feature #476: xen-firewall test

2025-02-05 21:57:24 +03:00 · 2011-06-13 16:04:09 +02:00 · 2011-06-13 16:04:09 +02:00 · a5a143c232
commit a5a143c232
parent 9cf294daf3
5 changed files with 136 additions and 4 deletions
--- a/src/vnm_mad/spec/OpenNebulaVLAN_spec.rb
+++ b/src/vnm_mad/spec/OpenNebulaVLAN_spec.rb
@ -16,12 +16,13 @@ end
 include SystemMock

 RSpec.configure do |config|
-    config.before(:all) do
+    config.before(:each) do
        $capture_commands = Hash.new
        $collector = Hash.new
    end
 end

+
 describe 'networking' do
    it "get all nics in kvm" do
        $capture_commands = {
@ -78,11 +79,34 @@ describe 'openvswitch' do
        onevlan = OpenvSwitchVLAN.new(OUTPUT[:onevm_show],"kvm")
        onevlan.activate
        openvswitch_tags = [
-            "sudo /usr/local/bin/ovs-vsctl set Port vnet0 tap=2",
-            "sudo /usr/local/bin/ovs-vsctl set Port vnet1 tap=3",
-            "sudo /usr/local/bin/ovs-vsctl set Port vnet2 tap=4"
+            "sudo /usr/local/bin/ovs-vsctl set Port vnet0 tag=2",
+            "sudo /usr/local/bin/ovs-vsctl set Port vnet1 tag=3",
+            "sudo /usr/local/bin/ovs-vsctl set Port vnet2 tag=4"
            ]

        $collector[:system].should == openvswitch_tags
    end
 end
+
+describe 'firewall' do
+    it "should activate FW rules in xen" do
+        $capture_commands = {
+            /uname/ => OUTPUT[:xen_uname_a],
+            /lsmod/ => OUTPUT[:xen_lsmod],
+            /network-list/ => OUTPUT[:xm_network_list],
+            /domid/ => OUTPUT[:xm_domid]
+        }
+        fw = OpenNebulaFirewall.new(OUTPUT[:onevm_show_xen])
+        fw.activate
+
+        fw_activate_rules = ["sudo /sbin/iptables -N one-36-3",
+                 "sudo /sbin/iptables -A FORWARD -m physdev --physdev-out vif4.0 -j one-36-3",
+                 "sudo /sbin/iptables -A one-36-3 -p tcp -m state --state ESTABLISHED -j ACCEPT",
+                 "sudo /sbin/iptables -A one-36-3 -p tcp -m multiport --dports 22,80 -j ACCEPT",
+                 "sudo /sbin/iptables -A one-36-3 -p tcp -j DROP",
+                 "sudo /sbin/iptables -A one-36-3 -p icmp -m state --state ESTABLISHED -j ACCEPT",
+                 "sudo /sbin/iptables -A one-36-3 -p icmp -j DROP"]
+
+        $collector[:system].should == fw_activate_rules
+    end
+end
--- a/src/vnm_mad/spec/output/xen_lsmod
+++ b/src/vnm_mad/spec/output/xen_lsmod
@ -0,0 +1,103 @@
+Module                  Size  Used by
+xt_multiport           36417  0 
+ebtable_filter         35649  0 
+xt_physdev             36049  4 
+ip6_tables             50177  0 
+ebtable_nat            35649  0 
+ebtables               53441  2 ebtable_filter,ebtable_nat
+ipt_MASQUERADE         36801  3 
+iptable_nat            40517  1 
+ip_nat                 52973  2 ipt_MASQUERADE,iptable_nat
+xt_state               35265  1 
+ip_conntrack           91621  4 ipt_MASQUERADE,iptable_nat,ip_nat,xt_state
+nfnetlink              40457  2 ip_nat,ip_conntrack
+ipt_REJECT             38849  2 
+xt_tcpudp              36289  6 
+netloop                40001  0 
+netbk                 130305  0 [permanent]
+blktap                151909  4 [permanent]
+iptable_filter         36161  1 
+blkbk                  55289  0 [permanent]
+ip_tables              55329  2 iptable_nat,iptable_filter
+x_tables               50377  9 xt_multiport,xt_physdev,ip6_tables,ipt_MASQUERADE,iptable_nat,xt_state,ipt_REJECT,xt_tcpudp,ip_tables
+bridge                 92017  1 xt_physdev
+autofs4                63049  3 
+hidp                   83649  2 
+rfcomm                104937  0 
+l2cap                  89409  10 hidp,rfcomm
+bluetooth             118725  5 hidp,rfcomm,l2cap
+lockd                 101425  0 
+sunrpc                199689  2 lockd
+be2iscsi               94045  0 
+ib_iser                68417  0 
+rdma_cm                68817  1 ib_iser
+ib_cm                  73449  1 rdma_cm
+iw_cm                  43465  1 rdma_cm
+ib_sa                  75209  2 rdma_cm,ib_cm
+ib_mad                 70757  2 ib_cm,ib_sa
+ib_core               105157  6 ib_iser,rdma_cm,ib_cm,iw_cm,ib_sa,ib_mad
+ib_addr                41801  1 rdma_cm
+iscsi_tcp              50509  0 
+bnx2i                  76385  0 
+cnic                   79577  1 bnx2i
+ipv6                  435873  1 cnic
+xfrm_nalgo             43333  1 ipv6
+crypto_api             42945  1 xfrm_nalgo
+uio                    45649  1 cnic
+cxgb3i                 77873  0 
+cxgb3                 215985  1 cxgb3i
+8021q                  57937  1 cxgb3
+libiscsi_tcp           53189  2 iscsi_tcp,cxgb3i
+libiscsi2              77765  6 be2iscsi,ib_iser,iscsi_tcp,bnx2i,cxgb3i,libiscsi_tcp
+scsi_transport_iscsi2    73945  8 be2iscsi,ib_iser,iscsi_tcp,bnx2i,cxgb3i,libiscsi2
+scsi_transport_iscsi    35017  1 scsi_transport_iscsi2
+dm_mirror              54993  0 
+dm_multipath           58457  0 
+scsi_dh                42177  1 dm_multipath
+video                  53197  0 
+backlight              39873  1 video
+sbs                    49921  0 
+power_meter            47053  0 
+hwmon                  36553  1 power_meter
+i2c_ec                 38593  1 sbs
+dell_wmi               37601  0 
+wmi                    41985  1 dell_wmi
+button                 40545  0 
+battery                43849  0 
+asus_acpi              50917  0 
+ac                     38729  0 
+parport_pc             62313  0 
+lp                     47121  0 
+parport                73293  2 parport_pc,lp
+floppy                 92905  0 
+i2c_piix4              43725  0 
+sg                     70521  0 
+i2c_core               57537  2 i2c_ec,i2c_piix4
+8139too                61633  0 
+8139cp                 58561  0 
+mii                    38849  2 8139too,8139cp
+serio_raw              40517  0 
+pcspkr                 36289  0 
+pata_acpi              39489  0 
+ata_generic            40645  0 
+tpm_tis                48077  0 
+tpm                    50401  1 tpm_tis
+tpm_bios               40897  1 tpm
+dm_raid45              99529  0 
+dm_message             36289  1 dm_raid45
+dm_region_hash         46273  1 dm_raid45
+dm_log                 44993  3 dm_mirror,dm_raid45,dm_region_hash
+dm_mod                101521  4 dm_mirror,dm_multipath,dm_raid45,dm_log
+dm_mem_cache           39489  1 dm_raid45
+ata_piix               57285  0 
+libata                208849  3 pata_acpi,ata_generic,ata_piix
+sym53c8xx             109673  1 
+scsi_transport_spi     59841  1 sym53c8xx
+sd_mod                 56513  2 
+scsi_mod              199257  13 be2iscsi,ib_iser,iscsi_tcp,bnx2i,cxgb3i,libiscsi2,scsi_transport_iscsi2,scsi_dh,sg,libata,sym53c8xx,scsi_transport_spi,sd_mod
+ext3                  168657  1 
+jbd                    94513  1 ext3
+uhci_hcd               57561  0 
+ohci_hcd               56309  0 
+ehci_hcd               66125  0 
+
--- a/src/vnm_mad/spec/output/xen_uname_a
+++ b/src/vnm_mad/spec/output/xen_uname_a
@ -0,0 +1 @@
+Linux centos 2.6.18-238.12.1.el5.centos.plusxen #1 SMP Wed Jun 1 11:57:54 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
--- a/src/vnm_mad/spec/output/xm_domid
+++ b/src/vnm_mad/spec/output/xm_domid
@ -0,0 +1 @@
+4
--- a/src/vnm_mad/spec/output/xm_network_list
+++ b/src/vnm_mad/spec/output/xm_network_list
@ -0,0 +1,3 @@
+Idx BE     MAC Addr.     handle state evt-ch tx-/rx-ring-ref BE-path
+0   0  02:00:ac:10:00:cb    0     1      -1    -1   /-1      /local/domain/0/backend/vif/4/0  
+1   0  02:00:c0:a8:00:65    1     1      -1    -1   /-1      /local/domain/0/backend/vif/4/1
				`@ -0,0 +1 @@`
				`Linux centos 2.6.18-238.12.1.el5.centos.plusxen #1 SMP Wed Jun 1 11:57:54 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux`