2014-03-20 10:30:44 +00:00
|
|
|
/*
|
|
|
|
* networkxml2firewalltest.c: Test iptables rule generation
|
|
|
|
*
|
|
|
|
* Copyright (C) 2014 Red Hat, Inc.
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library. If not, see
|
|
|
|
* <http://www.gnu.org/licenses/>.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
2014-04-30 08:16:09 +00:00
|
|
|
#include "testutils.h"
|
2019-05-21 11:40:13 +00:00
|
|
|
#include "viralloc.h"
|
2014-04-30 08:16:09 +00:00
|
|
|
|
2014-03-20 10:30:44 +00:00
|
|
|
#if defined (__linux__)
|
|
|
|
|
|
|
|
# include "network/bridge_driver_platform.h"
|
|
|
|
# include "virbuffer.h"
|
|
|
|
|
2018-12-13 14:53:50 +00:00
|
|
|
# define LIBVIRT_VIRFIREWALLPRIV_H_ALLOW
|
2014-03-20 10:30:44 +00:00
|
|
|
# include "virfirewallpriv.h"
|
|
|
|
|
2018-12-13 14:53:50 +00:00
|
|
|
# define LIBVIRT_VIRCOMMANDPRIV_H_ALLOW
|
2014-03-20 10:30:44 +00:00
|
|
|
# include "vircommandpriv.h"
|
|
|
|
|
|
|
|
# define VIR_FROM_THIS VIR_FROM_NONE
|
|
|
|
|
|
|
|
# ifdef __linux__
|
|
|
|
# define RULESTYPE "linux"
|
|
|
|
# else
|
|
|
|
# error "test case not ported to this platform"
|
|
|
|
# endif
|
|
|
|
|
2018-11-01 11:42:56 +00:00
|
|
|
static void
|
2019-10-14 12:45:03 +00:00
|
|
|
testCommandDryRun(const char *const*args G_GNUC_UNUSED,
|
|
|
|
const char *const*env G_GNUC_UNUSED,
|
|
|
|
const char *input G_GNUC_UNUSED,
|
2018-11-01 11:42:56 +00:00
|
|
|
char **output,
|
|
|
|
char **error,
|
|
|
|
int *status,
|
2019-10-14 12:45:03 +00:00
|
|
|
void *opaque G_GNUC_UNUSED)
|
2018-11-01 11:42:56 +00:00
|
|
|
{
|
|
|
|
*status = 0;
|
2019-10-18 11:27:03 +00:00
|
|
|
*output = g_strdup("");
|
|
|
|
*error = g_strdup("");
|
2018-11-01 11:42:56 +00:00
|
|
|
}
|
|
|
|
|
2014-03-20 10:30:44 +00:00
|
|
|
static int testCompareXMLToArgvFiles(const char *xml,
|
2019-05-21 11:40:13 +00:00
|
|
|
const char *cmdline,
|
|
|
|
const char *baseargs)
|
2014-03-20 10:30:44 +00:00
|
|
|
{
|
|
|
|
char *actualargv = NULL;
|
|
|
|
virBuffer buf = VIR_BUFFER_INITIALIZER;
|
|
|
|
virNetworkDefPtr def = NULL;
|
|
|
|
int ret = -1;
|
2019-05-21 11:40:13 +00:00
|
|
|
char *actual;
|
2014-03-20 10:30:44 +00:00
|
|
|
|
2018-11-01 11:42:56 +00:00
|
|
|
virCommandSetDryRun(&buf, testCommandDryRun, NULL);
|
2014-03-20 10:30:44 +00:00
|
|
|
|
2019-07-14 16:15:12 +00:00
|
|
|
if (!(def = virNetworkDefParseFile(xml, NULL)))
|
2014-03-20 10:30:44 +00:00
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
if (networkAddFirewallRules(def) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
2019-05-21 11:40:13 +00:00
|
|
|
actual = actualargv = virBufferContentAndReset(&buf);
|
2016-05-26 15:01:55 +00:00
|
|
|
virTestClearCommandPath(actualargv);
|
2014-03-20 10:30:44 +00:00
|
|
|
virCommandSetDryRun(NULL, NULL, NULL);
|
|
|
|
|
2019-05-21 11:40:13 +00:00
|
|
|
/* The first network to be created populates the
|
|
|
|
* libvirt global chains. We must skip args for
|
|
|
|
* that if present
|
|
|
|
*/
|
|
|
|
if (STRPREFIX(actual, baseargs))
|
|
|
|
actual += strlen(baseargs);
|
|
|
|
|
|
|
|
if (virTestCompareToFile(actual, cmdline) < 0)
|
2014-03-20 10:30:44 +00:00
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
ret = 0;
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
virBufferFreeAndReset(&buf);
|
|
|
|
VIR_FREE(actualargv);
|
|
|
|
virNetworkDefFree(def);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
struct testInfo {
|
|
|
|
const char *name;
|
2019-05-21 11:40:13 +00:00
|
|
|
const char *baseargs;
|
2014-03-20 10:30:44 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
testCompareXMLToIPTablesHelper(const void *data)
|
|
|
|
{
|
|
|
|
int result = -1;
|
|
|
|
const struct testInfo *info = data;
|
|
|
|
char *xml = NULL;
|
|
|
|
char *args = NULL;
|
|
|
|
|
2019-10-22 13:26:14 +00:00
|
|
|
xml = g_strdup_printf("%s/networkxml2firewalldata/%s.xml",
|
|
|
|
abs_srcdir, info->name);
|
|
|
|
args = g_strdup_printf("%s/networkxml2firewalldata/%s-%s.args",
|
|
|
|
abs_srcdir, info->name, RULESTYPE);
|
2014-03-20 10:30:44 +00:00
|
|
|
|
2019-05-21 11:40:13 +00:00
|
|
|
result = testCompareXMLToArgvFiles(xml, args, info->baseargs);
|
2014-03-20 10:30:44 +00:00
|
|
|
|
|
|
|
VIR_FREE(xml);
|
|
|
|
VIR_FREE(args);
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2017-04-07 14:11:14 +00:00
|
|
|
static bool
|
|
|
|
hasNetfilterTools(void)
|
|
|
|
{
|
|
|
|
return virFileIsExecutable(IPTABLES_PATH) &&
|
|
|
|
virFileIsExecutable(IP6TABLES_PATH) &&
|
|
|
|
virFileIsExecutable(EBTABLES_PATH);
|
|
|
|
}
|
|
|
|
|
2014-03-20 10:30:44 +00:00
|
|
|
|
|
|
|
static int
|
|
|
|
mymain(void)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
2019-10-15 13:16:31 +00:00
|
|
|
g_autofree char *basefile = NULL;
|
|
|
|
g_autofree char *baseargs = NULL;
|
2014-03-20 10:30:44 +00:00
|
|
|
|
2017-11-03 12:09:47 +00:00
|
|
|
# define DO_TEST(name) \
|
|
|
|
do { \
|
2019-05-21 11:40:13 +00:00
|
|
|
struct testInfo info = { \
|
|
|
|
name, baseargs, \
|
2017-11-03 12:09:47 +00:00
|
|
|
}; \
|
|
|
|
if (virTestRun("Network XML-2-iptables " name, \
|
|
|
|
testCompareXMLToIPTablesHelper, &info) < 0) \
|
|
|
|
ret = -1; \
|
2014-03-20 10:30:44 +00:00
|
|
|
} while (0)
|
|
|
|
|
2014-12-23 05:10:55 +00:00
|
|
|
virFirewallSetLockOverride(true);
|
|
|
|
|
2014-03-20 10:30:44 +00:00
|
|
|
if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) {
|
2017-04-07 14:11:14 +00:00
|
|
|
if (!hasNetfilterTools()) {
|
|
|
|
fprintf(stderr, "iptables/ip6tables/ebtables tools not present");
|
|
|
|
return EXIT_AM_SKIP;
|
|
|
|
}
|
|
|
|
|
2019-11-12 20:46:29 +00:00
|
|
|
return EXIT_FAILURE;
|
2014-03-20 10:30:44 +00:00
|
|
|
}
|
|
|
|
|
2019-10-22 13:26:14 +00:00
|
|
|
basefile = g_strdup_printf("%s/networkxml2firewalldata/base.args", abs_srcdir);
|
2019-05-21 11:40:13 +00:00
|
|
|
|
2019-11-12 20:46:29 +00:00
|
|
|
if (virTestLoadFile(basefile, &baseargs) < 0)
|
|
|
|
return EXIT_FAILURE;
|
2019-05-21 11:40:13 +00:00
|
|
|
|
2014-03-20 10:30:44 +00:00
|
|
|
DO_TEST("nat-default");
|
|
|
|
DO_TEST("nat-tftp");
|
|
|
|
DO_TEST("nat-many-ips");
|
|
|
|
DO_TEST("nat-no-dhcp");
|
|
|
|
DO_TEST("nat-ipv6");
|
2020-06-08 13:40:15 +00:00
|
|
|
DO_TEST("nat-ipv6-masquerade");
|
2014-03-20 10:30:44 +00:00
|
|
|
DO_TEST("route-default");
|
|
|
|
|
|
|
|
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
|
|
|
|
}
|
|
|
|
|
2017-03-29 14:45:42 +00:00
|
|
|
VIR_TEST_MAIN(mymain)
|
2014-03-20 10:30:44 +00:00
|
|
|
|
|
|
|
#else /* ! defined (__linux__) */
|
|
|
|
|
|
|
|
int main(void)
|
|
|
|
{
|
|
|
|
return EXIT_AM_SKIP;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* ! defined (__linux__) */
|