From: Jo-Philipp Wich Date: Sat, 12 Feb 2022 12:16:24 +0000 (+0100) Subject: tests: change mocked wan interface type to PPPoE X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=281b1bcd99f4a65410ae0559da4f6f130a31d4a8;p=project%2Ffirewall4.git tests: change mocked wan interface type to PPPoE Change the WAN interface type in the mock data to PPPoE. PPPoE interfaces are special because their L3 device differs from the L2 one which becomes important later for resolving hw offloaded flowtable devices. Adjust the test cases accordingly. Signed-off-by: Jo-Philipp Wich --- diff --git a/tests/01_configuration/01_ruleset b/tests/01_configuration/01_ruleset index 8b4e0ce..f19daf5 100644 --- a/tests/01_configuration/01_ruleset +++ b/tests/01_configuration/01_ruleset @@ -26,7 +26,7 @@ table inet fw4 { flowtable ft { hook ingress priority 0; - devices = { "eth0", "eth1" }; + devices = { "eth0" }; flags offload; } @@ -41,7 +41,7 @@ table inet fw4 { define lan_devices = { "br-lan" } define lan_subnets = { 10.0.0.0/24, 192.168.26.0/24, 2001:db8:1000::/60, fd63:e2f:f706::/60 } - define wan_devices = { "eth1" } + define wan_devices = { "pppoe-wan" } define wan_subnets = { 10.11.12.0/24, 2001:db8:54:321::/64 } # @@ -63,7 +63,7 @@ table inet fw4 { ct state established,related accept comment "!fw4: Allow inbound established and related flows" tcp flags & (fin | syn | rst | ack) == syn jump syn_flood comment "!fw4: Rate limit TCP syn packets" iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic" - iifname "eth1" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic" + iifname "pppoe-wan" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic" } chain forward { @@ -72,7 +72,7 @@ table inet fw4 { meta l4proto { tcp, udp } flow offload @ft; ct state established,related accept comment "!fw4: Allow forwarded established and related flows" iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic" - iifname "eth1" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic" + iifname "pppoe-wan" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic" jump handle_reject } @@ -84,7 +84,7 @@ table inet fw4 { ct state established,related accept comment "!fw4: Allow outbound established and related flows" meta l4proto tcp counter comment "!fw4: Test-Deprecated-Rule-Option" oifname "br-lan" jump output_lan comment "!fw4: Handle lan IPv4/IPv6 output traffic" - oifname "eth1" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic" + oifname "pppoe-wan" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic" } chain handle_reject { @@ -142,15 +142,15 @@ table inet fw4 { } chain accept_to_wan { - oifname "eth1" counter accept comment "!fw4: accept wan IPv4/IPv6 traffic" + oifname "pppoe-wan" counter accept comment "!fw4: accept wan IPv4/IPv6 traffic" } chain reject_from_wan { - iifname "eth1" counter jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic" + iifname "pppoe-wan" counter jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic" } chain reject_to_wan { - oifname "eth1" counter jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic" + oifname "pppoe-wan" counter jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic" } @@ -164,7 +164,7 @@ table inet fw4 { chain srcnat { type nat hook postrouting priority srcnat; policy accept; - oifname "eth1" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic" + oifname "pppoe-wan" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic" } chain srcnat_wan { @@ -271,8 +271,8 @@ table inet fw4 { chain mangle_forward { type filter hook forward priority mangle; policy accept; - iifname "eth1" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 ingress MTU fixing" - oifname "eth1" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 egress MTU fixing" + iifname "pppoe-wan" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 ingress MTU fixing" + oifname "pppoe-wan" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 egress MTU fixing" } } -- End -- @@ -299,9 +299,9 @@ table inet fw4 { [call] ctx.call object method args [call] fs.opendir path [call] fs.opendir path -[call] fs.opendir path -[call] fs.opendir path -[call] system command /dev/null> timeout +[call] fs.opendir path +[call] fs.opendir path +[call] system command /dev/null> timeout [call] fs.popen cmdline mode [call] fs.open path mode [call] fs.open path mode diff --git a/tests/01_configuration/02_rule_order b/tests/01_configuration/02_rule_order index 1a94495..2778cce 100644 --- a/tests/01_configuration/02_rule_order +++ b/tests/01_configuration/02_rule_order @@ -77,7 +77,7 @@ table inet fw4 { define lan_devices = { "br-lan" } define lan_subnets = { 10.0.0.0/24, 192.168.26.0/24, 2001:db8:1000::/60, fd63:e2f:f706::/60 } - define wan_devices = { "eth1" } + define wan_devices = { "pppoe-wan" } define wan_subnets = { 10.11.12.0/24 } # @@ -98,7 +98,7 @@ table inet fw4 { ct state established,related accept comment "!fw4: Allow inbound established and related flows" iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic" - iifname "eth1" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic" + iifname "pppoe-wan" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic" } chain forward { @@ -106,7 +106,7 @@ table inet fw4 { ct state established,related accept comment "!fw4: Allow forwarded established and related flows" iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic" - iifname "eth1" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic" + iifname "pppoe-wan" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic" } chain output { @@ -116,7 +116,7 @@ table inet fw4 { ct state established,related accept comment "!fw4: Allow outbound established and related flows" oifname "br-lan" jump output_lan comment "!fw4: Handle lan IPv4/IPv6 output traffic" - oifname "eth1" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic" + oifname "pppoe-wan" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic" } chain handle_reject { @@ -160,15 +160,15 @@ table inet fw4 { } chain accept_to_wan { - oifname "eth1" counter accept comment "!fw4: accept wan IPv4/IPv6 traffic" + oifname "pppoe-wan" counter accept comment "!fw4: accept wan IPv4/IPv6 traffic" } chain drop_from_wan { - iifname "eth1" counter drop comment "!fw4: drop wan IPv4/IPv6 traffic" + iifname "pppoe-wan" counter drop comment "!fw4: drop wan IPv4/IPv6 traffic" } chain drop_to_wan { - oifname "eth1" counter drop comment "!fw4: drop wan IPv4/IPv6 traffic" + oifname "pppoe-wan" counter drop comment "!fw4: drop wan IPv4/IPv6 traffic" } diff --git a/tests/03_rules/06_subnet_mask_matches b/tests/03_rules/06_subnet_mask_matches index 8240b91..b057e2c 100644 --- a/tests/03_rules/06_subnet_mask_matches +++ b/tests/03_rules/06_subnet_mask_matches @@ -105,7 +105,7 @@ table inet fw4 { # Defines # - define wan_devices = { "eth1" } + define wan_devices = { "pppoe-wan" } define wan_subnets = { 2001:db8:54:321::/64 } define lan_devices = { "br-lan" } define lan_subnets = { 10.0.0.0/24, 192.168.26.0/24, 2001:db8:1000::/60, fd63:e2f:f706::/60 } @@ -129,7 +129,7 @@ table inet fw4 { iifname "lo" accept comment "!fw4: Accept traffic from loopback" ct state established,related accept comment "!fw4: Allow inbound established and related flows" - iifname "eth1" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic" + iifname "pppoe-wan" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic" iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic" iifname "br-guest" jump input_guest comment "!fw4: Handle guest IPv4/IPv6 input traffic" } @@ -138,7 +138,7 @@ table inet fw4 { type filter hook forward priority filter; policy drop; ct state established,related accept comment "!fw4: Allow forwarded established and related flows" - iifname "eth1" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic" + iifname "pppoe-wan" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic" iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic" iifname "br-guest" jump forward_guest comment "!fw4: Handle guest IPv4/IPv6 forward traffic" } @@ -159,7 +159,7 @@ table inet fw4 { ip6 saddr { ::3, ::4 } ip6 saddr != { ::7, ::8 } ip6 saddr & ::ffff != ::5 ip6 saddr & ::ffff != ::6 ip6 daddr != { ::15, ::16 } ip6 daddr & ::ffff == ::9 ip6 daddr & ::ffff != ::13 ip6 daddr & ::ffff != ::14 counter comment "!fw4: Mask rule #2" ip6 saddr { ::3, ::4 } ip6 saddr != { ::7, ::8 } ip6 saddr & ::ffff != ::5 ip6 saddr & ::ffff != ::6 ip6 daddr != { ::15, ::16 } ip6 daddr & ::ffff == ::10 ip6 daddr & ::ffff != ::13 ip6 daddr & ::ffff != ::14 counter comment "!fw4: Mask rule #2" ip6 saddr { ::3, ::4 } ip6 saddr != { ::7, ::8 } ip6 saddr & ::ffff != ::5 ip6 saddr & ::ffff != ::6 ip6 daddr { ::11, ::12 } ip6 daddr != { ::15, ::16 } ip6 daddr & ::ffff != ::13 ip6 daddr & ::ffff != ::14 counter comment "!fw4: Mask rule #2" - oifname "eth1" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic" + oifname "pppoe-wan" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic" oifname "br-lan" jump output_lan comment "!fw4: Handle lan IPv4/IPv6 output traffic" oifname "br-guest" jump output_guest comment "!fw4: Handle guest IPv4/IPv6 output traffic" } @@ -184,11 +184,11 @@ table inet fw4 { } chain drop_from_wan { - iifname "eth1" counter drop comment "!fw4: drop wan IPv4/IPv6 traffic" + iifname "pppoe-wan" counter drop comment "!fw4: drop wan IPv4/IPv6 traffic" } chain drop_to_wan { - oifname "eth1" counter drop comment "!fw4: drop wan IPv4/IPv6 traffic" + oifname "pppoe-wan" counter drop comment "!fw4: drop wan IPv4/IPv6 traffic" } chain input_lan { @@ -242,14 +242,14 @@ table inet fw4 { chain dstnat { type nat hook prerouting priority dstnat; policy accept; - iifname "eth1" jump dstnat_wan comment "!fw4: Handle wan IPv4/IPv6 dstnat traffic" + iifname "pppoe-wan" jump dstnat_wan comment "!fw4: Handle wan IPv4/IPv6 dstnat traffic" iifname "br-lan" jump dstnat_lan comment "!fw4: Handle lan IPv4/IPv6 dstnat traffic" iifname "br-guest" jump dstnat_guest comment "!fw4: Handle guest IPv4/IPv6 dstnat traffic" } chain srcnat { type nat hook postrouting priority srcnat; policy accept; - oifname "eth1" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic" + oifname "pppoe-wan" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic" oifname "br-lan" jump srcnat_lan comment "!fw4: Handle lan IPv4/IPv6 srcnat traffic" oifname "br-guest" jump srcnat_guest comment "!fw4: Handle guest IPv4/IPv6 srcnat traffic" } diff --git a/tests/03_rules/07_redirect b/tests/03_rules/07_redirect index 276d451..094a5b0 100644 --- a/tests/03_rules/07_redirect +++ b/tests/03_rules/07_redirect @@ -110,7 +110,7 @@ table inet fw4 { # Defines # - define wan_devices = { "eth1" } + define wan_devices = { "pppoe-wan" } define wan_subnets = { 10.11.12.0/24, 2001:db8:54:321::/64 } define lan_devices = { "br-lan" } define lan_subnets = { 10.0.0.0/24, 192.168.26.0/24, 2001:db8:1000::/60, fd63:e2f:f706::/60 } @@ -133,7 +133,7 @@ table inet fw4 { iifname "lo" accept comment "!fw4: Accept traffic from loopback" ct state established,related accept comment "!fw4: Allow inbound established and related flows" - iifname "eth1" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic" + iifname "pppoe-wan" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic" iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic" iifname "wwan0" jump input_noaddr comment "!fw4: Handle noaddr IPv4/IPv6 input traffic" } @@ -142,7 +142,7 @@ table inet fw4 { type filter hook forward priority filter; policy drop; ct state established,related accept comment "!fw4: Allow forwarded established and related flows" - iifname "eth1" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic" + iifname "pppoe-wan" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic" iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic" iifname "wwan0" jump forward_noaddr comment "!fw4: Handle noaddr IPv4/IPv6 forward traffic" } @@ -153,7 +153,7 @@ table inet fw4 { oifname "lo" accept comment "!fw4: Accept traffic towards loopback" ct state established,related accept comment "!fw4: Allow outbound established and related flows" - oifname "eth1" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic" + oifname "pppoe-wan" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic" oifname "br-lan" jump output_lan comment "!fw4: Handle lan IPv4/IPv6 output traffic" oifname "wwan0" jump output_noaddr comment "!fw4: Handle noaddr IPv4/IPv6 output traffic" } @@ -178,11 +178,11 @@ table inet fw4 { } chain drop_from_wan { - iifname "eth1" counter drop comment "!fw4: drop wan IPv4/IPv6 traffic" + iifname "pppoe-wan" counter drop comment "!fw4: drop wan IPv4/IPv6 traffic" } chain drop_to_wan { - oifname "eth1" counter drop comment "!fw4: drop wan IPv4/IPv6 traffic" + oifname "pppoe-wan" counter drop comment "!fw4: drop wan IPv4/IPv6 traffic" } chain input_lan { @@ -240,14 +240,14 @@ table inet fw4 { chain dstnat { type nat hook prerouting priority dstnat; policy accept; - iifname "eth1" jump dstnat_wan comment "!fw4: Handle wan IPv4/IPv6 dstnat traffic" + iifname "pppoe-wan" jump dstnat_wan comment "!fw4: Handle wan IPv4/IPv6 dstnat traffic" iifname "br-lan" jump dstnat_lan comment "!fw4: Handle lan IPv4/IPv6 dstnat traffic" iifname "wwan0" jump dstnat_noaddr comment "!fw4: Handle noaddr IPv4/IPv6 dstnat traffic" } chain srcnat { type nat hook postrouting priority srcnat; policy accept; - oifname "eth1" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic" + oifname "pppoe-wan" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic" oifname "br-lan" jump srcnat_lan comment "!fw4: Handle lan IPv4/IPv6 srcnat traffic" oifname "wwan0" jump srcnat_noaddr comment "!fw4: Handle noaddr IPv4/IPv6 srcnat traffic" } diff --git a/tests/mocks/fs/opendir~_sys_class_net_pppoe-wan.json b/tests/mocks/fs/opendir~_sys_class_net_pppoe-wan.json new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/tests/mocks/fs/opendir~_sys_class_net_pppoe-wan.json @@ -0,0 +1 @@ +[] diff --git a/tests/mocks/ubus/network.interface~dump.json b/tests/mocks/ubus/network.interface~dump.json index f4d3264..67d76cf 100644 --- a/tests/mocks/ubus/network.interface~dump.json +++ b/tests/mocks/ubus/network.interface~dump.json @@ -250,9 +250,9 @@ "autostart": true, "dynamic": false, "uptime": 35968, - "l3_device": "eth1", - "proto": "dhcp", - "device": "wan", + "l3_device": "pppoe-wan", + "proto": "pppoe", + "device": "eth1", "metric": 0, "dns_metric": 0, "delegation": true, @@ -309,8 +309,7 @@ ] }, "data": { - "hostname": "OpenWrt", - "leasetime": 43200 + } }, { @@ -321,8 +320,8 @@ "autostart": true, "dynamic": false, "uptime": 16264, - "l3_device": "eth1", - "proto": "6in4", + "l3_device": "pppoe-wan", + "proto": "dhcpv6", "updated": [ "addresses", "routes",