12:30 p.m.
We've recently discovered two separate bugs that caused libvirt's
"DHCP Snooping" feature to not work:
https://bugzilla.redhat.com/show_bug.cgi?id=1529338 - libvirt regression
https://bugzilla.redhat.com/show_bug.cgi?id=1547237 - libpcap regression
Since we didn't have any test suite covering that code, we had the
embarrassment of learning of it from someone else's QE (RHV/oVirt QE
at Red Hat).
This series adds the necessary stuff to the test domain config of
libvirt-tck's "no-ip-spoofing" test to exercise the DHCPSnoop thread.
(There may be a much better way of dealing with a hash-inside-a-hash;
I am an imbecile at perl, and arrived at this code by trial, error,
and google searches).
Laine Stump (2):
new helper function get_network_ip()
set CTRL_IP_LEARNING and DHCPSERVER in filter during no-ip-spoofing
test
lib/Sys/Virt/TCK.pm | 11 ++++++++---
lib/Sys/Virt/TCK/DomainBuilder.pm | 8 +++++++-
lib/Sys/Virt/TCK/NetworkHelpers.pm | 10 ++++++++++
scripts/nwfilter/220-no-ip-spoofing.t | 9 ++++++++-
4 files changed, 33 insertions(+), 5 deletions(-)
--
2.14.3
12:30 p.m.
New subject: [libvirt] [tck PATCH 1/2] new helper function get_network_ip()
This function gets the first IP address for the named virtual network.
Signed-off-by: Laine Stump <laine(a)laine.org>
---
lib/Sys/Virt/TCK/NetworkHelpers.pm | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/lib/Sys/Virt/TCK/NetworkHelpers.pm b/lib/Sys/Virt/TCK/NetworkHelpers.pm
index 5f563e5..03bc87a 100644
--- a/lib/Sys/Virt/TCK/NetworkHelpers.pm
+++ b/lib/Sys/Virt/TCK/NetworkHelpers.pm
@@ -9,6 +9,16 @@ sub get_first_macaddress {
return $mac;
}
+sub get_network_ip {
+ my $conn = shift;
+ my $netname = shift;
+ diag "getting ip for network $netname";
+ my $net = $conn->get_network_by_name($netname);
+ my $net_ip = xpath($net, "string(/network/ip[1]/\@address");
+ return $net_ip;
+}
+
+
sub get_ip_from_leases{
my $conn = shift;
my $netname = shift;
--
2.14.3
12:30 p.m.
New subject: [libvirt] [tck PATCH 2/2] set CTRL_IP_LEARNING and DHCPSERVER in filter during no-ip-spoofing test
Adding these parameters to the clean-traffic filter causes a
significant extra piece of code to be executed (a separate thread is
started up, which uses libpcap to capture DHCP traffic and learn the
IP address of the guest / test appliance), so let's get some test
coverage on that code.
Signed-off-by: Laine Stump <laine(a)laine.org>
---
lib/Sys/Virt/TCK.pm | 11 ++++++++---
lib/Sys/Virt/TCK/DomainBuilder.pm | 8 +++++++-
scripts/nwfilter/220-no-ip-spoofing.t | 9 ++++++++-
3 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/lib/Sys/Virt/TCK.pm b/lib/Sys/Virt/TCK.pm
index 3f650a8..0e2e639 100644
--- a/lib/Sys/Virt/TCK.pm
+++ b/lib/Sys/Virt/TCK.pm
@@ -767,6 +767,7 @@ sub generic_machine_domain {
my $ostype = exists $params{ostype} ? $params{ostype} : "hvm";
my $fullos = exists $params{fullos} ? $params{fullos} : 0;
my $filterref = exists $params{filterref} ? $params{filterref} : undef;
+ my %filterparams = exists $params{filterparams} ? %{$params{filterparams}} : undef;
if ($fullos) {
my %config = $self->get_image($caps, $ostype);
@@ -793,7 +794,8 @@ sub generic_machine_domain {
source => "default",
model => "virtio",
mac => "52:54:00:11:11:11",
- filterref => $filterref);
+ filterref => $filterref,
+ filterparams => \%filterparams);
my $xml = $b->as_xml();
# Cleanup the temporary interface
$b->rminterface();
@@ -898,6 +900,7 @@ sub generic_domain {
my $fullos = exists $params{fullos} ? $params{fullos} : 0;
my $netmode = exists $params{netmode} ? $params{netmode} : undef;
my $filterref = exists $params{filterref} ? $params{filterref} : undef;
+ my %filterparams = exists $params{filterparams} ? %{$params{filterparams}} : undef;
my $caps = Sys::Virt::TCK::Capabilities->new(xml =>
$self->conn->get_capabilities);
@@ -918,7 +921,8 @@ sub generic_domain {
caps => $caps,
ostype => $ostype,
fullos => $fullos,
- filterref => $filterref);
+ filterref => $filterref,
+ filterparams => \%filterparams);
}
if ($netmode) {
if ($netmode eq "vepa") {
@@ -934,7 +938,8 @@ sub generic_domain {
source => "default",
model => "virtio",
mac => "52:54:00:11:11:11",
- filterref => $filterref);
+ filterref => $filterref,
+ filterparams => \%filterparams);
}
}
return $b;
diff --git a/lib/Sys/Virt/TCK/DomainBuilder.pm b/lib/Sys/Virt/TCK/DomainBuilder.pm
index fb9a31f..83cea15 100644
--- a/lib/Sys/Virt/TCK/DomainBuilder.pm
+++ b/lib/Sys/Virt/TCK/DomainBuilder.pm
@@ -459,8 +459,14 @@ sub as_xml {
type => $interface->{model});
}
if ($interface->{filterref}) {
- $w->emptyTag("filterref",
+ $w->startTag("filterref",
filter => $interface->{filterref});
+ foreach my $paramname (keys %{$interface->{filterparams}}) {
+ $w->emptyTag("parameter",
+ name => $paramname,
+ value =>
$interface->{filterparams}->{$paramname});
+ }
+ $w->endTag("filterref");
}
$w->endTag("interface");
}
diff --git a/scripts/nwfilter/220-no-ip-spoofing.t
b/scripts/nwfilter/220-no-ip-spoofing.t
index 9e1bb70..5a82526 100644
--- a/scripts/nwfilter/220-no-ip-spoofing.t
+++ b/scripts/nwfilter/220-no-ip-spoofing.t
@@ -42,10 +42,17 @@ END {
$tck->cleanup if $tck;
}
+my $networkip = get_network_ip($conn, "default");
+diag "network ip is $networkip";
+
# create first domain and start it
my $xml = $tck->generic_domain(name => "tck", fullos => 1,
netmode => "network",
- filterref => "clean-traffic")->as_xml();
+ filterref => "clean-traffic",
+ filterparams => {
+ CTRL_IP_LEARNING => "dhcp",
+ DHCPSERVER => $networkip
+ })->as_xml();
my $dom;
ok_domain(sub { $dom = $conn->define_domain($xml) }, "created persistent domain
object");
--
2.14.3
8:51 p.m.
Self-NACK to this series. I found a bug in one of the patches, and
modified the other to be more useful in a couple other places.
I posted a V2 series with the same subject line.
On 02/28/2018 01:30 PM, Laine Stump wrote:
We've recently discovered two separate bugs that caused
libvirt's
"DHCP Snooping" feature to not work:
https://bugzilla.redhat.com/show_bug.cgi?id=1529338 - libvirt regression
https://bugzilla.redhat.com/show_bug.cgi?id=1547237 - libpcap regression
Since we didn't have any test suite covering that code, we had the
embarrassment of learning of it from someone else's QE (RHV/oVirt QE
at Red Hat).
This series adds the necessary stuff to the test domain config of
libvirt-tck's "no-ip-spoofing" test to exercise the DHCPSnoop thread.
(There may be a much better way of dealing with a hash-inside-a-hash;
I am an imbecile at perl, and arrived at this code by trial, error,
and google searches).
2456
days inactive
2458
days old
3 comments
1 participants
participants (1)
-
Laine Stump