From nobody Thu Apr 25 05:10:52 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1520359021034650.5369302294333;
 Tue, 6 Mar 2018 09:57:01 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 9FFA5C057FA7;
	Tue,  6 Mar 2018 17:56:59 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 40B705C460;
	Tue,  6 Mar 2018 17:56:59 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9BD9118033EE;
	Tue,  6 Mar 2018 17:56:58 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w26HuukE001377 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 6 Mar 2018 12:56:56 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id B3F0F2144B21; Tue,  6 Mar 2018 17:56:56 +0000 (UTC)
Received: from vhost2.laine.org (ovpn-116-195.phx2.redhat.com [10.3.116.195])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 2B3612144B20;
	Tue,  6 Mar 2018 17:56:56 +0000 (UTC)
From: Laine Stump <laine@laine.org>
To: libvir-list@redhat.com
Date: Tue,  6 Mar 2018 12:56:46 -0500
Message-Id: <20180306175647.520402-2-laine@laine.org>
In-Reply-To: <20180306175647.520402-1-laine@laine.org>
References: <20180306175647.520402-1-laine@laine.org>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-loop: libvir-list@redhat.com
Subject: [libvirt] [tck PATCH 1/2] cleanup all nwfilters beginning with ^tck
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]);
 Tue, 06 Mar 2018 17:57:00 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Just as we do with domains, network, etc, do a pre-test check for any
existing nwfilters that start with "tck" (the test will be aborted in
that case unless "--force" is added to the commandline), and remove
same during the cleanup at the end.

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 lib/Sys/Virt/TCK.pm | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/lib/Sys/Virt/TCK.pm b/lib/Sys/Virt/TCK.pm
index f9d9f30..e7ff71b 100644
--- a/lib/Sys/Virt/TCK.pm
+++ b/lib/Sys/Virt/TCK.pm
@@ -130,6 +130,11 @@ sub sanity_check {
         die "there is/are " . int(@nets) . " pre-existing inactive network=
(s) in this driver";
     }
=20
+    my @nwfilters =3D grep { $_->get_name =3D~ /^tck/ } $conn->list_nwfilt=
ers;
+    if (@nwfilters) {
+        die "there is/are " . int(@nwfilters) . " pre-existing nwfilter(s)=
 in this driver";
+    }
+
     my @pools =3D grep { $_->get_name =3D~ /^tck/ } $conn->list_storage_po=
ols;
     if (@pools) {
         die "there is/are " . int(@pools) . " pre-existing active storage_=
pool(s) in this driver";
@@ -188,6 +193,16 @@ sub reset_networks {
     }
 }
=20
+sub reset_nwfilters {
+    my $self =3D shift;
+    my $conn =3D shift;
+
+    my @nwfilters =3D grep { $_->get_name =3D~ /^tck/ } $conn->list_nwfilt=
ers;
+    foreach my $nwfilter (@nwfilters) {
+        $nwfilter->undefine;
+    }
+}
+
 sub reset_storage_pools {
     my $self =3D shift;
     my $conn =3D shift;
@@ -217,6 +232,7 @@ sub reset {
=20
     $self->reset_domains($conn);
     $self->reset_networks($conn);
+    $self->reset_nwfilters($conn);
     $self->reset_storage_pools($conn);
 }
=20
--=20
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Thu Apr 25 05:10:52 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1520359031589772.0823355470335;
 Tue, 6 Mar 2018 09:57:11 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 1091366857;
	Tue,  6 Mar 2018 17:57:10 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 82A226049B;
	Tue,  6 Mar 2018 17:57:09 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 28F3A18033F5;
	Tue,  6 Mar 2018 17:57:09 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w26HuvBW001388 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 6 Mar 2018 12:56:57 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 8A8172144B21; Tue,  6 Mar 2018 17:56:57 +0000 (UTC)
Received: from vhost2.laine.org (ovpn-116-195.phx2.redhat.com [10.3.116.195])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 02D862144B20;
	Tue,  6 Mar 2018 17:56:56 +0000 (UTC)
From: Laine Stump <laine@laine.org>
To: libvir-list@redhat.com
Date: Tue,  6 Mar 2018 12:56:47 -0500
Message-Id: <20180306175647.520402-3-laine@laine.org>
In-Reply-To: <20180306175647.520402-1-laine@laine.org>
References: <20180306175647.520402-1-laine@laine.org>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-loop: libvir-list@redhat.com
Subject: [libvirt] [tck PATCH 2/2] Fix no-mac-broadcast test
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]);
 Tue, 06 Mar 2018 17:57:10 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

This test is supposed to test that the no-mac-broadcast nwfilter
properly blocks all outgoing traffic with the MAC broadcast address as
its destination. When the no-mac-broadcast filter is used by itself,
though, it blocks even DHCP and ARP requests, meaning that the network
connection to the guest isn't even enough to allow the test script to
ssh in to do its work.

This patch solves the problem by temporarily creating a new nwfilter
that precedes the no-mac-broadcast rule with clean-traffic (which will
allow dhcp requests and responses) and allow-arp (as the name
states). This gives us enough network connection to get into the
guest, attempt a broadcast ping, and see that it fails.

(I'm not sure how this test ever reported success in the past. If it
did, it was only because something else was broken).

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 scripts/nwfilter/230-no-mac-broadcast.t | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/scripts/nwfilter/230-no-mac-broadcast.t b/scripts/nwfilter/230=
-no-mac-broadcast.t
index 08695ae..ee2d43f 100644
--- a/scripts/nwfilter/230-no-mac-broadcast.t
+++ b/scripts/nwfilter/230-no-mac-broadcast.t
@@ -34,6 +34,7 @@ use Test::Exception;
 use Net::OpenSSH;
 use File::Spec::Functions qw(catfile catdir rootdir);
=20
+my $nwfilter;
 my $tck =3D Sys::Virt::TCK->new();
 my $conn =3D eval { $tck->setup(); };
 BAIL_OUT "failed to setup test harness: $@" if $@;
@@ -42,13 +43,39 @@ END {
 }
=20
 my $networkip =3D get_network_ip($conn, "default");
+my $networkipaddr =3D $networkip->addr();
 my $networkipbroadcast =3D $networkip->broadcast()->addr();
 diag "network ip is $networkip, broadcast address is $networkipbroadcast";
=20
+# we are testing the no-mac-broadcast filter, but that filter by
+# itself makes for a completely unusable network connection. In order
+# to have enough networking to properly run the test, we need to allow
+# dhcp and arp broadcast traffic, which is done via the clean-traffic
+# and allow-arp filters; the no-mac-broadcast filter then forbids any
+# other packets with the broadcast address for destination.
+#
+my $nwfilter_xml =3D <<EOF;
+<filter name=3D'tck-test-broadcast'>
+  <filterref filter=3D'clean-traffic'/>
+  <filterref filter=3D'allow-arp'/>
+  <filterref filter=3D'no-mac-broadcast'/>
+</filter>
+EOF
+
+# define_nwfilter() was missing from perl bindings until libvirt 4.2.0,
+# so we go in the back door when it's not there.
+$nwfilter =3D $conn->can("define_nwfilter")
+    ? $conn->define_nwfilter($nwfilter_xml)
+    : Sys::Virt::NWFilter->_new(connection =3D> $conn, xml =3D> $nwfilter_=
xml);
+
 # create first domain and start it
 my $xml =3D $tck->generic_domain(name =3D> "tck", fullos =3D> 1,
                                netmode =3D> "network",
-                               filterref =3D> "no-mac-broadcast")->as_xml(=
);
+                               filterref =3D> "tck-test-broadcast",
+                                   filterparams =3D> {
+                                   CTRL_IP_LEARNING =3D> "dhcp",
+                                   DHCPSERVER =3D> $networkipaddr
+                               })->as_xml();
=20
 my $dom;
 ok_domain(sub { $dom =3D $conn->define_domain($xml) }, "created persistent=
 domain object");
--=20
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list