On Wed, Feb 07, 2018 at 09:04:57PM -0500, Laine Stump wrote:
Once the correct filter is enabled for the no-mac-broadcast test, the original test to validate ebtables rules is no longer correct - it was checking for the presence of the test guest's MAC address in the ebtables output on the host, but the no-mac-broadcast filter doesn't have the guest's MAC address anywhere. This patch changes the code to look for "-d Broadcast -j DROP", which actually is added to ebtables for no-mac-broadcast. --- scripts/nwfilter/230-no-mac-broadcast.t | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/scripts/nwfilter/230-no-mac-broadcast.t b/scripts/nwfilter/230-no-mac-broadcast.t index 292c056..8895a53 100644 --- a/scripts/nwfilter/230-no-mac-broadcast.t +++ b/scripts/nwfilter/230-no-mac-broadcast.t @@ -74,12 +74,9 @@ diag "ip is $guestip";
# check ebtables entry my $ebtables = (-e '/sbin/ebtables') ? '/sbin/ebtables' : '/usr/sbin/ebtables'; -my $ebtable = `$ebtables -L;$ebtables -t nat -L`; +my $ebtable = `$ebtables -t nat -L`; diag $ebtable; -# ebtables shortens :00: to :0: so we need to do that too -$_ = $mac; -s/00/0/g; -ok($ebtable =~ $_, "check ebtables entry"); +ok($ebtable =~ "-d Broadcast -j DROP", "check ebtables entry for \"-d Broadcast -j DROP\"");
# prepare tcpdump diag "prepare tcpdump";
Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|