From nobody Sun Apr 28 07:31:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1519959014636286.35855317287815; Thu, 1 Mar 2018 18:50:14 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C795C83F43; Fri, 2 Mar 2018 02:50:12 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 790655D6A3; Fri, 2 Mar 2018 02:50:12 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C369C18033ED; Fri, 2 Mar 2018 02:50:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w222o9iw016109 for ; Thu, 1 Mar 2018 21:50:10 -0500 Received: by smtp.corp.redhat.com (Postfix) id A91EB9C072; Fri, 2 Mar 2018 02:50:09 +0000 (UTC) Received: from vhost2.laine.org (ovpn-117-175.phx2.redhat.com [10.3.117.175]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3FEA59C062 for ; Fri, 2 Mar 2018 02:50:09 +0000 (UTC) From: Laine Stump To: libvir-list@redhat.com Date: Thu, 1 Mar 2018 21:49:57 -0500 Message-Id: <20180302025000.26919-2-laine@laine.org> In-Reply-To: <20180302025000.26919-1-laine@laine.org> References: <20180302025000.26919-1-laine@laine.org> X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [tck PATCH v2 1/4] nwfilter tests: auto-add test appliance ssh key to known_hosts on host X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Fri, 02 Mar 2018 02:50:13 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Without this option, attempts to ssh into the test appliance will fail unless someone has previously ssh'ed into the appliance manually and accepted its key. Signed-off-by: Laine Stump Reviewed-by: Daniel P. Berrang=C3=A9 --- New in V2. This isn't necessarily related to the $subject of the cover letter, but it's easier to send it along with the other patches. scripts/nwfilter/210-no-mac-spoofing.t | 3 ++- scripts/nwfilter/220-no-ip-spoofing.t | 3 ++- scripts/nwfilter/230-no-mac-broadcast.t | 3 ++- scripts/nwfilter/240-no-arp-spoofing.t | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/scripts/nwfilter/210-no-mac-spoofing.t b/scripts/nwfilter/210-= no-mac-spoofing.t index 3438f4a..148fbeb 100644 --- a/scripts/nwfilter/210-no-mac-spoofing.t +++ b/scripts/nwfilter/210-no-mac-spoofing.t @@ -92,7 +92,8 @@ ok($ping =3D~ "10 received", "ping $guestip test"); diag "ssh'ing into $guestip"; my $ssh =3D Net::OpenSSH->new($guestip, user =3D> "root", - password =3D> $tck->root_password()); + password =3D> $tck->root_password(), + master_opts =3D> [-o =3D> "StrictHostKeyChecki= ng=3Dno"]); =20 # now bring eth0 down, change MAC and bring it up again diag "fiddling with mac"; diff --git a/scripts/nwfilter/220-no-ip-spoofing.t b/scripts/nwfilter/220-n= o-ip-spoofing.t index 9e1bb70..09bd51c 100644 --- a/scripts/nwfilter/220-no-ip-spoofing.t +++ b/scripts/nwfilter/220-no-ip-spoofing.t @@ -75,7 +75,8 @@ ok($ebtable =3D~ "$guestip", "check ebtables entry"); diag "ssh'ing into $guestip"; my $ssh =3D Net::OpenSSH->new($guestip, user =3D> "root", - password =3D> $tck->root_password()); + password =3D> $tck->root_password(), + master_opts =3D> [-o =3D> "StrictHostKeyChecki= ng=3Dno"]); =20 # now bring eth0 down, change IP and bring it up again diag "preparing ip spoof"; diff --git a/scripts/nwfilter/230-no-mac-broadcast.t b/scripts/nwfilter/230= -no-mac-broadcast.t index 758005c..6f5318a 100644 --- a/scripts/nwfilter/230-no-mac-broadcast.t +++ b/scripts/nwfilter/230-no-mac-broadcast.t @@ -86,7 +86,8 @@ system("/usr/sbin/tcpdump -v -i virbr0 -n host 192.168.12= 2.255 and ether host ff diag "ssh'ing into $guestip"; my $ssh =3D Net::OpenSSH->new($guestip, user =3D> "root", - password =3D> $tck->root_password()); + password =3D> $tck->root_password(), + master_opts =3D> [-o =3D> "StrictHostKeyCheck= ing=3Dno"]); =20 # now generate a mac broadcast paket=20 diag "generate mac broadcast"; diff --git a/scripts/nwfilter/240-no-arp-spoofing.t b/scripts/nwfilter/240-= no-arp-spoofing.t index dfc8e08..a8ab7a5 100644 --- a/scripts/nwfilter/240-no-arp-spoofing.t +++ b/scripts/nwfilter/240-no-arp-spoofing.t @@ -89,7 +89,8 @@ system("/usr/sbin/tcpdump -v -i virbr0 not ip > /tmp/tcp= dump.log &"); diag "ssh'ing into $guestip"; my $ssh =3D Net::OpenSSH->new($guestip, user =3D> "root", - password =3D> $tck->root_password()); + password =3D> $tck->root_password(), + master_opts =3D> [-o =3D> "StrictHostKeyChecki= ng=3Dno"]); =20 # now generate a arp spoofing packets=20 diag "generate arpspoof script"; --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun Apr 28 07:31:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1519959025667425.8527697060422; Thu, 1 Mar 2018 18:50:25 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1EF1B5D68A; Fri, 2 Mar 2018 02:50:24 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B33CA6A052; Fri, 2 Mar 2018 02:50:23 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 59AA518033F2; Fri, 2 Mar 2018 02:50:23 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w222oAMM016119 for ; Thu, 1 Mar 2018 21:50:10 -0500 Received: by smtp.corp.redhat.com (Postfix) id 5FB159C072; Fri, 2 Mar 2018 02:50:10 +0000 (UTC) Received: from vhost2.laine.org (ovpn-117-175.phx2.redhat.com [10.3.117.175]) by smtp.corp.redhat.com (Postfix) with ESMTP id EBA409C079 for ; Fri, 2 Mar 2018 02:50:09 +0000 (UTC) From: Laine Stump To: libvir-list@redhat.com Date: Thu, 1 Mar 2018 21:49:58 -0500 Message-Id: <20180302025000.26919-3-laine@laine.org> In-Reply-To: <20180302025000.26919-1-laine@laine.org> References: <20180302025000.26919-1-laine@laine.org> X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [tck PATCH v2 2/4] new NetworkHelper function get_network_ip() X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 02 Mar 2018 02:50:24 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" This function gets the first IP address for the named virtual network. It is returned as a Net::IP object, so that we will have info about its netmask/prefix and can easily get it broadcast address and perform arithmetic on the address. Signed-off-by: Laine Stump --- Change from V1: return a NetAddr::IP object instead of a string. lib/Sys/Virt/TCK/NetworkHelpers.pm | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/lib/Sys/Virt/TCK/NetworkHelpers.pm b/lib/Sys/Virt/TCK/NetworkH= elpers.pm index 5f563e5..7bbce62 100644 --- a/lib/Sys/Virt/TCK/NetworkHelpers.pm +++ b/lib/Sys/Virt/TCK/NetworkHelpers.pm @@ -1,4 +1,5 @@ use Sys::Virt::TCK qw(xpath); +use NetAddr::IP qw(:lower); use strict; use utf8; =20 @@ -9,6 +10,27 @@ sub get_first_macaddress { return $mac; } =20 +sub get_network_ip { + my $conn =3D shift; + my $netname =3D shift; + diag "getting ip for network $netname"; + my $net =3D $conn->get_network_by_name($netname); + my $net_ip =3D xpath($net, "string(/network/ip[1]/\@address"); + my $net_mask =3D xpath($net, "string(/network/ip[1]/\@netmask"); + my $net_prefix =3D xpath($net, "string(/network/ip[1]/\@prefix"); + my $ip; + + if ($net_mask) { + $ip =3D NetAddr::IP->new($net_ip, $net_mask); + } elsif ($net_prefix) { + $ip =3D NetAddr::IP->new("$net_ip/$net_mask"); + } else { + $ip =3D NetAddr::IP->new("$net_ip"); + } + return $ip; +} + + sub get_ip_from_leases{ my $conn =3D shift; my $netname =3D shift; --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun Apr 28 07:31:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1519959024283514.7394781463286; Thu, 1 Mar 2018 18:50:24 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D30BF356F6; Fri, 2 Mar 2018 02:50:22 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A297D60C80; Fri, 2 Mar 2018 02:50:22 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 679E218033F0; Fri, 2 Mar 2018 02:50:22 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w222oBbd016129 for ; Thu, 1 Mar 2018 21:50:11 -0500 Received: by smtp.corp.redhat.com (Postfix) id 1617B9C072; Fri, 2 Mar 2018 02:50:11 +0000 (UTC) Received: from vhost2.laine.org (ovpn-117-175.phx2.redhat.com [10.3.117.175]) by smtp.corp.redhat.com (Postfix) with ESMTP id A1EA19C062 for ; Fri, 2 Mar 2018 02:50:10 +0000 (UTC) From: Laine Stump To: libvir-list@redhat.com Date: Thu, 1 Mar 2018 21:49:59 -0500 Message-Id: <20180302025000.26919-4-laine@laine.org> In-Reply-To: <20180302025000.26919-1-laine@laine.org> References: <20180302025000.26919-1-laine@laine.org> X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [tck PATCH v2 3/4] set CTRL_IP_LEARNING and DHCPSERVER in filter during no-ip-spoofing test X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Fri, 02 Mar 2018 02:50:23 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Adding these parameters to the clean-traffic filter causes a significant extra piece of code to be executed (a separate thread is started up, which uses libpcap to capture DHCP traffic and learn the IP address of the guest / test appliance), so let's get some test coverage on that code. Signed-off-by: Laine Stump Reviewed-by: Daniel P. Berrang=C3=A9 --- Change from V1: * set %filterparams to () instead of undef when not specified. (undef caused a runtime error that I hadn't noticed, since the result was the same) * adjust to use NetAddr::IP object instead of string for networkip. lib/Sys/Virt/TCK.pm | 11 ++++++++--- lib/Sys/Virt/TCK/DomainBuilder.pm | 8 +++++++- scripts/nwfilter/220-no-ip-spoofing.t | 11 ++++++++++- 3 files changed, 25 insertions(+), 5 deletions(-) diff --git a/lib/Sys/Virt/TCK.pm b/lib/Sys/Virt/TCK.pm index 3f650a8..f9d9f30 100644 --- a/lib/Sys/Virt/TCK.pm +++ b/lib/Sys/Virt/TCK.pm @@ -767,6 +767,7 @@ sub generic_machine_domain { my $ostype =3D exists $params{ostype} ? $params{ostype} : "hvm"; my $fullos =3D exists $params{fullos} ? $params{fullos} : 0; my $filterref =3D exists $params{filterref} ? $params{filterref} : und= ef; + my %filterparams =3D exists $params{filterparams} ? %{$params{filterpa= rams}} : (); =20 if ($fullos) { my %config =3D $self->get_image($caps, $ostype); @@ -793,7 +794,8 @@ sub generic_machine_domain { source =3D> "default", model =3D> "virtio", mac =3D> "52:54:00:11:11:11", - filterref =3D> $filterref); + filterref =3D> $filterref, + filterparams =3D> \%filterparams); my $xml =3D $b->as_xml(); # Cleanup the temporary interface $b->rminterface(); @@ -898,6 +900,7 @@ sub generic_domain { my $fullos =3D exists $params{fullos} ? $params{fullos} : 0; my $netmode =3D exists $params{netmode} ? $params{netmode} : undef; my $filterref =3D exists $params{filterref} ? $params{filterref} : und= ef; + my %filterparams =3D exists $params{filterparams} ? %{$params{filterpa= rams}} : (); =20 my $caps =3D Sys::Virt::TCK::Capabilities->new(xml =3D> $self->conn->g= et_capabilities); =20 @@ -918,7 +921,8 @@ sub generic_domain { caps =3D> $caps, ostype =3D> $ostype, fullos =3D> $fullos, - filterref =3D> $filterref); + filterref =3D> $filterref, + filterparams =3D> \%filterparam= s); } if ($netmode) { if ($netmode eq "vepa") { @@ -934,7 +938,8 @@ sub generic_domain { source =3D> "default", model =3D> "virtio", mac =3D> "52:54:00:11:11:11", - filterref =3D> $filterref); + filterref =3D> $filterref, + filterparams =3D> \%filterparams); } } return $b; diff --git a/lib/Sys/Virt/TCK/DomainBuilder.pm b/lib/Sys/Virt/TCK/DomainBui= lder.pm index fb9a31f..83cea15 100644 --- a/lib/Sys/Virt/TCK/DomainBuilder.pm +++ b/lib/Sys/Virt/TCK/DomainBuilder.pm @@ -459,8 +459,14 @@ sub as_xml { type =3D> $interface->{model}); } if ($interface->{filterref}) { - $w->emptyTag("filterref", + $w->startTag("filterref", filter =3D> $interface->{filterref}); + foreach my $paramname (keys %{$interface->{filterparams}}) { + $w->emptyTag("parameter", + name =3D> $paramname, + value =3D> $interface->{filterparams}->{$para= mname}); + } + $w->endTag("filterref"); } $w->endTag("interface"); } diff --git a/scripts/nwfilter/220-no-ip-spoofing.t b/scripts/nwfilter/220-n= o-ip-spoofing.t index 09bd51c..2f454c5 100644 --- a/scripts/nwfilter/220-no-ip-spoofing.t +++ b/scripts/nwfilter/220-no-ip-spoofing.t @@ -42,10 +42,19 @@ END { $tck->cleanup if $tck; } =20 +my $networkip =3D get_network_ip($conn, "default"); +my $networkipaddr =3D $networkip->addr(); +diag "network ip is $networkip, individual ip is $networkipaddr"; +=20 + # create first domain and start it my $xml =3D $tck->generic_domain(name =3D> "tck", fullos =3D> 1, netmode =3D> "network", - filterref =3D> "clean-traffic")->as_xml(); + filterref =3D> "clean-traffic", + filterparams =3D> { + CTRL_IP_LEARNING =3D> "dhcp", + DHCPSERVER =3D> $networkipaddr + })->as_xml(); =20 my $dom; ok_domain(sub { $dom =3D $conn->define_domain($xml) }, "created persistent= domain object"); --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun Apr 28 07:31:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1519959027640874.8435568106545; Thu, 1 Mar 2018 18:50:27 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4865E7FDD5; Fri, 2 Mar 2018 02:50:26 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1D0F7620BA; Fri, 2 Mar 2018 02:50:26 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D797618033F4; Fri, 2 Mar 2018 02:50:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w222oBSG016146 for ; Thu, 1 Mar 2018 21:50:11 -0500 Received: by smtp.corp.redhat.com (Postfix) id BFD359C072; Fri, 2 Mar 2018 02:50:11 +0000 (UTC) Received: from vhost2.laine.org (ovpn-117-175.phx2.redhat.com [10.3.117.175]) by smtp.corp.redhat.com (Postfix) with ESMTP id 587609C07F for ; Fri, 2 Mar 2018 02:50:11 +0000 (UTC) From: Laine Stump To: libvir-list@redhat.com Date: Thu, 1 Mar 2018 21:50:00 -0500 Message-Id: <20180302025000.26919-5-laine@laine.org> In-Reply-To: <20180302025000.26919-1-laine@laine.org> References: <20180302025000.26919-1-laine@laine.org> X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [tck PATCH v2 4/4] nwfilter tests: remove all hardcoded references to 192.168.122 network X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Fri, 02 Mar 2018 02:50:26 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The nwfilter tests have a few places that hardcode 192.168.122 as the address of libvirt's default network. Remove all of these and replace them with addresses that are dynamically determined based on get_network_ip(). (This will have the immediate effect of helping the tests to succeed when libvirt-tck is run in a virtual machine, since virtual machines often have their default network set to a different subnet (in order to avoid conflict with the L0 host's default network)). Signed-off-by: Laine Stump Reviewed-by: Daniel P. Berrang=C3=A9 --- New in V2. Another patch not necessarily related to $subject of the cover letter, but useful to have. scripts/nwfilter/210-no-mac-spoofing.t | 9 ++++++--- scripts/nwfilter/220-no-ip-spoofing.t | 14 ++++++++++---- scripts/nwfilter/230-no-mac-broadcast.t | 8 ++++++-- scripts/nwfilter/240-no-arp-spoofing.t | 19 ++++++++++++++----- 4 files changed, 36 insertions(+), 14 deletions(-) diff --git a/scripts/nwfilter/210-no-mac-spoofing.t b/scripts/nwfilter/210-= no-mac-spoofing.t index 148fbeb..7b74f94 100644 --- a/scripts/nwfilter/210-no-mac-spoofing.t +++ b/scripts/nwfilter/210-no-mac-spoofing.t @@ -42,6 +42,10 @@ END { $tck->cleanup if $tck; } =20 +my $networkip =3D get_network_ip($conn, "default"); +my $networkipaddr =3D $networkip->addr(); +diag "network ip is $networkip, individual ip is $networkipaddr"; + # create first domain and start it my $xml =3D $tck->generic_domain(name =3D> "tck", fullos =3D> 1, netmode =3D> "network", @@ -71,7 +75,7 @@ my $mac =3D get_first_macaddress($dom); diag "mac is $mac"; =20 my $guestip =3D get_ip_from_leases($conn, "default", $mac); -diag "ip is $guestip"; +diag "guest ip is $guestip"; =20 # check ebtables entry my $ebtables =3D (-e '/sbin/ebtables') ? '/sbin/ebtables' : '/usr/sbin/ebt= ables'; @@ -82,7 +86,6 @@ $_ =3D $mac; s/00/0/g;=20 ok($ebtable =3D~ $_, "check ebtables entry"); =20 -my $gateway =3D "192.168.122.1"; my $macfalse =3D "52:54:00:f9:21:22"; my $ping =3D `ping -c 10 $guestip`; diag $ping; @@ -104,7 +107,7 @@ ip link set \\\$DEV down ip link set \\\$DEV address ${macfalse} ip link set \\\$DEV up ip addr show dev \\\$DEV -ping -c 10 ${gateway} 2>&1 +ping -c 10 ${networkipaddr} 2>&1 ip link set \\\$DEV down ip link set \\\$DEV address ${mac} ip link set \\\$DEV up diff --git a/scripts/nwfilter/220-no-ip-spoofing.t b/scripts/nwfilter/220-n= o-ip-spoofing.t index 2f454c5..85c4807 100644 --- a/scripts/nwfilter/220-no-ip-spoofing.t +++ b/scripts/nwfilter/220-no-ip-spoofing.t @@ -45,7 +45,6 @@ END { my $networkip =3D get_network_ip($conn, "default"); my $networkipaddr =3D $networkip->addr(); diag "network ip is $networkip, individual ip is $networkipaddr"; -=20 =20 # create first domain and start it my $xml =3D $tck->generic_domain(name =3D> "tck", fullos =3D> 1, @@ -71,7 +70,14 @@ my $mac =3D get_first_macaddress($dom); diag "mac is $mac"; =20 my $guestip =3D get_ip_from_leases($conn, "default", $mac); -diag "ip is $guestip"; +diag "guest ip is $guestip"; + +my $spoofip =3D $networkip + 1; +if ($spoofip->addr() eq $guestip) { + $spoofip++; +} +my $spoofipaddr =3D $spoofip->addr(); +diag "spoof ip is $spoofipaddr"; =20 # check ebtables entry my $ebtables =3D (-e '/sbin/ebtables') ? '/sbin/ebtables' : '/usr/sbin/ebt= ables'; @@ -96,11 +102,11 @@ ip addr show \\\$DEV kill \\\$(pidof dhclient) ip link set \\\$DEV down ip addr flush dev \\\$DEV -ip addr add 192.168.122.183/\\\$MASK dev \\\$DEV +ip addr add ${spoofipaddr}/\\\$MASK dev \\\$DEV ip link set \\\$DEV up ip addr show \\\$DEV sleep 1 -ping -c 1 192.168.122.1 +ping -c 1 ${networkipaddr} ip link set \\\$DEV down ip addr flush dev \\\$DEV ip addr add ${guestip}/\\\$MASK dev \\\$DEV diff --git a/scripts/nwfilter/230-no-mac-broadcast.t b/scripts/nwfilter/230= -no-mac-broadcast.t index 6f5318a..08695ae 100644 --- a/scripts/nwfilter/230-no-mac-broadcast.t +++ b/scripts/nwfilter/230-no-mac-broadcast.t @@ -41,6 +41,10 @@ END { $tck->cleanup if $tck; } =20 +my $networkip =3D get_network_ip($conn, "default"); +my $networkipbroadcast =3D $networkip->broadcast()->addr(); +diag "network ip is $networkip, broadcast address is $networkipbroadcast"; + # create first domain and start it my $xml =3D $tck->generic_domain(name =3D> "tck", fullos =3D> 1, netmode =3D> "network", @@ -80,7 +84,7 @@ ok($ebtable =3D~ "-d Broadcast -j DROP", "check ebtables = entry for \"-d Broadcast =20 # prepare tcpdump diag "prepare tcpdump"; -system("/usr/sbin/tcpdump -v -i virbr0 -n host 192.168.122.255 and ether h= ost ff:ff:ff:ff:ff:ff 2> /tmp/tcpdump.log &"); +system("/usr/sbin/tcpdump -v -i virbr0 -n host $networkipbroadcast and eth= er host ff:ff:ff:ff:ff:ff 2> /tmp/tcpdump.log &"); =20 # log into guest diag "ssh'ing into $guestip"; @@ -92,7 +96,7 @@ my $ssh =3D Net::OpenSSH->new($guestip, # now generate a mac broadcast paket=20 diag "generate mac broadcast"; my $cmdfile =3D < /test.sh +echo 'ping -c 1 $networkipbroadcast -b' > /test.sh EOF diag $cmdfile; my ($stdout, $stderr) =3D $ssh->capture2($cmdfile); diff --git a/scripts/nwfilter/240-no-arp-spoofing.t b/scripts/nwfilter/240-= no-arp-spoofing.t index a8ab7a5..350b604 100644 --- a/scripts/nwfilter/240-no-arp-spoofing.t +++ b/scripts/nwfilter/240-no-arp-spoofing.t @@ -34,8 +34,6 @@ use Test::Exception; use Net::OpenSSH; use File::Spec::Functions qw(catfile catdir rootdir); =20 -my $spoofid =3D "192.168.122.183"; - my $tck =3D Sys::Virt::TCK->new(); my $conn =3D eval { $tck->setup(); }; BAIL_OUT "failed to setup test harness: $@" if $@; @@ -43,6 +41,10 @@ END { $tck->cleanup if $tck; } =20 +my $networkip =3D get_network_ip($conn, "default"); +my $networkipaddr =3D $networkip->addr(); +diag "network ip is $networkip, individual ip is $networkipaddr"; + # create first domain and start it my $xml =3D $tck->generic_domain(name =3D> "tck", fullos =3D> 1, netmode =3D> "network", @@ -72,7 +74,14 @@ my $mac =3D get_first_macaddress($dom); diag "mac is $mac"; =20 my $guestip =3D get_ip_from_leases($conn, "default", $mac); -diag "ip is $guestip"; +diag "guest ip is $guestip"; + +my $spoofip =3D $networkip + 1; +if ($spoofip->addr() eq $guestip) { + $spoofip++; +} +my $spoofipaddr =3D $spoofip->addr(); +diag "spoof ip is $spoofipaddr"; =20 # check ebtables entry my $ebtables =3D (-e '/sbin/ebtables') ? '/sbin/ebtables' : '/usr/sbin/ebt= ables'; @@ -95,7 +104,7 @@ my $ssh =3D Net::OpenSSH->new($guestip, # now generate a arp spoofing packets=20 diag "generate arpspoof script"; my $cmdfile =3D < /test.sh EOF @@ -127,7 +136,7 @@ system("kill -15 `/sbin/pidof tcpdump`"); diag "tcpdump.log:"; my $tcpdumplog =3D `cat /tmp/tcpdump.log`; diag($tcpdumplog); -ok($tcpdumplog !~ "${spoofid} is-at", "tcpdump expected to capture no arp = reply packets"); +ok($tcpdumplog !~ "${spoofipaddr} is-at", "tcpdump expected to capture no = arp reply packets"); =20 shutdown_vm_gracefully($dom); =20 --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list