diff options
| author | Florian Westphal <fw@strlen.de> | 2020-06-24 11:55:14 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2020-12-16 00:35:56 +0100 |
| commit | 47ed20e1e08d800e722b05a3fb33ba6be4b48afc (patch) | |
| tree | 7bb43b776909f5f66e06c41e2c7ba07d506da14d /src/test/test-firewall-util.c | |
| parent | 937e305e9305a9104cfb1362f318d9df5943b8a5 (diff) | |
| download | systemd-47ed20e1e08d800e722b05a3fb33ba6be4b48afc.tar.gz | |
firewall-util: reject NULL source or address with prefixlen 0
Make sure we don't add masquerading rules without a explicitly
specified network range we should be masquerading for.
The only caller aside from test case is
networkd-address.c which never passes a NULL source.
As it also passes the network prefix, that should always be > 0 as well.
This causes expected test failure:
Failed to modify firewall: Invalid argument
Failed to modify firewall: Invalid argument
Failed to modify firewall: Invalid argument
Failed to modify firewall: Protocol not available
Failed to modify firewall: Protocol not available
Failed to modify firewall: Protocol not available
Failed to modify firewall: Protocol not available
The failing test cases are amended to expect failure on
NULL source or prefix instead of success.
Diffstat (limited to 'src/test/test-firewall-util.c')
| -rw-r--r-- | src/test/test-firewall-util.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/src/test/test-firewall-util.c b/src/test/test-firewall-util.c index 25c5a6cbf5..f223c0a4d9 100644 --- a/src/test/test-firewall-util.c +++ b/src/test/test-firewall-util.c @@ -9,16 +9,30 @@ int main(int argc, char *argv[]) { int r; test_setup_logging(LOG_DEBUG); + uint8_t prefixlen = 32; r = fw_add_masquerade(true, AF_INET, NULL, 0); + if (r == 0) + log_error("Expected failure: NULL source"); + + r = fw_add_masquerade(true, AF_INET, &MAKE_IN_ADDR_UNION(10,1,2,0), 0); + if (r == 0) + log_error("Expected failure: 0 prefixlen"); + + r = fw_add_masquerade(true, AF_INET, &MAKE_IN_ADDR_UNION(10,1,2,3), prefixlen); if (r < 0) log_error_errno(r, "Failed to modify firewall: %m"); - r = fw_add_masquerade(true, AF_INET, NULL, 0); + prefixlen = 28; + r = fw_add_masquerade(true, AF_INET, &MAKE_IN_ADDR_UNION(10,0,2,0), prefixlen); + if (r < 0) + log_error_errno(r, "Failed to modify firewall: %m"); + + r = fw_add_masquerade(false, AF_INET, &MAKE_IN_ADDR_UNION(10,0,2,0), prefixlen); if (r < 0) log_error_errno(r, "Failed to modify firewall: %m"); - r = fw_add_masquerade(false, AF_INET, NULL, 0); + r = fw_add_masquerade(false, AF_INET, &MAKE_IN_ADDR_UNION(10,1,2,3), 32); if (r < 0) log_error_errno(r, "Failed to modify firewall: %m"); |