mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge add fine grained network mediation support

Browse source 
Similar to https://gitlab.com/apparmor/apparmor/-/merge_requests/1095, but this time simplified.
This version removes support for ip and port ranges and subnets. This can be added later.

It also contains an updated version of the network layout required by the kernel side of AppArmor.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1160
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen 2024-02-29 21:58:24 +00:00
commit 35287c8e1c
195 changed files with 2626 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -266,6 +266,8 @@ tests/regression/apparmor/mmap
tests/regression/apparmor/mount
tests/regression/apparmor/move_mount
tests/regression/apparmor/named_pipe
tests/regression/apparmor/net_finegrained_rcv
tests/regression/apparmor/net_finegrained_snd
tests/regression/apparmor/net_raw
tests/regression/apparmor/open
tests/regression/apparmor/openat

2
parser/af_unix.cc
View file

@ -202,7 +202,7 @@ void unix_rule::downgrade_rule(Profile &prof) {
if (audit == AUDIT_FORCE)
prof.net.audit[AF_UNIX] |= mask;
const char *error;
network_rule *netv8 = new network_rule(AF_UNIX, sock_type_n);
network_rule *netv8 = new network_rule(perms, AF_UNIX, sock_type_n);
if(!netv8->add_prefix({audit, rule_mode, owner}, error))
yyerror(error);
prof.rule_ents.push_back(netv8);

2
parser/all_rule.cc
View file

@ -83,7 +83,7 @@ void all_rule::add_implied_rules(Profile &prof)
(void) rule->add_prefix(*prefix);
prof.rule_ents.push_back(rule);
rule = new network_rule(NULL);
rule = new network_rule(0, (struct cond_entry *)NULL, (struct cond_entry *)NULL);
(void) rule->add_prefix(*prefix);
prof.rule_ents.push_back(rule);

6
parser/bignum.h
View file

@ -12,8 +12,7 @@
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, contact Novell, Inc. or Canonical
* Ltd.
* along with this program; if not, contact Canonical Ltd.
*/
#ifndef __AA_BIGNUM_H
@ -29,10 +28,9 @@ class bignum
{
public:
std::vector<uint8_t> data;
uint64_t sad = 543;
uint8_t base;
bool negative = false;
bignum () {}
bignum () : base(0) {}
bignum (unsigned long val) {
if (val == 0)

248
parser/network.cc
View file

@ -20,6 +20,7 @@
#include <string>
#include <sstream>
#include <map>
#include <arpa/inet.h>
#include "lib.h"
#include "parser.h"
@ -298,7 +299,59 @@ const struct network_tuple *net_find_mapping(const struct network_tuple *map,
return NULL;
}
void network_rule::move_conditionals(struct cond_entry *conds)
bool parse_ipv4_address(const char *input, struct ip_address *result)
{
struct in_addr addr;
if (inet_pton(AF_INET, input, &addr) == 1) {
result->family = AF_INET;
result->address.address_v4 = addr.s_addr;
return true;
}
return false;
}
bool parse_ipv6_address(const char *input, struct ip_address *result)
{
struct in6_addr addr;
if (inet_pton(AF_INET6, input, &addr) == 1) {
result->family = AF_INET6;
memcpy(result->address.address_v6, addr.s6_addr, 16);
return true;
}
return false;
}
bool parse_ip(const char *ip, struct ip_address *result)
{
return parse_ipv6_address(ip, result) ||
parse_ipv4_address(ip, result);
}
bool parse_port_number(const char *port_entry, uint16_t *port) {
char *eptr;
unsigned long port_tmp = strtoul(port_entry, &eptr, 10);
if (port_tmp >= 0 && port_entry != eptr &&
*eptr == '\0' && port_tmp <= UINT16_MAX) {
*port = port_tmp;
return true;
}
return false;
}
bool network_rule::parse_port(ip_conds &entry)
{
entry.is_port = true;
return parse_port_number(entry.sport, &entry.port);
}
bool network_rule::parse_address(ip_conds &entry)
{
entry.is_ip = true;
return parse_ip(entry.sip, &entry.ip);
}
void network_rule::move_conditionals(struct cond_entry *conds, ip_conds &ip_cond)
{
struct cond_entry *cond_ent;
@ -306,10 +359,18 @@ void network_rule::move_conditionals(struct cond_entry *conds)
/* for now disallow keyword 'in' (list) */
if (!cond_ent->eq)
yyerror("keyword \"in\" is not allowed in network rules\n");
/* no valid conditionals atm */
yyerror("invalid network rule conditional \"%s\"\n",
cond_ent->name);
if (strcmp(cond_ent->name, "ip") == 0) {
move_conditional_value("network", &ip_cond.sip, cond_ent);
if (!parse_address(ip_cond))
yyerror("network invalid ip='%s'\n", ip_cond.sip);
} else if (strcmp(cond_ent->name, "port") == 0) {
move_conditional_value("network", &ip_cond.sport, cond_ent);
if (!parse_port(ip_cond))
yyerror("network invalid port='%s'\n", ip_cond.sport);
} else {
yyerror("invalid network rule conditional \"%s\"\n",
cond_ent->name);
}
}
}
@ -322,7 +383,8 @@ void network_rule::set_netperm(unsigned int family, unsigned int type)
network_perms[family] |= 1 << type;
}
network_rule::network_rule(struct cond_entry *conds):
network_rule::network_rule(perms_t perms_p, struct cond_entry *conds,
struct cond_entry *peer_conds):
dedup_perms_rule_t(AA_CLASS_NETV8)
{
size_t family_index;
@ -331,12 +393,25 @@ network_rule::network_rule(struct cond_entry *conds):
set_netperm(family_index, 0xFFFFFFFF);
}
move_conditionals(conds);
move_conditionals(conds, local);
move_conditionals(peer_conds, peer);
free_cond_list(conds);
free_cond_list(peer_conds);
if (perms_p) {
perms = perms_p;
if (perms & ~AA_VALID_NET_PERMS)
yyerror("perms contains invalid permissions for network rules\n");
else if ((perms & ~AA_PEER_NET_PERMS) && has_peer_conds())
yyerror("network 'create', 'shutdown', 'setattr', 'getattr', 'bind', 'listen', 'setopt', and/or 'getopt' accesses cannot be used with peer socket conditionals\n");
} else {
perms = AA_VALID_NET_PERMS;
}
}
network_rule::network_rule(const char *family, const char *type,
const char *protocol, struct cond_entry *conds):
network_rule::network_rule(perms_t perms_p, const char *family, const char *type,
const char *protocol, struct cond_entry *conds,
struct cond_entry *peer_conds):
dedup_perms_rule_t(AA_CLASS_NETV8)
{
const struct network_tuple *mapping = NULL;
@ -355,15 +430,37 @@ network_rule::network_rule(const char *family, const char *type,
if (network_map.empty())
yyerror(_("Invalid network entry."));
move_conditionals(conds);
move_conditionals(conds, local);
move_conditionals(peer_conds, peer);
free_cond_list(conds);
free_cond_list(peer_conds);
if (perms_p) {
perms = perms_p;
if (perms & ~AA_VALID_NET_PERMS)
yyerror("perms contains invalid permissions for network rules\n");
else if ((perms & ~AA_PEER_NET_PERMS) && has_peer_conds())
yyerror("network 'create', 'shutdown', 'setattr', 'getattr', 'bind', 'listen', 'setopt', and/or 'getopt' accesses cannot be used with peer socket conditionals\n");
} else {
perms = AA_VALID_NET_PERMS;
}
}
network_rule::network_rule(unsigned int family, unsigned int type):
network_rule::network_rule(perms_t perms_p, unsigned int family, unsigned int type):
dedup_perms_rule_t(AA_CLASS_NETV8)
{
network_map[family].push_back({ family, type, 0xFFFFFFFF });
set_netperm(family, type);
if (perms_p) {
perms = perms_p;
if (perms & ~AA_VALID_NET_PERMS)
yyerror("perms contains invalid permissions for network rules\n");
else if ((perms & ~AA_PEER_NET_PERMS) && has_peer_conds())
yyerror("network 'create', 'shutdown', 'setattr', 'getattr', 'bind', 'listen', 'setopt', and/or 'getopt' accesses cannot be used with peer socket conditionals\n");
} else {
perms = AA_VALID_NET_PERMS;
}
}
ostream &network_rule::dump(ostream &os)
@ -428,6 +525,79 @@ void network_rule::warn_once(const char *name)
rule_t::warn_once(name, "network rules not enforced");
}
std::string gen_ip_cond(const struct ip_address ip)
{
std::ostringstream oss;
int i;
if (ip.family == AF_INET) {
/* add a byte containing the size of the following ip */
oss << "\\x04";
u8 *byte = (u8 *) &ip.address.address_v4; /* in network byte order */
for (i = 0; i < 4; i++)
oss << "\\x" << std::setfill('0') << std::setw(2) << std::hex << static_cast<unsigned int>(byte[i]);
} else {
/* add a byte containing the size of the following ip */
oss << "\\x10";
for (i = 0; i < 16; ++i)
oss << "\\x" << std::setfill('0') << std::setw(2) << std::hex << static_cast<unsigned int>(ip.address.address_v6[i]);
}
return oss.str();
}
std::string gen_port_cond(uint16_t port)
{
std::ostringstream oss;
if (port > 0) {
oss << "\\x" << std::setfill('0') << std::setw(2) << std::hex << ((port & 0xff00) >> 8);
oss << "\\x" << std::setfill('0') << std::setw(2) << std::hex << (port & 0xff);
} else {
oss << "..";
}
return oss.str();
}
void network_rule::gen_ip_conds(std::ostringstream &oss, ip_conds entry, bool is_peer, bool is_cmd)
{
/* encode protocol */
if (!is_cmd) {
if (entry.is_ip) {
oss << "\\x" << std::setfill('0') << std::setw(2) << std::hex << ((entry.ip.family & 0xff00) >> 8);
oss << "\\x" << std::setfill('0') << std::setw(2) << std::hex << (entry.ip.family & 0xff);
} else {
oss << "..";
}
}
if (entry.is_port) {
/* encode port type (privileged - 1, remote - 2, unprivileged - 0) */
if (!is_peer && perms & AA_NET_BIND && entry.port < IPPORT_RESERVED)
oss << "\\x01";
else if (is_peer)
oss << "\\x02";
else
oss << "\\x00";
oss << gen_port_cond(entry.port);
} else {
/* port type + port number */
if (!is_cmd)
oss << ".";
oss << "..";
}
if (entry.is_ip) {
oss << gen_ip_cond(entry.ip);
} else {
/* encode 0 to indicate there's no ip (ip size) */
oss << "\\x00";
}
oss << "\\-x01"; /* oob separator */
oss << default_match_pattern; /* label - not used for now */
oss << "\\x00"; /* null transition */
}
bool network_rule::gen_net_rule(Profile &prof, u16 family, unsigned int type_mask) {
std::ostringstream buffer;
std::string buf;
@ -441,13 +611,59 @@ bool network_rule::gen_net_rule(Profile &prof, u16 family, unsigned int type_mas
buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << ((type_mask & 0xff00) >> 8);
buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << (type_mask & 0xff);
}
buf = buffer.str();
if (!prof.policy.rules->add_rule(buf.c_str(), rule_mode == RULE_DENY, map_perms(AA_VALID_NET_PERMS),
dedup_perms_rule_t::audit == AUDIT_FORCE ? map_perms(AA_VALID_NET_PERMS) : 0,
parseopts))
return false;
if (!features_supports_inet) {
buf = buffer.str();
if (!prof.policy.rules->add_rule(buf.c_str(), rule_mode == RULE_DENY, map_perms(AA_VALID_NET_PERMS),
dedup_perms_rule_t::audit == AUDIT_FORCE ? map_perms(AA_VALID_NET_PERMS) : 0,
parseopts))
return false;
return true;
}
if (perms & AA_PEER_NET_PERMS) {
gen_ip_conds(buffer, peer, true, false);
buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << CMD_ADDR;
gen_ip_conds(buffer, local, false, true);
buf = buffer.str();
if (!prof.policy.rules->add_rule(buf.c_str(), rule_mode == RULE_DENY, map_perms(perms),
dedup_perms_rule_t::audit == AUDIT_FORCE ? map_perms(perms) : 0,
parseopts))
return false;
}
if ((perms & AA_NET_LISTEN) || (perms & AA_NET_OPT)) {
gen_ip_conds(buffer, local, false, false);
if (perms & AA_NET_LISTEN) {
std::ostringstream cmd_buffer;
cmd_buffer << buffer.str();
cmd_buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << CMD_LISTEN;
/* length of queue allowed - not used for now */
cmd_buffer << "..";
buf = cmd_buffer.str();
if (!prof.policy.rules->add_rule(buf.c_str(), rule_mode == RULE_DENY, map_perms(perms),
dedup_perms_rule_t::audit == AUDIT_FORCE ? map_perms(perms) : 0,
parseopts))
return false;
}
if (perms & AA_NET_OPT) {
std::ostringstream cmd_buffer;
cmd_buffer << buffer.str();
cmd_buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << CMD_OPT;
/* level - not used for now */
cmd_buffer << "..";
/* socket mapping - not used for now */
cmd_buffer << "..";
buf = cmd_buffer.str();
if (!prof.policy.rules->add_rule(buf.c_str(), rule_mode == RULE_DENY, map_perms(perms),
dedup_perms_rule_t::audit == AUDIT_FORCE ? map_perms(perms) : 0,
parseopts))
return false;
}
}
return true;
}

53
parser/network.h
View file

@ -75,6 +75,10 @@
#define AA_PEER_NET_PERMS (AA_VALID_NET_PERMS & (~AA_LOCAL_NET_PERMS | \
AA_NET_ACCEPT))
#define CMD_ADDR 1
#define CMD_LISTEN 2
#define CMD_OPT 4
struct network_tuple {
const char *family_name;
unsigned int family;
@ -104,22 +108,58 @@ int net_find_type_val(const char *type);
const char *net_find_type_name(int type);
const char *net_find_af_name(unsigned int af);
struct ip_address {
union {
uint8_t address_v6[16];
uint32_t address_v4;
} address;
uint16_t family;
};
class ip_conds {
public:
char *sip = NULL;
char *sport = NULL;
bool is_ip = false;
bool is_port = false;
uint16_t port;
struct ip_address ip;
void free_conds() {
if (sip)
free(sip);
if (sport)
free(sport);
}
};
class network_rule: public dedup_perms_rule_t {
void move_conditionals(struct cond_entry *conds);
void move_conditionals(struct cond_entry *conds, ip_conds &ip_cond);
public:
std::unordered_map<unsigned int, std::vector<struct aa_network_entry>> network_map;
std::unordered_map<unsigned int, perms_t> network_perms;
ip_conds peer;
ip_conds local;
bool has_local_conds(void) { return local.sip || local.sport; }
bool has_peer_conds(void) { return peer.sip || peer.sport; }
/* empty constructor used only for the profile to access
* static elements to maintain compatibility with
* AA_CLASS_NET */
network_rule(): dedup_perms_rule_t(AA_CLASS_NETV8) { }
network_rule(struct cond_entry *conds);
network_rule(const char *family, const char *type,
const char *protocol, struct cond_entry *conds);
network_rule(unsigned int family, unsigned int type);
network_rule(perms_t perms_p, struct cond_entry *conds,
struct cond_entry *peer_conds);
network_rule(perms_t perms_p, const char *family, const char *type,
const char *protocol, struct cond_entry *conds,
struct cond_entry *peer_conds);
network_rule(perms_t perms_p, unsigned int family, unsigned int type);
virtual ~network_rule()
{
peer.free_conds();
local.free_conds();
if (allow) {
free(allow);
allow = NULL;
@ -138,9 +178,12 @@ public:
}
};
void gen_ip_conds(std::ostringstream &oss, ip_conds entry, bool is_peer, bool is_cmd);
bool gen_net_rule(Profile &prof, u16 family, unsigned int type_mask);
void set_netperm(unsigned int family, unsigned int type);
void update_compat_net(void);
bool parse_address(ip_conds &entry);
bool parse_port(ip_conds &entry);
virtual bool valid_prefix(const prefixes &p, const char *&error) {
if (p.owner) {

1
parser/parser.h
View file

@ -341,6 +341,7 @@ extern int kernel_load;
extern int kernel_supports_setload;
extern int features_supports_network;
extern int features_supports_networkv8;
extern int features_supports_inet;
extern int kernel_supports_policydb;
extern int kernel_supports_diff_encode;
extern int features_supports_mount;

1
parser/parser_common.c
View file

@ -69,6 +69,7 @@ int kernel_load = 1;
int kernel_supports_setload = 0; /* kernel supports atomic set loads */
int features_supports_network = 0; /* kernel supports network rules */
int features_supports_networkv8 = 0; /* kernel supports 4.17 network rules */
int features_supports_inet = 0; /* kernel supports inet network rules */
int features_supports_unix = 0; /* kernel supports unix socket rules */
int kernel_supports_policydb = 0; /* kernel supports new policydb */
int features_supports_mount = 0; /* kernel supports mount rules */

20
parser/parser_lex.l
View file

@ -517,12 +517,6 @@ GT >
}
}
<NETWORK_MODE>{
{IDS} {
yylval.id = strdup(yytext);
RETURN_TOKEN(TOK_ID);
}
}
<CHANGE_PROFILE_MODE>{
safe { RETURN_TOKEN(TOK_SAFE); }
@ -558,7 +552,7 @@ GT >
{LT_EQUAL} { RETURN_TOKEN(TOK_LE); }
}
<UNIX_MODE>{
<UNIX_MODE,NETWORK_MODE>{
listen { RETURN_TOKEN(TOK_LISTEN); }
accept { RETURN_TOKEN(TOK_ACCEPT); }
connect { RETURN_TOKEN(TOK_CONNECT); }
@ -567,7 +561,7 @@ GT >
shutdown { RETURN_TOKEN(TOK_SHUTDOWN); }
}
<UNIX_MODE,USERNS_MODE,MQUEUE_MODE>{
<UNIX_MODE,USERNS_MODE,MQUEUE_MODE,NETWORK_MODE>{
create { RETURN_TOKEN(TOK_CREATE); }
}
@ -576,12 +570,12 @@ GT >
delete { RETURN_TOKEN(TOK_DELETE); }
}
<UNIX_MODE,MQUEUE_MODE>{
<UNIX_MODE,MQUEUE_MODE,NETWORK_MODE>{
getattr { RETURN_TOKEN(TOK_GETATTR); }
setattr { RETURN_TOKEN(TOK_SETATTR); }
}
<DBUS_MODE,UNIX_MODE>{
<DBUS_MODE,UNIX_MODE,NETWORK_MODE>{
bind { RETURN_TOKEN(TOK_BIND); }
}
@ -589,7 +583,7 @@ GT >
eavesdrop { RETURN_TOKEN(TOK_EAVESDROP); }
}
<DBUS_MODE,SIGNAL_MODE,UNIX_MODE>{
<DBUS_MODE,SIGNAL_MODE,UNIX_MODE,NETWORK_MODE>{
send { RETURN_TOKEN(TOK_SEND); }
receive { RETURN_TOKEN(TOK_RECEIVE); }
}
@ -600,7 +594,7 @@ GT >
tracedby { RETURN_TOKEN(TOK_TRACEDBY); }
}
<DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,MQUEUE_MODE>{
<DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,MQUEUE_MODE,NETWORK_MODE>{
read { RETURN_TOKEN(TOK_READ); }
write { RETURN_TOKEN(TOK_WRITE); }
{OPEN_PAREN} {
@ -621,7 +615,7 @@ GT >
sqpoll { RETURN_TOKEN(TOK_SQPOLL); }
}
<MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,MQUEUE_MODE,IOURING_MODE>{
<MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,MQUEUE_MODE,IOURING_MODE,NETWORK_MODE>{
({IDS_NOEQ}|{LABEL}|{QUOTED_ID}) {
yylval.id = processid(yytext, yyleng);
RETURN_TOKEN(TOK_ID);

3
parser/parser_main.c
View file

@ -919,6 +919,9 @@ void set_supported_features()
features_supports_networkv8 = features_intersect(kernel_features,
policy_features,
"network_v8");
features_supports_inet = features_intersect(kernel_features,
policy_features,
"network/af_inet");
features_supports_unix = features_intersect(kernel_features,
policy_features,
"network/af_unix");

4
parser/parser_regex.c
View file

@ -882,7 +882,7 @@ static std::string generate_regex_range(bignum start, bignum end)
std::ostringstream result;
std::vector<std::pair<bignum, bignum>> regex_range;
int j;
regex_range = regex_range_generator(start, end);
regex_range = regex_range_generator(std::move(start), std::move(end));
for (auto &i: regex_range) {
bignum sstart = i.first;
bignum send = i.second;
@ -942,7 +942,7 @@ int convert_range(std::string& buffer, bignum start, bignum end)
pattern_t ptype;
int pos;
std::string regex_range = generate_regex_range(start, end);
std::string regex_range = generate_regex_range(std::move(start), std::move(end));
if (!regex_range.empty()) {
ptype = convert_aaregex_to_pcre(regex_range.c_str(), 0, glob_default, buffer, &pos);

43
parser/parser_yacc.y
View file

@ -1083,27 +1083,48 @@ link_rule: TOK_LINK opt_subset_flag id_or_var TOK_ARROW id_or_var TOK_END_OF_RUL
$$ = entry;
};
network_rule: TOK_NETWORK opt_conds TOK_END_OF_RULE
network_rule: TOK_NETWORK opt_net_perm opt_conds opt_cond_list TOK_END_OF_RULE
{
network_rule *entry = new network_rule($2);
network_rule *entry;
if ($4.name) {
if (strcmp($4.name, "peer") != 0)
yyerror(_("network rule: invalid conditional group %s=()"), $4.name);
free($4.name);
}
entry = new network_rule($2, $3, $4.list);
$$ = entry;
}
network_rule: TOK_NETWORK TOK_ID opt_conds TOK_END_OF_RULE
network_rule: TOK_NETWORK opt_net_perm TOK_ID opt_conds opt_cond_list TOK_END_OF_RULE
{
network_rule *entry = new network_rule($2, NULL, NULL, $3);
free($2);
$$ = entry;
}
network_rule *entry;
network_rule: TOK_NETWORK TOK_ID TOK_ID opt_conds TOK_END_OF_RULE
{
network_rule *entry = new network_rule($2, $3, NULL, $4);
free($2);
if ($5.name) {
if (strcmp($5.name, "peer") != 0)
yyerror(_("network rule: invalid conditional group %s=()"), $5.name);
free($5.name);
}
entry = new network_rule($2, $3, NULL, NULL, $4, $5.list);
free($3);
$$ = entry;
}
network_rule: TOK_NETWORK opt_net_perm TOK_ID TOK_ID opt_conds opt_cond_list TOK_END_OF_RULE
{
network_rule *entry;
if ($6.name) {
if (strcmp($6.name, "peer") != 0)
yyerror(_("network rule: invalid conditional group %s=()"), $6.name);
free($6.name);
}
entry = new network_rule($2, $3, $4, NULL, $5, $6.list);
free($3);
free($4);
$$ = entry;
}
cond: TOK_CONDID
{
struct cond_entry *ent;

8
parser/tst/simple_tests/network/network_bad_10.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip - port conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=127.0.0.1 port=test),
}

8
parser/tst/simple_tests/network/network_bad_11.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network port range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=127.0.0.1 port=65536),
}

8
parser/tst/simple_tests/network/network_bad_12.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip - port conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=[invalid] port=80),
}

8
parser/tst/simple_tests/network/network_bad_13.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip - port conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=::1 port=-1),
}

8
parser/tst/simple_tests/network/network_bad_14.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip - port conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=::1 port=test),
}

8
parser/tst/simple_tests/network/network_bad_15.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network port range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=::1 port=65536),
}

8
parser/tst/simple_tests/network/network_bad_16.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network port range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(port=65536),
}

8
parser/tst/simple_tests/network/network_bad_17.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network port range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(port=-1),
}

8
parser/tst/simple_tests/network/network_bad_18.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network port range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(port=test),
}

8
parser/tst/simple_tests/network/network_bad_19.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=192.168.0.39-192.168.0.4),
}

8
parser/tst/simple_tests/network/network_bad_20.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=192.168.0.39-invalid),
}

8
parser/tst/simple_tests/network/network_bad_21.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=192.168.0.39-::58c2),
}

8
parser/tst/simple_tests/network/network_bad_22.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=2001:1884:d02e:2759:d30:f166:71c9:288f-192.168.0.39),
}

8
parser/tst/simple_tests/network/network_bad_23.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=80-192.168.0.39),
}

8
parser/tst/simple_tests/network/network_bad_24.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(port=80-65536),
}

8
parser/tst/simple_tests/network/network_bad_25.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(port=443-80),
}

8
parser/tst/simple_tests/network/network_bad_26.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=invalid/80),
}

8
parser/tst/simple_tests/network/network_bad_27.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=192.168.0.1/-1),
}

8
parser/tst/simple_tests/network/network_bad_28.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=192.168.0.1/invalid),
}

8
parser/tst/simple_tests/network/network_bad_29.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=192.168.0.1/33),
}

8
parser/tst/simple_tests/network/network_bad_30.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=2001:1884:d02e:2759:d30:f166:71c9:288f/-1),
}

8
parser/tst/simple_tests/network/network_bad_31.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=2001:1884:d02e:2759:d30:f166:71c9:288f/invalid),
}

8
parser/tst/simple_tests/network/network_bad_32.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=2001:1884:d02e:2759:d30:f166:71c9:288f/129),
}

8
parser/tst/simple_tests/network/network_bad_33.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip - port conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=127.0.0.1 port=test,
}

8
parser/tst/simple_tests/network/network_bad_34.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip - port conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=127.0.0.1 port=test peer=(ip=127.0.0.1 port=test),
}

8
parser/tst/simple_tests/network/network_bad_35.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network port range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=127.0.0.1 port=65536,
}

8
parser/tst/simple_tests/network/network_bad_36.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network port range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=127.0.0.1 port=65536 peer=(ip=127.0.0.1 port=65536),
}

8
parser/tst/simple_tests/network/network_bad_37.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip - port conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=[invalid] port=80,
}

8
parser/tst/simple_tests/network/network_bad_38.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip - port conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=[invalid] port=80 peer=(ip=[invalid] port=80),
}

8
parser/tst/simple_tests/network/network_bad_39.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip - port conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=::1 port=-1,
}

8
parser/tst/simple_tests/network/network_bad_40.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip - port conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=::1 port=-1 peer=(ip=::1 port=-1),
}

8
parser/tst/simple_tests/network/network_bad_41.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip - port conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=::1 port=test,
}

8
parser/tst/simple_tests/network/network_bad_42.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip - port conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=::1 port=test peer=(ip=::1 port=test),
}

8
parser/tst/simple_tests/network/network_bad_43.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network port range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=::1 port=65536,
}

8
parser/tst/simple_tests/network/network_bad_44.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network port range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=::1 port=65536 peer=(ip=::1 port=65536),
}

8
parser/tst/simple_tests/network/network_bad_45.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network port range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network port=65536,
}

8
parser/tst/simple_tests/network/network_bad_46.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network port range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network port=65536 peer=(port=65536),
}

8
parser/tst/simple_tests/network/network_bad_47.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network port range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network port=-1,
}

8
parser/tst/simple_tests/network/network_bad_48.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network port range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network port=-1 peer=(port=-1),
}

8
parser/tst/simple_tests/network/network_bad_49.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network port range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network port=test,
}

8
parser/tst/simple_tests/network/network_bad_5.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=10,
}

8
parser/tst/simple_tests/network/network_bad_50.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network port range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network port=test peer=(port=test),
}

8
parser/tst/simple_tests/network/network_bad_51.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=192.168.0.39-192.168.0.4,
}

8
parser/tst/simple_tests/network/network_bad_52.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=192.168.0.39-192.168.0.4 peer=(ip=192.168.0.39-192.168.0.4),
}

8
parser/tst/simple_tests/network/network_bad_53.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=192.168.0.39-invalid,
}

8
parser/tst/simple_tests/network/network_bad_54.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=192.168.0.39-invalid peer=(ip=192.168.0.39-invalid),
}

8
parser/tst/simple_tests/network/network_bad_55.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=192.168.0.39-::58c2,
}

8
parser/tst/simple_tests/network/network_bad_56.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=192.168.0.39-::58c2 peer=(ip=192.168.0.39-::58c2),
}

8
parser/tst/simple_tests/network/network_bad_57.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=2001:1884:d02e:2759:d30:f166:71c9:288f-192.168.0.39,
}

8
parser/tst/simple_tests/network/network_bad_58.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=2001:1884:d02e:2759:d30:f166:71c9:288f-192.168.0.39 peer=(ip=2001:1884:d02e:2759:d30:f166:71c9:288f-192.168.0.39),
}

8
parser/tst/simple_tests/network/network_bad_59.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=80-192.168.0.39,
}

8
parser/tst/simple_tests/network/network_bad_6.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=10.2,
}

8
parser/tst/simple_tests/network/network_bad_60.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=80-192.168.0.39 peer=(ip=80-192.168.0.39),
}

8
parser/tst/simple_tests/network/network_bad_61.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network port=80-65536,
}

8
parser/tst/simple_tests/network/network_bad_62.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network port=80-65536 peer=(port=80-65536),
}

8
parser/tst/simple_tests/network/network_bad_63.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network port=443-80,
}

8
parser/tst/simple_tests/network/network_bad_64.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network range test
#=EXRESULT FAIL
#
/usr/bin/foo {
network port=443-80 peer=(port=443-80),
}

8
parser/tst/simple_tests/network/network_bad_65.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=invalid/80,
}

8
parser/tst/simple_tests/network/network_bad_66.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=invalid/80 peer=(ip=invalid/80),
}

8
parser/tst/simple_tests/network/network_bad_67.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=192.168.0.1/-1,
}

8
parser/tst/simple_tests/network/network_bad_68.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=192.168.0.1/-1 peer=(ip=192.168.0.1/-1),
}

8
parser/tst/simple_tests/network/network_bad_69.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=192.168.0.1/invalid,
}

8
parser/tst/simple_tests/network/network_bad_7.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=test,
}

8
parser/tst/simple_tests/network/network_bad_70.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=192.168.0.1/invalid peer=(ip=192.168.0.1/invalid),
}

8
parser/tst/simple_tests/network/network_bad_71.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=192.168.0.1/33,
}

8
parser/tst/simple_tests/network/network_bad_72.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=192.168.0.1/33 peer=(ip=192.168.0.1/33),
}

8
parser/tst/simple_tests/network/network_bad_73.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=2001:1884:d02e:2759:d30:f166:71c9:288f/-1,
}

8
parser/tst/simple_tests/network/network_bad_74.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=2001:1884:d02e:2759:d30:f166:71c9:288f/-1 peer=(ip=2001:1884:d02e:2759:d30:f166:71c9:288f/-1),
}

8
parser/tst/simple_tests/network/network_bad_75.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=2001:1884:d02e:2759:d30:f166:71c9:288f/invalid,
}

8
parser/tst/simple_tests/network/network_bad_76.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=2001:1884:d02e:2759:d30:f166:71c9:288f/invalid peer=(ip=2001:1884:d02e:2759:d30:f166:71c9:288f/invalid),
}

8
parser/tst/simple_tests/network/network_bad_77.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=2001:1884:d02e:2759:d30:f166:71c9:288f/129,
}

8
parser/tst/simple_tests/network/network_bad_78.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network subnet test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=2001:1884:d02e:2759:d30:f166:71c9:288f/129 peer=(ip=2001:1884:d02e:2759:d30:f166:71c9:288f/129),
}

8
parser/tst/simple_tests/network/network_bad_79.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=-1,
}

8
parser/tst/simple_tests/network/network_bad_8.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=-1),
}

8
parser/tst/simple_tests/network/network_bad_80.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=-1 peer=(ip=-1),
}

8
parser/tst/simple_tests/network/network_bad_81.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip - port conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=127.0.0.1 port=-1,
}

8
parser/tst/simple_tests/network/network_bad_82.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip - port conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network ip=127.0.0.1 port=-1 peer=(ip=127.0.0.1 port=-1),
}

8
parser/tst/simple_tests/network/network_bad_9.sd Normal file
View file

@ -0,0 +1,8 @@
#
#=DESCRIPTION invalid network ip - port conditional test
#=EXRESULT FAIL
#
/usr/bin/foo {
network peer=(ip=127.0.0.1 port=-1),
}

10
parser/tst/simple_tests/network/network_ok_10.sd Normal file
View file

@ -0,0 +1,10 @@
#
#=DESCRIPTION network ipv4 - port conditional test
#=EXRESULT PASS
#
/usr/bin/foo {
network peer=(ip=127.0.0.1 port=8080),
network peer=(ip=127.0.0.1 port=0),
network peer=(ip=127.0.0.1 port=65535),
}

9
parser/tst/simple_tests/network/network_ok_11.sd Normal file
View file

@ -0,0 +1,9 @@
#
#=DESCRIPTION network ipv6 conditional test
#=EXRESULT PASS
#
/usr/bin/foo {
network peer=(ip=2001:1254:f12e:2059:5f78:28f5:5cf5:9b73),
network peer=(ip=fe80::fc54:ff:fece:e21f),
}

9
parser/tst/simple_tests/network/network_ok_12.sd Normal file
View file

@ -0,0 +1,9 @@
#
#=DESCRIPTION network ipv6 conditional test
#=EXRESULT PASS
#
/usr/bin/foo {
network inet peer=(ip=fe80::fc54:ff:fece:e21f),
network inet tcp peer=(ip=fe80::fc54:ff:fece:e21f),
}

13
parser/tst/simple_tests/network/network_ok_13.sd Normal file
View file

@ -0,0 +1,13 @@
#
#=DESCRIPTION network ipv6 - port conditional test
#=EXRESULT PASS
#
/usr/bin/foo {
network peer=(ip=::1 port=8080),
network peer=(ip=0000:0000:0000:0000:0000:0000:0000:0001 port=8080),
network peer=(ip=::1 port=0),
network peer=(ip=0000:0000:0000:0000:0000:0000:0000:0001 port=0),
network peer=(ip=::1 port=65535),
network peer=(ip=0000:0000:0000:0000:0000:0000:0000:0001 port=65535),
}

10
parser/tst/simple_tests/network/network_ok_14.sd Normal file
View file

@ -0,0 +1,10 @@
#
#=DESCRIPTION network port conditional test
#=EXRESULT PASS
#
/usr/bin/foo {
network peer=(port=0),
network peer=(port=65535),
network peer=(port=443),
}

10
parser/tst/simple_tests/network/network_ok_20.sd Normal file
View file

@ -0,0 +1,10 @@
#
#=DESCRIPTION network ipv4 - port conditional test
#=EXRESULT PASS
#
/usr/bin/foo {
network ip=127.0.0.1 port=8080,
network ip=127.0.0.1 port=0,
network ip=127.0.0.1 port=65535,
}

10
parser/tst/simple_tests/network/network_ok_21.sd Normal file
View file

@ -0,0 +1,10 @@
#
#=DESCRIPTION network ipv4 - port conditional test
#=EXRESULT PASS
#
/usr/bin/foo {
network ip=127.0.0.1 port=8080 peer=(ip=127.0.0.1 port=8080),
network ip=127.0.0.1 port=0 peer=(ip=127.0.0.1 port=0),
network ip=127.0.0.1 port=65535 peer=(ip=127.0.0.1 port=65535),
}

9
parser/tst/simple_tests/network/network_ok_22.sd Normal file
View file

@ -0,0 +1,9 @@
#
#=DESCRIPTION network ipv6 conditional test
#=EXRESULT PASS
#
/usr/bin/foo {
network ip=2001:1254:f12e:2059:5f78:28f5:5cf5:9b73,
network ip=fe80::fc54:ff:fece:e21f,
}

9
parser/tst/simple_tests/network/network_ok_23.sd Normal file
View file

@ -0,0 +1,9 @@
#
#=DESCRIPTION network ipv6 conditional test
#=EXRESULT PASS
#
/usr/bin/foo {
network ip=2001:1254:f12e:2059:5f78:28f5:5cf5:9b73 peer=(ip=2001:1254:f12e:2059:5f78:28f5:5cf5:9b73),
network ip=fe80::fc54:ff:fece:e21f peer=(ip=fe80::fc54:ff:fece:e21f),
}

9
parser/tst/simple_tests/network/network_ok_24.sd Normal file
View file

@ -0,0 +1,9 @@
#
#=DESCRIPTION network ipv6 conditional test
#=EXRESULT PASS
#
/usr/bin/foo {
network inet ip=fe80::fc54:ff:fece:e21f,
network inet tcp ip=fe80::fc54:ff:fece:e21f,
}

Some files were not shown because too many files have changed in this diff Show more