Re: [libvirt] [tck PATCH v2 4/5] kill dhclient before attempting to change guest IP in no-ip-spoofing test

2018-02-09 Thread Daniel P . Berrangé 
On Thu, Feb 08, 2018 at 02:19:38PM -0500, Laine Stump wrote:
> This test changes the IP address of the guest interface so that it can
> send out a packet with a different source IP address. It may have
> worked properly with older versions of Fedora running on the test
> guest, but at least in Fedora 27, NetworkManager keeps the dhclient
> process running after it has already acquired an IP address, and if
> you set the interface offline and then back on, dhclient will very
> quickly re-acquire the IP address, so the test ends up sending a ping
> from the *same* address, the packet passes the filters, and the test
> fails.
> 
> The solution is to just kill the dhclient process. This allows the
> manually set IP address to "stick". Since the guest is shutdown
> immediately after this test, it doesn't matter that dhclient is no
> longer running. (We *do* need to set the IP address back to its
> original setting though, so that the ssh socket used for the test
> (which is connecting via the same interface) won't hang and delay
> completion of the test (also causing it to fail).
> 
> Signed-off-by: Laine Stump 
> ---
> 
> "New" in V2 - this line was previously sneaked into the middle of the
> patch that removed path specifiers from binary names in guest-side
> scripts, but it really deserves an explanation.
> 
>  scripts/nwfilter/220-no-ip-spoofing.t | 1 +
>  1 file changed, 1 insertion(+)

Reviewed-by: Daniel P. Berrangé 


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [tck PATCH v2 4/5] kill dhclient before attempting to change guest IP in no-ip-spoofing test

2018-02-08 Thread Stefan Berger 

On 02/08/2018 02:19 PM, Laine Stump wrote:

This test changes the IP address of the guest interface so that it can
send out a packet with a different source IP address. It may have
worked properly with older versions of Fedora running on the test
guest, but at least in Fedora 27, NetworkManager keeps the dhclient
process running after it has already acquired an IP address, and if
you set the interface offline and then back on, dhclient will very
quickly re-acquire the IP address, so the test ends up sending a ping
from the *same* address, the packet passes the filters, and the test
fails.

The solution is to just kill the dhclient process. This allows the
manually set IP address to "stick". Since the guest is shutdown
immediately after this test, it doesn't matter that dhclient is no
longer running. (We *do* need to set the IP address back to its
original setting though, so that the ssh socket used for the test
(which is connecting via the same interface) won't hang and delay
completion of the test (also causing it to fail).

Signed-off-by: Laine Stump 

Reviewed-by: Stefan Berger 



---

"New" in V2 - this line was previously sneaked into the middle of the
patch that removed path specifiers from binary names in guest-side
scripts, but it really deserves an explanation.

  scripts/nwfilter/220-no-ip-spoofing.t | 1 +
  1 file changed, 1 insertion(+)

diff --git a/scripts/nwfilter/220-no-ip-spoofing.t 
b/scripts/nwfilter/220-no-ip-spoofing.t
index 72dcae8..9e1bb70 100644
--- a/scripts/nwfilter/220-no-ip-spoofing.t
+++ b/scripts/nwfilter/220-no-ip-spoofing.t
@@ -83,6 +83,7 @@ my $cmdfile = <