(mock_ipt_chain_exists, mock_ipt)
| 87 | @patch('sshuttle.methods.nat.ipt') |
| 88 | @patch('sshuttle.methods.nat.ipt_chain_exists') |
| 89 | def test_setup_firewall(mock_ipt_chain_exists, mock_ipt): |
| 90 | mock_ipt_chain_exists.return_value = True |
| 91 | method = get_method('nat') |
| 92 | assert method.name == 'nat' |
| 93 | |
| 94 | assert mock_ipt_chain_exists.mock_calls == [] |
| 95 | assert mock_ipt.mock_calls == [] |
| 96 | method.setup_firewall( |
| 97 | 1024, 1026, |
| 98 | [(AF_INET6, u'2404:6800:4004:80c::33')], |
| 99 | AF_INET6, |
| 100 | [(AF_INET6, 64, False, u'2404:6800:4004:80c::', 0, 0), |
| 101 | (AF_INET6, 128, True, u'2404:6800:4004:80c::101f', 80, 80)], |
| 102 | False, |
| 103 | None, |
| 104 | None, |
| 105 | '0x01') |
| 106 | |
| 107 | assert mock_ipt_chain_exists.mock_calls == [ |
| 108 | call(AF_INET6, 'nat', 'sshuttle-1024') |
| 109 | ] |
| 110 | assert mock_ipt.mock_calls == [ |
| 111 | call(AF_INET6, 'nat', '-D', 'OUTPUT', '-j', 'sshuttle-1024'), |
| 112 | call(AF_INET6, 'nat', '-D', 'PREROUTING', '-j', 'sshuttle-1024'), |
| 113 | call(AF_INET6, 'nat', '-F', 'sshuttle-1024'), |
| 114 | call(AF_INET6, 'nat', '-X', 'sshuttle-1024'), |
| 115 | call(AF_INET6, 'nat', '-N', 'sshuttle-1024'), |
| 116 | call(AF_INET6, 'nat', '-F', 'sshuttle-1024'), |
| 117 | call(AF_INET6, 'nat', '-I', 'OUTPUT', '1', '-j', 'sshuttle-1024'), |
| 118 | call(AF_INET6, 'nat', '-I', 'PREROUTING', '1', '-j', 'sshuttle-1024'), |
| 119 | call(AF_INET6, 'nat', '-A', 'sshuttle-1024', '-j', 'REDIRECT', |
| 120 | '--dest', u'2404:6800:4004:80c::33', '-p', 'udp', |
| 121 | '--dport', '53', '--to-ports', '1026'), |
| 122 | call(AF_INET6, 'nat', '-A', 'sshuttle-1024', '-j', 'RETURN', |
| 123 | '--dest', u'2404:6800:4004:80c::101f/128', '-p', 'tcp', |
| 124 | '--dport', '80:80'), |
| 125 | call(AF_INET6, 'nat', '-A', 'sshuttle-1024', '-j', 'REDIRECT', |
| 126 | '--dest', u'2404:6800:4004:80c::/64', '-p', 'tcp', |
| 127 | '--to-ports', '1024'), |
| 128 | call(AF_INET6, 'nat', '-A', 'sshuttle-1024', '-j', 'RETURN', |
| 129 | '-m', 'addrtype', '--dst-type', 'LOCAL') |
| 130 | ] |
| 131 | mock_ipt_chain_exists.reset_mock() |
| 132 | mock_ipt.reset_mock() |
| 133 | |
| 134 | assert mock_ipt_chain_exists.mock_calls == [] |
| 135 | assert mock_ipt.mock_calls == [] |
| 136 | |
| 137 | with pytest.raises(Exception) as excinfo: |
| 138 | method.setup_firewall( |
| 139 | 1025, 1027, |
| 140 | [(AF_INET, u'1.2.3.33')], |
| 141 | AF_INET, |
| 142 | [(AF_INET, 24, False, u'1.2.3.0', 8000, 9000), |
| 143 | (AF_INET, 32, True, u'1.2.3.66', 8080, 8080)], |
| 144 | True, |
| 145 | None, |
| 146 | None, |
nothing calls this directly
no test coverage detected