summaryrefslogtreecommitdiffstats
path: root/sshuttle/tests/client/test_methods_pf.py
diff options
context:
space:
mode:
Diffstat (limited to 'sshuttle/tests/client/test_methods_pf.py')
-rw-r--r--sshuttle/tests/client/test_methods_pf.py93
1 files changed, 46 insertions, 47 deletions
diff --git a/sshuttle/tests/client/test_methods_pf.py b/sshuttle/tests/client/test_methods_pf.py
index 4ec6fc5..5df57af 100644
--- a/sshuttle/tests/client/test_methods_pf.py
+++ b/sshuttle/tests/client/test_methods_pf.py
@@ -182,8 +182,8 @@ def test_setup_firewall_darwin(mock_pf_get_dev, mock_ioctl, mock_pfctl):
1024, 1026,
[(10, u'2404:6800:4004:80c::33')],
10,
- [(10, 64, False, u'2404:6800:4004:80c::'),
- (10, 128, True, u'2404:6800:4004:80c::101f')],
+ [(10, 64, False, u'2404:6800:4004:80c::', 8000, 9000),
+ (10, 128, True, u'2404:6800:4004:80c::101f', 8080, 8080)],
False)
assert mock_ioctl.mock_calls == [
call(mock_pf_get_dev(), 0xC4704433, ANY),
@@ -198,16 +198,15 @@ def test_setup_firewall_darwin(mock_pf_get_dev, mock_ioctl, mock_pfctl):
call('-f /dev/stdin', b'pass on lo\n'),
call('-s all'),
call('-a sshuttle6-1024 -f /dev/stdin',
- b'table <forward_subnets> {'
- b'!2404:6800:4004:80c::101f/128,2404:6800:4004:80c::/64'
- b'}\n'
b'table <dns_servers> {2404:6800:4004:80c::33}\n'
- b'rdr pass on lo0 inet6 proto tcp '
- b'to <forward_subnets> -> ::1 port 1024\n'
+ b'rdr pass on lo0 inet6 proto tcp to '
+ b'2404:6800:4004:80c::/64 port 8000:9000 -> ::1 port 1024\n'
b'rdr pass on lo0 inet6 proto udp '
b'to <dns_servers> port 53 -> ::1 port 1026\n'
- b'pass out route-to lo0 inet6 proto tcp '
- b'to <forward_subnets> keep state\n'
+ b'pass out quick inet6 proto tcp to '
+ b'2404:6800:4004:80c::101f/128 port 8080:8080\n'
+ b'pass out route-to lo0 inet6 proto tcp to '
+ b'2404:6800:4004:80c::/64 port 8000:9000 keep state\n'
b'pass out route-to lo0 inet6 proto udp '
b'to <dns_servers> port 53 keep state\n'),
call('-E'),
@@ -221,7 +220,8 @@ def test_setup_firewall_darwin(mock_pf_get_dev, mock_ioctl, mock_pfctl):
1025, 1027,
[(2, u'1.2.3.33')],
2,
- [(2, 24, False, u'1.2.3.0'), (2, 32, True, u'1.2.3.66')],
+ [(2, 24, False, u'1.2.3.0', 0, 0),
+ (2, 32, True, u'1.2.3.66', 80, 80)],
True)
assert str(excinfo.value) == 'UDP not supported by pf method_name'
assert mock_pf_get_dev.mock_calls == []
@@ -232,7 +232,7 @@ def test_setup_firewall_darwin(mock_pf_get_dev, mock_ioctl, mock_pfctl):
1025, 1027,
[(2, u'1.2.3.33')],
2,
- [(2, 24, False, u'1.2.3.0'), (2, 32, True, u'1.2.3.66')],
+ [(2, 24, False, u'1.2.3.0', 0, 0), (2, 32, True, u'1.2.3.66', 80, 80)],
False)
assert mock_ioctl.mock_calls == [
call(mock_pf_get_dev(), 0xC4704433, ANY),
@@ -247,14 +247,13 @@ def test_setup_firewall_darwin(mock_pf_get_dev, mock_ioctl, mock_pfctl):
call('-f /dev/stdin', b'pass on lo\n'),
call('-s all'),
call('-a sshuttle-1025 -f /dev/stdin',
- b'table <forward_subnets> {!1.2.3.66/32,1.2.3.0/24}\n'
b'table <dns_servers> {1.2.3.33}\n'
- b'rdr pass on lo0 inet proto tcp '
- b'to <forward_subnets> -> 127.0.0.1 port 1025\n'
+ b'rdr pass on lo0 inet proto tcp to 1.2.3.0/24 '
+ b'-> 127.0.0.1 port 1025\n'
b'rdr pass on lo0 inet proto udp '
b'to <dns_servers> port 53 -> 127.0.0.1 port 1027\n'
- b'pass out route-to lo0 inet proto tcp '
- b'to <forward_subnets> keep state\n'
+ b'pass out quick inet proto tcp to 1.2.3.66/32 port 80:80\n'
+ b'pass out route-to lo0 inet proto tcp to 1.2.3.0/24 keep state\n'
b'pass out route-to lo0 inet proto udp '
b'to <dns_servers> port 53 keep state\n'),
call('-E'),
@@ -289,23 +288,22 @@ def test_setup_firewall_freebsd(mock_pf_get_dev, mock_ioctl, mock_pfctl):
1024, 1026,
[(10, u'2404:6800:4004:80c::33')],
10,
- [(10, 64, False, u'2404:6800:4004:80c::'),
- (10, 128, True, u'2404:6800:4004:80c::101f')],
+ [(10, 64, False, u'2404:6800:4004:80c::', 8000, 9000),
+ (10, 128, True, u'2404:6800:4004:80c::101f', 8080, 8080)],
False)
assert mock_pfctl.mock_calls == [
call('-s all'),
call('-a sshuttle6-1024 -f /dev/stdin',
- b'table <forward_subnets> {'
- b'!2404:6800:4004:80c::101f/128,2404:6800:4004:80c::/64'
- b'}\n'
b'table <dns_servers> {2404:6800:4004:80c::33}\n'
- b'rdr pass on lo0 inet6 proto tcp '
- b'to <forward_subnets> -> ::1 port 1024\n'
+ b'rdr pass on lo0 inet6 proto tcp to 2404:6800:4004:80c::/64 '
+ b'port 8000:9000 -> ::1 port 1024\n'
b'rdr pass on lo0 inet6 proto udp '
b'to <dns_servers> port 53 -> ::1 port 1026\n'
- b'pass out route-to lo0 inet6 proto tcp '
- b'to <forward_subnets> keep state\n'
+ b'pass out quick inet6 proto tcp to '
+ b'2404:6800:4004:80c::101f/128 port 8080:8080\n'
+ b'pass out route-to lo0 inet6 proto tcp to '
+ b'2404:6800:4004:80c::/64 port 8000:9000 keep state\n'
b'pass out route-to lo0 inet6 proto udp '
b'to <dns_servers> port 53 keep state\n'),
call('-e'),
@@ -319,7 +317,8 @@ def test_setup_firewall_freebsd(mock_pf_get_dev, mock_ioctl, mock_pfctl):
1025, 1027,
[(2, u'1.2.3.33')],
2,
- [(2, 24, False, u'1.2.3.0'), (2, 32, True, u'1.2.3.66')],
+ [(2, 24, False, u'1.2.3.0', 0, 0),
+ (2, 32, True, u'1.2.3.66', 80, 80)],
True)
assert str(excinfo.value) == 'UDP not supported by pf method_name'
assert mock_pf_get_dev.mock_calls == []
@@ -330,7 +329,7 @@ def test_setup_firewall_freebsd(mock_pf_get_dev, mock_ioctl, mock_pfctl):
1025, 1027,
[(2, u'1.2.3.33')],
2,
- [(2, 24, False, u'1.2.3.0'), (2, 32, True, u'1.2.3.66')],
+ [(2, 24, False, u'1.2.3.0', 0, 0), (2, 32, True, u'1.2.3.66', 80, 80)],
False)
assert mock_ioctl.mock_calls == [
call(mock_pf_get_dev(), 0xC4704433, ANY),
@@ -343,14 +342,13 @@ def test_setup_firewall_freebsd(mock_pf_get_dev, mock_ioctl, mock_pfctl):
assert mock_pfctl.mock_calls == [
call('-s all'),
call('-a sshuttle-1025 -f /dev/stdin',
- b'table <forward_subnets> {!1.2.3.66/32,1.2.3.0/24}\n'
b'table <dns_servers> {1.2.3.33}\n'
- b'rdr pass on lo0 inet proto tcp '
- b'to <forward_subnets> -> 127.0.0.1 port 1025\n'
+ b'rdr pass on lo0 inet proto tcp to 1.2.3.0/24 -> '
+ b'127.0.0.1 port 1025\n'
b'rdr pass on lo0 inet proto udp '
b'to <dns_servers> port 53 -> 127.0.0.1 port 1027\n'
- b'pass out route-to lo0 inet proto tcp '
- b'to <forward_subnets> keep state\n'
+ b'pass out quick inet proto tcp to 1.2.3.66/32 port 80:80\n'
+ b'pass out route-to lo0 inet proto tcp to 1.2.3.0/24 keep state\n'
b'pass out route-to lo0 inet proto udp '
b'to <dns_servers> port 53 keep state\n'),
call('-e'),
@@ -385,8 +383,8 @@ def test_setup_firewall_openbsd(mock_pf_get_dev, mock_ioctl, mock_pfctl):
1024, 1026,
[(10, u'2404:6800:4004:80c::33')],
10,
- [(10, 64, False, u'2404:6800:4004:80c::'),
- (10, 128, True, u'2404:6800:4004:80c::101f')],
+ [(10, 64, False, u'2404:6800:4004:80c::', 8000, 9000),
+ (10, 128, True, u'2404:6800:4004:80c::101f', 8080, 8080)],
False)
assert mock_ioctl.mock_calls == [
@@ -398,16 +396,15 @@ def test_setup_firewall_openbsd(mock_pf_get_dev, mock_ioctl, mock_pfctl):
call('-f /dev/stdin', b'match on lo\n'),
call('-s all'),
call('-a sshuttle6-1024 -f /dev/stdin',
- b'table <forward_subnets> {'
- b'!2404:6800:4004:80c::101f/128,2404:6800:4004:80c::/64'
- b'}\n'
b'table <dns_servers> {2404:6800:4004:80c::33}\n'
- b'pass in on lo0 inet6 proto tcp to '
- b'<forward_subnets> divert-to ::1 port 1024\n'
+ b'pass in on lo0 inet6 proto tcp to 2404:6800:4004:80c::/64 '
+ b'port 8000:9000 divert-to ::1 port 1024\n'
b'pass in on lo0 inet6 proto udp '
b'to <dns_servers> port 53 rdr-to ::1 port 1026\n'
- b'pass out inet6 proto tcp to '
- b'<forward_subnets> route-to lo0 keep state\n'
+ b'pass out quick inet6 proto tcp to '
+ b'2404:6800:4004:80c::101f/128 port 8080:8080\n'
+ b'pass out inet6 proto tcp to 2404:6800:4004:80c::/64 '
+ b'port 8000:9000 route-to lo0 keep state\n'
b'pass out inet6 proto udp to '
b'<dns_servers> port 53 route-to lo0 keep state\n'),
call('-e'),
@@ -421,7 +418,8 @@ def test_setup_firewall_openbsd(mock_pf_get_dev, mock_ioctl, mock_pfctl):
1025, 1027,
[(2, u'1.2.3.33')],
2,
- [(2, 24, False, u'1.2.3.0'), (2, 32, True, u'1.2.3.66')],
+ [(2, 24, False, u'1.2.3.0', 0, 0),
+ (2, 32, True, u'1.2.3.66', 80, 80)],
True)
assert str(excinfo.value) == 'UDP not supported by pf method_name'
assert mock_pf_get_dev.mock_calls == []
@@ -432,7 +430,8 @@ def test_setup_firewall_openbsd(mock_pf_get_dev, mock_ioctl, mock_pfctl):
1025, 1027,
[(2, u'1.2.3.33')],
2,
- [(2, 24, False, u'1.2.3.0'), (2, 32, True, u'1.2.3.66')],
+ [(2, 24, False, u'1.2.3.0', 0, 0),
+ (2, 32, True, u'1.2.3.66', 80, 80)],
False)
assert mock_ioctl.mock_calls == [
call(mock_pf_get_dev(), 0xcd48441a, ANY),
@@ -443,13 +442,13 @@ def test_setup_firewall_openbsd(mock_pf_get_dev, mock_ioctl, mock_pfctl):
call('-f /dev/stdin', b'match on lo\n'),
call('-s all'),
call('-a sshuttle-1025 -f /dev/stdin',
- b'table <forward_subnets> {!1.2.3.66/32,1.2.3.0/24}\n'
b'table <dns_servers> {1.2.3.33}\n'
- b'pass in on lo0 inet proto tcp to <forward_subnets> divert-to 127.0.0.1 port 1025\n'
+ b'pass in on lo0 inet proto tcp to 1.2.3.0/24 divert-to '
+ b'127.0.0.1 port 1025\n'
b'pass in on lo0 inet proto udp to '
b'<dns_servers> port 53 rdr-to 127.0.0.1 port 1027\n'
- b'pass out inet proto tcp to '
- b'<forward_subnets> route-to lo0 keep state\n'
+ b'pass out quick inet proto tcp to 1.2.3.66/32 port 80:80\n'
+ b'pass out inet proto tcp to 1.2.3.0/24 route-to lo0 keep state\n'
b'pass out inet proto udp to '
b'<dns_servers> port 53 route-to lo0 keep state\n'),
call('-e'),
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-25 13:08:55 +0000