From a12601f02aecefd6fde2f227bd3536840f7f7b14 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@protonmail.com>
Date: Tue, 7 Mar 2023 08:30:53 -0500
Subject: [PATCH] testing

---
 gcov.sh                            | 46 +++++++++++++--------------
 src/firejail/network.c             | 24 --------------
 src/firejail/sbox.c                |  2 ++
 test/network/ip6_netfilter.exp     | 31 ++++++++++++++++++
 test/network/ip6_netfilter.profile |  8 +++++
 test/network/net_bandwidth.exp     | 51 ++++++++++++++++++++++++++++++
 test/network/net_ip.exp            | 40 +++++++++++++++++++++++
 test/network/net_ip.profile        |  6 ++++
 test/network/network.sh            |  6 ++++
 9 files changed, 167 insertions(+), 47 deletions(-)
 create mode 100755 test/network/ip6_netfilter.exp
 create mode 100644 test/network/ip6_netfilter.profile
 create mode 100755 test/network/net_bandwidth.exp
 create mode 100644 test/network/net_ip.profile

diff --git a/gcov.sh b/gcov.sh
index 9b02d801c..0f2808ace 100755
--- a/gcov.sh
+++ b/gcov.sh
@@ -13,7 +13,7 @@ gcov_generate() {
 	USER="$(whoami)"
 	find . -exec sudo chown "$USER:$USER" '{}' +
 	lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \
-		-d src/fnet -d src/fnetfilter --output-file gcov-file
+		-d src/fnet -d src/fnetfilter -d src/fcopy --output-file gcov-file
 	genhtml -q gcov-file --output-directory gcov-dir
 }
 
@@ -21,29 +21,29 @@ rm -fr gcov-dir gcov-file
 firejail --version
 gcov_generate
 
-#make test-firecfg | grep TESTING
-#gcov_generate
-#make test-apparmor | grep TESTING
-#gcov_generate
+make test-firecfg | grep TESTING
+gcov_generate
+make test-apparmor | grep TESTING
+gcov_generate
 make test-network | grep TESTING
 gcov_generate
-#make test-appimage | grep TESTING
-#gcov_generate
-#make test-chroot | grep TESTING
-#gcov_generate
-#make test-sysutils | grep TESTING
-#gcov_generate
-#make test-private-etc | grep TESTING
-#gcov_generate
-#make test-profiles | grep TESTING
-#gcov_generate
-#make test-fcopy | grep TESTING
-#gcov_generate
+make test-appimage | grep TESTING
+gcov_generate
+make test-chroot | grep TESTING
+gcov_generate
+make test-sysutils | grep TESTING
+gcov_generate
+make test-private-etc | grep TESTING
+gcov_generate
+make test-profiles | grep TESTING
+gcov_generate
+make test-fcopy | grep TESTING
+gcov_generate
 make test-fnetfilter | grep TESTING
 gcov_generate
-#make test-fs | grep TESTING
-#gcov_generate
-#make test-utils | grep TESTING
-#gcov_generate
-#make test-environment | grep TESTING
-#gcov_generate
+make test-fs | grep TESTING
+gcov_generate
+make test-utils | grep TESTING
+gcov_generate
+make test-environment | grep TESTING
+gcov_generate
diff --git a/src/firejail/network.c b/src/firejail/network.c
index 0d2d53fca..3da51e195 100644
--- a/src/firejail/network.c
+++ b/src/firejail/network.c
@@ -89,30 +89,6 @@ int net_get_mtu(const char *ifname) {
 	return mtu;
 }
 
-//void net_set_mtu(const char *ifname, int mtu) {
-//	if (strlen(ifname) > IFNAMSIZ) {
-//		fprintf(stderr, "Error: invalid network device name %s\n", ifname);
-//		exit(1);
-//	}
-//
-//	if (arg_debug)
-//		printf("set interface %s MTU %d.\n", ifname, mtu);
-//
-//	int s;
-//	struct ifreq ifr;
-//
-//	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
-//		errExit("socket");
-//
-//	memset(&ifr, 0, sizeof(ifr));
-//	ifr.ifr_addr.sa_family = AF_INET;
-//	strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
-//	ifr.ifr_mtu = mtu;
-//	if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) != 0)
-//		fwarning("cannot set mtu for interface %s\n", ifname);
-//	close(s);
-//}
-
 // return -1 if the interface was not found; if the interface was found return 0 and fill in IP address and mask
 int net_get_if_addr(const char *bridge, uint32_t *ip, uint32_t *mask, uint8_t mac[6], int *mtu) {
 	assert(bridge);
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c
index 11ea5b036..ce43b4832 100644
--- a/src/firejail/sbox.c
+++ b/src/firejail/sbox.c
@@ -26,6 +26,7 @@
 #include <sys/resource.h>
 #include <sys/wait.h>
 #include "../include/seccomp.h"
+#include "../include/gcov_wrapper.h"
 
 #include <fcntl.h>
 #ifndef O_PATH
@@ -238,6 +239,7 @@ static int __attribute__((noreturn)) sbox_do_exec_v(unsigned filtermask, char *
 			fprintf(stderr, "Error: %s is world writable, refusing to execute\n", arg[0]);
 			exit(1);
 		}
+		__gcov_dump();
 		fexecve(fd, arg, new_environment);
 	} else {
 		assert(0);
diff --git a/test/network/ip6_netfilter.exp b/test/network/ip6_netfilter.exp
new file mode 100755
index 000000000..6c478d9e7
--- /dev/null
+++ b/test/network/ip6_netfilter.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# check default netfilter on br0
+send -- "firejail --name=test --net=br0 --netfilter6=ip6_netfilter.profile\r"
+expect {
+	timeout {puts "TESTING ERROR 0\n";exit}
+	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 2
+spawn $env(SHELL)
+
+# check default netfilter no new network
+send -- "firejail --netfilter6.print=test\r"
+expect {
+	timeout {puts "TESTING ERROR 1\n";exit}
+	"DROP"
+}
+expect {
+	timeout {puts "TESTING ERROR 2\n";exit}
+	"2001:db8:1f0a:3ec::2"
+}
+
+after 500
+puts "all done\n"
diff --git a/test/network/ip6_netfilter.profile b/test/network/ip6_netfilter.profile
new file mode 100644
index 000000000..cc8f22943
--- /dev/null
+++ b/test/network/ip6_netfilter.profile
@@ -0,0 +1,8 @@
+# Generated by ip6tables-save v1.4.14 on Wed Jan 13 10:53:40 2016
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -s 2001:db8:1f0a:3ec::2/128 -j DROP
+COMMIT
+# Completed on Wed Jan 13 10:53:40 2016
diff --git a/test/network/net_bandwidth.exp b/test/network/net_bandwidth.exp
new file mode 100755
index 000000000..0ec3b59ef
--- /dev/null
+++ b/test/network/net_bandwidth.exp
@@ -0,0 +1,51 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --name=test --net=br0\r"
+expect {
+	timeout {puts "TESTING ERROR 1\n";exit}
+	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firejail --bandwidth=test set br0 10 20\r"
+expect {
+	timeout {puts "TESTING ERROR 2\n";exit}
+	"Download speed  80kbps"
+}
+expect {
+	timeout {puts "TESTING ERROR 3\n";exit}
+	"Upload speed  160kbps"
+}
+expect {
+	timeout {puts "TESTING ERROR 4\n";exit}
+	"configuring tc ingress"
+}
+expect {
+	timeout {puts "TESTING ERROR 5\n";exit}
+	"configuring tc egress"
+}
+after 500
+
+send -- "firejail --bandwidth=test status\r"
+expect {
+	timeout {puts "TESTING ERROR 6\n";exit}
+	"rate 160Kbit burst 10Kb"
+}
+after 500
+
+send -- "firejail --bandwidth=test clear br0\r"
+expect {
+	timeout {puts "TESTING ERROR 7\n";exit}
+	"Removing bandwidth limits"
+}
+sleep 1
+
+puts "\nall done\n"
diff --git a/test/network/net_ip.exp b/test/network/net_ip.exp
index 251b55362..0cccf93a0 100755
--- a/test/network/net_ip.exp
+++ b/test/network/net_ip.exp
@@ -130,4 +130,44 @@ expect {
 }
 
 after 500
+
+send -- "firejail --profile=net_ip.profile ip addr show\r"
+expect {
+	timeout {puts "TESTING ERROR 26\n";exit}
+	"eth0"
+}
+expect {
+	timeout {puts "TESTING ERROR 27\n";exit}
+	"00:11:22:33:44:55"
+}
+expect {
+	timeout {puts "TESTING ERROR 28\n";exit}
+	"10.10.20.55"
+}
+expect {
+	timeout {puts "TESTING ERROR 29\n";exit}
+	"Default gateway 10.10.20.9"
+}
+expect {
+	timeout {puts "TESTING ERROR 30\n";exit}
+	"00:11:22:33:44:55"
+}
+expect {
+	timeout {puts "TESTING ERROR 31\n";exit}
+	"10.10.20.55"
+}
+after 500
+
+send -- "firejail --profile=net_ip.profile ip route  show\r"
+expect {
+	timeout {puts "TESTING ERROR 32\n";exit}
+	"default via 10.10.20.9"
+}
+expect {
+	timeout {puts "TESTING ERROR 33\n";exit}
+	"10.10.20.0/24 dev eth0 proto kernel scope link src 10.10.20.55"
+}
+after 500
+
+
 puts "\nall done\n"
diff --git a/test/network/net_ip.profile b/test/network/net_ip.profile
new file mode 100644
index 000000000..72910d77e
--- /dev/null
+++ b/test/network/net_ip.profile
@@ -0,0 +1,6 @@
+net br0
+ip 10.10.20.55
+defaultgw 10.10.20.9
+mac 00:11:22:33:44:55
+mtu 1000
+
diff --git a/test/network/network.sh b/test/network/network.sh
index 877f16156..e062358d4 100755
--- a/test/network/network.sh
+++ b/test/network/network.sh
@@ -33,8 +33,14 @@ echo "TESTING: print network (net-print.exp)"
 echo "TESTING: print dns (dns-print.exp)"
 ./dns-print.exp
 
+echo "TESTING: bandwidth (net_bandwidth.exp)"
+./net_bandwidth.exp
+
 echo "TESTING: ipv6 (ip6.exp)"
 ./ip6.exp
 
+#echo "TESTING: ipv6 netfilter(ip6_netfilter.exp)"
+#./ip6_netfilter.exp
+
 sudo ip link set br0 down
 sudo brctl delbr br0