diff options
author | Prabhu Kaliamoorthi <kaliamoorthi@chromium.org> | 2015-03-05 17:27:26 +0100 |
---|---|---|
committer | Gilad Arnold <garnold@google.com> | 2015-08-10 23:11:52 -0700 |
commit | d66fae25e69366d77c7b1db7e27aa23b6b393f55 (patch) | |
tree | 86c341f5c06735b654ed665ee634d4ea27243717 | |
parent | 1bddb2cfdda68f99d27495a9f6b9f720db2a7144 (diff) | |
download | firewalld-d66fae25e69366d77c7b1db7e27aa23b6b393f55.tar.gz |
firewalld: Add unit test for ApplyVpnSetup in IpTables
This CL adds unit test for ApplyVpnSetup routine added to firewalld
for supporting third party VPN in chrome OS.
BUG=chromium:460418
TEST=Ran the unit test
Change-Id: Ice71477f6c3ab9ee76de48ced94d535e015e00fb
Reviewed-on: https://chromium-review.googlesource.com/256302
Tested-by: Prabhu Kaliamoorthi <kaliamoorthi@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Prabhu Kaliamoorthi <kaliamoorthi@chromium.org>
Commit-Queue: Prabhu Kaliamoorthi <kaliamoorthi@chromium.org>
-rw-r--r-- | firewalld.gyp | 1 | ||||
-rw-r--r-- | iptables.h | 16 | ||||
-rw-r--r-- | iptables_unittest.cc | 155 | ||||
-rw-r--r-- | mock_iptables.cc | 13 | ||||
-rw-r--r-- | mock_iptables.h | 36 |
5 files changed, 216 insertions, 5 deletions
diff --git a/firewalld.gyp b/firewalld.gyp index 692112a..e243411 100644 --- a/firewalld.gyp +++ b/firewalld.gyp @@ -63,6 +63,7 @@ 'dependencies': ['libfirewalld'], 'sources': [ 'iptables_unittest.cc', + 'mock_iptables.cc', 'run_all_tests.cc', ], }, @@ -48,6 +48,12 @@ class IpTables : public org::chromium::FirewalldInterface { private: friend class IpTablesTest; + FRIEND_TEST(IpTablesTest, ApplyVpnSetupAddSuccess); + FRIEND_TEST(IpTablesTest, ApplyVpnSetupAddFailureInUsername); + FRIEND_TEST(IpTablesTest, ApplyVpnSetupAddFailureInMasquerade); + FRIEND_TEST(IpTablesTest, ApplyVpnSetupAddFailureInRuleForUserTraffic); + FRIEND_TEST(IpTablesTest, ApplyVpnSetupRemoveSuccess); + FRIEND_TEST(IpTablesTest, ApplyVpnSetupRemoveFailure); bool PunchHole(uint16_t port, const std::string& interface, @@ -77,13 +83,13 @@ class IpTables : public org::chromium::FirewalldInterface { const std::string& interface, bool add); - bool ApplyMasquerade(const std::string& interface, - bool add); - - bool ApplyMarkForUserTraffic(const std::string& user_name, + virtual bool ApplyMasquerade(const std::string& interface, bool add); - bool ApplyRuleForUserTraffic(bool add); + virtual bool ApplyMarkForUserTraffic(const std::string& user_name, + bool add); + + virtual bool ApplyRuleForUserTraffic(bool add); std::string ip4_exec_path_; std::string ip6_exec_path_; diff --git a/iptables_unittest.cc b/iptables_unittest.cc index 65503a1..5b8c02d 100644 --- a/iptables_unittest.cc +++ b/iptables_unittest.cc @@ -6,8 +6,13 @@ #include <gtest/gtest.h> +#include "firewalld/mock_iptables.h" + namespace firewalld { +using testing::_; +using testing::Return; + class IpTablesTest : public testing::Test { public: IpTablesTest() @@ -104,4 +109,154 @@ TEST_F(IpTablesTest, PunchUdpHoleIpv6Fails) { ASSERT_FALSE(ip4succeeds_ip6fails.PunchUdpHole(53, "iface")); } +TEST_F(IpTablesTest, ApplyVpnSetupAddSuccess) { + const std::vector<std::string> usernames = {"testuser0", "testuser1"}; + const std::string interface = "ifc0"; + const bool add = true; + const bool success = true; + + MockIpTables mock_iptables; + EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, add)) + .WillOnce(Return(success)); + EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(usernames[0], add)) + .WillOnce(Return(success)); + EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(usernames[1], add)) + .WillOnce(Return(success)); + EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(add)) + .WillOnce(Return(success)); + + EXPECT_EQ(success, mock_iptables.ApplyVpnSetup(usernames, interface, add)); +} + +TEST_F(IpTablesTest, ApplyVpnSetupAddFailureInUsername) { + const std::vector<std::string> usernames = {"testuser0", "testuser1"}; + const std::string interface = "ifc0"; + const bool remove = false; + const bool add = true; + const bool failure = false; + const bool success = true; + + MockIpTables mock_iptables; + EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, add)) + .Times(1) + .WillOnce(Return(success)); + EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(usernames[0], add)) + .Times(1) + .WillOnce(Return(success)); + EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(usernames[1], add)) + .Times(1) + .WillOnce(Return(failure)); + EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(add)) + .Times(1) + .WillOnce(Return(success)); + + EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, remove)) + .Times(1) + .WillOnce(Return(success)); + EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(usernames[0], remove)) + .Times(1) + .WillOnce(Return(failure)); + EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(usernames[1], remove)) + .Times(0); + EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(remove)) + .Times(1) + .WillOnce(Return(failure)); + + EXPECT_EQ(failure, mock_iptables.ApplyVpnSetup(usernames, interface, add)); +} + +TEST_F(IpTablesTest, ApplyVpnSetupAddFailureInMasquerade) { + const std::vector<std::string> usernames = {"testuser0", "testuser1"}; + const std::string interface = "ifc0"; + const bool remove = false; + const bool add = true; + const bool failure = false; + const bool success = true; + + MockIpTables mock_iptables; + EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, add)) + .Times(1) + .WillOnce(Return(failure)); + EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, _)).Times(0); + EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(add)) + .Times(1) + .WillOnce(Return(success)); + + EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, remove)).Times(0); + EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(remove)) + .Times(1) + .WillOnce(Return(success)); + + EXPECT_EQ(failure, mock_iptables.ApplyVpnSetup(usernames, interface, add)); +} + +TEST_F(IpTablesTest, ApplyVpnSetupAddFailureInRuleForUserTraffic) { + const std::vector<std::string> usernames = {"testuser0", "testuser1"}; + const std::string interface = "ifc0"; + const bool remove = false; + const bool add = true; + const bool failure = false; + + MockIpTables mock_iptables; + EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, _)).Times(0); + EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, _)).Times(0); + EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(add)) + .Times(1) + .WillOnce(Return(failure)); + + EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(remove)).Times(0); + + EXPECT_EQ(failure, mock_iptables.ApplyVpnSetup(usernames, interface, add)); +} + +TEST_F(IpTablesTest, ApplyVpnSetupRemoveSuccess) { + const std::vector<std::string> usernames = {"testuser0", "testuser1"}; + const std::string interface = "ifc0"; + const bool remove = false; + const bool add = true; + const bool success = true; + + MockIpTables mock_iptables; + EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, remove)) + .Times(1) + .WillOnce(Return(success)); + EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, remove)) + .Times(2) + .WillRepeatedly(Return(success)); + EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(remove)) + .Times(1) + .WillOnce(Return(success)); + + EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, add)).Times(0); + EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, add)).Times(0); + EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(add)).Times(0); + + EXPECT_EQ(success, mock_iptables.ApplyVpnSetup(usernames, interface, remove)); +} + +TEST_F(IpTablesTest, ApplyVpnSetupRemoveFailure) { + const std::vector<std::string> usernames = {"testuser0", "testuser1"}; + const std::string interface = "ifc0"; + const bool remove = false; + const bool add = true; + const bool failure = false; + + MockIpTables mock_iptables; + EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, remove)) + .Times(1) + .WillOnce(Return(failure)); + EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, remove)) + .Times(2) + .WillRepeatedly(Return(failure)); + EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(remove)) + .Times(1) + .WillOnce(Return(failure)); + + EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, add)).Times(0); + EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, add)).Times(0); + EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(add)).Times(0); + + EXPECT_EQ(failure, mock_iptables.ApplyVpnSetup(usernames, interface, remove)); +} + } // namespace firewalld diff --git a/mock_iptables.cc b/mock_iptables.cc new file mode 100644 index 0000000..13d800b --- /dev/null +++ b/mock_iptables.cc @@ -0,0 +1,13 @@ +// Copyright 2015 The Chromium OS Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "firewalld/mock_iptables.h" + +namespace firewalld { + +MockIpTables::MockIpTables() : IpTables("", "") {} + +MockIpTables::~MockIpTables() {} + +} // namespace firewalld diff --git a/mock_iptables.h b/mock_iptables.h new file mode 100644 index 0000000..8f7e132 --- /dev/null +++ b/mock_iptables.h @@ -0,0 +1,36 @@ +// Copyright 2015 The Chromium OS Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef FIREWALLD_MOCK_IPTABLES_H_ +#define FIREWALLD_MOCK_IPTABLES_H_ + +#include <string> + +#include <base/macros.h> +#include <gmock/gmock.h> + +#include "firewalld/iptables.h" + +namespace firewalld { + +class MockIpTables : public IpTables { + public: + MockIpTables(); + ~MockIpTables() override; + + MOCK_METHOD2(ApplyMasquerade, bool(const std::string& interface, + bool add)); + + MOCK_METHOD2(ApplyMarkForUserTraffic, bool(const std::string& user_name, + bool add)); + + MOCK_METHOD1(ApplyRuleForUserTraffic, bool(bool add)); + + private: + DISALLOW_COPY_AND_ASSIGN(MockIpTables); +}; + +} // namespace firewalld + +#endif // FIREWALLD_MOCK_IPTABLES_H_ |