]>
Commit | Line | Data |
---|---|---|
f1bafd37 DM |
1 | #!/usr/bin/perl |
2 | ||
3 | use lib '../src'; | |
4 | use strict; | |
5 | use warnings; | |
6 | use Data::Dumper; | |
63e8c70e | 7 | use PVE::FirewallSimulator; |
ec2e28f6 DM |
8 | use Getopt::Long; |
9 | use File::Basename; | |
680d56ee | 10 | use Net::IP; |
f1bafd37 | 11 | |
d1486f38 DM |
12 | my $debug = 0; |
13 | ||
ec2e28f6 DM |
14 | sub print_usage_and_exit { |
15 | die "usage: $0 [--debug] [testfile [testid]]\n"; | |
16 | } | |
17 | ||
18 | if (!GetOptions ('debug' => \$debug)) { | |
19 | print_usage_and_exit(); | |
20 | } | |
21 | ||
63e8c70e DM |
22 | PVE::FirewallSimulator::debug($debug); |
23 | ||
ec2e28f6 DM |
24 | my $testfilename = shift; |
25 | my $testid = shift; | |
26 | ||
f1bafd37 | 27 | sub run_tests { |
ec2e28f6 DM |
28 | my ($vmdata, $testdir, $testfile, $testid) = @_; |
29 | ||
30 | $testfile = 'tests' if !$testfile; | |
f1bafd37 | 31 | |
63e8c70e | 32 | |
f1bafd37 DM |
33 | $vmdata->{testdir} = $testdir; |
34 | ||
63e8c70e DM |
35 | my $host_ip = '172.16.1.2'; |
36 | ||
525778d7 | 37 | PVE::Firewall::local_network('172.16.1.0/24'); |
ee06b009 | 38 | |
f1bafd37 | 39 | my ($ruleset, $ipset_ruleset) = |
d4cda423 | 40 | PVE::Firewall::compile(undef, undef, $vmdata, 1); |
f1bafd37 | 41 | |
ec2e28f6 DM |
42 | my $filename = "$testdir/$testfile"; |
43 | my $fh = IO::File->new($filename) || | |
44 | die "unable to open '$filename' - $!\n"; | |
f1bafd37 | 45 | |
ec2e28f6 | 46 | my $testcount = 0; |
f1bafd37 DM |
47 | while (defined(my $line = <$fh>)) { |
48 | next if $line =~ m/^\s*$/; | |
49 | next if $line =~ m/^#.*$/; | |
50 | if ($line =~ m/^\{.*\}\s*$/) { | |
51 | my $test = eval $line; | |
52 | die $@ if $@; | |
ec2e28f6 | 53 | next if defined($testid) && (!defined($test->{id}) || ($testid ne $test->{id})); |
63e8c70e | 54 | PVE::FirewallSimulator::reset_trace(); |
d1486f38 | 55 | print Dumper($ruleset) if $debug; |
ec2e28f6 | 56 | $testcount++; |
1352eaa1 DM |
57 | eval { |
58 | my @test_zones = qw(host outside nfvm vm100 ct200); | |
59 | if (!defined($test->{from}) && !defined($test->{to})) { | |
60 | die "missing zone speification (from, to)\n"; | |
61 | } elsif (!defined($test->{to})) { | |
62 | foreach my $zone (@test_zones) { | |
63 | next if $zone eq $test->{from}; | |
64 | $test->{to} = $zone; | |
63e8c70e DM |
65 | PVE::FirewallSimulator::add_trace("Set Zone: to => '$zone'\n"); |
66 | PVE::FirewallSimulator::simulate_firewall($ruleset, $ipset_ruleset, | |
67 | $host_ip, $vmdata, $test); | |
1352eaa1 DM |
68 | } |
69 | } elsif (!defined($test->{from})) { | |
70 | foreach my $zone (@test_zones) { | |
71 | next if $zone eq $test->{to}; | |
72 | $test->{from} = $zone; | |
63e8c70e DM |
73 | PVE::FirewallSimulator::add_trace("Set Zone: from => '$zone'\n"); |
74 | PVE::FirewallSimulator::simulate_firewall($ruleset, $ipset_ruleset, | |
75 | $host_ip, $vmdata, $test); | |
1352eaa1 DM |
76 | } |
77 | } else { | |
63e8c70e DM |
78 | PVE::FirewallSimulator::simulate_firewall($ruleset, $ipset_ruleset, |
79 | $host_ip, $vmdata, $test); | |
1352eaa1 DM |
80 | } |
81 | }; | |
f1bafd37 DM |
82 | if (my $err = $@) { |
83 | ||
d1486f38 | 84 | print Dumper($ruleset) if !$debug; |
f1bafd37 | 85 | |
63e8c70e | 86 | print PVE::FirewallSimulator::get_trace() . "\n" if !$debug; |
f1bafd37 | 87 | |
ec2e28f6 | 88 | print "$filename line $.: $line"; |
f1bafd37 DM |
89 | |
90 | print "test failed: $err\n"; | |
91 | ||
92 | exit(-1); | |
93 | } | |
94 | } else { | |
95 | die "parse error"; | |
96 | } | |
97 | } | |
98 | ||
ec2e28f6 DM |
99 | die "no tests found\n" if $testcount <= 0; |
100 | ||
101 | print "PASS: $filename\n"; | |
f1bafd37 DM |
102 | |
103 | return undef; | |
104 | } | |
105 | ||
106 | my $vmdata = { | |
107 | qemu => { | |
108 | 100 => { | |
db990d66 | 109 | net0 => "e1000=0E:0B:38:B8:B3:21,bridge=vmbr0,firewall=1", |
66f33d78 DM |
110 | net1 => "e1000=0E:0B:38:B9:B4:21,bridge=vmbr1,firewall=1", |
111 | net2 => "e1000=0E:0B:38:BA:B4:21,bridge=vmbr2,firewall=1", | |
d1486f38 DM |
112 | }, |
113 | 101 => { | |
db990d66 | 114 | net0 => "e1000=0E:0B:38:B8:B3:22,bridge=vmbr0,firewall=1", |
d1486f38 DM |
115 | }, |
116 | # on bridge vmbr1 | |
117 | 110 => { | |
db990d66 | 118 | net0 => "e1000=0E:0B:38:B8:B4:21,bridge=vmbr1,firewall=1", |
f1bafd37 DM |
119 | }, |
120 | }, | |
e038c485 | 121 | lxc => { |
f1bafd37 | 122 | 200 => { |
e038c485 | 123 | net0 => "name=eth0,hwaddr=0E:18:24:41:2C:43,bridge=vmbr0,firewall=1,ip=10.0.200.1/24", |
f1bafd37 | 124 | }, |
d1486f38 | 125 | 201 => { |
e038c485 | 126 | net0 => "name=eth0,hwaddr=0E:18:24:41:2C:44,bridge=vmbr0,firewall=1,ip=10.0.200.2/24", |
d1486f38 | 127 | }, |
f1bafd37 DM |
128 | }, |
129 | }; | |
130 | ||
ec2e28f6 DM |
131 | if ($testfilename) { |
132 | my $testfile; | |
133 | my $dir; | |
134 | ||
135 | if (-d $testfilename) { | |
136 | $dir = $testfilename; | |
137 | } elsif (-f $testfilename) { | |
138 | $dir = dirname($testfilename); | |
139 | $testfile = basename($testfilename); | |
140 | } else { | |
141 | die "no such file/dir '$testfilename'\n"; | |
142 | } | |
143 | ||
144 | run_tests($vmdata, $dir, $testfile, $testid); | |
145 | ||
146 | } else { | |
147 | foreach my $dir (<test-*>) { | |
148 | next if ! -d $dir; | |
149 | run_tests($vmdata, $dir); | |
150 | } | |
f1bafd37 DM |
151 | } |
152 | ||
153 | print "OK - all tests passed\n"; | |
154 | ||
155 | exit(0); |