Marek Marczykowski-Górecki
parent
b8145595a9
commit
5072acc8f2
@ -432,6 +432,79 @@ class VmNetworkingMixin(qubes.tests.SystemTestsMixin):
|
||||
self.assertNotEqual(self.run_cmd(self.testvm1, nc_cmd), 0,
|
||||
"TCP connection should be blocked")
|
||||
|
||||
def test_210_custom_ip_simple(self):
|
||||
'''Custom AppVM IP'''
|
||||
self.testvm1.ip = '192.168.1.1'
|
||||
self.testvm1.start()
|
||||
self.assertEqual(self.run_cmd(self.testvm1, self.ping_ip), 0)
|
||||
self.assertEqual(self.run_cmd(self.testvm1, self.ping_name), 0)
|
||||
|
||||
def test_211_custom_ip_proxy(self):
|
||||
'''Custom ProxyVM IP'''
|
||||
self.proxy = self.app.add_new_vm(qubes.vm.appvm.AppVM,
|
||||
name=self.make_vm_name('proxy'),
|
||||
label='red')
|
||||
self.proxy.create_on_disk()
|
||||
self.proxy.provides_network = True
|
||||
self.proxy.netvm = self.testnetvm
|
||||
self.proxy.ip = '192.168.1.1'
|
||||
self.testvm1.netvm = self.proxy
|
||||
|
||||
self.testvm1.start()
|
||||
|
||||
self.assertEqual(self.run_cmd(self.testvm1, self.ping_ip), 0)
|
||||
self.assertEqual(self.run_cmd(self.testvm1, self.ping_name), 0)
|
||||
|
||||
def test_212_custom_ip_firewall(self):
|
||||
'''Custom VM IP and firewall'''
|
||||
self.testvm1.ip = '192.168.1.1'
|
||||
|
||||
self.proxy = self.app.add_new_vm(qubes.vm.appvm.AppVM,
|
||||
name=self.make_vm_name('proxy'),
|
||||
label='red')
|
||||
self.proxy.provides_network = True
|
||||
self.proxy.create_on_disk()
|
||||
self.proxy.netvm = self.testnetvm
|
||||
self.testvm1.netvm = self.proxy
|
||||
self.app.save()
|
||||
|
||||
if self.run_cmd(self.testnetvm, 'nc -h 2>&1|grep -q nmap.org') == 0:
|
||||
nc_version = NcVersion.Nmap
|
||||
else:
|
||||
nc_version = NcVersion.Trad
|
||||
|
||||
# block all but ICMP and DNS
|
||||
|
||||
self.testvm1.firewall.policy = 'drop'
|
||||
self.testvm1.firewall.rules = [
|
||||
qubes.firewall.Rule(None, action='accept', proto='icmp'),
|
||||
qubes.firewall.Rule(None, action='accept', specialtarget='dns'),
|
||||
]
|
||||
self.testvm1.firewall.save()
|
||||
self.testvm1.start()
|
||||
self.assertTrue(self.proxy.is_running())
|
||||
|
||||
if nc_version == NcVersion.Nmap:
|
||||
self.testnetvm.run("nc -l --send-only -e /bin/hostname -k 1234")
|
||||
else:
|
||||
self.testnetvm.run("while nc -l -e /bin/hostname -p 1234; do "
|
||||
"true; done")
|
||||
|
||||
self.assertEqual(self.run_cmd(self.proxy, self.ping_ip), 0,
|
||||
"Ping by IP from ProxyVM failed")
|
||||
self.assertEqual(self.run_cmd(self.proxy, self.ping_name), 0,
|
||||
"Ping by name from ProxyVM failed")
|
||||
self.assertEqual(self.run_cmd(self.testvm1, self.ping_ip), 0,
|
||||
"Ping by IP should be allowed")
|
||||
self.assertEqual(self.run_cmd(self.testvm1, self.ping_name), 0,
|
||||
"Ping by name should be allowed")
|
||||
if nc_version == NcVersion.Nmap:
|
||||
nc_cmd = "nc -w 1 --recv-only {} 1234".format(self.test_ip)
|
||||
else:
|
||||
nc_cmd = "nc -w 1 {} 1234".format(self.test_ip)
|
||||
self.assertNotEqual(self.run_cmd(self.testvm1, nc_cmd), 0,
|
||||
"TCP connection should be blocked")
|
||||
|
||||
|
||||
# noinspection PyAttributeOutsideInit
|
||||
class VmUpdatesMixin(qubes.tests.SystemTestsMixin):
|
||||
|
||||
@ -130,3 +130,17 @@ class TC_00_NetVMMixin(
|
||||
self.app.domains = {1: vm, vm: vm}
|
||||
self.assertPropertyInvalidValue(vm, 'dispvm_netvm', vm)
|
||||
|
||||
def test_150_ip(self):
|
||||
vm = self.get_vm()
|
||||
self.setup_netvms(vm)
|
||||
self.assertPropertyDefaultValue(vm, 'ip', '10.137.0.' + str(vm.qid))
|
||||
vm.ip = '192.168.1.1'
|
||||
self.assertEqual(vm.ip, '192.168.1.1')
|
||||
|
||||
def test_151_ip_invalid(self):
|
||||
vm = self.get_vm()
|
||||
self.setup_netvms(vm)
|
||||
self.assertPropertyInvalidValue(vm, 'ip', 'abcd')
|
||||
self.assertPropertyInvalidValue(vm, 'ip', 'a.b.c.d')
|
||||
self.assertPropertyInvalidValue(vm, 'ip', '1111.2222.3333.4444')
|
||||
# TODO: implement and add here: 0.0.0.0, 333.333.333.333
|
||||
|
||||
Loading…
Reference in New Issue
Block a user