Test PF on non-darwin.

Author: brianmay

sshuttle/tests/test_methods_pf.py

@@ -98,7 +98,8 @@ def test_firewall_command(mock_pf_get_dev, mock_ioctl, mock_stdout):
 
 def pfctl(args, stdin=None):
     if args == '-s all':
-        return (b'another mary had a little lamb\n', b'little lamb\n')
+        return (b'INFO:\nStatus: Disabled\nanother mary had a little lamb\n',
+                b'little lamb\n')
     if args == '-E':
         return (b'\n', b'Token : abcdefg\n')
     return None
@@ -109,7 +110,7 @@ def pfctl(args, stdin=None):
 @patch('sshuttle.methods.pf.pfctl')
 @patch('sshuttle.methods.pf.ioctl')
 @patch('sshuttle.methods.pf.pf_get_dev')
-def test_setup_firewall(mock_pf_get_dev, mock_ioctl, mock_pfctl):
+def test_setup_firewall_darwin(mock_pf_get_dev, mock_ioctl, mock_pfctl):
     mock_pfctl.side_effect = pfctl
 
     method = get_method('pf')
@@ -183,3 +184,84 @@ def test_setup_firewall(mock_pf_get_dev, mock_ioctl, mock_pfctl):
     mock_pf_get_dev.reset_mock()
     mock_pfctl.reset_mock()
     mock_ioctl.reset_mock()
+
+
+@patch('sshuttle.helpers.verbose', new=3)
+@patch('sshuttle.methods.pf.sys.platform', 'notdarwin')
+@patch('sshuttle.methods.pf.pfctl')
+@patch('sshuttle.methods.pf.ioctl')
+@patch('sshuttle.methods.pf.pf_get_dev')
+def test_setup_firewall_notdarwin(mock_pf_get_dev, mock_ioctl, mock_pfctl):
+    mock_pfctl.side_effect = pfctl
+
+    method = get_method('pf')
+    assert method.name == 'pf'
+
+    with pytest.raises(Exception) as excinfo:
+        method.setup_firewall(
+            1024, 1026,
+            [(10, u'2404:6800:4004:80c::33')],
+            10,
+            [(10, 64, False, u'2404:6800:4004:80c::'),
+                (10, 128, True, u'2404:6800:4004:80c::101f')],
+            True)
+    assert str(excinfo.value) \
+        == 'Address family "AF_INET6" unsupported by pf method_name'
+    assert mock_pf_get_dev.mock_calls == []
+    assert mock_ioctl.mock_calls == []
+    assert mock_pfctl.mock_calls == []
+
+    with pytest.raises(Exception) as excinfo:
+        method.setup_firewall(
+            1025, 1027,
+            [(2, u'1.2.3.33')],
+            2,
+            [(2, 24, False, u'1.2.3.0'), (2, 32, True, u'1.2.3.66')],
+            True)
+    assert str(excinfo.value) == 'UDP not supported by pf method_name'
+    assert mock_pf_get_dev.mock_calls == []
+    assert mock_ioctl.mock_calls == []
+    assert mock_pfctl.mock_calls == []
+
+    method.setup_firewall(
+        1025, 1027,
+        [(2, u'1.2.3.33')],
+        2,
+        [(2, 24, False, u'1.2.3.0'), (2, 32, True, u'1.2.3.66')],
+        False)
+    assert mock_ioctl.mock_calls == [
+        call(mock_pf_get_dev(), 3295691827, ANY),
+        call(mock_pf_get_dev(), 3424666650, ANY),
+        call(mock_pf_get_dev(), 3424666650, ANY),
+        call(mock_pf_get_dev(), 3295691827, ANY),
+        call(mock_pf_get_dev(), 3424666650, ANY),
+        call(mock_pf_get_dev(), 3424666650, ANY),
+    ]
+    assert mock_pfctl.mock_calls == [
+        call('-s all'),
+        call('-a sshuttle -f /dev/stdin',
+             b'table <forward_subnets> {!1.2.3.66/32,1.2.3.0/24}\n'
+             b'table <dns_servers> {1.2.3.33}\n'
+             b'rdr pass on lo0 proto tcp '
+             b'to <forward_subnets> -> 127.0.0.1 port 1025\n'
+             b'rdr pass on lo0 proto udp '
+             b'to <dns_servers> port 53 -> 127.0.0.1 port 1027\n'
+             b'pass out route-to lo0 inet proto tcp '
+             b'to <forward_subnets> keep state\n'
+             b'pass out route-to lo0 inet proto udp '
+             b'to <dns_servers> port 53 keep state\n'),
+        call('-e'),
+    ]
+    mock_pf_get_dev.reset_mock()
+    mock_ioctl.reset_mock()
+    mock_pfctl.reset_mock()
+
+    method.restore_firewall(1025, 2, False)
+    assert mock_ioctl.mock_calls == []
+    assert mock_pfctl.mock_calls == [
+        call('-a sshuttle -F all'),
+        call("-d"),
+    ]
+    mock_pf_get_dev.reset_mock()
+    mock_pfctl.reset_mock()
+    mock_ioctl.reset_mock()