As Subgraph Firewall's complexity and scope grows, we more than ever need automated tests for FW policy evaluation and traffic source identification. This will help us clearly define & articulate the policy logic as well as the limits of SGFW.
Tests objectives:
Verifying policy decision in as many different cases as possible:
Create or generate test case allow/deny rules. Simulate connections/packets of different types, policy code evaluates packet against test rules, test pass if policy decision against expected result.
Accurately attributing traffic origin:
Simulates traffic from:
- Processes (/proc)
- Proxy ports (Tor, i2p, ssh socks5 proxy)
- Sandboxes (oz-daemon, cleranet bridge..)
Test pass if fw-daemon's identified traffic origin matches expected result.
As Subgraph Firewall's complexity and scope grows, we more than ever need automated tests for FW policy evaluation and traffic source identification. This will help us clearly define & articulate the policy logic as well as the limits of SGFW.
Tests objectives:
Verifying policy decision in as many different cases as possible:
Create or generate test case allow/deny rules. Simulate connections/packets of different types, policy code evaluates packet against test rules, test pass if policy decision against expected result.
Accurately attributing traffic origin:
Simulates traffic from:
Test pass if fw-daemon's identified traffic origin matches expected result.