#!/usr/bin/perl
use lib '../src';
+
use strict;
use warnings;
+
use Data::Dumper;
-use PVE::FirewallSimulator;
-use Getopt::Long;
use File::Basename;
+use Getopt::Long;
use Net::IP;
+use PVE::Corosync;
+use PVE::FirewallSimulator;
+use PVE::INotify;
+
my $debug = 0;
sub print_usage_and_exit {
print_usage_and_exit();
}
+# load dummy corosync config to have fw create according rules
+my $corosync_conf_fn = "corosync.conf";
+my $raw = PVE::Tools::file_get_contents($corosync_conf_fn);
+my $local_hostname = PVE::INotify::nodename();
+(my $raw_replaced = $raw) =~ s/proxself$/$local_hostname\n/gm;
+my $corosync_conf = PVE::Corosync::parse_conf($corosync_conf_fn, $raw_replaced);
+
PVE::FirewallSimulator::debug($debug);
-
+
my $testfilename = shift;
my $testid = shift;
PVE::Firewall::local_network('172.16.1.0/24');
my ($ruleset, $ipset_ruleset) =
- PVE::Firewall::compile(undef, undef, $vmdata, 1);
-
- print PVE::FirewallSimulator::get_trace() . "\n" if !$debug;
+ PVE::Firewall::compile(undef, undef, $vmdata, $corosync_conf);
my $filename = "$testdir/$testfile";
my $fh = IO::File->new($filename) ||
die $@ if $@;
next if defined($testid) && (!defined($test->{id}) || ($testid ne $test->{id}));
PVE::FirewallSimulator::reset_trace();
- print Dumper($ruleset) if $debug;
+ print Dumper($ruleset->{filter}) if $debug;
$testcount++;
eval {
my @test_zones = qw(host outside nfvm vm100 ct200);
next if $zone eq $test->{from};
$test->{to} = $zone;
PVE::FirewallSimulator::add_trace("Set Zone: to => '$zone'\n");
- PVE::FirewallSimulator::simulate_firewall($ruleset, $ipset_ruleset,
+ PVE::FirewallSimulator::simulate_firewall($ruleset->{filter}, $ipset_ruleset,
$host_ip, $vmdata, $test);
}
} elsif (!defined($test->{from})) {
next if $zone eq $test->{to};
$test->{from} = $zone;
PVE::FirewallSimulator::add_trace("Set Zone: from => '$zone'\n");
- PVE::FirewallSimulator::simulate_firewall($ruleset, $ipset_ruleset,
+ PVE::FirewallSimulator::simulate_firewall($ruleset->{filter}, $ipset_ruleset,
$host_ip, $vmdata, $test);
}
} else {
- PVE::FirewallSimulator::simulate_firewall($ruleset, $ipset_ruleset,
+ PVE::FirewallSimulator::simulate_firewall($ruleset->{filter}, $ipset_ruleset,
$host_ip, $vmdata, $test);
}
};
if (my $err = $@) {
-
- print Dumper($ruleset) if !$debug;
-
+ print Dumper($ruleset->{filter}) if !$debug;
print PVE::FirewallSimulator::get_trace() . "\n" if !$debug;
-
print "$filename line $.: $line";
-
print "test failed: $err\n";
-
exit(-1);
}
} else {
qemu => {
100 => {
net0 => "e1000=0E:0B:38:B8:B3:21,bridge=vmbr0,firewall=1",
+ net1 => "e1000=0E:0B:38:B9:B4:21,bridge=vmbr1,firewall=1",
+ net2 => "e1000=0E:0B:38:BA:B4:21,bridge=vmbr2,firewall=1",
},
101 => {
net0 => "e1000=0E:0B:38:B8:B3:22,bridge=vmbr0,firewall=1",
net0 => "e1000=0E:0B:38:B8:B4:21,bridge=vmbr1,firewall=1",
},
},
- openvz => {
+ lxc => {
200 => {
- ip_address => { value => '10.0.200.1' },
+ net0 => "name=eth0,hwaddr=0E:18:24:41:2C:43,bridge=vmbr0,firewall=1,ip=10.0.200.1/24",
},
201 => {
- ip_address => { value => '10.0.200.2' },
+ net0 => "name=eth0,hwaddr=0E:18:24:41:2C:44,bridge=vmbr0,firewall=1,ip=10.0.200.2/24",
},
},
};