summaryrefslogtreecommitdiffstats
path: root/features/support/helpers/firewall_helper.rb
diff options
context:
space:
mode:
Diffstat (limited to 'features/support/helpers/firewall_helper.rb')
-rw-r--r--features/support/helpers/firewall_helper.rb26
1 files changed, 19 insertions, 7 deletions
diff --git a/features/support/helpers/firewall_helper.rb b/features/support/helpers/firewall_helper.rb
index ed2a09b..49e9853 100644
--- a/features/support/helpers/firewall_helper.rb
+++ b/features/support/helpers/firewall_helper.rb
@@ -3,7 +3,7 @@ require 'packetfu'
# Returns the unique edges (based on protocol, source/destination
# address/port) in the graph of all network flows.
def pcap_connections_helper(pcap_file, opts = {})
- opts[:ignore_dhcp] ||= true
+ opts[:ignore_dhcp] = true unless opts.has_key?(:ignore_dhcp)
connections = Array.new
packets = PacketFu::PcapFile.new.file_to_array(:filename => pcap_file)
packets.each do |p|
@@ -45,28 +45,40 @@ def pcap_connections_helper(pcap_file, opts = {})
next if opts[:ignore_dhcp]
end
- connections << {
+ packet_info = {
mac_saddr: eth_packet.eth_saddr,
mac_daddr: eth_packet.eth_daddr,
protocol: protocol,
- saddr: ip_packet.ip_saddr,
- daddr: ip_packet.ip_daddr,
sport: sport,
dport: dport,
}
+ # It seems *Packet.parse can return nil despite *Packet.can_parse?
+ # returning true.
+ if ip_packet
+ packet_info[:saddr] = ip_packet.ip_saddr
+ packet_info[:daddr] = ip_packet.ip_daddr
+ else
+ puts "We were hit by #11508. PacketFu bug? Packet info: #{packet_info}"
+ end
+ connections << packet_info
end
connections.uniq.map { |p| OpenStruct.new(p) }
end
+class FirewallAssertionFailedError < Test::Unit::AssertionFailedError
+end
+
# These assertions are made from the perspective of the system under
# testing when it comes to the concepts of "source" and "destination".
def assert_all_connections(pcap_file, opts = {}, &block)
all = pcap_connections_helper(pcap_file, opts)
good = all.find_all(&block)
bad = all - good
- save_failure_artifact("Network capture", pcap_file) unless bad.empty?
- assert(bad.empty?, "Unexpected connections were made:\n" +
- bad.map { |e| " #{e}" } .join("\n"))
+ unless bad.empty?
+ raise FirewallAssertionFailedError.new(
+ "Unexpected connections were made:\n" +
+ bad.map { |e| " #{e}" } .join("\n"))
+ end
end
def assert_no_connections(pcap_file, opts = {}, &block)