[test suite] additional FORWARD_ALL tests

Makefile.am

@@ -215,8 +215,10 @@ EXTRA_DIST = \
     test/conf/hmac_force_nat_access.conf \
     test/conf/hmac_force_snat_access.conf \
     test/conf/hmac_force_masq_access.conf \
+    test/conf/hmac_force_nat_forward_all_access.conf \
     test/conf/hmac_no_b64_cygwin_access.conf \
     test/conf/hmac_forward_all_access.conf \
+    test/conf/hmac_forward_all_and_dnat_access.conf \
     test/conf/hmac_force_masq_no_dnat_access.conf \
     test/conf/multi_pkts.pcap \
     test/conf/fwknoprc_default_hmac_base64_key \
@@ -315,7 +317,11 @@ EXTRA_DIST = \
     test/conf/firewd_snat_fwknopd.conf \
     test/conf/ipt_snat_no_translate_ip_fwknopd.conf \
     test/conf/firewd_snat_no_translate_ip_fwknopd.conf \
+    test/conf/ipt_snat_translate_ip_fwknopd.conf \
+    test/conf/firewd_snat_translate_ip_fwknopd.conf \
     test/conf/destination_rule_fwknopd.conf \
+    test/conf/firewd_spa_dst_snat_fwknopd.conf \
+    test/conf/ipt_spa_dst_snat_fwknopd.conf \
     test/conf/hmac_spa_destination_access.conf \
     test/conf/hmac_spa_destination2_access.conf \
     test/conf/hmac_spa_destination3_access.conf \

test/conf/firewd_snat_translate_ip_fwknopd.conf

@@ -0,0 +1,3 @@
+ENABLE_FIREWD_FORWARDING        Y;
+ENABLE_FIREWD_SNAT              Y;
+SNAT_TRANSLATE_IP               8.1.2.3;

test/conf/firewd_spa_dst_snat_fwknopd.conf

@@ -0,0 +1,3 @@
+ENABLE_FIREWD_FORWARDING    Y;
+ENABLE_FIREWD_SNAT          Y;
+ENABLE_DESTINATION_RULE     Y;

test/conf/hmac_force_nat_forward_all_access.conf

@@ -0,0 +1,6 @@
+SOURCE                  ANY
+KEY_BASE64              wzNP62oPPgEc+kXDPQLHPOayQBuNbYUTPP+QrErNDmg=
+HMAC_KEY_BASE64         Yh+xizBnl6FotC5ec7FanVGClRMlsOAPh2u6eovnerfBVKwaVKzjGoblFMHMc593TNyi0dWn4opLoTIV9q/ttg==
+FW_ACCESS_TIMEOUT       3
+FORCE_NAT               192.168.1.123 22
+FORWARD_ALL             Y

test/conf/hmac_forward_all_and_dnat_access.conf

@@ -0,0 +1,7 @@
+SOURCE                  ANY
+KEY_BASE64              wzNP62oPPgEc+kXDPQLHPOayQBuNbYUTPP+QrErNDmg=
+HMAC_KEY_BASE64         Yh+xizBnl6FotC5ec7FanVGClRMlsOAPh2u6eovnerfBVKwaVKzjGoblFMHMc593TNyi0dWn4opLoTIV9q/ttg==
+FW_ACCESS_TIMEOUT       3
+FORCE_SNAT              123.4.4.4
+DISABLE_DNAT            N
+FORWARD_ALL             Y

test/conf/ipt_snat_translate_ip_fwknopd.conf

@@ -0,0 +1,3 @@
+ENABLE_IPT_FORWARDING       Y;
+ENABLE_IPT_SNAT             Y;
+SNAT_TRANSLATE_IP           8.1.2.3;

test/conf/ipt_spa_dst_snat_fwknopd.conf

@@ -0,0 +1,3 @@
+ENABLE_IPT_FORWARDING       Y;
+ENABLE_IPT_SNAT             Y;
+ENABLE_DESTINATION_RULE     Y;

test/test-fwknop.pl

@@ -376,6 +376,7 @@
     "${fw_conf_prefix}_nat"                  => "$conf_dir/${fw_conf_prefix}_nat_fwknopd.conf",
     "${fw_conf_prefix}_snat"                 => "$conf_dir/${fw_conf_prefix}_snat_fwknopd.conf",
     "${fw_conf_prefix}_snat_no_translate_ip" => "$conf_dir/${fw_conf_prefix}_snat_no_translate_ip_fwknopd.conf",
+    "${fw_conf_prefix}_snat_translate_ip"    => "$conf_dir/${fw_conf_prefix}_snat_translate_ip_fwknopd.conf",
     'def'                          => "$conf_dir/default_fwknopd.conf",
     'def_access'                   => "$conf_dir/default_access.conf",
     'portrange_filter'             => "$conf_dir/portrange_fwknopd.conf",
@@ -409,7 +410,8 @@
     'hmac_simple_keys_access'      => "$conf_dir/hmac_simple_keys_access.conf",
     'hmac_invalid_type_access'     => "$conf_dir/hmac_invalid_type_access.conf",
     'hmac_cygwin_access'           => "$conf_dir/hmac_no_b64_cygwin_access.conf",
-    'spa_destnation'               => "$conf_dir/destination_rule_fwknopd.conf",
+    'spa_destination'              => "$conf_dir/destination_rule_fwknopd.conf",
+    "${fw_conf_prefix}_spa_dst_snat" => "$conf_dir/${fw_conf_prefix}_spa_dst_snat_fwknopd.conf",
     'hmac_spa_destination_access'  => "$conf_dir/hmac_spa_destination_access.conf",
     'hmac_spa_destination2_access' => "$conf_dir/hmac_spa_destination2_access.conf",
     'hmac_spa_destination3_access' => "$conf_dir/hmac_spa_destination3_access.conf",
@@ -430,10 +432,12 @@
     'invalid_run_dir_path'         => "$conf_dir/invalid_run_dir_path_fwknopd.conf",
     'force_nat_access'             => "$conf_dir/force_nat_access.conf",
     'hmac_force_nat_access'        => "$conf_dir/hmac_force_nat_access.conf",
+    'hmac_force_nat_forward_all_access' => "$conf_dir/hmac_force_nat_forward_all_access.conf",
     'hmac_force_snat_access'       => "$conf_dir/hmac_force_snat_access.conf",
     'hmac_force_masq_access'       => "$conf_dir/hmac_force_masq_access.conf",
     'hmac_force_masq_no_dnat_access' => "$conf_dir/hmac_force_masq_no_dnat_access.conf",
     'hmac_forward_all_access'      => "$conf_dir/hmac_forward_all_access.conf",
+    'hmac_forward_all_and_dna_access' => "$conf_dir/hmac_forward_all_and_dnat_access.conf",
     'cmd_access'                   => "$conf_dir/cmd_access.conf",
     'cmd_setuid_access'            => "$conf_dir/cmd_setuid_access.conf",
     'cmd_giduid_access'            => "$conf_dir/cmd_giduid_access.conf",

test/tests/rijndael_hmac.pl

@@ -89,7 +89,7 @@
         'detail'   => 'cycle DESTINATION accepted (1)',
         'function' => \&spa_cycle,
         'cmdline'  => $default_client_hmac_args,
-        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'spa_destnation'} " .
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'spa_destination'} " .
             "-a $cf{'hmac_spa_destination_access'} " .
             "-d $default_digest_file -p $default_pid_file $intf_str",
         'fw_rule_created' => $NEW_RULE_REQUIRED,
@@ -103,7 +103,7 @@
         'detail'   => 'cycle DESTINATION accepted (2)',
         'function' => \&spa_cycle,
         'cmdline'  => $default_client_hmac_args,
-        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'spa_destnation'} " .
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'spa_destination'} " .
             "-a $cf{'hmac_spa_destination2_access'} " .
             "-d $default_digest_file -p $default_pid_file $intf_str",
         'fw_rule_created' => $NEW_RULE_REQUIRED,
@@ -116,7 +116,7 @@
         'detail'   => 'cycle DESTINATION accepted (3)',
         'function' => \&spa_cycle,
         'cmdline'  => $default_client_hmac_args,
-        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'spa_destnation'} " .
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'spa_destination'} " .
             "-a $cf{'hmac_spa_destination3_access'} " .
             "-d $default_digest_file -p $default_pid_file $intf_str",
         'fw_rule_created' => $NEW_RULE_REQUIRED,
@@ -129,7 +129,7 @@
         'detail'   => 'cycle DESTINATION filtered (1)',
         'function' => \&spa_cycle,
         'cmdline'  => $default_client_hmac_args,
-        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'spa_destnation'} " .
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'spa_destination'} " .
             "-a $cf{'hmac_spa_destination4_access'} " .
             "-d $default_digest_file -p $default_pid_file $intf_str",
         'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
@@ -143,7 +143,7 @@
         'detail'   => 'cycle DESTINATION filtered (2)',
         'function' => \&spa_cycle,
         'cmdline'  => $default_client_hmac_args,
-        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'spa_destnation'} " .
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'spa_destination'} " .
             "-a $cf{'hmac_spa_destination5_access'} " .
             "-d $default_digest_file -p $default_pid_file $intf_str",
         'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
@@ -1450,6 +1450,45 @@
         'server_conf' => $cf{"${fw_conf_prefix}_snat_no_translate_ip"},
         'key_file' => $cf{'rc_hmac_b64_key'},
     },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => "FORWARD_ALL snat translate IP",
+        'function' => \&spa_cycle,
+        'cmdline'  => "$default_client_args_no_get_key --rc-file " .
+            $cf{'rc_hmac_b64_key'},
+        'fwknopd_cmdline' => qq/$fwknopdCmd -c $cf{"${fw_conf_prefix}_snat_translate_ip"} -a $cf{'hmac_force_nat_forward_all_access'} / .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'server_positive_output_matches' => [
+            qr/\sSNAT\s.*all.*\sto:$force_nat_host2/],
+        'server_negative_output_matches' => [qr/DNAT\s.*\*\/\sto\:/,
+            qr/\*\/\sto\:$internal_nat_host\:22/i,
+            qr/\*\/\sto\:$force_nat_host\:22/i],
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'server_conf' => $cf{"${fw_conf_prefix}_snat_translate_ip"},
+        'key_file' => $cf{'rc_hmac_b64_key'},
+    },
+
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => "FORWARD_ALL + DNAT",
+        'function' => \&spa_cycle,
+        'cmdline'  => "$default_client_args_no_get_key --rc-file " .
+            $cf{'rc_hmac_b64_key'},
+        'fwknopd_cmdline' => qq/$fwknopdCmd -c $cf{"${fw_conf_prefix}_spa_dst_snat"} -a $cf{'hmac_forward_all_and_dna_access'} / .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'server_positive_output_matches' => [qr/DNAT\s.*\*\/\sto\:/,
+            qr/\sSNAT\s.*all.*\sto:$force_nat_host2/],
+        'server_negative_output_matches' => [
+            qr/\*\/\sto\:$internal_nat_host\:22/i,
+            qr/\*\/\sto\:$force_nat_host\:22/i],
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'server_conf' => $cf{"${fw_conf_prefix}_spa_dst_snat"},
+        'key_file' => $cf{'rc_hmac_b64_key'},
+    },
 
     {
         'category' => 'Rijndael+HMAC',