From 832cd14cde632d6a8310617efcd3e729f555ffba Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 20 May 2014 06:33:33 +0200
Subject: [PATCH] fix regression test for previous commits

---
 src/PVE/Firewall.pm |  2 +-
 test/fwtester.pl    | 20 ++++++++++++++++----
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index ea2abe2..f63bb04 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1709,7 +1709,7 @@ sub enable_host_firewall {
 	ruleset_addrule($ruleset, $chain, "-s $clusternet -p tcp --dport 22 -j $accept_action");  # SSH
  
 	# corosync
-	my $corosync_rule = "-p udp -m conntrack --ctstate NEW --dport 5404:5405 -j $accept_action"
+	my $corosync_rule = "-p udp -m conntrack --ctstate NEW --dport 5404:5405 -j $accept_action";
 	ruleset_addrule($ruleset, $chain, "-s $clusternet -d $clusternet $corosync_rule");
 	ruleset_addrule($ruleset, $chain, "-s $clusternet -m addrtype --dst-type MULTICAST $corosync_rule");
     }
diff --git a/test/fwtester.pl b/test/fwtester.pl
index 0cedfa7..8faee3f 100755
--- a/test/fwtester.pl
+++ b/test/fwtester.pl
@@ -70,8 +70,15 @@ sub rule_match {
 
     while (length($rule)) {
 
-	if ($rule =~ s/^-m conntrack\s*//) {
-	    return undef; # simply ignore
+	if ($rule =~ s/^-m conntrack --ctstate (\S+)\s*//) {
+	    my $cstate = $1;
+
+	    return undef if $cstate eq 'INVALID'; # no match
+	    return undef if $cstate eq 'RELATED,ESTABLISHED'; # no match
+	    
+	    next if $cstate =~ m/NEW/;
+	    
+	    die "please implement cstate test '$cstate'";
 	}
 
 	if ($rule =~ s/^-m addrtype\s*//) {
@@ -493,9 +500,12 @@ sub simulate_firewall {
 
     my $start_state;
 
+    my $host_ip = '10.11.12.13';
+
     if ($from eq 'host') {
 	$from_info->{type} = 'host';
 	$start_state = 'host';
+	$pkg->{source} = $host_ip if !defined($pkg->{source});
     } elsif ($from =~ m|^(vmbr\d+)/(\S+)$|) {
 	$from_info->{type} = 'bport';
 	$from_info->{bridge} = $1;
@@ -529,13 +539,12 @@ sub simulate_firewall {
 	die "unable to parse \"from => '$from'\"\n";
     }
 
-    $pkg->{source} = '100.200.3.4' if !defined($pkg->{source});
-
     my $target;
 
     if ($to eq 'host') {
 	$target->{type} = 'host';
 	$target->{iface} = 'host';
+	$pkg->{dest} = $host_ip if !defined($pkg->{dest});
     } elsif ($to =~ m|^(vmbr\d+)/(\S+)$|) {
 	$target->{type} = 'bport';
 	$target->{bridge} = $1;
@@ -566,6 +575,9 @@ sub simulate_firewall {
 	die "unable to parse \"to => '$to'\"\n";
     }
 
+    $pkg->{source} = '100.100.1.2' if !defined($pkg->{source});
+    $pkg->{dest} = '100.200.3.4' if !defined($pkg->{dest});
+
     my ($res, $ic, $rc) = route_packet($ruleset, $ipset_ruleset, $pkg, 
 				       $from_info, $target, $start_state);
 
-- 
2.39.2