6dd5ab8e35
This commit provides an easy way to control how verbose fwknop command execution will be. For example, fwknopd only calls hex_dump() against SPA packets when --verbose > 2, so invoking the tests suite as follows will result in hex_dump() being included in fwknopd output (see the output/1_fwknopd.test file: ./test-fwknop.pl --include "Rijndael.*complete.*22" --test-limit 1 --cmd-verbose "--verbose --verbose --verbose" [+] candidate SPA packet payload: 0x0000: 39 62 72 51 58 75 7a 4b 57 54 53 67 57 56 35 66 9brQXuzKWTSgWV5f 0x0010: 73 63 78 42 35 78 69 51 65 6c 55 4f 53 78 69 45 scxB5xiQelUOSxiE 0x0020: 51 30 59 6a 41 50 70 31 4f 70 43 62 32 51 4a 4c Q0YjAPp1OpCb2QJL 0x0030: 48 34 42 65 68 64 6d 47 35 49 31 50 36 2f 5a 69 H4BehdmG5I1P6/Zi 0x0040: 6a 34 4b 41 62 34 53 68 6a 59 66 4f 71 2b 46 6c j4KAb4ShjYfOq+Fl 0x0050: 4a 35 52 75 70 33 39 6f 6e 65 42 79 72 51 46 57 J5Rup39oneByrQFW 0x0060: 61 38 6c 37 63 48 6e 38 5a 54 36 59 6e 55 56 47 a8l7cHn8ZT6YnUVG 0x0070: 50 36 6e 53 6f 69 30 61 70 72 32 52 39 62 6b 56 P6nSoi0apr2R9bkV 0x0080: 37 50 61 67 41 61 6b 49 44 63 58 59 44 6b 2f 64 7PagAakIDcXYDk/d 0x0090: 67 51 45 61 37 39 32 6f 30 4d 38 6e 30 30 6e 35 gQEa792o0M8n00n5 0x00a0: 55 U
776 lines
32 KiB
Perl
776 lines
32 KiB
Perl
@basic_operations = (
|
|
{
|
|
'category' => 'basic operations',
|
|
'detail' => 'dump config',
|
|
'function' => \&generic_exec,
|
|
'positive_output_matches' => [qr/SYSLOG_IDENTITY/],
|
|
'exec_err' => $NO,
|
|
'cmdline' => "$fwknopdCmd -c $cf{'def'} " .
|
|
"-a $cf{'def_access'} --dump-config",
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'detail' => 'override config',
|
|
'function' => \&generic_exec,
|
|
'positive_output_matches' => [qr/ENABLE_PCAP_PROMISC.*\'Y\'/],
|
|
'exec_err' => $NO,
|
|
'cmdline' => "$fwknopdCmd $default_server_conf_args " .
|
|
"-O $conf_dir/override_fwknopd.conf --dump-config",
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => 'show last args',
|
|
'function' => \&generic_exec,
|
|
'positive_output_matches' => [qr/Could\snot|Last\sfwknop/i],
|
|
'exec_err' => $IGNORE,
|
|
'cmdline' => "$fwknopCmd --show-last",
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => '--get-key path validation',
|
|
'function' => \&generic_exec,
|
|
'positive_output_matches' => [qr/could\snot\sopen/i],
|
|
'exec_err' => $YES,
|
|
'cmdline' => "$fwknopCmd -A tcp/22 -a $fake_ip " .
|
|
"-D $loopback_ip --get-key not/there",
|
|
'fatal' => $YES
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => 'require [-s|-R|-a]',
|
|
'function' => \&generic_exec,
|
|
'positive_output_matches' => [qr/must\suse\sone\sof/i],
|
|
'exec_err' => $YES,
|
|
'cmdline' => "$fwknopCmd -D $loopback_ip",
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => '--allow-ip <IP> valid IP',
|
|
'function' => \&generic_exec,
|
|
'positive_output_matches' => [qr/Invalid\sallow\sIP\saddress/i],
|
|
'exec_err' => $YES,
|
|
'cmdline' => "$fwknopCmd -A tcp/22 -a invalidIP -D $loopback_ip",
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => '-A <proto>/<port> specification (proto)',
|
|
'function' => \&generic_exec,
|
|
'positive_output_matches' => [qr/Invalid\sSPA\saccess\smessage/i],
|
|
'exec_err' => $YES,
|
|
'cmdline' => "$fwknopCmd -A invalid/22 -a $fake_ip -D $loopback_ip",
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => '-A <proto>/<port> specification (port)',
|
|
'function' => \&generic_exec,
|
|
'positive_output_matches' => [qr/Invalid\sSPA\saccess\smessage/i],
|
|
'exec_err' => $YES,
|
|
'cmdline' => "$fwknopCmd -A tcp/600001 -a $fake_ip -D $loopback_ip",
|
|
},
|
|
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => 'generate SPA packet',
|
|
'function' => \&client_send_spa_packet,
|
|
'cmdline' => $default_client_args,
|
|
'fatal' => $YES
|
|
},
|
|
|
|
### rc tests: digest
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'digest MD5',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'MD5'}}],
|
|
'positive_output_matches' => [qr/Digest\sType\:\s.*MD5/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'digest SHA1',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'SHA1'}}],
|
|
'positive_output_matches' => [qr/Digest\sType\:\s.*SHA1/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'digest SHA256',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'SHA256'}}],
|
|
'positive_output_matches' => [qr/Digest\sType\:\s.*SHA256/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'digest SHA384',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'SHA384'}}],
|
|
'positive_output_matches' => [qr/Digest\sType\:\s.*SHA384/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'digest SHA512',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'SHA512'}}],
|
|
'positive_output_matches' => [qr/Digest\sType\:\s.*SHA512/],
|
|
},
|
|
### rc tests: spa server proto
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'spa server proto UDP',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PROTO' => 'UDP'}}],
|
|
'positive_output_matches' => [qr/protocol:\sudp/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'spa server proto TCP',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PROTO' => 'TCP'}}],
|
|
'positive_output_matches' => [qr/protocol:\stcp/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'spa server proto HTTP',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PROTO' => 'HTTP'}}],
|
|
'positive_output_matches' => [qr/protocol:\shttp/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'spa server proto TCPRAW',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PROTO' => 'TCPRAW'}}],
|
|
'positive_output_matches' => [qr/protocol:\stcpraw/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'spa server proto ICMP',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PROTO' => 'ICMP'}}],
|
|
'positive_output_matches' => [qr/protocol:\sicmp/],
|
|
},
|
|
### rc tests: spa server port
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'spa server port 65421',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PORT' => '65421'}}],
|
|
'positive_output_matches' => [qr/destination\sport:\s65421/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'spa server port 22',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PORT' => '22'}}],
|
|
'positive_output_matches' => [qr/destination\sport:\s22/],
|
|
},
|
|
### rc tests: spa source port
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'spa source port 65421',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'SPA_SOURCE_PORT' => '65421'}}],
|
|
'positive_output_matches' => [qr/source\sport:\s65421/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'spa source port 22',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'SPA_SOURCE_PORT' => '22'}}],
|
|
'positive_output_matches' => [qr/source\sport:\s22/],
|
|
},
|
|
### rc tests: firewall timeout
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'firewall timeout 1234s',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'FW_TIMEOUT' => '1234'}}],
|
|
'positive_output_matches' => [qr/Client\sTimeout:\s1234/],
|
|
},
|
|
### rc tests: hmac digest
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'HMAC digest MD5',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'HMAC_KEY' => 'hmactest',
|
|
'HMAC_DIGEST_TYPE' => 'MD5'}}],
|
|
'positive_output_matches' => [qr/HMAC\sType\:\s.*MD5/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'HMAC digest SHA1',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'HMAC_KEY' => 'hmactest',
|
|
'HMAC_DIGEST_TYPE' => 'SHA1'}}],
|
|
'positive_output_matches' => [qr/HMAC\sType\:\s.*SHA1/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'HMAC digest SHA256',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'HMAC_KEY' => 'hmactest',
|
|
'HMAC_DIGEST_TYPE' => 'SHA256'}}],
|
|
'positive_output_matches' => [qr/HMAC\sType\:\s.*SHA256/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'HMAC digest SHA384',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'HMAC_KEY' => 'hmactest',
|
|
'HMAC_DIGEST_TYPE' => 'SHA384'}}],
|
|
'positive_output_matches' => [qr/HMAC\sType\:\s.*SHA384/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client rc file',
|
|
'detail' => 'HMAC digest SHA512',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => $client_rewrite_rc_args,
|
|
'write_rc_file' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'HMAC_KEY' => 'hmactest',
|
|
'HMAC_DIGEST_TYPE' => 'SHA512'}}],
|
|
'positive_output_matches' => [qr/HMAC\sType\:\s.*SHA512/],
|
|
},
|
|
### rc file saving --save-rc-stanza
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'digest MD5',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --digest-type MD5",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'SHA1'}}],
|
|
'positive_output_matches' => [qr/Digest\sType\:\s.*MD5/],
|
|
'rc_positive_output_matches' => [qr/DIGEST_TYPE.*MD5/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'digest SHA1',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --digest-type SHA1",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'MD5'}}],
|
|
'positive_output_matches' => [qr/Digest\sType\:\s.*SHA1/],
|
|
'rc_positive_output_matches' => [qr/DIGEST_TYPE.*SHA1/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'digest SHA256',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --digest-type SHA256",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'MD5'}}],
|
|
'positive_output_matches' => [qr/Digest\sType\:\s.*SHA256/],
|
|
'rc_positive_output_matches' => [qr/DIGEST_TYPE.*SHA256/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'digest SHA384',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --digest-type SHA384",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'MD5'}}],
|
|
'positive_output_matches' => [qr/Digest\sType\:\s.*SHA384/],
|
|
'rc_positive_output_matches' => [qr/DIGEST_TYPE.*SHA384/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'digest SHA512',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --digest-type SHA512",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'MD5'}}],
|
|
'positive_output_matches' => [qr/Digest\sType\:\s.*SHA512/],
|
|
'rc_positive_output_matches' => [qr/DIGEST_TYPE.*SHA512/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'HMAC digest MD5',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --hmac-digest-type MD5",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'HMAC_KEY' => 'hmactest',
|
|
'HMAC_DIGEST_TYPE' => 'SHA1'}}],
|
|
'positive_output_matches' => [qr/HMAC\sType\:\s.*MD5/],
|
|
'rc_positive_output_matches' => [qr/HMAC_DIGEST_TYPE.*MD5/, qw/USE_HMAC.*Y/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'HMAC digest SHA1',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --hmac-digest-type SHA1",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'HMAC_KEY' => 'hmactest',
|
|
'HMAC_DIGEST_TYPE' => 'MD5'}}],
|
|
'positive_output_matches' => [qr/HMAC\sType\:\s.*SHA1/],
|
|
'rc_positive_output_matches' => [qr/HMAC_DIGEST_TYPE.*SHA1/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'HMAC digest SHA256',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --hmac-digest-type SHA256",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'HMAC_KEY' => 'hmactest',
|
|
'HMAC_DIGEST_TYPE' => 'MD5'}}],
|
|
'positive_output_matches' => [qr/HMAC\sType\:\s.*SHA256/],
|
|
'rc_positive_output_matches' => [qr/HMAC_DIGEST_TYPE.*SHA256/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'HMAC digest SHA384',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --hmac-digest-type SHA384",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'HMAC_KEY' => 'hmactest',
|
|
'HMAC_DIGEST_TYPE' => 'MD5'}}],
|
|
'positive_output_matches' => [qr/HMAC\sType\:\s.*SHA384/],
|
|
'rc_positive_output_matches' => [qr/HMAC_DIGEST_TYPE.*SHA384/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'HMAC digest SHA512',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --hmac-digest-type SHA512",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'HMAC_KEY' => 'hmactest',
|
|
'HMAC_DIGEST_TYPE' => 'MD5'}}],
|
|
'positive_output_matches' => [qr/HMAC\sType\:\s.*SHA512/],
|
|
'rc_positive_output_matches' => [qr/HMAC_DIGEST_TYPE.*SHA512/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'spa server proto UDP',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --server-proto UDP",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PROTO' => 'TCP'}}],
|
|
'positive_output_matches' => [qr/protocol:\sudp/],
|
|
'rc_positive_output_matches' => [qr/SPA_SERVER_PROTO.*udp/],
|
|
'rc_negative_output_matches' => [qr/USE_HMAC/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'spa server proto TCP',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --server-proto TCP",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PROTO' => 'UDP'}}],
|
|
'positive_output_matches' => [qr/protocol:\stcp/],
|
|
'rc_positive_output_matches' => [qr/SPA_SERVER_PROTO.*tcp/],
|
|
'rc_negative_output_matches' => [qr/USE_HMAC/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'spa server proto HTTP',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --server-proto HTTP",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PROTO' => 'UDP'}}],
|
|
'positive_output_matches' => [qr/protocol:\shttp/],
|
|
'rc_positive_output_matches' => [qr/SPA_SERVER_PROTO.*http/],
|
|
'rc_negative_output_matches' => [qr/USE_HMAC/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'spa server proto TCPRAW',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --server-proto TCPRAW",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PROTO' => 'UDP'}}],
|
|
'positive_output_matches' => [qr/protocol:\stcpraw/],
|
|
'rc_positive_output_matches' => [qr/SPA_SERVER_PROTO.*tcpraw/],
|
|
'rc_negative_output_matches' => [qr/USE_HMAC/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'spa server proto ICMP',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --server-proto ICMP",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PROTO' => 'UDP'}}],
|
|
'positive_output_matches' => [qr/protocol:\sicmp/],
|
|
'rc_positive_output_matches' => [qr/SPA_SERVER_PROTO.*icmp/],
|
|
'rc_negative_output_matches' => [qr/USE_HMAC/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'spa source port 65421',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --source-port 65421",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'SPA_SOURCE_PORT' => '65531'}}],
|
|
'positive_output_matches' => [qr/source\sport:\s65421/],
|
|
'rc_positive_output_matches' => [qr/SPA_SOURCE_PORT.*65421/],
|
|
'rc_negative_output_matches' => [qr/USE_HMAC/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'spa destination port 65421',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --server-port 65421",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PORT' => '65531'}}],
|
|
'positive_output_matches' => [qr/destination\sport:\s65421/],
|
|
'rc_positive_output_matches' => [qr/SPA_SERVER_PORT.*65421/],
|
|
'rc_negative_output_matches' => [qr/USE_HMAC/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'firewall timeout 1234s',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args -n default --fw-timeout 1234",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'FW_TIMEOUT' => '30'}}],
|
|
'positive_output_matches' => [qr/Client\sTimeout:\s1234/],
|
|
'rc_positive_output_matches' => [qr/FW_TIMEOUT.*1234/],
|
|
'rc_negative_output_matches' => [qr/USE_HMAC/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => '--verbose',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args_no_verbose -n default --fw-timeout 1234 --verbose",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'FW_TIMEOUT' => '30'}}],
|
|
'positive_output_matches' => [qr/Client\sTimeout:\s1234/],
|
|
'rc_positive_output_matches' => [qr/VERBOSE.*Y/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => $verbose_str,
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args_no_verbose -n default " .
|
|
"--fw-timeout 1234 $verbose_str",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'FW_TIMEOUT' => '30'}}],
|
|
'positive_output_matches' => [qr/Client\sTimeout:\s1234/],
|
|
'rc_positive_output_matches' => [qr/VERBOSE.*2/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => 'no --verbose',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args_no_verbose -n default " .
|
|
"--fw-timeout 1234",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'FW_TIMEOUT' => '30'}}],
|
|
'positive_output_matches' => [qr/Client\sTimeout:\s1234/],
|
|
'rc_negative_output_matches' => [qr/VERBOSE/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client save rc file',
|
|
'detail' => '--use-hmac --key-gen',
|
|
'function' => \&client_rc_file,
|
|
'cmdline' => "$client_save_rc_args_no_verbose -n default " .
|
|
"--fw-timeout 1234 $verbose_str --use-hmac --key-gen",
|
|
'save_rc_stanza' => [{'name' => 'default',
|
|
'vars' => {'KEY' => 'testtest', 'FW_TIMEOUT' => '30'}}],
|
|
'positive_output_matches' => [qr/Wrote.*HMAC.*keys/],
|
|
'rc_positive_output_matches' => [qr/VERBOSE.*Y/,
|
|
qr/USE_HMAC.*Y/, qr/KEY_BASE64/, qr/HMAC_KEY_BASE64/],
|
|
},
|
|
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'server',
|
|
'detail' => 'list current fwknopd fw rules',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => "$fwknopdCmd $default_server_conf_args --fw-list",
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'server',
|
|
'detail' => 'list all current fw rules',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => "$fwknopdCmd $default_server_conf_args --fw-list-all",
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'server',
|
|
'detail' => 'flush current firewall rules',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => "$fwknopdCmd $default_server_conf_args --fw-flush",
|
|
},
|
|
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'server',
|
|
'detail' => 'start',
|
|
'function' => \&server_start,
|
|
'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str",
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'server',
|
|
'detail' => 'stop',
|
|
'function' => \&server_stop,
|
|
'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str",
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'server',
|
|
'detail' => 'write PID',
|
|
'function' => \&write_pid,
|
|
'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str",
|
|
},
|
|
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'server',
|
|
'detail' => '--packet-limit 1 exit',
|
|
'function' => \&server_packet_limit,
|
|
'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args --packet-limit 1 $intf_str",
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'server',
|
|
'detail' => 'ignore packets < min SPA len (140)',
|
|
'function' => \&server_ignore_small_packets,
|
|
'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args --packet-limit 1 $intf_str",
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'server',
|
|
'detail' => '-P bpf filter ignore packet',
|
|
'function' => \&server_bpf_ignore_packet,
|
|
'cmdline' => $default_client_args,
|
|
'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args --packet-limit 1 $intf_str " .
|
|
qq|-P "udp port $non_std_spa_port"|,
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'server',
|
|
'detail' => 'invalid iptables INPUT spec',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => "$fwknopdCmd -c $cf{'invalid_ipt_input_chain'} -a $cf{'def_access'} " .
|
|
"-d $default_digest_file -p $default_pid_file $intf_str",
|
|
'function' => \&generic_exec,
|
|
'exec_err' => $YES,
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'server',
|
|
'detail' => 'invalid iptables INPUT spec (2)',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => "$fwknopdCmd -c $cf{'invalid_ipt_input_chain2'} -a $cf{'def_access'} " .
|
|
"-d $default_digest_file -p $default_pid_file $intf_str",
|
|
'function' => \&generic_exec,
|
|
'exec_err' => $YES,
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'server',
|
|
'detail' => 'invalid iptables INPUT spec (3)',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => "$fwknopdCmd -c $cf{'invalid_ipt_input_chain3'} -a $cf{'def_access'} " .
|
|
"-d $default_digest_file -p $default_pid_file $intf_str",
|
|
'function' => \&generic_exec,
|
|
'exec_err' => $YES,
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'server',
|
|
'detail' => 'invalid iptables INPUT spec (4)',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => "$fwknopdCmd -c $cf{'invalid_ipt_input_chain4'} -a $cf{'def_access'} " .
|
|
"-d $default_digest_file -p $default_pid_file $intf_str",
|
|
'function' => \&generic_exec,
|
|
'exec_err' => $YES,
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'server',
|
|
'detail' => 'invalid iptables INPUT spec (5)',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => "$fwknopdCmd -c $cf{'invalid_ipt_input_chain5'} -a $cf{'def_access'} " .
|
|
"-d $default_digest_file -p $default_pid_file $intf_str",
|
|
'function' => \&generic_exec,
|
|
'exec_err' => $YES,
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'server',
|
|
'detail' => 'invalid iptables INPUT spec (6)',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => "$fwknopdCmd -c $cf{'invalid_ipt_input_chain6'} -a $cf{'def_access'} " .
|
|
"-d $default_digest_file -p $default_pid_file $intf_str",
|
|
'function' => \&generic_exec,
|
|
'exec_err' => $YES,
|
|
},
|
|
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => 'encryption mode CBC',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => $default_client_args . " --test --encryption-mode CBC",
|
|
'positive_output_matches' => [qr/Encryption\sMode\:\s.*CBC/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => 'encryption mode ECB',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => $default_client_args . " --test --encryption-mode ECB",
|
|
'positive_output_matches' => [qr/Encryption\sMode\:\s.*ECB/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => 'encryption mode CFB',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => $default_client_args . " --test --encryption-mode CFB",
|
|
'positive_output_matches' => [qr/Encryption\sMode\:\s.*CFB/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => 'encryption mode PCBC (unsupported)',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => $default_client_args . " --test --encryption-mode PCBC",
|
|
'positive_output_matches' => [qr/Invalid\sencryption\smode:\sPCBC/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => 'encryption mode OFB',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => $default_client_args . " --test --encryption-mode OFB",
|
|
'positive_output_matches' => [qr/Encryption\sMode\:\s.*OFB/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => 'encryption mode CTR',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => $default_client_args . " --test --encryption-mode CTR",
|
|
'positive_output_matches' => [qr/Encryption\sMode\:\s.*CTR/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => 'encryption mode Asymmetric',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => $default_client_args . " --test --encryption-mode \"Asymmetric\"",
|
|
'positive_output_matches' => [qr/Must\sspecify\sGPG\srecipient/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => 'encryption mode legacy',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => $default_client_args . " --test --encryption-mode legacy",
|
|
'positive_output_matches' => [qr/Encryption\sMode\:\s.*legacy/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => 'bad encryption mode',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => $default_client_args . " --test --encryption-mode badmode",
|
|
'positive_output_matches' => [qr/Invalid\sencryption\smode:\sbadmode/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => 'bad file descriptor',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => $default_client_args . " --test --fd -1",
|
|
'positive_output_matches' => [qr/Value\s.*out\sof\srange/],
|
|
},
|
|
{
|
|
'category' => 'basic operations',
|
|
'subcategory' => 'client',
|
|
'detail' => '--stanza-list',
|
|
'function' => \&generic_exec,
|
|
'cmdline' => $default_client_args . " --stanza-list --rc-file $cf{'rc_stanza_list'}",
|
|
'positive_output_matches' => [qr/The\sfollowing\sstanzas\sare\sconfigured/i, qr/stanza_1/, qr/stanza_2/],
|
|
'negative_output_matches' => [qr/default/],
|
|
},
|
|
);
|