[libvirt] [tck PATCH 0/2] set CTRL_IP_LEARNING and DHCPSERVER in filter during no-ip-spoofing test
We've recently discovered two separate bugs that caused libvirt's "DHCP Snooping" feature to not work: https://bugzilla.redhat.com/show_bug.cgi?id=1529338 - libvirt regression https://bugzilla.redhat.com/show_bug.cgi?id=1547237 - libpcap regression Since we didn't have any test suite covering that code, we had the embarrassment of learning of it from someone else's QE (RHV/oVirt QE at Red Hat). This series adds the necessary stuff to the test domain config of libvirt-tck's "no-ip-spoofing" test to exercise the DHCPSnoop thread. (There may be a much better way of dealing with a hash-inside-a-hash; I am an imbecile at perl, and arrived at this code by trial, error, and google searches). Laine Stump (2): new helper function get_network_ip() set CTRL_IP_LEARNING and DHCPSERVER in filter during no-ip-spoofing test lib/Sys/Virt/TCK.pm | 11 ++++++++--- lib/Sys/Virt/TCK/DomainBuilder.pm | 8 +++++++- lib/Sys/Virt/TCK/NetworkHelpers.pm | 10 ++++++++++ scripts/nwfilter/220-no-ip-spoofing.t | 9 ++++++++- 4 files changed, 33 insertions(+), 5 deletions(-) -- 2.14.3
This function gets the first IP address for the named virtual network. Signed-off-by: Laine Stump <laine@laine.org> --- lib/Sys/Virt/TCK/NetworkHelpers.pm | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/Sys/Virt/TCK/NetworkHelpers.pm b/lib/Sys/Virt/TCK/NetworkHelpers.pm index 5f563e5..03bc87a 100644 --- a/lib/Sys/Virt/TCK/NetworkHelpers.pm +++ b/lib/Sys/Virt/TCK/NetworkHelpers.pm @@ -9,6 +9,16 @@ sub get_first_macaddress { return $mac; } +sub get_network_ip { + my $conn = shift; + my $netname = shift; + diag "getting ip for network $netname"; + my $net = $conn->get_network_by_name($netname); + my $net_ip = xpath($net, "string(/network/ip[1]/\@address"); + return $net_ip; +} + + sub get_ip_from_leases{ my $conn = shift; my $netname = shift; -- 2.14.3
Adding these parameters to the clean-traffic filter causes a significant extra piece of code to be executed (a separate thread is started up, which uses libpcap to capture DHCP traffic and learn the IP address of the guest / test appliance), so let's get some test coverage on that code. Signed-off-by: Laine Stump <laine@laine.org> --- lib/Sys/Virt/TCK.pm | 11 ++++++++--- lib/Sys/Virt/TCK/DomainBuilder.pm | 8 +++++++- scripts/nwfilter/220-no-ip-spoofing.t | 9 ++++++++- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/lib/Sys/Virt/TCK.pm b/lib/Sys/Virt/TCK.pm index 3f650a8..0e2e639 100644 --- a/lib/Sys/Virt/TCK.pm +++ b/lib/Sys/Virt/TCK.pm @@ -767,6 +767,7 @@ sub generic_machine_domain { my $ostype = exists $params{ostype} ? $params{ostype} : "hvm"; my $fullos = exists $params{fullos} ? $params{fullos} : 0; my $filterref = exists $params{filterref} ? $params{filterref} : undef; + my %filterparams = exists $params{filterparams} ? %{$params{filterparams}} : undef; if ($fullos) { my %config = $self->get_image($caps, $ostype); @@ -793,7 +794,8 @@ sub generic_machine_domain { source => "default", model => "virtio", mac => "52:54:00:11:11:11", - filterref => $filterref); + filterref => $filterref, + filterparams => \%filterparams); my $xml = $b->as_xml(); # Cleanup the temporary interface $b->rminterface(); @@ -898,6 +900,7 @@ sub generic_domain { my $fullos = exists $params{fullos} ? $params{fullos} : 0; my $netmode = exists $params{netmode} ? $params{netmode} : undef; my $filterref = exists $params{filterref} ? $params{filterref} : undef; + my %filterparams = exists $params{filterparams} ? %{$params{filterparams}} : undef; my $caps = Sys::Virt::TCK::Capabilities->new(xml => $self->conn->get_capabilities); @@ -918,7 +921,8 @@ sub generic_domain { caps => $caps, ostype => $ostype, fullos => $fullos, - filterref => $filterref); + filterref => $filterref, + filterparams => \%filterparams); } if ($netmode) { if ($netmode eq "vepa") { @@ -934,7 +938,8 @@ sub generic_domain { source => "default", model => "virtio", mac => "52:54:00:11:11:11", - filterref => $filterref); + filterref => $filterref, + filterparams => \%filterparams); } } return $b; diff --git a/lib/Sys/Virt/TCK/DomainBuilder.pm b/lib/Sys/Virt/TCK/DomainBuilder.pm index fb9a31f..83cea15 100644 --- a/lib/Sys/Virt/TCK/DomainBuilder.pm +++ b/lib/Sys/Virt/TCK/DomainBuilder.pm @@ -459,8 +459,14 @@ sub as_xml { type => $interface->{model}); } if ($interface->{filterref}) { - $w->emptyTag("filterref", + $w->startTag("filterref", filter => $interface->{filterref}); + foreach my $paramname (keys %{$interface->{filterparams}}) { + $w->emptyTag("parameter", + name => $paramname, + value => $interface->{filterparams}->{$paramname}); + } + $w->endTag("filterref"); } $w->endTag("interface"); } diff --git a/scripts/nwfilter/220-no-ip-spoofing.t b/scripts/nwfilter/220-no-ip-spoofing.t index 9e1bb70..5a82526 100644 --- a/scripts/nwfilter/220-no-ip-spoofing.t +++ b/scripts/nwfilter/220-no-ip-spoofing.t @@ -42,10 +42,17 @@ END { $tck->cleanup if $tck; } +my $networkip = get_network_ip($conn, "default"); +diag "network ip is $networkip"; + # create first domain and start it my $xml = $tck->generic_domain(name => "tck", fullos => 1, netmode => "network", - filterref => "clean-traffic")->as_xml(); + filterref => "clean-traffic", + filterparams => { + CTRL_IP_LEARNING => "dhcp", + DHCPSERVER => $networkip + })->as_xml(); my $dom; ok_domain(sub { $dom = $conn->define_domain($xml) }, "created persistent domain object"); -- 2.14.3
Self-NACK to this series. I found a bug in one of the patches, and modified the other to be more useful in a couple other places. I posted a V2 series with the same subject line. On 02/28/2018 01:30 PM, Laine Stump wrote:
We've recently discovered two separate bugs that caused libvirt's "DHCP Snooping" feature to not work:
https://bugzilla.redhat.com/show_bug.cgi?id=1529338 - libvirt regression https://bugzilla.redhat.com/show_bug.cgi?id=1547237 - libpcap regression
Since we didn't have any test suite covering that code, we had the embarrassment of learning of it from someone else's QE (RHV/oVirt QE at Red Hat).
This series adds the necessary stuff to the test domain config of libvirt-tck's "no-ip-spoofing" test to exercise the DHCPSnoop thread.
(There may be a much better way of dealing with a hash-inside-a-hash; I am an imbecile at perl, and arrived at this code by trial, error, and google searches).
participants (1)
-
Laine Stump