]>
git.proxmox.com Git - pve-firewall.git/blob - test/fwtester.pl
14 use PVE
::FirewallSimulator
;
19 sub print_usage_and_exit
{
20 die "usage: $0 [--debug] [testfile [testid]]\n";
23 if (!GetOptions
('debug' => \
$debug)) {
24 print_usage_and_exit
();
27 # load dummy corosync config to have fw create according rules
28 my $corosync_conf_fn = "corosync.conf";
29 my $raw = PVE
::Tools
::file_get_contents
($corosync_conf_fn);
30 my $local_hostname = PVE
::INotify
::nodename
();
31 (my $raw_replaced = $raw) =~ s/proxself$/$local_hostname\n/gm;
32 my $corosync_conf = PVE
::Corosync
::parse_conf
($corosync_conf_fn, $raw_replaced);
34 PVE
::FirewallSimulator
::debug
($debug);
36 my $testfilename = shift;
40 my ($vmdata, $testdir, $testfile, $testid) = @_;
42 $testfile = 'tests' if !$testfile;
45 $vmdata->{testdir
} = $testdir;
47 my $host_ip = '172.16.1.2';
49 PVE
::Firewall
::local_network
('172.16.1.0/24');
51 my ($ruleset, $ipset_ruleset) =
52 PVE
::Firewall
::compile
(undef, undef, $vmdata, $corosync_conf);
54 my $filename = "$testdir/$testfile";
55 my $fh = IO
::File-
>new($filename) ||
56 die "unable to open '$filename' - $!\n";
59 while (defined(my $line = <$fh>)) {
60 next if $line =~ m/^\s*$/;
61 next if $line =~ m/^#.*$/;
62 if ($line =~ m/^\{.*\}\s*$/) {
63 my $test = eval $line;
65 next if defined($testid) && (!defined($test->{id
}) || ($testid ne $test->{id
}));
66 PVE
::FirewallSimulator
::reset_trace
();
67 print Dumper
($ruleset->{filter
}) if $debug;
70 my @test_zones = qw(host outside nfvm vm100 ct200);
71 if (!defined($test->{from
}) && !defined($test->{to
})) {
72 die "missing zone speification (from, to)\n";
73 } elsif (!defined($test->{to
})) {
74 foreach my $zone (@test_zones) {
75 next if $zone eq $test->{from
};
77 PVE
::FirewallSimulator
::add_trace
("Set Zone: to => '$zone'\n");
78 PVE
::FirewallSimulator
::simulate_firewall
($ruleset->{filter
}, $ipset_ruleset,
79 $host_ip, $vmdata, $test);
81 } elsif (!defined($test->{from
})) {
82 foreach my $zone (@test_zones) {
83 next if $zone eq $test->{to
};
84 $test->{from
} = $zone;
85 PVE
::FirewallSimulator
::add_trace
("Set Zone: from => '$zone'\n");
86 PVE
::FirewallSimulator
::simulate_firewall
($ruleset->{filter
}, $ipset_ruleset,
87 $host_ip, $vmdata, $test);
90 PVE
::FirewallSimulator
::simulate_firewall
($ruleset->{filter
}, $ipset_ruleset,
91 $host_ip, $vmdata, $test);
95 print Dumper
($ruleset->{filter
}) if !$debug;
96 print PVE
::FirewallSimulator
::get_trace
() . "\n" if !$debug;
97 print "$filename line $.: $line";
98 print "test failed: $err\n";
106 die "no tests found\n" if $testcount <= 0;
108 print "PASS: $filename\n";
116 net0
=> "e1000=0E:0B:38:B8:B3:21,bridge=vmbr0,firewall=1",
117 net1
=> "e1000=0E:0B:38:B9:B4:21,bridge=vmbr1,firewall=1",
118 net2
=> "e1000=0E:0B:38:BA:B4:21,bridge=vmbr2,firewall=1",
121 net0
=> "e1000=0E:0B:38:B8:B3:22,bridge=vmbr0,firewall=1",
125 net0
=> "e1000=0E:0B:38:B8:B4:21,bridge=vmbr1,firewall=1",
130 net0
=> "name=eth0,hwaddr=0E:18:24:41:2C:43,bridge=vmbr0,firewall=1,ip=10.0.200.1/24",
133 net0
=> "name=eth0,hwaddr=0E:18:24:41:2C:44,bridge=vmbr0,firewall=1,ip=10.0.200.2/24",
142 if (-d
$testfilename) {
143 $dir = $testfilename;
144 } elsif (-f
$testfilename) {
145 $dir = dirname
($testfilename);
146 $testfile = basename
($testfilename);
148 die "no such file/dir '$testfilename'\n";
151 run_tests
($vmdata, $dir, $testfile, $testid);
154 foreach my $dir (<test-
*>) {
156 run_tests
($vmdata, $dir);
160 print "OK - all tests passed\n";