buildsys: use dpkg-architecture
[pve-firewall.git] / test / fwtester.pl
CommitLineData
f1bafd37
DM
1#!/usr/bin/perl
2
3use lib '../src';
4use strict;
5use warnings;
6use Data::Dumper;
63e8c70e 7use PVE::FirewallSimulator;
ec2e28f6
DM
8use Getopt::Long;
9use File::Basename;
680d56ee 10use Net::IP;
f1bafd37 11
d1486f38
DM
12my $debug = 0;
13
ec2e28f6
DM
14sub print_usage_and_exit {
15 die "usage: $0 [--debug] [testfile [testid]]\n";
16}
17
18if (!GetOptions ('debug' => \$debug)) {
19 print_usage_and_exit();
20}
21
63e8c70e
DM
22PVE::FirewallSimulator::debug($debug);
23
ec2e28f6
DM
24my $testfilename = shift;
25my $testid = shift;
26
f1bafd37 27sub run_tests {
ec2e28f6
DM
28 my ($vmdata, $testdir, $testfile, $testid) = @_;
29
30 $testfile = 'tests' if !$testfile;
f1bafd37 31
63e8c70e 32
f1bafd37
DM
33 $vmdata->{testdir} = $testdir;
34
63e8c70e
DM
35 my $host_ip = '172.16.1.2';
36
525778d7 37 PVE::Firewall::local_network('172.16.1.0/24');
ee06b009 38
f1bafd37 39 my ($ruleset, $ipset_ruleset) =
d4cda423 40 PVE::Firewall::compile(undef, undef, $vmdata, 1);
f1bafd37 41
ec2e28f6
DM
42 my $filename = "$testdir/$testfile";
43 my $fh = IO::File->new($filename) ||
44 die "unable to open '$filename' - $!\n";
f1bafd37 45
ec2e28f6 46 my $testcount = 0;
f1bafd37
DM
47 while (defined(my $line = <$fh>)) {
48 next if $line =~ m/^\s*$/;
49 next if $line =~ m/^#.*$/;
50 if ($line =~ m/^\{.*\}\s*$/) {
51 my $test = eval $line;
52 die $@ if $@;
ec2e28f6 53 next if defined($testid) && (!defined($test->{id}) || ($testid ne $test->{id}));
63e8c70e 54 PVE::FirewallSimulator::reset_trace();
d1486f38 55 print Dumper($ruleset) if $debug;
ec2e28f6 56 $testcount++;
1352eaa1
DM
57 eval {
58 my @test_zones = qw(host outside nfvm vm100 ct200);
59 if (!defined($test->{from}) && !defined($test->{to})) {
60 die "missing zone speification (from, to)\n";
61 } elsif (!defined($test->{to})) {
62 foreach my $zone (@test_zones) {
63 next if $zone eq $test->{from};
64 $test->{to} = $zone;
63e8c70e
DM
65 PVE::FirewallSimulator::add_trace("Set Zone: to => '$zone'\n");
66 PVE::FirewallSimulator::simulate_firewall($ruleset, $ipset_ruleset,
67 $host_ip, $vmdata, $test);
1352eaa1
DM
68 }
69 } elsif (!defined($test->{from})) {
70 foreach my $zone (@test_zones) {
71 next if $zone eq $test->{to};
72 $test->{from} = $zone;
63e8c70e
DM
73 PVE::FirewallSimulator::add_trace("Set Zone: from => '$zone'\n");
74 PVE::FirewallSimulator::simulate_firewall($ruleset, $ipset_ruleset,
75 $host_ip, $vmdata, $test);
1352eaa1
DM
76 }
77 } else {
63e8c70e
DM
78 PVE::FirewallSimulator::simulate_firewall($ruleset, $ipset_ruleset,
79 $host_ip, $vmdata, $test);
1352eaa1
DM
80 }
81 };
f1bafd37
DM
82 if (my $err = $@) {
83
d1486f38 84 print Dumper($ruleset) if !$debug;
f1bafd37 85
63e8c70e 86 print PVE::FirewallSimulator::get_trace() . "\n" if !$debug;
f1bafd37 87
ec2e28f6 88 print "$filename line $.: $line";
f1bafd37
DM
89
90 print "test failed: $err\n";
91
92 exit(-1);
93 }
94 } else {
95 die "parse error";
96 }
97 }
98
ec2e28f6
DM
99 die "no tests found\n" if $testcount <= 0;
100
101 print "PASS: $filename\n";
f1bafd37
DM
102
103 return undef;
104}
105
106my $vmdata = {
107 qemu => {
108 100 => {
db990d66 109 net0 => "e1000=0E:0B:38:B8:B3:21,bridge=vmbr0,firewall=1",
66f33d78
DM
110 net1 => "e1000=0E:0B:38:B9:B4:21,bridge=vmbr1,firewall=1",
111 net2 => "e1000=0E:0B:38:BA:B4:21,bridge=vmbr2,firewall=1",
d1486f38
DM
112 },
113 101 => {
db990d66 114 net0 => "e1000=0E:0B:38:B8:B3:22,bridge=vmbr0,firewall=1",
d1486f38
DM
115 },
116 # on bridge vmbr1
117 110 => {
db990d66 118 net0 => "e1000=0E:0B:38:B8:B4:21,bridge=vmbr1,firewall=1",
f1bafd37
DM
119 },
120 },
e038c485 121 lxc => {
f1bafd37 122 200 => {
e038c485 123 net0 => "name=eth0,hwaddr=0E:18:24:41:2C:43,bridge=vmbr0,firewall=1,ip=10.0.200.1/24",
f1bafd37 124 },
d1486f38 125 201 => {
e038c485 126 net0 => "name=eth0,hwaddr=0E:18:24:41:2C:44,bridge=vmbr0,firewall=1,ip=10.0.200.2/24",
d1486f38 127 },
f1bafd37
DM
128 },
129};
130
ec2e28f6
DM
131if ($testfilename) {
132 my $testfile;
133 my $dir;
134
135 if (-d $testfilename) {
136 $dir = $testfilename;
137 } elsif (-f $testfilename) {
138 $dir = dirname($testfilename);
139 $testfile = basename($testfilename);
140 } else {
141 die "no such file/dir '$testfilename'\n";
142 }
143
144 run_tests($vmdata, $dir, $testfile, $testid);
145
146} else {
147 foreach my $dir (<test-*>) {
148 next if ! -d $dir;
149 run_tests($vmdata, $dir);
150 }
f1bafd37
DM
151}
152
153print "OK - all tests passed\n";
154
155exit(0);