Commit af9b01a3 authored by Francesc Guasch's avatar Francesc Guasch
Browse files

[#110] moved iptables subs to main test lib

parent ed128901
......@@ -4,6 +4,8 @@ use warnings;
use Carp qw(carp confess);
use Data::Dumper;
use Hash::Util qw(lock_hash);
use IPC::Run3 qw(run3);
use Test::More;
use Ravada;
......@@ -17,6 +19,9 @@ require Exporter;
@EXPORT = qw(base_domain_name new_domain_name rvd_back remove_old_disks remove_old_domains create_user user_admin wait_request rvd_front init init_vm clean new_pool_name
create_domain
test_chain_prerouting
search_id_iso
flush_rules open_ipt
);
our $DEFAULT_CONFIG = "t/etc/ravada.conf";
......@@ -25,6 +30,7 @@ our ($CONNECTOR, $CONFIG);
our $CONT = 0;
our $CONT_POOL= 0;
our $USER_ADMIN;
our $CHAIN = 'RAVADA';
my %ARG_CREATE_DOM = (
kvm => [ id_iso => 1 ]
......@@ -353,4 +359,51 @@ sub clean {
remove_old_disks();
remove_old_pools();
}
sub search_id_iso {
my $name = shift;
my $sth = $CONNECTOR->dbh->prepare("SELECT id FROM iso_images "
." WHERE name like ?"
);
$sth->execute("$name%");
my ($id) = $sth->fetchrow;
die "There is no iso called $name%" if !$id;
return $id;
}
sub flush_rules {
my $ipt = open_ipt();
$ipt->flush_chain('filter', $CHAIN);
$ipt->delete_chain('filter', 'INPUT', $CHAIN);
my @cmd = ('iptables','-t','nat','-F','PREROUTING');
my ($in,$out,$err);
run3(\@cmd, \$in, \$out, \$err);
die $err if $err;
}
sub open_ipt {
my %opts = (
'use_ipv6' => 0, # can set to 1 to force ip6tables usage
'ipt_rules_file' => '', # optional file path from
# which to read iptables rules
'iptout' => '/tmp/iptables.out',
'ipterr' => '/tmp/iptables.err',
'debug' => 0,
'verbose' => 0,
### advanced options
'ipt_alarm' => 5, ### max seconds to wait for iptables execution.
'ipt_exec_style' => 'waitpid', ### can be 'waitpid',
### 'system', or 'popen'.
'ipt_exec_sleep' => 1, ### add in time delay between execution of
### iptables commands (default is 0).
);
my $ipt_obj = IPTables::ChainMgr->new(%opts)
or die "[*] Could not acquire IPTables::ChainMgr object";
}
1;
......@@ -18,6 +18,8 @@ init($test->connector);
$Ravada::DEBUG=0;
$Ravada::SECONDS_WAIT_CHILDREN = 1;
##################################################################
for my $vm_name ('KVM') {
my $rvd_back = rvd_back();
my $vm = $rvd_back->search_vm($vm_name);
......
......@@ -110,28 +110,6 @@ sub test_fw_domain_stored {
}
sub open_ipt {
my %opts = (
'use_ipv6' => 0, # can set to 1 to force ip6tables usage
'ipt_rules_file' => '', # optional file path from
# which to read iptables rules
'iptout' => '/tmp/iptables.out',
'ipterr' => '/tmp/iptables.err',
'debug' => 0,
'verbose' => 0,
### advanced options
'ipt_alarm' => 5, ### max seconds to wait for iptables execution.
'ipt_exec_style' => 'waitpid', ### can be 'waitpid',
### 'system', or 'popen'.
'ipt_exec_sleep' => 1, ### add in time delay between execution of
### iptables commands (default is 0).
);
my $ipt_obj = IPTables::ChainMgr->new(%opts)
or die "[*] Could not acquire IPTables::ChainMgr object";
}
sub test_chain {
my $vm_name = shift;
......@@ -151,10 +129,65 @@ sub test_chain {
}
sub flush_rules {
my $ipt = open_ipt();
$ipt->flush_chain('filter', $CHAIN);
$ipt->delete_chain('filter', 'INPUT', $CHAIN);
sub test_fw_ssh {
my $vm_name = shift;
my $domain = shift;
my $port = 22;
my $remote_ip = '11.22.33.44';
$domain->add_nat($port);
$domain->shutdown_now($USER) if $domain->is_active;
$domain->start(user => $USER, remote_ip => $remote_ip);
ok($domain->is_active,"Domain ".$domain->name." should be active=1, got: "
.$domain->is_active) or return;
for my $n ( 1 .. 60 ) {
last if $domain->ip;
diag("Waiting for ".$domain->name." to have an ip") if !($n % 10);
sleep 1;
}
ok($domain->ip,"Expecting an IP for the domain ".$domain->name) or return;
eval { $domain->open_nat_ports( remote_ip => $remote_ip, user => $USER) };
my ($public_ip,$public_port)= $domain->public_address($port);
diag("Open in $public_ip / $public_port");
like(($public_ip or '') ,qr{^\d+\.\d+\.\d+\.\d+$});
like(($public_port or '') ,qr{^\d+$});
#comprova que està obert a les iptables per aquest port desde la $remote_ip
my $vm = $RVD_BACK->search_vm($vm_name);
my $local_ip = $vm->ip;
is($public_ip,$local_ip);
my $domain_ip = $domain->ip;
for ( 1 .. 10 ) {
$domain_ip = $domain->ip;
last if $domain_ip;
sleep 1;
}
die "No domain ip for ".$domain->name if !$domain_ip;
test_chain($vm_name, $local_ip, $public_port, $remote_ip,1);
test_chain_prerouting($vm_name, $local_ip, $port, $domain_ip, 1)
or exit;
eval { $domain->open_nat_ports( remote_ip => $remote_ip, user => $USER) };
test_chain_prerouting($vm_name, $local_ip, $port,$domain_ip,1) or exit;
$domain->shutdown_now($USER) if $domain->is_active;
{
my ($ip,$port)= $domain->public_address($port);
like($ip,qr{^$});
like($port,qr{^$});
}
test_chain($vm_name, $local_ip, $public_port, $remote_ip,0);
test_chain_prerouting($vm_name, $local_ip, $port, $domain_ip, 0);
}
#######################################################
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment