8:04 p.m.
libvirt-tck happens to have the most thorough set of nwfilter tests
around. Unfortunately they haven't been run in quite awhile, and have
suffered from some bit rot. This patch series (along with Dan's patch
to force virt-builder to redo selinux labels after installing extra
packages) gets the nwfilter tests all completing successfully again
*on a Fedora 26 host* with libvirt 3.2.1 and libvirt 4.0.0+.
The concurrency tests (at least) still fail on an F27 host - in that
case they are actually revealing a bug due to something in libvirt,
libpcap, or maybe the kernel (and since the kernels in F26 and F27 are
nearly the same, and I tried both of the above libvirt versions on F27
with the same failure (two threads hung in a polling loop in libpcap)
Once I got this all running, I noticed that there are several domain
and network tests that are failing, and at least the ones I looked
into were due to bugs in the tests (e.g. the netdev hotplug test uses
multicast MAC addresses, and assumes that device detaches are
synchronous), so there's more work to do, but the nwfilter tests are
what's most important right now.
Laine Stump (9):
create vms that use virt-builder images with no graphics and
virtio-net
Use $net->get_dhcp_leases() when available
Use Net::OpenSSH instead of Net::SSH::Perl
Fix no-ip-spoofing test script generation
Fix no-arp-spoof test script generation
parameterize filterref in generic_domain
Fix ebtables check in no-mac-broadcast test
filter for proper IP address in tcpdump looking for broadcast packet
Eliminate unnecessary path specifications in binary names
lib/Sys/Virt/TCK.pm | 22 +++++-------
lib/Sys/Virt/TCK/NetworkHelpers.pm | 9 +++++
perl-Sys-Virt-TCK.spec.PL | 3 +-
scripts/nwfilter/100-ping-still-working.t | 6 ++--
scripts/nwfilter/210-no-mac-spoofing.t | 52 ++++++++++++++-------------
scripts/nwfilter/220-no-ip-spoofing.t | 59 ++++++++++++++++---------------
scripts/nwfilter/230-no-mac-broadcast.t | 39 ++++++++++----------
scripts/nwfilter/240-no-arp-spoofing.t | 36 ++++++++++---------
scripts/nwfilter/300-vsitype.t | 1 -
scripts/nwfilter/nwfilter_concurrent.sh | 4 +--
10 files changed, 121 insertions(+), 110 deletions(-)
--
2.13.6
8:04 p.m.
New subject: [libvirt] [tck PATCH 1/9] create vms that use virt-builder images with no graphics and virtio-net
This is consistent with what is used to create the disk image supplied
by virt-builder. It doesn't currently affect the outcome of the test,
but it's possible that in the future it could.
In particular, the network device name changes depending on whether or
not there is a graphics device (due to change in PCI address). The
virt-builder image is create by installing Fedora on a guest that has
no graphics card, so it sees the network device as "ens2" and creates
an appropriate ifcfg-ens2, but if you boot the image with a graphics
card, then the network device will be named "ens3". It turns out that
NetworkManager is enabled by default on the virt-builder images, and
NetworkManager will listen for dhcp on *all* interfaces (not just
those with a configuration file), so networking still functions on the
guest, but if a test script were to try to use "ifdown ens3" (for
example) that wouldn't work.
The best solution may be to have the image set "biosdevnames=0
net.ifnames=0" on the kernel commandline (so that the netdev is always
called "eth0" regardless of its PCI address), but that would also need
to be done in the kickstart file used to create the image, which is
done offline by libguestfs people, so it's not something we have
control over here.
---
lib/Sys/Virt/TCK.pm | 13 +++----------
1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/lib/Sys/Virt/TCK.pm b/lib/Sys/Virt/TCK.pm
index b39f578..ce8e81b 100644
--- a/lib/Sys/Virt/TCK.pm
+++ b/lib/Sys/Virt/TCK.pm
@@ -781,11 +781,6 @@ sub generic_machine_domain {
$b->boot_disk();
- $b->graphics(type => "vnc",
- port => "-1",
- autoport => "yes",
- listen => "127.0.0.1");
-
$b->disk(src => $config{root},
dst => $config{dev},
type => "file");
@@ -795,6 +790,7 @@ sub generic_machine_domain {
$b->interface(type => "network",
source => "default",
+ model => "virtio",
mac => "52:54:00:11:11:11",
filterref => "clean-traffic");
my $xml = $b->as_xml();
@@ -840,11 +836,6 @@ sub generic_machine_domain {
# XXX boot CDROM or vroot for other HVs
$b->boot_kernel($config{kernel}, $config{initrd});
- $b->graphics(type => "vnc",
- port => "-1",
- autoport => "yes",
- listen => "127.0.0.1");
-
$b->disk(src => $config{root},
dst => $config{dev},
type => "file");
@@ -930,6 +921,7 @@ sub generic_domain {
if ($netmode eq "vepa") {
$b->interface(type => "direct",
source => "default",
+ model => "virtio",
mac => "52:54:00:11:11:11",
dev => $self->get_host_network_device(),
mode => "vepa",
@@ -937,6 +929,7 @@ sub generic_domain {
} else {
$b->interface(type => "network",
source => "default",
+ model => "virtio",
mac => "52:54:00:11:11:11",
filterref => "clean-traffic");
}
--
2.13.6
3:13 a.m.
New subject: [libvirt] [tck PATCH 1/9] create vms that use virt-builder images with no graphics and virtio-net
On Wed, Feb 07, 2018 at 09:04:51PM -0500, Laine Stump wrote:
This is consistent with what is used to create the disk image
supplied
by virt-builder. It doesn't currently affect the outcome of the test,
but it's possible that in the future it could.
In particular, the network device name changes depending on whether or
not there is a graphics device (due to change in PCI address). The
virt-builder image is create by installing Fedora on a guest that has
no graphics card, so it sees the network device as "ens2" and creates
an appropriate ifcfg-ens2, but if you boot the image with a graphics
card, then the network device will be named "ens3". It turns out that
NetworkManager is enabled by default on the virt-builder images, and
NetworkManager will listen for dhcp on *all* interfaces (not just
those with a configuration file), so networking still functions on the
guest, but if a test script were to try to use "ifdown ens3" (for
example) that wouldn't work.
The best solution may be to have the image set "biosdevnames=0
net.ifnames=0" on the kernel commandline (so that the netdev is always
called "eth0" regardless of its PCI address), but that would also need
to be done in the kickstart file used to create the image, which is
done offline by libguestfs people, so it's not something we have
control over here.
---
lib/Sys/Virt/TCK.pm | 13 +++----------
1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/lib/Sys/Virt/TCK.pm b/lib/Sys/Virt/TCK.pm
index b39f578..ce8e81b 100644
--- a/lib/Sys/Virt/TCK.pm
+++ b/lib/Sys/Virt/TCK.pm
@@ -781,11 +781,6 @@ sub generic_machine_domain {
$b->boot_disk();
- $b->graphics(type => "vnc",
- port => "-1",
- autoport => "yes",
- listen => "127.0.0.1");
-
$b->disk(src => $config{root},
dst => $config{dev},
type => "file");
@@ -795,6 +790,7 @@ sub generic_machine_domain {
$b->interface(type => "network",
source => "default",
+ model => "virtio",
mac => "52:54:00:11:11:11",
filterref => "clean-traffic");
my $xml = $b->as_xml();
@@ -840,11 +836,6 @@ sub generic_machine_domain {
# XXX boot CDROM or vroot for other HVs
$b->boot_kernel($config{kernel}, $config{initrd});
- $b->graphics(type => "vnc",
- port => "-1",
- autoport => "yes",
- listen => "127.0.0.1");
-
$b->disk(src => $config{root},
dst => $config{dev},
type => "file");
@@ -930,6 +921,7 @@ sub generic_domain {
if ($netmode eq "vepa") {
$b->interface(type => "direct",
source => "default",
+ model => "virtio",
mac => "52:54:00:11:11:11",
dev => $self->get_host_network_device(),
mode => "vepa",
@@ -937,6 +929,7 @@ sub generic_domain {
} else {
$b->interface(type => "network",
source => "default",
+ model => "virtio",
mac => "52:54:00:11:11:11",
filterref => "clean-traffic");
}
Yuk this file has a mix of tabs and spaces it in currently :-(
We should clean that up by de-tabifying it, but I guess it is
better to apply your patches first otherwise it'l be conflict
hell for you. So
Reviewed-by: Daniel P. Berrange <berrange(a)redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
10:49 a.m.
New subject: [libvirt] [tck PATCH 1/9] create vms that use virt-builder images with no graphics and virtio-net
On 02/08/2018 04:13 AM, Daniel P. Berrangé wrote:
Yuk this file has a mix of tabs and spaces it in currently :-(
We should clean that up by de-tabifying it,
Yeah, I noticed that in a couple other files too (only because things
looked misaligned when I ran git diff). I'll try to remember to do
something about that after I get these pushed.
8:04 p.m.
New subject: [libvirt] [tck PATCH 2/9] Use $net->get_dhcp_leases() when available
Newer versions of libvirt no longer let dnsmasq create a leases file,
they keep track of it themselves and provide an API to retrieve the
current list of leases. Use that to get the guest's IP address when
it's available.
---
I later realized that it might be more appropriate to use
$dom->get_interface_addresses(), but I'd already rewritten the
existing function this way and it works, so I left it.
lib/Sys/Virt/TCK/NetworkHelpers.pm | 9 +++++++++
scripts/nwfilter/100-ping-still-working.t | 2 +-
scripts/nwfilter/210-no-mac-spoofing.t | 2 +-
scripts/nwfilter/220-no-ip-spoofing.t | 2 +-
scripts/nwfilter/230-no-mac-broadcast.t | 2 +-
scripts/nwfilter/240-no-arp-spoofing.t | 2 +-
scripts/nwfilter/nwfilter_concurrent.sh | 4 ++--
7 files changed, 16 insertions(+), 7 deletions(-)
diff --git a/lib/Sys/Virt/TCK/NetworkHelpers.pm b/lib/Sys/Virt/TCK/NetworkHelpers.pm
index 133064b..f6bf8f9 100644
--- a/lib/Sys/Virt/TCK/NetworkHelpers.pm
+++ b/lib/Sys/Virt/TCK/NetworkHelpers.pm
@@ -10,7 +10,16 @@ sub get_first_macaddress {
}
sub get_ip_from_leases{
+ my $conn = shift;
+ my $netname = shift;
my $mac = shift;
+
+ my $net = $conn->get_network_by_name($netname);
+ if ($net->can('get_dhcp_leases')) {
+ my @leases = $net->get_dhcp_leases($mac);
+ return @leases ? @leases[0]->{'ipaddr'} : undef;
+ }
+
my $tmp = `grep $mac /var/lib/libvirt/dnsmasq/default.leases`;
my @fields = split(/ /, $tmp);
my $ip = $fields[2];
diff --git a/scripts/nwfilter/100-ping-still-working.t
b/scripts/nwfilter/100-ping-still-working.t
index a20b95d..dc1efd2 100644
--- a/scripts/nwfilter/100-ping-still-working.t
+++ b/scripts/nwfilter/100-ping-still-working.t
@@ -69,7 +69,7 @@ sleep(10);
my $mac = get_first_macaddress($dom);
diag "mac is $mac";
-my $guestip = get_ip_from_leases($mac);
+my $guestip = get_ip_from_leases($conn, "default", $mac);
diag "ip is $guestip";
# check ebtables entry
diff --git a/scripts/nwfilter/210-no-mac-spoofing.t
b/scripts/nwfilter/210-no-mac-spoofing.t
index b81fc4a..03001a8 100644
--- a/scripts/nwfilter/210-no-mac-spoofing.t
+++ b/scripts/nwfilter/210-no-mac-spoofing.t
@@ -69,7 +69,7 @@ sleep(10);
my $mac = get_first_macaddress($dom);
diag "mac is $mac";
-my $guestip = get_ip_from_leases($mac);
+my $guestip = get_ip_from_leases($conn, "default", $mac);
diag "ip is $guestip";
# check ebtables entry
diff --git a/scripts/nwfilter/220-no-ip-spoofing.t
b/scripts/nwfilter/220-no-ip-spoofing.t
index 3a0213d..d447a19 100644
--- a/scripts/nwfilter/220-no-ip-spoofing.t
+++ b/scripts/nwfilter/220-no-ip-spoofing.t
@@ -60,7 +60,7 @@ sleep(30);
my $mac = get_first_macaddress($dom);
diag "mac is $mac";
-my $guestip = get_ip_from_leases($mac);
+my $guestip = get_ip_from_leases($conn, "default", $mac);
diag "ip is $guestip";
# check ebtables entry
diff --git a/scripts/nwfilter/230-no-mac-broadcast.t
b/scripts/nwfilter/230-no-mac-broadcast.t
index 16ce60d..9d00dc4 100644
--- a/scripts/nwfilter/230-no-mac-broadcast.t
+++ b/scripts/nwfilter/230-no-mac-broadcast.t
@@ -68,7 +68,7 @@ sleep(10);
my $mac = get_first_macaddress($dom);
diag "mac is $mac";
-my $guestip = get_ip_from_leases($mac);
+my $guestip = get_ip_from_leases($conn, "default", $mac);
diag "ip is $guestip";
# check ebtables entry
diff --git a/scripts/nwfilter/240-no-arp-spoofing.t
b/scripts/nwfilter/240-no-arp-spoofing.t
index 284033d..f1e6870 100644
--- a/scripts/nwfilter/240-no-arp-spoofing.t
+++ b/scripts/nwfilter/240-no-arp-spoofing.t
@@ -70,7 +70,7 @@ sleep(10);
my $mac = get_first_macaddress($dom);
diag "mac is $mac";
-my $guestip = get_ip_from_leases($mac);
+my $guestip = get_ip_from_leases($conn, "default", $mac);
diag "ip is $guestip";
# check ebtables entry
diff --git a/scripts/nwfilter/nwfilter_concurrent.sh
b/scripts/nwfilter/nwfilter_concurrent.sh
index 4c9b878..359e2ab 100644
--- a/scripts/nwfilter/nwfilter_concurrent.sh
+++ b/scripts/nwfilter/nwfilter_concurrent.sh
@@ -242,9 +242,9 @@ runTest()
[ $? -ne 0 ] && rm -rf "${tmpdir}" && return 1;
- # Test runs for a maximum of 5 minutes
+ # Test runs for a maximum of 10 minutes
now=`date +%s`
- test_end=$(($now + 5 * 60))
+ test_end=$(($now + 10 * 60))
while :;
do
--
2.13.6
3:15 a.m.
New subject: [libvirt] [tck PATCH 2/9] Use $net->get_dhcp_leases() when available
On Wed, Feb 07, 2018 at 09:04:52PM -0500, Laine Stump wrote:
Newer versions of libvirt no longer let dnsmasq create a leases
file,
they keep track of it themselves and provide an API to retrieve the
current list of leases. Use that to get the guest's IP address when
it's available.
---
I later realized that it might be more appropriate to use
$dom->get_interface_addresses(), but I'd already rewritten the
existing function this way and it works, so I left it.
lib/Sys/Virt/TCK/NetworkHelpers.pm | 9 +++++++++
scripts/nwfilter/100-ping-still-working.t | 2 +-
scripts/nwfilter/210-no-mac-spoofing.t | 2 +-
scripts/nwfilter/220-no-ip-spoofing.t | 2 +-
scripts/nwfilter/230-no-mac-broadcast.t | 2 +-
scripts/nwfilter/240-no-arp-spoofing.t | 2 +-
scripts/nwfilter/nwfilter_concurrent.sh | 4 ++--
7 files changed, 16 insertions(+), 7 deletions(-)
diff --git a/lib/Sys/Virt/TCK/NetworkHelpers.pm b/lib/Sys/Virt/TCK/NetworkHelpers.pm
index 133064b..f6bf8f9 100644
--- a/lib/Sys/Virt/TCK/NetworkHelpers.pm
+++ b/lib/Sys/Virt/TCK/NetworkHelpers.pm
@@ -10,7 +10,16 @@ sub get_first_macaddress {
}
sub get_ip_from_leases{
+ my $conn = shift;
+ my $netname = shift;
my $mac = shift;
+
+ my $net = $conn->get_network_by_name($netname);
+ if ($net->can('get_dhcp_leases')) {
+ my @leases = $net->get_dhcp_leases($mac);
+ return @leases ? @leases[0]->{'ipaddr'} : undef;
+ }
+
my $tmp = `grep $mac /var/lib/libvirt/dnsmasq/default.leases`;
my @fields = split(/ /, $tmp);
my $ip = $fields[2];
diff --git a/scripts/nwfilter/100-ping-still-working.t
b/scripts/nwfilter/100-ping-still-working.t
index a20b95d..dc1efd2 100644
--- a/scripts/nwfilter/100-ping-still-working.t
+++ b/scripts/nwfilter/100-ping-still-working.t
@@ -69,7 +69,7 @@ sleep(10);
my $mac = get_first_macaddress($dom);
diag "mac is $mac";
-my $guestip = get_ip_from_leases($mac);
+my $guestip = get_ip_from_leases($conn, "default", $mac);
diag "ip is $guestip";
# check ebtables entry
diff --git a/scripts/nwfilter/210-no-mac-spoofing.t
b/scripts/nwfilter/210-no-mac-spoofing.t
index b81fc4a..03001a8 100644
--- a/scripts/nwfilter/210-no-mac-spoofing.t
+++ b/scripts/nwfilter/210-no-mac-spoofing.t
@@ -69,7 +69,7 @@ sleep(10);
my $mac = get_first_macaddress($dom);
diag "mac is $mac";
-my $guestip = get_ip_from_leases($mac);
+my $guestip = get_ip_from_leases($conn, "default", $mac);
diag "ip is $guestip";
# check ebtables entry
diff --git a/scripts/nwfilter/220-no-ip-spoofing.t
b/scripts/nwfilter/220-no-ip-spoofing.t
index 3a0213d..d447a19 100644
--- a/scripts/nwfilter/220-no-ip-spoofing.t
+++ b/scripts/nwfilter/220-no-ip-spoofing.t
@@ -60,7 +60,7 @@ sleep(30);
my $mac = get_first_macaddress($dom);
diag "mac is $mac";
-my $guestip = get_ip_from_leases($mac);
+my $guestip = get_ip_from_leases($conn, "default", $mac);
diag "ip is $guestip";
# check ebtables entry
diff --git a/scripts/nwfilter/230-no-mac-broadcast.t
b/scripts/nwfilter/230-no-mac-broadcast.t
index 16ce60d..9d00dc4 100644
--- a/scripts/nwfilter/230-no-mac-broadcast.t
+++ b/scripts/nwfilter/230-no-mac-broadcast.t
@@ -68,7 +68,7 @@ sleep(10);
my $mac = get_first_macaddress($dom);
diag "mac is $mac";
-my $guestip = get_ip_from_leases($mac);
+my $guestip = get_ip_from_leases($conn, "default", $mac);
diag "ip is $guestip";
# check ebtables entry
diff --git a/scripts/nwfilter/240-no-arp-spoofing.t
b/scripts/nwfilter/240-no-arp-spoofing.t
index 284033d..f1e6870 100644
--- a/scripts/nwfilter/240-no-arp-spoofing.t
+++ b/scripts/nwfilter/240-no-arp-spoofing.t
@@ -70,7 +70,7 @@ sleep(10);
my $mac = get_first_macaddress($dom);
diag "mac is $mac";
-my $guestip = get_ip_from_leases($mac);
+my $guestip = get_ip_from_leases($conn, "default", $mac);
diag "ip is $guestip";
# check ebtables entry
Upto this point
Reviewed-by: Daniel P. Berrange <berrange(a)redhat.com>
diff --git a/scripts/nwfilter/nwfilter_concurrent.sh
b/scripts/nwfilter/nwfilter_concurrent.sh
index 4c9b878..359e2ab 100644
--- a/scripts/nwfilter/nwfilter_concurrent.sh
+++ b/scripts/nwfilter/nwfilter_concurrent.sh
@@ -242,9 +242,9 @@ runTest()
[ $? -ne 0 ] && rm -rf "${tmpdir}" && return 1;
- # Test runs for a maximum of 5 minutes
+ # Test runs for a maximum of 10 minutes
now=`date +%s`
- test_end=$(($now + 5 * 60))
+ test_end=$(($now + 10 * 60))
while :;
do
Just split that into a second patch if still needed
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
10:53 a.m.
New subject: [libvirt] [tck PATCH 2/9] Use $net->get_dhcp_leases() when available
On 02/08/2018 04:15 AM, Daniel P. Berrangé wrote:
> diff --git a/scripts/nwfilter/nwfilter_concurrent.sh
b/scripts/nwfilter/nwfilter_concurrent.sh
> index 4c9b878..359e2ab 100644
> --- a/scripts/nwfilter/nwfilter_concurrent.sh
> +++ b/scripts/nwfilter/nwfilter_concurrent.sh
> @@ -242,9 +242,9 @@ runTest()
>
> [ $? -ne 0 ] && rm -rf "${tmpdir}" && return 1;
>
> - # Test runs for a maximum of 5 minutes
> + # Test runs for a maximum of 10 minutes
> now=`date +%s`
> - test_end=$(($now + 5 * 60))
> + test_end=$(($now + 10 * 60))
>
> while :;
> do
Just split that into a second patch if still needed
Oops. I had that in for debugging and forgot to remove it.
8:04 p.m.
New subject: [libvirt] [tck PATCH 3/9] Use Net::OpenSSH instead of Net::SSH::Perl
Net::SSH::Perl is out of date in the Fedora git repos. The version
currently supported in Fedora fails to connect to most modern sshd's,
and updating to the new version would require adding several new perl
packages to Fedora. Instead, this patch switches to using
Net::OpenSSH, whose current version in Fedora works properly *EXCEPT*
that it is missing the line "Requires: perl(IO:TTy)" in its specfiles
(I filed https://bugzilla.redhat.com/1542666 requesting that fix to be
applied to Fedora git repos. For now, just run "dnf install
perl-IO-Tty" separately)
NB: prior to this patch, Net::SSH::Perl was required, but had no
Required: line in the specfile, so you would have to install it by
hand. If you had done that, you can probably now dnf erase it.
---
perl-Sys-Virt-TCK.spec.PL | 3 ++-
scripts/nwfilter/100-ping-still-working.t | 1 -
scripts/nwfilter/210-no-mac-spoofing.t | 27 ++++++++++++++-------------
scripts/nwfilter/220-no-ip-spoofing.t | 23 ++++++++++++-----------
scripts/nwfilter/230-no-mac-broadcast.t | 23 ++++++++++++-----------
scripts/nwfilter/240-no-arp-spoofing.t | 23 ++++++++++++-----------
scripts/nwfilter/300-vsitype.t | 1 -
7 files changed, 52 insertions(+), 49 deletions(-)
diff --git a/perl-Sys-Virt-TCK.spec.PL b/perl-Sys-Virt-TCK.spec.PL
index 9a10880..4172499 100644
--- a/perl-Sys-Virt-TCK.spec.PL
+++ b/perl-Sys-Virt-TCK.spec.PL
@@ -37,7 +37,7 @@ __DATA__
Summary: Sys::Virt::TCK - libvirt Technology Compatibility Kit
Name: perl-%{appname}
Version: @VERSION@
-Release: 1%{_extra_release}
+Release: 99%{_extra_release}
License: GPLv2
Group: Development/Tools
Source: http://libvirt.org/sources/tck/%{appname}-v%{version}.tar.gz
@@ -73,6 +73,7 @@ Requires: perl(Test::Exception)
Requires: perl(TAP::Formatter::HTML)
Requires: perl(TAP::Formatter::JUnit)
Requires: perl(TAP::Harness::Archive)
+Requires: perl(Net::OpenSSH)
Requires: /usr/bin/mkisofs
BuildArchitectures: noarch
diff --git a/scripts/nwfilter/100-ping-still-working.t
b/scripts/nwfilter/100-ping-still-working.t
index dc1efd2..5afc6a6 100644
--- a/scripts/nwfilter/100-ping-still-working.t
+++ b/scripts/nwfilter/100-ping-still-working.t
@@ -32,7 +32,6 @@ use Test::More tests => 4;
use Sys::Virt::TCK;
use Sys::Virt::TCK::NetworkHelpers;
use Test::Exception;
-use Net::SSH::Perl;
use File::Spec::Functions qw(catfile catdir rootdir);
diff --git a/scripts/nwfilter/210-no-mac-spoofing.t
b/scripts/nwfilter/210-no-mac-spoofing.t
index 03001a8..eb01d13 100644
--- a/scripts/nwfilter/210-no-mac-spoofing.t
+++ b/scripts/nwfilter/210-no-mac-spoofing.t
@@ -31,7 +31,7 @@ use Test::More tests => 5;
use Sys::Virt::TCK;
use Sys::Virt::TCK::NetworkHelpers;
use Test::Exception;
-use Net::SSH::Perl;
+use Net::OpenSSH;
use File::Spec::Functions qw(catfile catdir rootdir);
@@ -88,9 +88,10 @@ diag $ping;
ok($ping =~ "10 received", "ping $guestip test");
# log into guest
-my $ssh = Net::SSH::Perl->new($guestip);
diag "ssh'ing into $guestip";
-$ssh->login("root", $tck->root_password());
+my $ssh = Net::OpenSSH->new($guestip,
+ user => "root",
+ password => $tck->root_password());
# now bring eth0 down, change MAC and bring it up again
diag "fiddling with mac";
@@ -108,26 +109,26 @@ echo "DEV=`ip link | head -3 | tail -1 | awk '{print
\\\$2}' | sed -e 's/://'`
/sbin/ip addr show dev \\\$DEV" > /test.sh
EOF
diag $cmdfile;
-my ($stdout, $stderr, $exit) = $ssh->cmd($cmdfile);
+my ($stdout, $stderr) = $ssh->capture2($cmdfile);
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("chmod +x /test.sh");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("chmod +x /test.sh");
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("/test.sh > /test.log");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("/test.sh > /test.log");
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("cat /test.sh");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("cat /test.sh");
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("cat /test.log");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("cat /test.log");
diag $stdout;
diag $stderr;
-diag $exit;
+diag "Exit Code: $?";
ok($stdout =~ /100% packet loss|Network is unreachable/, "packet loss
expected");
shutdown_vm_gracefully($dom);
diff --git a/scripts/nwfilter/220-no-ip-spoofing.t
b/scripts/nwfilter/220-no-ip-spoofing.t
index d447a19..872dcc3 100644
--- a/scripts/nwfilter/220-no-ip-spoofing.t
+++ b/scripts/nwfilter/220-no-ip-spoofing.t
@@ -31,7 +31,7 @@ use Test::More tests => 4;
use Sys::Virt::TCK;
use Sys::Virt::TCK::NetworkHelpers;
use Test::Exception;
-use Net::SSH::Perl;
+use Net::OpenSSH;
use File::Spec::Functions qw(catfile catdir rootdir);
@@ -71,9 +71,10 @@ diag $ebtable;
ok($ebtable =~ "$guestip", "check ebtables entry");
# log into guest
-my $ssh = Net::SSH::Perl->new($guestip);
diag "ssh'ing into $guestip";
-$ssh->login("root", $tck->root_password());
+my $ssh = Net::OpenSSH->new($guestip,
+ user => "root",
+ password => $tck->root_password());
# now bring eth0 down, change IP and bring it up again
diag "preparing ip spoof";
@@ -95,23 +96,23 @@ MASK=`ip addr show \\\$DEV | grep 'inet ' | awk '{print
\\\$2}' | sed -e 's/.*\\
/sbin/ip addr show \\\$DEV" > /test.sh
EOF
diag $cmdfile;
-my ($stdout, $stderr, $exit) = $ssh->cmd($cmdfile);
+my ($stdout, $stderr) = $ssh->capture2($cmdfile);
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("chmod +x /test.sh");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("chmod +x /test.sh");
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("cat /test.sh");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("cat /test.sh");
diag $stdout;
diag $stderr;
-diag $exit;
+diag "Exit Code: $?";
diag "running ip spoof";
-($stdout, $stderr, $exit) = $ssh->cmd("/test.sh");
+($stdout, $stderr) = $ssh->capture2("/test.sh");
diag $stdout;
diag $stderr;
-diag $exit;
+diag "Exit Code: $?";
diag "checking result";
ok($stdout =~ "100% packet loss", "packet loss expected");
diff --git a/scripts/nwfilter/230-no-mac-broadcast.t
b/scripts/nwfilter/230-no-mac-broadcast.t
index 9d00dc4..70c1ab4 100644
--- a/scripts/nwfilter/230-no-mac-broadcast.t
+++ b/scripts/nwfilter/230-no-mac-broadcast.t
@@ -31,7 +31,7 @@ use Test::More tests => 4;
use Sys::Virt::TCK;
use Sys::Virt::TCK::NetworkHelpers;
use Test::Exception;
-use Net::SSH::Perl;
+use Net::OpenSSH;
use File::Spec::Functions qw(catfile catdir rootdir);
my $tck = Sys::Virt::TCK->new();
@@ -85,9 +85,10 @@ diag "prepare tcpdump";
system("/usr/sbin/tcpdump -v -i virbr0 -n host 255.255.255.255 2>
/tmp/tcpdump.log &");
# log into guest
-my $ssh = Net::SSH::Perl->new($guestip);
diag "ssh'ing into $guestip";
-$ssh->login("root", $tck->root_password());
+my $ssh = Net::OpenSSH->new($guestip,
+ user => "root",
+ password => $tck->root_password());
# now generate a mac broadcast paket
diag "generate mac broadcast";
@@ -95,22 +96,22 @@ my $cmdfile = <<EOF;
echo '/bin/ping -c 1 192.168.122.255 -b' > /test.sh
EOF
diag $cmdfile;
-my ($stdout, $stderr, $exit) = $ssh->cmd($cmdfile);
+my ($stdout, $stderr) = $ssh->capture2($cmdfile);
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("chmod +x /test.sh");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("chmod +x /test.sh");
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("/test.sh > /test.log");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("/test.sh > /test.log");
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("cat /test.log");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("cat /test.log");
diag $stdout;
diag $stderr;
-diag $exit;
+diag "Exit Code: $?";
# now stop tcpdump and verify result
diag "stopping tcpdump";
diff --git a/scripts/nwfilter/240-no-arp-spoofing.t
b/scripts/nwfilter/240-no-arp-spoofing.t
index f1e6870..141fb92 100644
--- a/scripts/nwfilter/240-no-arp-spoofing.t
+++ b/scripts/nwfilter/240-no-arp-spoofing.t
@@ -31,7 +31,7 @@ use Test::More tests => 4;
use Sys::Virt::TCK;
use Sys::Virt::TCK::NetworkHelpers;
use Test::Exception;
-use Net::SSH::Perl;
+use Net::OpenSSH;
use File::Spec::Functions qw(catfile catdir rootdir);
my $spoofid = "192.168.122.183";
@@ -85,9 +85,10 @@ diag "prepare tcpdump";
system("/usr/sbin/tcpdump -v -i virbr0 not ip > /tmp/tcpdump.log &");
# log into guest
-my $ssh = Net::SSH::Perl->new($guestip);
diag "ssh'ing into $guestip";
-$ssh->login("root", $tck->root_password());
+my $ssh = Net::OpenSSH->new($guestip,
+ user => "root",
+ password => $tck->root_password());
# now generate a arp spoofing packets
diag "generate arpspoof";
@@ -100,23 +101,23 @@ EOF
diag "content of cmdfile:";
diag $cmdfile;
diag "creating cmdfile";
-my ($stdout, $stderr, $exit) = $ssh->cmd($cmdfile);
+my ($stdout, $stderr) = $ssh->capture2($cmdfile);
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("chmod +x /test.sh");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("chmod +x /test.sh");
diag $stdout;
diag $stderr;
-diag $exit;
+diag "Exit Code: $?";
diag "excuting cmdfile";
-($stdout, $stderr, $exit) = $ssh->cmd("/test.sh > /test.log");
+($stdout, $stderr) = $ssh->capture2("/test.sh > /test.log");
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("echo test.log\ncat /test.log");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("echo test.log\ncat /test.log");
diag $stdout;
diag $stderr;
-diag $exit;
+diag "Exit Code: $?";
# now stop tcpdump and verify result
diag "stopping tcpdump";
diff --git a/scripts/nwfilter/300-vsitype.t b/scripts/nwfilter/300-vsitype.t
index 430618f..d169339 100644
--- a/scripts/nwfilter/300-vsitype.t
+++ b/scripts/nwfilter/300-vsitype.t
@@ -31,7 +31,6 @@ use Test::More;
use Sys::Virt::TCK;
use Sys::Virt::TCK::NetworkHelpers;
use Test::Exception;
-use Net::SSH::Perl;
use File::Spec::Functions qw(catfile catdir rootdir);
my $tck = Sys::Virt::TCK->new();
--
2.13.6
3:17 a.m.
New subject: [libvirt] [tck PATCH 3/9] Use Net::OpenSSH instead of Net::SSH::Perl
On Wed, Feb 07, 2018 at 09:04:53PM -0500, Laine Stump wrote:
Net::SSH::Perl is out of date in the Fedora git repos. The version
currently supported in Fedora fails to connect to most modern sshd's,
and updating to the new version would require adding several new perl
packages to Fedora. Instead, this patch switches to using
Net::OpenSSH, whose current version in Fedora works properly *EXCEPT*
that it is missing the line "Requires: perl(IO:TTy)" in its specfiles
(I filed https://bugzilla.redhat.com/1542666 requesting that fix to be
applied to Fedora git repos. For now, just run "dnf install
perl-IO-Tty" separately)
NB: prior to this patch, Net::SSH::Perl was required, but had no
Required: line in the specfile, so you would have to install it by
hand. If you had done that, you can probably now dnf erase it.
Fedora RPM has magic dependancy generators - it should have added a
Requires: perl(Net::SSH::Perl) line automatically at build time
diff --git a/perl-Sys-Virt-TCK.spec.PL b/perl-Sys-Virt-TCK.spec.PL
index 9a10880..4172499 100644
--- a/perl-Sys-Virt-TCK.spec.PL
+++ b/perl-Sys-Virt-TCK.spec.PL
@@ -37,7 +37,7 @@ __DATA__
Summary: Sys::Virt::TCK - libvirt Technology Compatibility Kit
Name: perl-%{appname}
Version: @VERSION@
-Release: 1%{_extra_release}
+Release: 99%{_extra_release}
Opps can revert that bit :-)
License: GPLv2
Group: Development/Tools
Source: http://libvirt.org/sources/tck/%{appname}-v%{version}.tar.gz
@@ -73,6 +73,7 @@ Requires: perl(Test::Exception)
Requires: perl(TAP::Formatter::HTML)
Requires: perl(TAP::Formatter::JUnit)
Requires: perl(TAP::Harness::Archive)
+Requires: perl(Net::OpenSSH)
Requires: /usr/bin/mkisofs
BuildArchitectures: noarch
diff --git a/scripts/nwfilter/100-ping-still-working.t
b/scripts/nwfilter/100-ping-still-working.t
index dc1efd2..5afc6a6 100644
--- a/scripts/nwfilter/100-ping-still-working.t
+++ b/scripts/nwfilter/100-ping-still-working.t
@@ -32,7 +32,6 @@ use Test::More tests => 4;
use Sys::Virt::TCK;
use Sys::Virt::TCK::NetworkHelpers;
use Test::Exception;
-use Net::SSH::Perl;
use File::Spec::Functions qw(catfile catdir rootdir);
diff --git a/scripts/nwfilter/210-no-mac-spoofing.t
b/scripts/nwfilter/210-no-mac-spoofing.t
index 03001a8..eb01d13 100644
--- a/scripts/nwfilter/210-no-mac-spoofing.t
+++ b/scripts/nwfilter/210-no-mac-spoofing.t
@@ -31,7 +31,7 @@ use Test::More tests => 5;
use Sys::Virt::TCK;
use Sys::Virt::TCK::NetworkHelpers;
use Test::Exception;
-use Net::SSH::Perl;
+use Net::OpenSSH;
use File::Spec::Functions qw(catfile catdir rootdir);
@@ -88,9 +88,10 @@ diag $ping;
ok($ping =~ "10 received", "ping $guestip test");
# log into guest
-my $ssh = Net::SSH::Perl->new($guestip);
diag "ssh'ing into $guestip";
-$ssh->login("root", $tck->root_password());
+my $ssh = Net::OpenSSH->new($guestip,
+ user => "root",
+ password => $tck->root_password());
# now bring eth0 down, change MAC and bring it up again
diag "fiddling with mac";
@@ -108,26 +109,26 @@ echo "DEV=`ip link | head -3 | tail -1 | awk '{print
\\\$2}' | sed -e 's/://'`
/sbin/ip addr show dev \\\$DEV" > /test.sh
EOF
diag $cmdfile;
-my ($stdout, $stderr, $exit) = $ssh->cmd($cmdfile);
+my ($stdout, $stderr) = $ssh->capture2($cmdfile);
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("chmod +x /test.sh");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("chmod +x /test.sh");
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("/test.sh > /test.log");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("/test.sh > /test.log");
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("cat /test.sh");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("cat /test.sh");
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("cat /test.log");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("cat /test.log");
diag $stdout;
diag $stderr;
-diag $exit;
+diag "Exit Code: $?";
ok($stdout =~ /100% packet loss|Network is unreachable/, "packet loss
expected");
shutdown_vm_gracefully($dom);
diff --git a/scripts/nwfilter/220-no-ip-spoofing.t
b/scripts/nwfilter/220-no-ip-spoofing.t
index d447a19..872dcc3 100644
--- a/scripts/nwfilter/220-no-ip-spoofing.t
+++ b/scripts/nwfilter/220-no-ip-spoofing.t
@@ -31,7 +31,7 @@ use Test::More tests => 4;
use Sys::Virt::TCK;
use Sys::Virt::TCK::NetworkHelpers;
use Test::Exception;
-use Net::SSH::Perl;
+use Net::OpenSSH;
use File::Spec::Functions qw(catfile catdir rootdir);
@@ -71,9 +71,10 @@ diag $ebtable;
ok($ebtable =~ "$guestip", "check ebtables entry");
# log into guest
-my $ssh = Net::SSH::Perl->new($guestip);
diag "ssh'ing into $guestip";
-$ssh->login("root", $tck->root_password());
+my $ssh = Net::OpenSSH->new($guestip,
+ user => "root",
+ password => $tck->root_password());
# now bring eth0 down, change IP and bring it up again
diag "preparing ip spoof";
@@ -95,23 +96,23 @@ MASK=`ip addr show \\\$DEV | grep 'inet ' | awk '{print
\\\$2}' | sed -e 's/.*\\
/sbin/ip addr show \\\$DEV" > /test.sh
EOF
diag $cmdfile;
-my ($stdout, $stderr, $exit) = $ssh->cmd($cmdfile);
+my ($stdout, $stderr) = $ssh->capture2($cmdfile);
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("chmod +x /test.sh");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("chmod +x /test.sh");
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("cat /test.sh");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("cat /test.sh");
diag $stdout;
diag $stderr;
-diag $exit;
+diag "Exit Code: $?";
diag "running ip spoof";
-($stdout, $stderr, $exit) = $ssh->cmd("/test.sh");
+($stdout, $stderr) = $ssh->capture2("/test.sh");
diag $stdout;
diag $stderr;
-diag $exit;
+diag "Exit Code: $?";
diag "checking result";
ok($stdout =~ "100% packet loss", "packet loss expected");
diff --git a/scripts/nwfilter/230-no-mac-broadcast.t
b/scripts/nwfilter/230-no-mac-broadcast.t
index 9d00dc4..70c1ab4 100644
--- a/scripts/nwfilter/230-no-mac-broadcast.t
+++ b/scripts/nwfilter/230-no-mac-broadcast.t
@@ -31,7 +31,7 @@ use Test::More tests => 4;
use Sys::Virt::TCK;
use Sys::Virt::TCK::NetworkHelpers;
use Test::Exception;
-use Net::SSH::Perl;
+use Net::OpenSSH;
use File::Spec::Functions qw(catfile catdir rootdir);
my $tck = Sys::Virt::TCK->new();
@@ -85,9 +85,10 @@ diag "prepare tcpdump";
system("/usr/sbin/tcpdump -v -i virbr0 -n host 255.255.255.255 2>
/tmp/tcpdump.log &");
# log into guest
-my $ssh = Net::SSH::Perl->new($guestip);
diag "ssh'ing into $guestip";
-$ssh->login("root", $tck->root_password());
+my $ssh = Net::OpenSSH->new($guestip,
+ user => "root",
+ password => $tck->root_password());
# now generate a mac broadcast paket
diag "generate mac broadcast";
@@ -95,22 +96,22 @@ my $cmdfile = <<EOF;
echo '/bin/ping -c 1 192.168.122.255 -b' > /test.sh
EOF
diag $cmdfile;
-my ($stdout, $stderr, $exit) = $ssh->cmd($cmdfile);
+my ($stdout, $stderr) = $ssh->capture2($cmdfile);
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("chmod +x /test.sh");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("chmod +x /test.sh");
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("/test.sh > /test.log");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("/test.sh > /test.log");
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("cat /test.log");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("cat /test.log");
diag $stdout;
diag $stderr;
-diag $exit;
+diag "Exit Code: $?";
# now stop tcpdump and verify result
diag "stopping tcpdump";
diff --git a/scripts/nwfilter/240-no-arp-spoofing.t
b/scripts/nwfilter/240-no-arp-spoofing.t
index f1e6870..141fb92 100644
--- a/scripts/nwfilter/240-no-arp-spoofing.t
+++ b/scripts/nwfilter/240-no-arp-spoofing.t
@@ -31,7 +31,7 @@ use Test::More tests => 4;
use Sys::Virt::TCK;
use Sys::Virt::TCK::NetworkHelpers;
use Test::Exception;
-use Net::SSH::Perl;
+use Net::OpenSSH;
use File::Spec::Functions qw(catfile catdir rootdir);
my $spoofid = "192.168.122.183";
@@ -85,9 +85,10 @@ diag "prepare tcpdump";
system("/usr/sbin/tcpdump -v -i virbr0 not ip > /tmp/tcpdump.log &");
# log into guest
-my $ssh = Net::SSH::Perl->new($guestip);
diag "ssh'ing into $guestip";
-$ssh->login("root", $tck->root_password());
+my $ssh = Net::OpenSSH->new($guestip,
+ user => "root",
+ password => $tck->root_password());
# now generate a arp spoofing packets
diag "generate arpspoof";
@@ -100,23 +101,23 @@ EOF
diag "content of cmdfile:";
diag $cmdfile;
diag "creating cmdfile";
-my ($stdout, $stderr, $exit) = $ssh->cmd($cmdfile);
+my ($stdout, $stderr) = $ssh->capture2($cmdfile);
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("chmod +x /test.sh");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("chmod +x /test.sh");
diag $stdout;
diag $stderr;
-diag $exit;
+diag "Exit Code: $?";
diag "excuting cmdfile";
-($stdout, $stderr, $exit) = $ssh->cmd("/test.sh > /test.log");
+($stdout, $stderr) = $ssh->capture2("/test.sh > /test.log");
diag $stdout;
diag $stderr;
-diag $exit;
-($stdout, $stderr, $exit) = $ssh->cmd("echo test.log\ncat /test.log");
+diag "Exit Code: $?";
+($stdout, $stderr) = $ssh->capture2("echo test.log\ncat /test.log");
diag $stdout;
diag $stderr;
-diag $exit;
+diag "Exit Code: $?";
# now stop tcpdump and verify result
diag "stopping tcpdump";
diff --git a/scripts/nwfilter/300-vsitype.t b/scripts/nwfilter/300-vsitype.t
index 430618f..d169339 100644
--- a/scripts/nwfilter/300-vsitype.t
+++ b/scripts/nwfilter/300-vsitype.t
@@ -31,7 +31,6 @@ use Test::More;
use Sys::Virt::TCK;
use Sys::Virt::TCK::NetworkHelpers;
use Test::Exception;
-use Net::SSH::Perl;
use File::Spec::Functions qw(catfile catdir rootdir);
my $tck = Sys::Virt::TCK->new();
--
Reviewed-by: Daniel P. Berrange <berrange(a)redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
8:04 p.m.
New subject: [libvirt] [tck PATCH 4/9] Fix no-ip-spoofing test script generation
The setting of the environment variable MASK was for some reason
producing "8" instead of "24". Changing from using back-ticks
"`" that
resolved at the time the script was created, to using $(blah) resolved
when the script is *run* magically fixed the problem.
Note that this doesn't change the outcome of the test at all, since
the guest never needs to connect outside the local subnet, and is
immediately halted after setting the IP using $MASK. It just bothered
me that the value was incorrect (and that backticks were being used,
when $() is more portable - again it is duly noted that portability
doesn't matter in this case, since we know that the script will always
be executed on Fedora with bash).
---
scripts/nwfilter/220-no-ip-spoofing.t | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/scripts/nwfilter/220-no-ip-spoofing.t
b/scripts/nwfilter/220-no-ip-spoofing.t
index 872dcc3..5903961 100644
--- a/scripts/nwfilter/220-no-ip-spoofing.t
+++ b/scripts/nwfilter/220-no-ip-spoofing.t
@@ -79,9 +79,10 @@ my $ssh = Net::OpenSSH->new($guestip,
# now bring eth0 down, change IP and bring it up again
diag "preparing ip spoof";
my $cmdfile = <<EOF;
-echo "DEV=`ip link | head -3 | tail -1 | awk '{print \\\$2}' | sed -e
's/://'`
-MASK=`ip addr show \\\$DEV | grep 'inet ' | awk '{print \\\$2}' | sed -e
's/.*\\///;q'`
+echo "DEV=\\\$(ip link | head -3 | tail -1 | awk '{print \\\$2}' | sed -e
's/://')
+MASK=\\\$(ip addr show \\\$DEV | grep 'inet ' | awk '{print \\\$2}' | sed
-e 's/.*\\///;q')
/sbin/ip addr show \\\$DEV
+kill \\\$(pidof dhclient)
/sbin/ip link set \\\$DEV down
/sbin/ip addr flush dev \\\$DEV
/sbin/ip addr add 192.168.122.183/\\\$MASK dev \\\$DEV
--
2.13.6
3:19 a.m.
New subject: [libvirt] [tck PATCH 4/9] Fix no-ip-spoofing test script generation
On Wed, Feb 07, 2018 at 09:04:54PM -0500, Laine Stump wrote:
The setting of the environment variable MASK was for some reason
producing "8" instead of "24". Changing from using back-ticks
"`" that
resolved at the time the script was created, to using $(blah) resolved
when the script is *run* magically fixed the problem.
Oh, I bet the `` were being evaluated on the *host* when perl initializes
the $cmdfile variable. Your change to $() means it is now correctly
evaluated on the *guest* inside the SSH sesssion. Fun !
Note that this doesn't change the outcome of the test at all,
since
the guest never needs to connect outside the local subnet, and is
immediately halted after setting the IP using $MASK. It just bothered
me that the value was incorrect (and that backticks were being used,
when $() is more portable - again it is duly noted that portability
doesn't matter in this case, since we know that the script will always
be executed on Fedora with bash).
---
scripts/nwfilter/220-no-ip-spoofing.t | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/scripts/nwfilter/220-no-ip-spoofing.t
b/scripts/nwfilter/220-no-ip-spoofing.t
index 872dcc3..5903961 100644
--- a/scripts/nwfilter/220-no-ip-spoofing.t
+++ b/scripts/nwfilter/220-no-ip-spoofing.t
@@ -79,9 +79,10 @@ my $ssh = Net::OpenSSH->new($guestip,
# now bring eth0 down, change IP and bring it up again
diag "preparing ip spoof";
my $cmdfile = <<EOF;
-echo "DEV=`ip link | head -3 | tail -1 | awk '{print \\\$2}' | sed -e
's/://'`
-MASK=`ip addr show \\\$DEV | grep 'inet ' | awk '{print \\\$2}' | sed -e
's/.*\\///;q'`
+echo "DEV=\\\$(ip link | head -3 | tail -1 | awk '{print \\\$2}' | sed -e
's/://')
+MASK=\\\$(ip addr show \\\$DEV | grep 'inet ' | awk '{print \\\$2}' |
sed -e 's/.*\\///;q')
/sbin/ip addr show \\\$DEV
+kill \\\$(pidof dhclient)
/sbin/ip link set \\\$DEV down
/sbin/ip addr flush dev \\\$DEV
/sbin/ip addr add 192.168.122.183/\\\$MASK dev \\\$DEV
--
2.13.6
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
3:19 a.m.
New subject: [libvirt] [tck PATCH 4/9] Fix no-ip-spoofing test script generation
On Wed, Feb 07, 2018 at 09:04:54PM -0500, Laine Stump wrote:
The setting of the environment variable MASK was for some reason
producing "8" instead of "24". Changing from using back-ticks
"`" that
resolved at the time the script was created, to using $(blah) resolved
when the script is *run* magically fixed the problem.
Note that this doesn't change the outcome of the test at all, since
the guest never needs to connect outside the local subnet, and is
immediately halted after setting the IP using $MASK. It just bothered
me that the value was incorrect (and that backticks were being used,
when $() is more portable - again it is duly noted that portability
doesn't matter in this case, since we know that the script will always
be executed on Fedora with bash).
---
scripts/nwfilter/220-no-ip-spoofing.t | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/scripts/nwfilter/220-no-ip-spoofing.t
b/scripts/nwfilter/220-no-ip-spoofing.t
index 872dcc3..5903961 100644
--- a/scripts/nwfilter/220-no-ip-spoofing.t
+++ b/scripts/nwfilter/220-no-ip-spoofing.t
@@ -79,9 +79,10 @@ my $ssh = Net::OpenSSH->new($guestip,
# now bring eth0 down, change IP and bring it up again
diag "preparing ip spoof";
my $cmdfile = <<EOF;
-echo "DEV=`ip link | head -3 | tail -1 | awk '{print \\\$2}' | sed -e
's/://'`
-MASK=`ip addr show \\\$DEV | grep 'inet ' | awk '{print \\\$2}' | sed -e
's/.*\\///;q'`
+echo "DEV=\\\$(ip link | head -3 | tail -1 | awk '{print \\\$2}' | sed -e
's/://')
+MASK=\\\$(ip addr show \\\$DEV | grep 'inet ' | awk '{print \\\$2}' |
sed -e 's/.*\\///;q')
/sbin/ip addr show \\\$DEV
+kill \\\$(pidof dhclient)
/sbin/ip link set \\\$DEV down
/sbin/ip addr flush dev \\\$DEV
/sbin/ip addr add 192.168.122.183/\\\$MASK dev \\\$DEV
Reviewed-by: Daniel P. Berrange <berrange(a)redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
8:04 p.m.
New subject: [libvirt] [tck PATCH 5/9] Fix no-arp-spoof test script generation
I'm not sure if or how this ever worked before - what is supposed to
happen is that the shell script in $cmdfile is put into the file
/test.sh on the guest, then /test.sh is executed. But the code was
instead trying to directly execute the text of the entire script as a
single command and write the generated output to /test.sh, then
execute that.
putting echo " ..... " around the whole thing fixed it.
---
scripts/nwfilter/240-no-arp-spoofing.t | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/nwfilter/240-no-arp-spoofing.t
b/scripts/nwfilter/240-no-arp-spoofing.t
index 141fb92..45f790a 100644
--- a/scripts/nwfilter/240-no-arp-spoofing.t
+++ b/scripts/nwfilter/240-no-arp-spoofing.t
@@ -91,11 +91,11 @@ my $ssh = Net::OpenSSH->new($guestip,
password => $tck->root_password());
# now generate a arp spoofing packets
-diag "generate arpspoof";
+diag "generate arpspoof script";
my $cmdfile = <<EOF;
-/usr/sbin/arpspoof ${spoofid} &
+echo "/usr/sbin/arpspoof ${spoofid} &
/bin/sleep 10
-kill -15 `/sbin/pidof arpspoof`' > /test.sh
+kill -15 `/sbin/pidof arpspoof`" > /test.sh
EOF
diag "content of cmdfile:";
--
2.13.6
3:21 a.m.
New subject: [libvirt] [tck PATCH 5/9] Fix no-arp-spoof test script generation
On Wed, Feb 07, 2018 at 09:04:55PM -0500, Laine Stump wrote:
I'm not sure if or how this ever worked before - what is supposed
to
happen is that the shell script in $cmdfile is put into the file
/test.sh on the guest, then /test.sh is executed. But the code was
instead trying to directly execute the text of the entire script as a
single command and write the generated output to /test.sh, then
execute that.
Err, wow.
putting echo " ..... " around the whole thing fixed it.
---
scripts/nwfilter/240-no-arp-spoofing.t | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/nwfilter/240-no-arp-spoofing.t
b/scripts/nwfilter/240-no-arp-spoofing.t
index 141fb92..45f790a 100644
--- a/scripts/nwfilter/240-no-arp-spoofing.t
+++ b/scripts/nwfilter/240-no-arp-spoofing.t
@@ -91,11 +91,11 @@ my $ssh = Net::OpenSSH->new($guestip,
password => $tck->root_password());
# now generate a arp spoofing packets
-diag "generate arpspoof";
+diag "generate arpspoof script";
my $cmdfile = <<EOF;
-/usr/sbin/arpspoof ${spoofid} &
+echo "/usr/sbin/arpspoof ${spoofid} &
/bin/sleep 10
-kill -15 `/sbin/pidof arpspoof`' > /test.sh
+kill -15 `/sbin/pidof arpspoof`" > /test.sh
EOF
diag "content of cmdfile:";
Reviewed-by: Daniel P. Berrange <berrange(a)redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
8:04 p.m.
New subject: [libvirt] [tck PATCH 6/9] parameterize filterref in generic_domain
...and set it properly in all the nwfilter tests (it's irrelevant for
the others).
This corrects a problem with the no-mac-broadcast test, which was
checking to see that packets with a destination MAC address of
ff:ff:ff:ff:ff:ff weren't allowed, but was neglecting to add the
"no-mac-broadcast" nwfilter to the domain (the test was erroneously
succeeding because it was checking for a different type of packet than
it was generating, which is fixed in a separate patch).
---
lib/Sys/Virt/TCK.pm | 9 ++++++---
scripts/nwfilter/100-ping-still-working.t | 3 ++-
scripts/nwfilter/210-no-mac-spoofing.t | 3 ++-
scripts/nwfilter/220-no-ip-spoofing.t | 3 ++-
scripts/nwfilter/230-no-mac-broadcast.t | 3 ++-
scripts/nwfilter/240-no-arp-spoofing.t | 3 ++-
6 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/lib/Sys/Virt/TCK.pm b/lib/Sys/Virt/TCK.pm
index ce8e81b..2259042 100644
--- a/lib/Sys/Virt/TCK.pm
+++ b/lib/Sys/Virt/TCK.pm
@@ -766,6 +766,7 @@ sub generic_machine_domain {
my $caps = exists $params{caps} ? $params{caps} : die "caps parameter is
required";
my $ostype = exists $params{ostype} ? $params{ostype} : "hvm";
my $fullos = exists $params{fullos} ? $params{fullos} : 0;
+ my $filterref = exists $params{filterref} ? $params{filterref} : undef;
if ($fullos) {
my %config = $self->get_image($caps, $ostype);
@@ -792,7 +793,7 @@ sub generic_machine_domain {
source => "default",
model => "virtio",
mac => "52:54:00:11:11:11",
- filterref => "clean-traffic");
+ filterref => $filterref);
my $xml = $b->as_xml();
# Cleanup the temporary interface
$b->rminterface();
@@ -896,6 +897,7 @@ sub generic_domain {
my $ostype = exists $params{ostype} ? $params{ostype} : "hvm";
my $fullos = exists $params{fullos} ? $params{fullos} : 0;
my $netmode = exists $params{netmode} ? $params{netmode} : undef;
+ my $filterref = exists $params{filterref} ? $params{filterref} : undef;
my $caps = Sys::Virt::TCK::Capabilities->new(xml =>
$self->conn->get_capabilities);
@@ -915,7 +917,8 @@ sub generic_domain {
$b = $self->generic_machine_domain(name => $name,
caps => $caps,
ostype => $ostype,
- fullos => $fullos);
+ fullos => $fullos,
+ filterref => $filterref);
}
if ($netmode) {
if ($netmode eq "vepa") {
@@ -931,7 +934,7 @@ sub generic_domain {
source => "default",
model => "virtio",
mac => "52:54:00:11:11:11",
- filterref => "clean-traffic");
+ filterref => $filterref);
}
}
return $b;
diff --git a/scripts/nwfilter/100-ping-still-working.t
b/scripts/nwfilter/100-ping-still-working.t
index 5afc6a6..1bbd7c5 100644
--- a/scripts/nwfilter/100-ping-still-working.t
+++ b/scripts/nwfilter/100-ping-still-working.t
@@ -44,7 +44,8 @@ END {
# create first domain and start it
my $xml = $tck->generic_domain(name => "tck", fullos => 1,
- netmode => "network")->as_xml();
+ netmode => "network",
+ filterref => "clean-traffic")->as_xml();
my $dom;
ok_domain(sub { $dom = $conn->define_domain($xml) }, "created persistent domain
object");
diff --git a/scripts/nwfilter/210-no-mac-spoofing.t
b/scripts/nwfilter/210-no-mac-spoofing.t
index eb01d13..b4a4990 100644
--- a/scripts/nwfilter/210-no-mac-spoofing.t
+++ b/scripts/nwfilter/210-no-mac-spoofing.t
@@ -44,7 +44,8 @@ END {
# create first domain and start it
my $xml = $tck->generic_domain(name => "tck", fullos => 1,
- netmode => "network")->as_xml();
+ netmode => "network",
+ filterref => "clean-traffic")->as_xml();
my $dom;
ok_domain(sub { $dom = $conn->define_domain($xml) }, "created persistent domain
object");
diff --git a/scripts/nwfilter/220-no-ip-spoofing.t
b/scripts/nwfilter/220-no-ip-spoofing.t
index 5903961..f3e4a38 100644
--- a/scripts/nwfilter/220-no-ip-spoofing.t
+++ b/scripts/nwfilter/220-no-ip-spoofing.t
@@ -44,7 +44,8 @@ END {
# create first domain and start it
my $xml = $tck->generic_domain(name => "tck", fullos => 1,
- netmode => "network")->as_xml();
+ netmode => "network",
+ filterref => "clean-traffic")->as_xml();
my $dom;
ok_domain(sub { $dom = $conn->define_domain($xml) }, "created persistent domain
object");
diff --git a/scripts/nwfilter/230-no-mac-broadcast.t
b/scripts/nwfilter/230-no-mac-broadcast.t
index 70c1ab4..292c056 100644
--- a/scripts/nwfilter/230-no-mac-broadcast.t
+++ b/scripts/nwfilter/230-no-mac-broadcast.t
@@ -43,7 +43,8 @@ END {
# create first domain and start it
my $xml = $tck->generic_domain(name => "tck", fullos => 1,
- netmode => "network")->as_xml();
+ netmode => "network",
+ filterref =>
"no-mac-broadcast")->as_xml();
my $dom;
ok_domain(sub { $dom = $conn->define_domain($xml) }, "created persistent domain
object");
diff --git a/scripts/nwfilter/240-no-arp-spoofing.t
b/scripts/nwfilter/240-no-arp-spoofing.t
index 45f790a..33febe9 100644
--- a/scripts/nwfilter/240-no-arp-spoofing.t
+++ b/scripts/nwfilter/240-no-arp-spoofing.t
@@ -45,7 +45,8 @@ END {
# create first domain and start it
my $xml = $tck->generic_domain(name => "tck", fullos => 1,
- netmode => "network")->as_xml();
+ netmode => "network",
+ filterref => "clean-traffic")->as_xml();
my $dom;
ok_domain(sub { $dom = $conn->define_domain($xml) }, "created persistent domain
object");
--
2.13.6
3:23 a.m.
New subject: [libvirt] [tck PATCH 6/9] parameterize filterref in generic_domain
On Wed, Feb 07, 2018 at 09:04:56PM -0500, Laine Stump wrote:
...and set it properly in all the nwfilter tests (it's irrelevant
for
the others).
This corrects a problem with the no-mac-broadcast test, which was
checking to see that packets with a destination MAC address of
ff:ff:ff:ff:ff:ff weren't allowed, but was neglecting to add the
"no-mac-broadcast" nwfilter to the domain (the test was erroneously
succeeding because it was checking for a different type of packet than
it was generating, which is fixed in a separate patch).
---
lib/Sys/Virt/TCK.pm | 9 ++++++---
scripts/nwfilter/100-ping-still-working.t | 3 ++-
scripts/nwfilter/210-no-mac-spoofing.t | 3 ++-
scripts/nwfilter/220-no-ip-spoofing.t | 3 ++-
scripts/nwfilter/230-no-mac-broadcast.t | 3 ++-
scripts/nwfilter/240-no-arp-spoofing.t | 3 ++-
6 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/lib/Sys/Virt/TCK.pm b/lib/Sys/Virt/TCK.pm
index ce8e81b..2259042 100644
--- a/lib/Sys/Virt/TCK.pm
+++ b/lib/Sys/Virt/TCK.pm
@@ -766,6 +766,7 @@ sub generic_machine_domain {
my $caps = exists $params{caps} ? $params{caps} : die "caps parameter is
required";
my $ostype = exists $params{ostype} ? $params{ostype} : "hvm";
my $fullos = exists $params{fullos} ? $params{fullos} : 0;
+ my $filterref = exists $params{filterref} ? $params{filterref} : undef;
You could put "clean-traffic" here instead of the 'undef' which....
diff --git a/scripts/nwfilter/100-ping-still-working.t
b/scripts/nwfilter/100-ping-still-working.t
index 5afc6a6..1bbd7c5 100644
--- a/scripts/nwfilter/100-ping-still-working.t
+++ b/scripts/nwfilter/100-ping-still-working.t
@@ -44,7 +44,8 @@ END {
# create first domain and start it
my $xml = $tck->generic_domain(name => "tck", fullos => 1,
- netmode => "network")->as_xml();
+ netmode => "network",
+ filterref => "clean-traffic")->as_xml();
my $dom;
ok_domain(sub { $dom = $conn->define_domain($xml) }, "created persistent domain
object");
diff --git a/scripts/nwfilter/210-no-mac-spoofing.t
b/scripts/nwfilter/210-no-mac-spoofing.t
index eb01d13..b4a4990 100644
--- a/scripts/nwfilter/210-no-mac-spoofing.t
+++ b/scripts/nwfilter/210-no-mac-spoofing.t
@@ -44,7 +44,8 @@ END {
# create first domain and start it
my $xml = $tck->generic_domain(name => "tck", fullos => 1,
- netmode => "network")->as_xml();
+ netmode => "network",
+ filterref => "clean-traffic")->as_xml();
my $dom;
ok_domain(sub { $dom = $conn->define_domain($xml) }, "created persistent domain
object");
diff --git a/scripts/nwfilter/220-no-ip-spoofing.t
b/scripts/nwfilter/220-no-ip-spoofing.t
index 5903961..f3e4a38 100644
--- a/scripts/nwfilter/220-no-ip-spoofing.t
+++ b/scripts/nwfilter/220-no-ip-spoofing.t
@@ -44,7 +44,8 @@ END {
# create first domain and start it
my $xml = $tck->generic_domain(name => "tck", fullos => 1,
- netmode => "network")->as_xml();
+ netmode => "network",
+ filterref => "clean-traffic")->as_xml();
my $dom;
ok_domain(sub { $dom = $conn->define_domain($xml) }, "created persistent domain
object");
....avoids need for any of these changes.
diff --git a/scripts/nwfilter/230-no-mac-broadcast.t
b/scripts/nwfilter/230-no-mac-broadcast.t
index 70c1ab4..292c056 100644
--- a/scripts/nwfilter/230-no-mac-broadcast.t
+++ b/scripts/nwfilter/230-no-mac-broadcast.t
@@ -43,7 +43,8 @@ END {
# create first domain and start it
my $xml = $tck->generic_domain(name => "tck", fullos => 1,
- netmode => "network")->as_xml();
+ netmode => "network",
+ filterref =>
"no-mac-broadcast")->as_xml();
my $dom;
This one is needed to override the default
diff --git a/scripts/nwfilter/240-no-arp-spoofing.t
b/scripts/nwfilter/240-no-arp-spoofing.t
index 45f790a..33febe9 100644
--- a/scripts/nwfilter/240-no-arp-spoofing.t
+++ b/scripts/nwfilter/240-no-arp-spoofing.t
@@ -45,7 +45,8 @@ END {
# create first domain and start it
my $xml = $tck->generic_domain(name => "tck", fullos => 1,
- netmode => "network")->as_xml();
+ netmode => "network",
+ filterref => "clean-traffic")->as_xml();
my $dom;
ok_domain(sub { $dom = $conn->define_domain($xml) }, "created persistent domain
object");
This one can be dropped
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
8:04 p.m.
New subject: [libvirt] [tck PATCH 7/9] Fix ebtables check in no-mac-broadcast test
Once the correct filter is enabled for the no-mac-broadcast test, the
original test to validate ebtables rules is no longer correct - it was
checking for the presence of the test guest's MAC address in the
ebtables output on the host, but the no-mac-broadcast filter doesn't
have the guest's MAC address anywhere. This patch changes the code to
look for "-d Broadcast -j DROP", which actually is added to ebtables
for no-mac-broadcast.
---
scripts/nwfilter/230-no-mac-broadcast.t | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/scripts/nwfilter/230-no-mac-broadcast.t
b/scripts/nwfilter/230-no-mac-broadcast.t
index 292c056..8895a53 100644
--- a/scripts/nwfilter/230-no-mac-broadcast.t
+++ b/scripts/nwfilter/230-no-mac-broadcast.t
@@ -74,12 +74,9 @@ diag "ip is $guestip";
# check ebtables entry
my $ebtables = (-e '/sbin/ebtables') ? '/sbin/ebtables' :
'/usr/sbin/ebtables';
-my $ebtable = `$ebtables -L;$ebtables -t nat -L`;
+my $ebtable = `$ebtables -t nat -L`;
diag $ebtable;
-# ebtables shortens :00: to :0: so we need to do that too
-$_ = $mac;
-s/00/0/g;
-ok($ebtable =~ $_, "check ebtables entry");
+ok($ebtable =~ "-d Broadcast -j DROP", "check ebtables entry for \"-d
Broadcast -j DROP\"");
# prepare tcpdump
diag "prepare tcpdump";
--
2.13.6
3:23 a.m.
New subject: [libvirt] [tck PATCH 7/9] Fix ebtables check in no-mac-broadcast test
On Wed, Feb 07, 2018 at 09:04:57PM -0500, Laine Stump wrote:
Once the correct filter is enabled for the no-mac-broadcast test,
the
original test to validate ebtables rules is no longer correct - it was
checking for the presence of the test guest's MAC address in the
ebtables output on the host, but the no-mac-broadcast filter doesn't
have the guest's MAC address anywhere. This patch changes the code to
look for "-d Broadcast -j DROP", which actually is added to ebtables
for no-mac-broadcast.
---
scripts/nwfilter/230-no-mac-broadcast.t | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/scripts/nwfilter/230-no-mac-broadcast.t
b/scripts/nwfilter/230-no-mac-broadcast.t
index 292c056..8895a53 100644
--- a/scripts/nwfilter/230-no-mac-broadcast.t
+++ b/scripts/nwfilter/230-no-mac-broadcast.t
@@ -74,12 +74,9 @@ diag "ip is $guestip";
# check ebtables entry
my $ebtables = (-e '/sbin/ebtables') ? '/sbin/ebtables' :
'/usr/sbin/ebtables';
-my $ebtable = `$ebtables -L;$ebtables -t nat -L`;
+my $ebtable = `$ebtables -t nat -L`;
diag $ebtable;
-# ebtables shortens :00: to :0: so we need to do that too
-$_ = $mac;
-s/00/0/g;
-ok($ebtable =~ $_, "check ebtables entry");
+ok($ebtable =~ "-d Broadcast -j DROP", "check ebtables entry for
\"-d Broadcast -j DROP\"");
# prepare tcpdump
diag "prepare tcpdump";
Reviewed-by: Daniel P. Berrange <berrange(a)redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
8:04 p.m.
New subject: [libvirt] [tck PATCH 8/9] filter for proper IP address in tcpdump looking for broadcast packet
In the no-mac-broadcast test, a ping is sent to 192.168.122.255, but
tcpdump is set to look for packets with a destination IP of
255.255.255.255. Change it to check for the correct IP address and
also for mac broadcast (which is what the no-mac-broadcast filter
actually looks at). This should eliminate the "false success" that was
happening because tcpdump wasn't actually seeing the broadcast packet
the guest was sending, as well as catching the "false failure" caused
by tcpdump seeing other traffic from the guest unrelated to the test
(which happened to be broadcasts sent to 255.255.255.255).
--- scripts/nwfilter/230-no-mac-broadcast.t | 2 +- 1 file changed, 1
insertion(+), 1 deletion(-)
diff --git a/scripts/nwfilter/230-no-mac-broadcast.t
b/scripts/nwfilter/230-no-mac-broadcast.t
index 8895a53..f05a9c2 100644
--- a/scripts/nwfilter/230-no-mac-broadcast.t
+++ b/scripts/nwfilter/230-no-mac-broadcast.t
@@ -80,7 +80,7 @@ ok($ebtable =~ "-d Broadcast -j DROP", "check ebtables
entry for \"-d Broadcast
# prepare tcpdump
diag "prepare tcpdump";
-system("/usr/sbin/tcpdump -v -i virbr0 -n host 255.255.255.255 2>
/tmp/tcpdump.log &");
+system("/usr/sbin/tcpdump -v -i virbr0 -n host 192.168.122.255 and ether host
ff:ff:ff:ff:ff:ff 2> /tmp/tcpdump.log &");
# log into guest
diag "ssh'ing into $guestip";
--
2.13.6
8:04 p.m.
New subject: [libvirt] [tck PATCH 9/9] Eliminate unnecessary path specifications in binary names
The root account in the Fedora image used for the tests has a properly
specified path, so the extra verbiage just clutters up the screen.
---
scripts/nwfilter/210-no-mac-spoofing.t | 20 ++++++++++----------
scripts/nwfilter/220-no-ip-spoofing.t | 26 +++++++++++++-------------
scripts/nwfilter/230-no-mac-broadcast.t | 2 +-
scripts/nwfilter/240-no-arp-spoofing.t | 6 +++---
4 files changed, 27 insertions(+), 27 deletions(-)
diff --git a/scripts/nwfilter/210-no-mac-spoofing.t
b/scripts/nwfilter/210-no-mac-spoofing.t
index b4a4990..3438f4a 100644
--- a/scripts/nwfilter/210-no-mac-spoofing.t
+++ b/scripts/nwfilter/210-no-mac-spoofing.t
@@ -98,16 +98,16 @@ my $ssh = Net::OpenSSH->new($guestip,
diag "fiddling with mac";
my $cmdfile = <<EOF;
echo "DEV=`ip link | head -3 | tail -1 | awk '{print \\\$2}' | sed -e
's/://'`
-/sbin/ip addr show dev \\\$DEV
-/sbin/ip link set \\\$DEV down
-/sbin/ip link set \\\$DEV address ${macfalse}
-/sbin/ip link set \\\$DEV up
-/sbin/ip addr show dev \\\$DEV
-/bin/ping -c 10 ${gateway} 2>&1
-/sbin/ip link set \\\$DEV down
-/sbin/ip link set \\\$DEV address ${mac}
-/sbin/ip link set \\\$DEV up
-/sbin/ip addr show dev \\\$DEV" > /test.sh
+ip addr show dev \\\$DEV
+ip link set \\\$DEV down
+ip link set \\\$DEV address ${macfalse}
+ip link set \\\$DEV up
+ip addr show dev \\\$DEV
+ping -c 10 ${gateway} 2>&1
+ip link set \\\$DEV down
+ip link set \\\$DEV address ${mac}
+ip link set \\\$DEV up
+ip addr show dev \\\$DEV" > /test.sh
EOF
diag $cmdfile;
my ($stdout, $stderr) = $ssh->capture2($cmdfile);
diff --git a/scripts/nwfilter/220-no-ip-spoofing.t
b/scripts/nwfilter/220-no-ip-spoofing.t
index f3e4a38..9e1bb70 100644
--- a/scripts/nwfilter/220-no-ip-spoofing.t
+++ b/scripts/nwfilter/220-no-ip-spoofing.t
@@ -82,20 +82,20 @@ diag "preparing ip spoof";
my $cmdfile = <<EOF;
echo "DEV=\\\$(ip link | head -3 | tail -1 | awk '{print \\\$2}' | sed -e
's/://')
MASK=\\\$(ip addr show \\\$DEV | grep 'inet ' | awk '{print \\\$2}' | sed
-e 's/.*\\///;q')
-/sbin/ip addr show \\\$DEV
+ip addr show \\\$DEV
kill \\\$(pidof dhclient)
-/sbin/ip link set \\\$DEV down
-/sbin/ip addr flush dev \\\$DEV
-/sbin/ip addr add 192.168.122.183/\\\$MASK dev \\\$DEV
-/sbin/ip link set \\\$DEV up
-/sbin/ip addr show \\\$DEV
-/bin/sleep 1
-/bin/ping -c 1 192.168.122.1
-/sbin/ip link set \\\$DEV down
-/sbin/ip addr flush dev \\\$DEV
-/sbin/ip addr add ${guestip}/\\\$MASK dev \\\$DEV
-/sbin/ip link set \\\$DEV up
-/sbin/ip addr show \\\$DEV" > /test.sh
+ip link set \\\$DEV down
+ip addr flush dev \\\$DEV
+ip addr add 192.168.122.183/\\\$MASK dev \\\$DEV
+ip link set \\\$DEV up
+ip addr show \\\$DEV
+sleep 1
+ping -c 1 192.168.122.1
+ip link set \\\$DEV down
+ip addr flush dev \\\$DEV
+ip addr add ${guestip}/\\\$MASK dev \\\$DEV
+ip link set \\\$DEV up
+ip addr show \\\$DEV" > /test.sh
EOF
diag $cmdfile;
my ($stdout, $stderr) = $ssh->capture2($cmdfile);
diff --git a/scripts/nwfilter/230-no-mac-broadcast.t
b/scripts/nwfilter/230-no-mac-broadcast.t
index f05a9c2..758005c 100644
--- a/scripts/nwfilter/230-no-mac-broadcast.t
+++ b/scripts/nwfilter/230-no-mac-broadcast.t
@@ -91,7 +91,7 @@ my $ssh = Net::OpenSSH->new($guestip,
# now generate a mac broadcast paket
diag "generate mac broadcast";
my $cmdfile = <<EOF;
-echo '/bin/ping -c 1 192.168.122.255 -b' > /test.sh
+echo 'ping -c 1 192.168.122.255 -b' > /test.sh
EOF
diag $cmdfile;
my ($stdout, $stderr) = $ssh->capture2($cmdfile);
diff --git a/scripts/nwfilter/240-no-arp-spoofing.t
b/scripts/nwfilter/240-no-arp-spoofing.t
index 33febe9..dfc8e08 100644
--- a/scripts/nwfilter/240-no-arp-spoofing.t
+++ b/scripts/nwfilter/240-no-arp-spoofing.t
@@ -94,9 +94,9 @@ my $ssh = Net::OpenSSH->new($guestip,
# now generate a arp spoofing packets
diag "generate arpspoof script";
my $cmdfile = <<EOF;
-echo "/usr/sbin/arpspoof ${spoofid} &
-/bin/sleep 10
-kill -15 `/sbin/pidof arpspoof`" > /test.sh
+echo "arpspoof ${spoofid} &
+sleep 10
+kill -15 \\\$(pidof arpspoof)" > /test.sh
EOF
diag "content of cmdfile:";
--
2.13.6
3:24 a.m.
New subject: [libvirt] [tck PATCH 9/9] Eliminate unnecessary path specifications in binary names
On Wed, Feb 07, 2018 at 09:04:59PM -0500, Laine Stump wrote:
The root account in the Fedora image used for the tests has a
properly
specified path, so the extra verbiage just clutters up the screen.
---
scripts/nwfilter/210-no-mac-spoofing.t | 20 ++++++++++----------
scripts/nwfilter/220-no-ip-spoofing.t | 26 +++++++++++++-------------
scripts/nwfilter/230-no-mac-broadcast.t | 2 +-
scripts/nwfilter/240-no-arp-spoofing.t | 6 +++---
4 files changed, 27 insertions(+), 27 deletions(-)
Reviewed-by: Daniel P. Berrange <berrange(a)redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
2478
days inactive
2478
days old
20 comments
2 participants
participants (2)
-
Daniel P. Berrangé -
Laine Stump