(mock_pf_get_dev, mock_ioctl, mock_pfctl)
| 401 | @patch('sshuttle.methods.pf.ioctl') |
| 402 | @patch('sshuttle.methods.pf.pf_get_dev') |
| 403 | def test_setup_firewall_openbsd(mock_pf_get_dev, mock_ioctl, mock_pfctl): |
| 404 | mock_pfctl.side_effect = pfctl |
| 405 | |
| 406 | method = get_method('pf') |
| 407 | assert method.name == 'pf' |
| 408 | |
| 409 | method.setup_firewall( |
| 410 | 1024, 1026, |
| 411 | [(AF_INET6, u'2404:6800:4004:80c::33')], |
| 412 | AF_INET6, |
| 413 | [(AF_INET6, 64, False, u'2404:6800:4004:80c::', 8000, 9000), |
| 414 | (AF_INET6, 128, True, u'2404:6800:4004:80c::101f', 8080, 8080)], |
| 415 | False, |
| 416 | None, |
| 417 | None, |
| 418 | '0x01') |
| 419 | |
| 420 | assert mock_ioctl.mock_calls == [ |
| 421 | call(mock_pf_get_dev(), 0xcd50441a, ANY), |
| 422 | call(mock_pf_get_dev(), 0xcd50441a, ANY), |
| 423 | ] |
| 424 | assert mock_pfctl.mock_calls == [ |
| 425 | call('-s Interfaces -i lo -v'), |
| 426 | call('-f /dev/stdin', b'match on lo\n'), |
| 427 | call('-s all'), |
| 428 | call('-a sshuttle6-1024 -f /dev/stdin', |
| 429 | b'table <dns_servers> {2404:6800:4004:80c::33}\n' |
| 430 | b'pass in on lo0 inet6 proto tcp to 2404:6800:4004:80c::/64 ' |
| 431 | b'port 8000:9000 divert-to ::1 port 1024\n' |
| 432 | b'pass in on lo0 inet6 proto udp ' |
| 433 | b'to <dns_servers> port 53 rdr-to ::1 port 1026\n' |
| 434 | b'pass out inet6 proto tcp to 2404:6800:4004:80c::/64 ' |
| 435 | b'port 8000:9000 route-to lo0 keep state\n' |
| 436 | b'pass out inet6 proto tcp to ' |
| 437 | b'2404:6800:4004:80c::101f/128 port 8080:8080\n' |
| 438 | b'pass out inet6 proto udp to ' |
| 439 | b'<dns_servers> port 53 route-to lo0 keep state\n'), |
| 440 | call('-e'), |
| 441 | ] |
| 442 | mock_pf_get_dev.reset_mock() |
| 443 | mock_ioctl.reset_mock() |
| 444 | mock_pfctl.reset_mock() |
| 445 | |
| 446 | with pytest.raises(Exception) as excinfo: |
| 447 | method.setup_firewall( |
| 448 | 1025, 1027, |
| 449 | [(AF_INET, u'1.2.3.33')], |
| 450 | AF_INET, |
| 451 | [(AF_INET, 24, False, u'1.2.3.0', 0, 0), |
| 452 | (AF_INET, 32, True, u'1.2.3.66', 80, 80)], |
| 453 | True, |
| 454 | None, |
| 455 | None, |
| 456 | '0x01') |
| 457 | assert str(excinfo.value) == 'UDP not supported by pf method_name' |
| 458 | assert mock_pf_get_dev.mock_calls == [] |
| 459 | assert mock_ioctl.mock_calls == [] |
| 460 | assert mock_pfctl.mock_calls == [] |
nothing calls this directly
no test coverage detected