tests/networkxml2firewalltest.c

   1 /*
   2  * networkxml2firewalltest.c: Test iptables rule generation
   3  *
   4  * Copyright (C) 2014 Red Hat, Inc.
   5  *
   6  * This library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2.1 of the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with this library.  If not, see
  18  * <http://www.gnu.org/licenses/>.
  19  *
  20  */
  21
  22 #include <config.h>
  23
  24 #include "testutils.h"
  25 #include "viralloc.h"
  26
  27 #if defined (__linux__)
  28
  29 # include "network/bridge_driver_platform.h"
  30 # include "virbuffer.h"
  31
  32 # define LIBVIRT_VIRFIREWALLPRIV_H_ALLOW
  33 # include "virfirewallpriv.h"
  34
  35 # define LIBVIRT_VIRCOMMANDPRIV_H_ALLOW
  36 # include "vircommandpriv.h"
  37
  38 # define VIR_FROM_THIS VIR_FROM_NONE
  39
  40 # ifdef __linux__
  41 #  define RULESTYPE "linux"
  42 # else
  43 #  error "test case not ported to this platform"
  44 # endif
  45
  46 static void
  47 testCommandDryRun(const char *const*args ATTRIBUTE_UNUSED,
  48                   const char *const*env ATTRIBUTE_UNUSED,
  49                   const char *input ATTRIBUTE_UNUSED,
  50                   char **output,
  51                   char **error,
  52                   int *status,
  53                   void *opaque ATTRIBUTE_UNUSED)
  54 {
  55     *status = 0;
  56     ignore_value(VIR_STRDUP_QUIET(*output, ""));
  57     ignore_value(VIR_STRDUP_QUIET(*error, ""));
  58 }
  59
  60 static int testCompareXMLToArgvFiles(const char *xml,
  61                                      const char *cmdline,
  62                                      const char *baseargs)
  63 {
  64     char *expectargv = NULL;
  65     char *actualargv = NULL;
  66     virBuffer buf = VIR_BUFFER_INITIALIZER;
  67     virNetworkDefPtr def = NULL;
  68     int ret = -1;
  69     char *actual;
  70
  71     virCommandSetDryRun(&buf, testCommandDryRun, NULL);
  72
  73     if (!(def = virNetworkDefParseFile(xml, NULL)))
  74         goto cleanup;
  75
  76     if (networkAddFirewallRules(def) < 0)
  77         goto cleanup;
  78
  79     if (virBufferError(&buf))
  80         goto cleanup;
  81
  82     actual = actualargv = virBufferContentAndReset(&buf);
  83     virTestClearCommandPath(actualargv);
  84     virCommandSetDryRun(NULL, NULL, NULL);
  85
  86     /* The first network to be created populates the
  87      * libvirt global chains. We must skip args for
  88      * that if present
  89      */
  90     if (STRPREFIX(actual, baseargs))
  91         actual += strlen(baseargs);
  92
  93     if (virTestCompareToFile(actual, cmdline) < 0)
  94         goto cleanup;
  95
  96     ret = 0;
  97
  98  cleanup:
  99     virBufferFreeAndReset(&buf);
 100     VIR_FREE(expectargv);
 101     VIR_FREE(actualargv);
 102     virNetworkDefFree(def);
 103     return ret;
 104 }
 105
 106 struct testInfo {
 107     const char *name;
 108     const char *baseargs;
 109 };
 110
 111
 112 static int
 113 testCompareXMLToIPTablesHelper(const void *data)
 114 {
 115     int result = -1;
 116     const struct testInfo *info = data;
 117     char *xml = NULL;
 118     char *args = NULL;
 119
 120     if (virAsprintf(&xml, "%s/networkxml2firewalldata/%s.xml",
 121                     abs_srcdir, info->name) < 0 ||
 122         virAsprintf(&args, "%s/networkxml2firewalldata/%s-%s.args",
 123                     abs_srcdir, info->name, RULESTYPE) < 0)
 124         goto cleanup;
 125
 126     result = testCompareXMLToArgvFiles(xml, args, info->baseargs);
 127
 128  cleanup:
 129     VIR_FREE(xml);
 130     VIR_FREE(args);
 131     return result;
 132 }
 133
 134 static bool
 135 hasNetfilterTools(void)
 136 {
 137     return virFileIsExecutable(IPTABLES_PATH) &&
 138         virFileIsExecutable(IP6TABLES_PATH) &&
 139         virFileIsExecutable(EBTABLES_PATH);
 140 }
 141
 142
 143 static int
 144 mymain(void)
 145 {
 146     int ret = 0;
 147     VIR_AUTOFREE(char *)basefile = NULL;
 148     VIR_AUTOFREE(char *)baseargs = NULL;
 149
 150 # define DO_TEST(name) \
 151     do { \
 152         struct testInfo info = { \
 153             name, baseargs, \
 154         }; \
 155         if (virTestRun("Network XML-2-iptables " name, \
 156                        testCompareXMLToIPTablesHelper, &info) < 0) \
 157             ret = -1; \
 158     } while (0)
 159
 160     virFirewallSetLockOverride(true);
 161
 162     if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) {
 163         if (!hasNetfilterTools()) {
 164             fprintf(stderr, "iptables/ip6tables/ebtables tools not present");
 165             return EXIT_AM_SKIP;
 166         }
 167
 168         ret = -1;
 169         goto cleanup;
 170     }
 171
 172     if (virAsprintf(&basefile, "%s/networkxml2firewalldata/base.args",
 173                     abs_srcdir) < 0) {
 174         ret = -1;
 175         goto cleanup;
 176     }
 177
 178     if (virTestLoadFile(basefile, &baseargs) < 0) {
 179         ret = -1;
 180         goto cleanup;
 181     }
 182
 183     DO_TEST("nat-default");
 184     DO_TEST("nat-tftp");
 185     DO_TEST("nat-many-ips");
 186     DO_TEST("nat-no-dhcp");
 187     DO_TEST("nat-ipv6");
 188     DO_TEST("route-default");
 189
 190  cleanup:
 191     return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
 192 }
 193
 194 VIR_TEST_MAIN(mymain)
 195
 196 #else /* ! defined (__linux__) */
 197
 198 int main(void)
 199 {
 200     return EXIT_AM_SKIP;
 201 }
 202
 203 #endif /* ! defined (__linux__) */