Last active
August 29, 2015 14:27
-
-
Save kandeshvari/275f14294de3e5b0254e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/bin/sh | |
| TEST_NET="/test_net" | |
| ADDR1="127.1.2.3" | |
| ADDR2="172.16.200.44" | |
| ADDR3="192.168.44.123" | |
| ADDR_NO_CONF="192.168.120.120" | |
| ADDR_NO_CONF2="192.168.254.253" | |
| _write_param() { echo "$1" > /cgroup/${3:-""}/$2; } | |
| _read_param() { cat /cgroup/${2:-""}/$1; } | |
| write_ports() { _write_param "$1" "net_lim.ipv4.ports" "$3" &> /dev/null; } | |
| write_addrs() { _write_param "$1" "net_lim.ipv4.addrs" "$3" &> /dev/null; } | |
| write_ip_local_port_range() { _write_param "$1" "net_lim.ipv4.ip_local_port_range" "$3" &> /dev/null; } | |
| read_ports() { _read_param "net_lim.ipv4.ports" "$2"; } | |
| read_addrs() { _read_param "net_lim.ipv4.addrs" "$2"; } | |
| read_default_address() { _read_param "net_lim.ipv4.default_address" "$2"; } | |
| read_ip_local_port_range() { _read_param "net_lim.ipv4.ip_local_port_range" "$2"; } | |
| assert() { | |
| _tmp=$(echo -n $1) | |
| if ! [ x"$_tmp" == x"$2" ]; then | |
| echo "Assertion: 'return' != 'expected'" | |
| echo "Assertion: '$1' != '$2'" | |
| # tear_down | |
| exit 1; | |
| fi | |
| } | |
| assert_ports() { | |
| assert "$(read_ports)" "$1" | |
| } | |
| assert_addrs() { | |
| assert "$(read_addrs)" "$1" | |
| } | |
| assert_ip_local_port_range() { | |
| assert "$(read_ip_local_port_range)" "$1" | |
| } | |
| assert_default_address() { | |
| assert "$(read_default_address)" "$1" | |
| } | |
| assert_bind_true() { | |
| _ret="$($TEST_NET $@ &>/dev/null)" | |
| if [ $? -ne 0 ]; then | |
| echo "assert_bind_true: [$@]" | |
| env; | |
| # tear_down | |
| exit 1 | |
| fi | |
| } | |
| assert_bind_false() { | |
| _ret="$($TEST_NET $@ &>/dev/null)" | |
| if [ $? -eq 0 ]; then | |
| echo "assert_bind_false: [$@]" | |
| env; | |
| # tear_down | |
| exit 1 | |
| fi | |
| } | |
| # $0 $addr | |
| assert_bind_ephemeral_true() { | |
| local _ret="$($TEST_NET 0 $1)" _low= _high= | |
| if [ $? -ne 0 ]; then | |
| echo "assert_bind_ephemeral_true: [$1]: ret=$?" | |
| # tear_down | |
| exit 1 | |
| fi | |
| _port=$(echo $_ret | tr ':' ' ' | awk '{print $2}') | |
| _ret=$(read_ip_local_port_range) | |
| if [ x"$_ret" == x"" ]; then | |
| _low=$(sysctl net.ipv4.ip_local_port_range | awk '{print $3}') | |
| _high=$(sysctl net.ipv4.ip_local_port_range | awk '{print $4}') | |
| else | |
| _low=$(read_ip_local_port_range | tr '-' ' ' | awk '{print $1}') | |
| _high=$(read_ip_local_port_range | tr '-' ' ' | awk '{print $2}') | |
| fi | |
| if [ x$_low != "x" ] && [ x$_high != "x" ] && [ $_low -le $_port ] && [ $_port -le $_high ]; then | |
| # all ok | |
| return 0 | |
| fi | |
| echo "assert_bind_ephemeral_true: [$1] not in ($_low-$_high)" | |
| # tear_down | |
| exit 1 | |
| } | |
| assert_bind_ephemeral_false() { | |
| local _ret="$($TEST_NET 0 $1)" _low= _high= | |
| if [ $? -eq 0 ]; then | |
| echo "assert_bind_ephemeral_false: [$1]: ret=$?" | |
| # tear_down | |
| exit 1 | |
| fi | |
| } | |
| invalid_ports() { | |
| write_ports "$1" | |
| if [ $? -eq 0 ]; then | |
| echo "assertion in invalid: [$1]" | |
| # tear_down | |
| exit 1 | |
| fi | |
| } | |
| invalid_addrs() { | |
| write_addrs "$1" | |
| if [ $? -eq 0 ]; then | |
| echo "assertion in invalid: [$1]" | |
| # tear_down | |
| exit 1 | |
| fi | |
| } | |
| set_up() { | |
| ip a a $ADDR1/32 dev lo | |
| ip a a $ADDR2/32 dev lo | |
| ip a a $ADDR3/32 dev lo | |
| } | |
| tear_down() { | |
| ip a d $ADDR1/32 dev lo | |
| ip a d $ADDR2/32 dev lo | |
| ip a d $ADDR3/32 dev lo | |
| } | |
| test_valid_ports() { | |
| write_ports "" | |
| assert_ports "" | |
| assert_ip_local_port_range "" | |
| write_ports "123-140" | |
| assert_ports "123-140" | |
| assert_ip_local_port_range "123-140" | |
| write_ports "5,123-140,80,30000-31000" | |
| assert_ports "5,123-140,80,30000-31000" | |
| assert_ip_local_port_range "30000-31000" | |
| write_ports "" | |
| assert_ports "" | |
| assert_ip_local_port_range "" | |
| write_ports " " | |
| assert_ports "" | |
| assert_ip_local_port_range "" | |
| } | |
| test_invalid_ports() { | |
| invalid_ports "-" | |
| invalid_ports "-1" | |
| invalid_ports "1-" | |
| invalid_ports "-0" | |
| invalid_ports "700,00" | |
| invalid_ports "-70000" | |
| invalid_ports "-7" | |
| invalid_ports "a-" | |
| invalid_ports "asd-" | |
| invalid_ports "as-gsa" | |
| invalid_ports "10-dff" | |
| invalid_ports "sdf-123" | |
| invalid_ports "\231-3411" | |
| invalid_ports "1-0" | |
| invalid_ports "0-1000000" | |
| invalid_ports "-1-1" | |
| invalid_ports "65535-65536" | |
| invalid_ports "655351-655361" | |
| invalid_ports "1-2,3,s" | |
| invalid_ports "1-2,s,3" | |
| invalid_ports "s,1-2,3" | |
| } | |
| test_valid_addrs() { | |
| write_addrs "" | |
| assert_addrs "" | |
| write_addrs "$ADDR1" | |
| assert_addrs "$ADDR1" | |
| write_addrs "$ADDR2" | |
| assert_addrs "$ADDR2" | |
| write_addrs "$ADDR3,$ADDR1" | |
| assert_addrs "$ADDR3,$ADDR1" | |
| assert_default_address "$ADDR3" | |
| write_addrs "$ADDR_NO_CONF,$ADDR1,$ADDR2" | |
| assert_addrs "$ADDR_NO_CONF,$ADDR1,$ADDR2" | |
| assert_default_address "$ADDR_NO_CONF" | |
| write_addrs "$ADDR_NO_CONF2" | |
| assert_addrs "$ADDR_NO_CONF2" | |
| write_addrs "" | |
| assert_addrs "" | |
| assert_default_address "" | |
| } | |
| test_invalid_addrs() { | |
| invalid_addrs "-" | |
| invalid_addrs "-1" | |
| invalid_addrs "1-" | |
| invalid_addrs "-0" | |
| invalid_addrs "255.255.255.256" | |
| invalid_addrs "a0.255.255.256" | |
| invalid_addrs "1.s255.255.255" | |
| invalid_addrs "255.255.255.255-" | |
| invalid_addrs "1.2.3.4-" | |
| invalid_addrs "-1.2.3.4" | |
| invalid_addrs "1.2.-3.4" | |
| invalid_addrs "1.2.3.4s" | |
| invalid_addrs "s1.2.3.4" | |
| invalid_addrs "-255.255.255.255" | |
| invalid_addrs "-70000" | |
| invalid_addrs "-7" | |
| invalid_addrs "a-" | |
| invalid_addrs "asd-" | |
| invalid_addrs "as-gsa" | |
| invalid_addrs "10-dff" | |
| invalid_addrs "sdf-123" | |
| invalid_addrs "\231-3411" | |
| invalid_addrs "1-0" | |
| invalid_addrs "0-1000000" | |
| invalid_addrs "-1-1" | |
| invalid_addrs "65535-65536" | |
| } | |
| run_test() { | |
| # setup test environment | |
| set_up | |
| echo -n " [+] $2..." | |
| _output=$($1) | |
| if [ $? -eq 0 ]; then | |
| echo "ok" | |
| else | |
| echo "errors" | |
| echo $_output | |
| fi | |
| # teardown after succesful tests | |
| tear_down | |
| } | |
| test_port_bind() { | |
| write_ports "" | |
| assert_bind_true 123 | |
| assert_bind_true 124 | |
| assert_bind_true 1234 | |
| write_ports "123" | |
| assert_bind_true 123 | |
| assert_bind_false 124 | |
| assert_bind_false 1234 | |
| write_ports "1000-2000" | |
| assert_bind_true 1000 | |
| assert_bind_true 2000 | |
| assert_bind_true 1500 | |
| assert_bind_false 999 | |
| assert_bind_false 2001 | |
| assert_bind_false 100 | |
| assert_bind_false 150 | |
| assert_bind_false 11100 | |
| assert_bind_false 123 | |
| write_ports "1000-1500,2000,999,2001,100-200,11100" | |
| assert_bind_true 1000 | |
| assert_bind_true 2000 | |
| assert_bind_true 1500 | |
| assert_bind_true 999 | |
| assert_bind_true 2001 | |
| assert_bind_true 100 | |
| assert_bind_true 150 | |
| assert_bind_true 11100 | |
| assert_bind_true 123 | |
| assert_bind_false 12232 | |
| assert_bind_false 12235 | |
| assert_bind_false 1 | |
| # cleanup | |
| write_addrs "" # allow any addr | |
| write_ports "" # allow any port | |
| } | |
| test_addrs_bind() { | |
| write_ports "" # allow all | |
| write_addrs "$ADDR1" | |
| assert_bind_true 1 $ADDR1 | |
| assert_bind_false 1 $ADDR2 | |
| assert_bind_false 1 $ADDR3 | |
| assert_default_address "$ADDR1" | |
| write_addrs "$ADDR3,$ADDR1" | |
| assert_bind_true 1 $ADDR1 | |
| assert_bind_true 1 $ADDR3 | |
| assert_bind_false 1 $ADDR2 | |
| assert_default_address "$ADDR3" | |
| write_addrs $ADDR_NO_CONF | |
| assert_bind_false 1 $ADDR1 | |
| assert_bind_false 1 $ADDR3 | |
| assert_bind_false 1 $ADDR2 | |
| assert_default_address "$ADDR_NO_CONF" | |
| # (?) | |
| # assert_bind_false 1 $ADDR_NO_CONF | |
| write_addrs "" # allow all | |
| assert_bind_true 1 $ADDR1 | |
| assert_bind_true 1 $ADDR2 | |
| assert_bind_true 1 $ADDR3 | |
| assert_bind_true 1 $ADDR_NO_CONF | |
| assert_default_address "" | |
| # cleanup | |
| write_addrs "" # allow any addr | |
| write_ports "" # allow any port | |
| } | |
| test_addrs_ports_bind() { | |
| write_addrs "" # allow any addr | |
| write_ports "4444" # limit ports for 4444 | |
| assert_bind_true 4444 | |
| assert_bind_true 4444 $ADDR1 | |
| assert_bind_true 4444 $ADDR2 | |
| assert_bind_true 4444 $ADDR3 | |
| assert_bind_false 4445 $ADDR1 | |
| assert_bind_false 4445 $ADDR2 | |
| assert_bind_false 4445 $ADDR3 | |
| # (?) | |
| # assert_bind_false 4444 $ADDR_NO_CONF | |
| write_addrs "$ADDR3" | |
| # ports.list: (4444) | |
| assert_bind_true 4444 $ADDR3 | |
| assert_bind_false 4444 $ADDR1 | |
| assert_bind_false 4444 $ADDR2 | |
| # (?) | |
| # assert_bind_false 4444 $ADDR_NO_CONF | |
| write_ports "100-200" | |
| assert_bind_true 150 $ADDR3 | |
| assert_bind_false 99 $ADDR3 | |
| assert_bind_false 150 $ADDR1 | |
| assert_bind_false 99 $ADDR1 | |
| assert_bind_false 150 $ADDR2 | |
| assert_bind_false 99 $ADDR2 | |
| # (?) | |
| # assert_bind_false 150 $ADDR_NO_CONF | |
| # assert_bind_false 99 $ADDR_NO_CONF | |
| write_addrs $ADDR_NO_CONF | |
| # ports.list: (100-200) | |
| assert_bind_false 150 $ADDR3 | |
| assert_bind_false 99 $ADDR3 | |
| assert_bind_false 150 $ADDR1 | |
| assert_bind_false 99 $ADDR1 | |
| assert_bind_false 150 $ADDR2 | |
| assert_bind_false 99 $ADDR2 | |
| # (?) | |
| assert_bind_false 150 $ADDR_NO_CONF | |
| assert_bind_false 99 $ADDR_NO_CONF | |
| # cleanup | |
| write_addrs "" # allow any addr | |
| write_ports "" # allow any port | |
| } | |
| test_ip_local_port_range() { | |
| write_ports "" # allow all | |
| write_addrs "" # allow all | |
| write_ip_local_port_range "" | |
| assert_bind_ephemeral_true | |
| write_ip_local_port_range "1000-2000" | |
| assert_bind_ephemeral_true | |
| write_ip_local_port_range "1000-1000" | |
| assert_bind_ephemeral_true | |
| write_addrs "$ADDR1" | |
| write_ip_local_port_range "1000-1000" | |
| assert_bind_true 0 | |
| assert_bind_true 10 | |
| assert_bind_true 1000 | |
| assert_bind_true 1000 $ADDR1 | |
| assert_bind_false 1000 $ADDR2 | |
| assert_bind_true 0 $ADDR1 | |
| assert_bind_false 0 $ADDR2 | |
| # cleanup | |
| write_addrs "" # allow any addr | |
| write_ports "" # allow any port | |
| } | |
| main() { | |
| run_test test_valid_ports "Valid ports tests" | |
| run_test test_invalid_ports "Invalid ports tests" | |
| run_test test_valid_addrs "Valid addrs tests" | |
| run_test test_invalid_addrs "Invalid addrs tests" | |
| run_test test_port_bind "Port binds" | |
| run_test test_addrs_ports_bind "Addrs + ports binds" | |
| run_test test_ip_local_port_range "Ephemeral port bindings" | |
| } | |
| # entry point | |
| main |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment