X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=test%2Ffwtester.pl;h=457f352100b09395dbe05813cd8cd91aca2c82f2;hp=88cb4bc66e9afdd2e42afc5a53fc983eaa7cc327;hb=HEAD;hpb=1521df52e443cd559b0fb22e0f30d943b6e378d5 diff --git a/test/fwtester.pl b/test/fwtester.pl index 88cb4bc..457f352 100755 --- a/test/fwtester.pl +++ b/test/fwtester.pl @@ -1,14 +1,19 @@ #!/usr/bin/perl use lib '../src'; + use strict; use warnings; + use Data::Dumper; -use PVE::FirewallSimulator; -use Getopt::Long; use File::Basename; +use Getopt::Long; use Net::IP; +use PVE::Corosync; +use PVE::FirewallSimulator; +use PVE::INotify; + my $debug = 0; sub print_usage_and_exit { @@ -19,8 +24,15 @@ if (!GetOptions ('debug' => \$debug)) { print_usage_and_exit(); } +# load dummy corosync config to have fw create according rules +my $corosync_conf_fn = "corosync.conf"; +my $raw = PVE::Tools::file_get_contents($corosync_conf_fn); +my $local_hostname = PVE::INotify::nodename(); +(my $raw_replaced = $raw) =~ s/proxself$/$local_hostname\n/gm; +my $corosync_conf = PVE::Corosync::parse_conf($corosync_conf_fn, $raw_replaced); + PVE::FirewallSimulator::debug($debug); - + my $testfilename = shift; my $testid = shift; @@ -37,7 +49,7 @@ sub run_tests { PVE::Firewall::local_network('172.16.1.0/24'); my ($ruleset, $ipset_ruleset) = - PVE::Firewall::compile(undef, undef, $vmdata, 1); + PVE::Firewall::compile(undef, undef, $vmdata, $corosync_conf); my $filename = "$testdir/$testfile"; my $fh = IO::File->new($filename) || @@ -52,7 +64,7 @@ sub run_tests { die $@ if $@; next if defined($testid) && (!defined($test->{id}) || ($testid ne $test->{id})); PVE::FirewallSimulator::reset_trace(); - print Dumper($ruleset) if $debug; + print Dumper($ruleset->{filter}) if $debug; $testcount++; eval { my @test_zones = qw(host outside nfvm vm100 ct200); @@ -63,7 +75,7 @@ sub run_tests { next if $zone eq $test->{from}; $test->{to} = $zone; PVE::FirewallSimulator::add_trace("Set Zone: to => '$zone'\n"); - PVE::FirewallSimulator::simulate_firewall($ruleset, $ipset_ruleset, + PVE::FirewallSimulator::simulate_firewall($ruleset->{filter}, $ipset_ruleset, $host_ip, $vmdata, $test); } } elsif (!defined($test->{from})) { @@ -71,24 +83,19 @@ sub run_tests { next if $zone eq $test->{to}; $test->{from} = $zone; PVE::FirewallSimulator::add_trace("Set Zone: from => '$zone'\n"); - PVE::FirewallSimulator::simulate_firewall($ruleset, $ipset_ruleset, + PVE::FirewallSimulator::simulate_firewall($ruleset->{filter}, $ipset_ruleset, $host_ip, $vmdata, $test); } } else { - PVE::FirewallSimulator::simulate_firewall($ruleset, $ipset_ruleset, + PVE::FirewallSimulator::simulate_firewall($ruleset->{filter}, $ipset_ruleset, $host_ip, $vmdata, $test); } }; if (my $err = $@) { - - print Dumper($ruleset) if !$debug; - + print Dumper($ruleset->{filter}) if !$debug; print PVE::FirewallSimulator::get_trace() . "\n" if !$debug; - print "$filename line $.: $line"; - print "test failed: $err\n"; - exit(-1); } } else { @@ -107,6 +114,8 @@ my $vmdata = { qemu => { 100 => { net0 => "e1000=0E:0B:38:B8:B3:21,bridge=vmbr0,firewall=1", + net1 => "e1000=0E:0B:38:B9:B4:21,bridge=vmbr1,firewall=1", + net2 => "e1000=0E:0B:38:BA:B4:21,bridge=vmbr2,firewall=1", }, 101 => { net0 => "e1000=0E:0B:38:B8:B3:22,bridge=vmbr0,firewall=1", @@ -116,12 +125,12 @@ my $vmdata = { net0 => "e1000=0E:0B:38:B8:B4:21,bridge=vmbr1,firewall=1", }, }, - openvz => { + lxc => { 200 => { - ip_address => { value => '10.0.200.1' }, + net0 => "name=eth0,hwaddr=0E:18:24:41:2C:43,bridge=vmbr0,firewall=1,ip=10.0.200.1/24", }, 201 => { - ip_address => { value => '10.0.200.2' }, + net0 => "name=eth0,hwaddr=0E:18:24:41:2C:44,bridge=vmbr0,firewall=1,ip=10.0.200.2/24", }, }, };