT, 1, FWKNOP_INPUT_TEST, 1;

test/conf/invalid_ipt_input_chain_4_fwknopd.conf

@@ -1,2 +1 @@
-# default config - no variables set to allow defaults to be preserved
 IPT_INPUT_ACCESS        ACCEPT, filter, IINPUT, 1, FWKNOP_INPUT_TEST, 1;

test/conf/invalid_ipt_input_chain_5_fwknopd.conf

@@ -1,2 +1 @@
-# default config - no variables set to allow defaults to be preserved
 IPT_INPUT_ACCESS        ACCEPT, filter, INPUT, -1, FWKNOP_INPUT_TEST, 1;

test/conf/invalid_ipt_input_chain_6_fwknopd.conf

@@ -1,2 +1 @@
-# default config - no variables set to allow defaults to be preserved
 IPT_INPUT_ACCESS        ACCEPT, filter, INPUT, 1, FWKNOP_INPUT_TEST, -1;

test/conf/invalid_ipt_input_chain_fwknopd.conf

@@ -1,2 +1 @@
-# default config - no variables set to allow defaults to be preserved
 IPT_INPUT_ACCESS        ACCEPT, filter, INPUT, 1 FWKNOP_INPUT_TEST, 1;

test/conf/ipt_output_chain_fwknopd.conf

@@ -0,0 +1,2 @@
+ENABLE_IPT_OUTPUT       Y;
+IPT_OUTPUT_ACCESS       ACCEPT, filter, OUTPUT, 1, FWKNOP_OUTPUT, 1;

test/test-fwknop.pl

@@ -78,6 +78,7 @@ our %cf = (
     'future_exp_access'            => "$conf_dir/future_expired_stanza_access.conf",
     'exp_epoch_access'             => "$conf_dir/expired_epoch_stanza_access.conf",
     'invalid_exp_access'           => "$conf_dir/invalid_expire_access.conf",
+    'ipt_output_chain'             => "$conf_dir/ipt_output_chain_fwknopd.conf",
     'invalid_ipt_input_chain'      => "$conf_dir/invalid_ipt_input_chain_fwknopd.conf",
     'invalid_ipt_input_chain2'     => "$conf_dir/invalid_ipt_input_chain_2_fwknopd.conf",
     'invalid_ipt_input_chain3'     => "$conf_dir/invalid_ipt_input_chain_3_fwknopd.conf",

test/tests/rijndael_hmac.pl

@@ -95,6 +95,18 @@
         'fw_rule_removed' => $NEW_RULE_REMOVED,
         'key_file' => $cf{'rc_hmac_b64_key'},
     },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => 'iptables OUTPUT chain',
+        'function' => \&spa_cycle,
+        'cmdline'  => $default_client_hmac_args,
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'ipt_output_chain'} -a $cf{'hmac_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'key_file' => $cf{'rc_hmac_b64_key'},
+    },
 
     {
         'category' => 'Rijndael+HMAC',