adopt regresion tests for lxc containers

Removed OpenVZ venet code.
2025-02-08 09:57:29 +03:00 · 2015-08-12 11:59:18 +02:00 · 2015-08-12 11:59:18 +02:00 · e038c48552
commit e038c48552
parent fdefeeabaf
3 changed files with 24 additions and 74 deletions
--- a/src/PVE/FirewallSimulator.pm
+++ b/src/PVE/FirewallSimulator.pm
@ -6,6 +6,8 @@ use Data::Dumper;
 use PVE::Firewall;
 use File::Basename;
 use Net::IP;
+use PVE::LXC;
+use PVE::QemuServer;

 my $mark;
 my $trace;
@ -346,12 +348,7 @@ sub route_packet {
 		$pkg->{iface_out} = $target->{bridge} || die 'internal error';
 		$chain = 'PVEFW-OUTPUT';
 		$next_route_state = $target->{iface} || die 'internal error';
-	    } elsif ($target->{type} eq 'ct') {
-		$pkg->{iface_in} = 'lo';
-		$pkg->{iface_out} = 'venet0';
-		$chain = 'PVEFW-OUTPUT';
-		$next_route_state = 'venet-in';
-	    } elsif ($target->{type} eq 'vm') {
+	    } elsif ($target->{type} eq 'vm' || $target->{type} eq 'ct') {
 		$pkg->{iface_in} = 'lo';
 		$pkg->{iface_out} = $target->{bridge} || die 'internal error';
 		$chain = 'PVEFW-OUTPUT';
@ -360,40 +357,6 @@ sub route_packet {
 		die "implement me";
 	    }

-	} elsif ($route_state eq 'venet-out') {
-
-	    if ($target->{type} eq 'host') {
-
-		$chain = 'PVEFW-INPUT';
-		$pkg->{iface_in} = 'venet0';
-		$pkg->{iface_out} = 'lo';
-		$next_route_state = 'host';
-
-	    } elsif ($target->{type} eq 'bport') {
-		
-		$chain = 'PVEFW-FORWARD';
-		$pkg->{iface_in} = 'venet0';
-		$pkg->{iface_out} = $target->{bridge} || die 'internal error';
-		$next_route_state = $target->{iface} || die 'internal error';
-
-	    } elsif ($target->{type} eq 'vm') {
-
-		$chain = 'PVEFW-FORWARD';
-		$pkg->{iface_in} = 'venet0';
-		$pkg->{iface_out} = $target->{bridge} || die 'internal error';
-		$next_route_state = 'fwbr-in';
-
-	    } elsif ($target->{type} eq 'ct') {
-
-		$chain = 'PVEFW-FORWARD';
-		$pkg->{iface_in} = 'venet0';
-		$pkg->{iface_out} = 'venet0';
-		$next_route_state = 'venet-in';
-
-	    } else {
-		die "implement me";
-	    }
-
 	} elsif ($route_state eq 'fwbr-out') {

 	    $chain = 'PVEFW-FORWARD';
@ -436,14 +399,7 @@ sub route_packet {
 		}
 		$next_route_state = $target->{iface};

-	    } elsif ($target->{type} eq 'ct') {
-
-		$chain = 'PVEFW-FORWARD';
-		$pkg->{iface_in} = $route_state;
-		$pkg->{iface_out} = 'venet0';
-		$next_route_state = 'venet-in';
-
-	    } elsif ($target->{type} eq 'vm') {
+	    } elsif ($target->{type} eq 'vm' || $target->{type} eq 'ct') {

 		$chain = 'PVEFW-FORWARD';
 		$pkg->{iface_in} = $route_state;
@ -482,16 +438,20 @@ sub route_packet {
 }

 sub extract_ct_info {
-    my ($vmdata, $vmid) = @_;
+    my ($vmdata, $vmid, $netnum) = @_;

    my $info = { type => 'ct', vmid => $vmid };

-    my $conf = $vmdata->{openvz}->{$vmid} || die "no such CT '$vmid'";
-    if ($conf->{ip_address}) {
-	$info->{ip_address} = $conf->{ip_address}->{value};
-    } else {
-	die "implement me";
-    }
+    my $conf = $vmdata->{lxc}->{$vmid} || die "no such CT '$vmid'";
+    my $net = PVE::LXC::parse_lxc_network($conf->{"net$netnum"});
+    $info->{macaddr} = $net->{hwaddr} || die "unable to get mac address";
+    $info->{bridge} = $net->{bridge} || die "unable to get bridge";
+    $info->{fwbr} = "fwbr${vmid}i$netnum";
+    $info->{tapdev} = "veth${vmid}i$netnum";
+    $info->{fwln} = "fwln${vmid}i$netnum";
+    $info->{fwpr} = "fwpr${vmid}p$netnum";
+    $info->{ip_address} = $net->{ip} || die "unable to get ip address";
+
    return $info;
 }

@ -567,13 +527,9 @@ sub simulate_firewall {
 	$start_state = 'from-bport';
    } elsif ($from =~ m/^ct(\d+)$/) {
 	my $vmid = $1;
-	$from_info = extract_ct_info($vmdata, $vmid);
-	if ($from_info->{ip_address}) {
-	    $pkg->{source} = $from_info->{ip_address} if !defined($pkg->{source});
-	    $start_state = 'venet-out';
-	} else {
-	    die "implement me";
-	}
+	$from_info = extract_ct_info($vmdata, $vmid, 0);
+	$start_state = 'fwbr-out'; 
+	$pkg->{mac_source} = $from_info->{macaddr};
    } elsif ($from =~ m/^vm(\d+)(i(\d))?$/) {
 	my $vmid = $1;
 	my $netnum = $3 || 0;
@ -604,14 +560,8 @@ sub simulate_firewall {
 	$target->{iface} = 'tapXYZ';
    } elsif ($to =~ m/^ct(\d+)$/) {
 	my $vmid = $1;
-	$target = extract_ct_info($vmdata, $vmid);
-	$target->{iface} = 'venet-in';
-
-	if ($target->{ip_address}) {
-	    $pkg->{dest} = $target->{ip_address};
-	} else {
-	    die "implement me";
-	}
+	$target = extract_ct_info($vmdata, $vmid, 0);
+	$target->{iface} = $target->{tapdev};
   } elsif ($to =~ m/^vm(\d+)$/) {
 	my $vmid = $1;
 	$target = extract_vm_info($vmdata, $vmid, 0);
--- a/test/fwtester.pl
+++ b/test/fwtester.pl
@ -118,12 +118,12 @@ my $vmdata = {
 	    net0 => "e1000=0E:0B:38:B8:B4:21,bridge=vmbr1,firewall=1",
 	},
    },
-    openvz => {
+    lxc => {
 	200 => {
-	    ip_address => { value => '10.0.200.1' },
+	    net0 => "name=eth0,hwaddr=0E:18:24:41:2C:43,bridge=vmbr0,firewall=1,ip=10.0.200.1/24",
 	},
 	201 => {
-	    ip_address => { value => '10.0.200.2' },
+	    net0 => "name=eth0,hwaddr=0E:18:24:41:2C:44,bridge=vmbr0,firewall=1,ip=10.0.200.2/24",
 	},
    },
 };
--- a/test/test-group1/200.fw
+++ b/test/test-group1/200.fw
@ -8,4 +8,4 @@ IN ACCEPT -source 192.168.2.1 -p tcp -dport 22
 IN ACCEPT -source 192.168.2.1 -p tcp -dport 80
 IN ACCEPT -source 127.0.0.1 -p tcp -dport 80

-GROUP group3 -i venet
+GROUP group3 -i net0