fix regression test for previous commits

2025-02-02 13:47:16 +03:00 · 2014-05-20 06:33:33 +02:00 · 2014-05-20 06:33:33 +02:00 · 832cd14cde
commit 832cd14cde
parent dd009ced9c
2 changed files with 17 additions and 5 deletions
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@ -1709,7 +1709,7 @@ sub enable_host_firewall {
 	ruleset_addrule($ruleset, $chain, "-s $clusternet -p tcp --dport 22 -j $accept_action");  # SSH
 
 	# corosync
-	my $corosync_rule = "-p udp -m conntrack --ctstate NEW --dport 5404:5405 -j $accept_action"
+	my $corosync_rule = "-p udp -m conntrack --ctstate NEW --dport 5404:5405 -j $accept_action";
 	ruleset_addrule($ruleset, $chain, "-s $clusternet -d $clusternet $corosync_rule");
 	ruleset_addrule($ruleset, $chain, "-s $clusternet -m addrtype --dst-type MULTICAST $corosync_rule");
    }
--- a/test/fwtester.pl
+++ b/test/fwtester.pl
@ -70,8 +70,15 @@ sub rule_match {

    while (length($rule)) {

-	if ($rule =~ s/^-m conntrack\s*//) {
-	    return undef; # simply ignore
+	if ($rule =~ s/^-m conntrack --ctstate (\S+)\s*//) {
+	    my $cstate = $1;
+
+	    return undef if $cstate eq 'INVALID'; # no match
+	    return undef if $cstate eq 'RELATED,ESTABLISHED'; # no match
+	    
+	    next if $cstate =~ m/NEW/;
+	    
+	    die "please implement cstate test '$cstate'";
 	}

 	if ($rule =~ s/^-m addrtype\s*//) {
@ -493,9 +500,12 @@ sub simulate_firewall {

    my $start_state;

+    my $host_ip = '10.11.12.13';
+
    if ($from eq 'host') {
 	$from_info->{type} = 'host';
 	$start_state = 'host';
+	$pkg->{source} = $host_ip if !defined($pkg->{source});
    } elsif ($from =~ m|^(vmbr\d+)/(\S+)$|) {
 	$from_info->{type} = 'bport';
 	$from_info->{bridge} = $1;
@ -529,13 +539,12 @@ sub simulate_firewall {
 	die "unable to parse \"from => '$from'\"\n";
    }

-    $pkg->{source} = '100.200.3.4' if !defined($pkg->{source});
-
    my $target;

    if ($to eq 'host') {
 	$target->{type} = 'host';
 	$target->{iface} = 'host';
+	$pkg->{dest} = $host_ip if !defined($pkg->{dest});
    } elsif ($to =~ m|^(vmbr\d+)/(\S+)$|) {
 	$target->{type} = 'bport';
 	$target->{bridge} = $1;
@ -566,6 +575,9 @@ sub simulate_firewall {
 	die "unable to parse \"to => '$to'\"\n";
    }

+    $pkg->{source} = '100.100.1.2' if !defined($pkg->{source});
+    $pkg->{dest} = '100.200.3.4' if !defined($pkg->{dest});
+
    my ($res, $ic, $rc) = route_packet($ruleset, $ipset_ruleset, $pkg, 
 				       $from_info, $target, $start_state);