On Thu, Feb 08, 2018 at 02:19:38PM -0500, Laine Stump wrote:
> This test changes the IP address of the guest interface so that it can
> send out a packet with a different source IP address. It may have
> worked properly with older versions of Fedora running on the test
> guest, but at least in Fedora 27, NetworkManager keeps the dhclient
> process running after it has already acquired an IP address, and if
> you set the interface offline and then back on, dhclient will very
> quickly re-acquire the IP address, so the test ends up sending a ping
> from the *same* address, the packet passes the filters, and the test
> fails.
> The solution is to just kill the dhclient process. This allows the
> manually set IP address to "stick". Since the guest is shutdown
> immediately after this test, it doesn't matter that dhclient is no
> longer running. (We *do* need to set the IP address back to its
> original setting though, so that the ssh socket used for the test
> (which is connecting via the same interface) won't hang and delay
> completion of the test (also causing it to fail).
> Signed-off-by: Laine Stump <la...@laine.org>
> ---
> "New" in V2 - this line was previously sneaked into the middle of the
> patch that removed path specifiers from binary names in guest-side
> scripts, but it really deserves an explanation.
>  scripts/nwfilter/220-no-ip-spoofing.t | 1 +
>  1 file changed, 1 insertion(+)

Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>

|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

libvir-list mailing list

Reply via email to