(mock_pf_get_dev, mock_ioctl, mock_pfctl,
mock_subprocess_call)
| 291 | @patch('sshuttle.methods.pf.ioctl') |
| 292 | @patch('sshuttle.methods.pf.pf_get_dev') |
| 293 | def test_setup_firewall_freebsd(mock_pf_get_dev, mock_ioctl, mock_pfctl, |
| 294 | mock_subprocess_call): |
| 295 | mock_pfctl.side_effect = pfctl |
| 296 | |
| 297 | method = get_method('pf') |
| 298 | assert method.name == 'pf' |
| 299 | |
| 300 | method.setup_firewall( |
| 301 | 1024, 1026, |
| 302 | [(AF_INET6, u'2404:6800:4004:80c::33')], |
| 303 | AF_INET6, |
| 304 | [(AF_INET6, 64, False, u'2404:6800:4004:80c::', 8000, 9000), |
| 305 | (AF_INET6, 128, True, u'2404:6800:4004:80c::101f', 8080, 8080)], |
| 306 | False, |
| 307 | None, |
| 308 | None, |
| 309 | '0x01') |
| 310 | |
| 311 | assert mock_pfctl.mock_calls == [ |
| 312 | call('-s all'), |
| 313 | call('-a sshuttle6-1024 -f /dev/stdin', |
| 314 | b'table <dns_servers> {2404:6800:4004:80c::33}\n' |
| 315 | b'rdr pass on lo0 inet6 proto tcp from ! ::1 to ' |
| 316 | b'2404:6800:4004:80c::/64 port 8000:9000 -> ::1 port 1024\n' |
| 317 | b'rdr pass on lo0 inet6 proto udp ' |
| 318 | b'to <dns_servers> port 53 -> ::1 port 1026\n' |
| 319 | b'pass out route-to lo0 inet6 proto tcp to ' |
| 320 | b'2404:6800:4004:80c::/64 port 8000:9000 keep state\n' |
| 321 | b'pass out inet6 proto tcp to ' |
| 322 | b'2404:6800:4004:80c::101f/128 port 8080:8080\n' |
| 323 | b'pass out route-to lo0 inet6 proto udp ' |
| 324 | b'to <dns_servers> port 53 keep state\n'), |
| 325 | call('-e'), |
| 326 | ] |
| 327 | assert call(['kldload', 'pf'], env=get_env()) in \ |
| 328 | mock_subprocess_call.mock_calls |
| 329 | mock_pf_get_dev.reset_mock() |
| 330 | mock_ioctl.reset_mock() |
| 331 | mock_pfctl.reset_mock() |
| 332 | |
| 333 | with pytest.raises(Exception) as excinfo: |
| 334 | method.setup_firewall( |
| 335 | 1025, 1027, |
| 336 | [(AF_INET, u'1.2.3.33')], |
| 337 | AF_INET, |
| 338 | [(AF_INET, 24, False, u'1.2.3.0', 0, 0), |
| 339 | (AF_INET, 32, True, u'1.2.3.66', 80, 80)], |
| 340 | True, |
| 341 | None, |
| 342 | None, |
| 343 | '0x01') |
| 344 | assert str(excinfo.value) == 'UDP not supported by pf method_name' |
| 345 | assert mock_pf_get_dev.mock_calls == [] |
| 346 | assert mock_ioctl.mock_calls == [] |
| 347 | assert mock_pfctl.mock_calls == [] |
| 348 | |
| 349 | method.setup_firewall( |
| 350 | 1025, 1027, |
nothing calls this directly
no test coverage detected