Re: [libvirt] [tck PATCH v2 4/5] kill dhclient before attempting to change guest IP in no-ip-spoofing test
On Thu, Feb 08, 2018 at 02:19:38PM -0500, Laine Stump wrote: > This test changes the IP address of the guest interface so that it can > send out a packet with a different source IP address. It may have > worked properly with older versions of Fedora running on the test > guest, but at least in Fedora 27, NetworkManager keeps the dhclient > process running after it has already acquired an IP address, and if > you set the interface offline and then back on, dhclient will very > quickly re-acquire the IP address, so the test ends up sending a ping > from the *same* address, the packet passes the filters, and the test > fails. > > The solution is to just kill the dhclient process. This allows the > manually set IP address to "stick". Since the guest is shutdown > immediately after this test, it doesn't matter that dhclient is no > longer running. (We *do* need to set the IP address back to its > original setting though, so that the ssh socket used for the test > (which is connecting via the same interface) won't hang and delay > completion of the test (also causing it to fail). > > Signed-off-by: Laine Stump> --- > > "New" in V2 - this line was previously sneaked into the middle of the > patch that removed path specifiers from binary names in guest-side > scripts, but it really deserves an explanation. > > scripts/nwfilter/220-no-ip-spoofing.t | 1 + > 1 file changed, 1 insertion(+) Reviewed-by: Daniel P. Berrangé Regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [tck PATCH v2 4/5] kill dhclient before attempting to change guest IP in no-ip-spoofing test
On 02/08/2018 02:19 PM, Laine Stump wrote: This test changes the IP address of the guest interface so that it can send out a packet with a different source IP address. It may have worked properly with older versions of Fedora running on the test guest, but at least in Fedora 27, NetworkManager keeps the dhclient process running after it has already acquired an IP address, and if you set the interface offline and then back on, dhclient will very quickly re-acquire the IP address, so the test ends up sending a ping from the *same* address, the packet passes the filters, and the test fails. The solution is to just kill the dhclient process. This allows the manually set IP address to "stick". Since the guest is shutdown immediately after this test, it doesn't matter that dhclient is no longer running. (We *do* need to set the IP address back to its original setting though, so that the ssh socket used for the test (which is connecting via the same interface) won't hang and delay completion of the test (also causing it to fail). Signed-off-by: Laine StumpReviewed-by: Stefan Berger --- "New" in V2 - this line was previously sneaked into the middle of the patch that removed path specifiers from binary names in guest-side scripts, but it really deserves an explanation. scripts/nwfilter/220-no-ip-spoofing.t | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/nwfilter/220-no-ip-spoofing.t b/scripts/nwfilter/220-no-ip-spoofing.t index 72dcae8..9e1bb70 100644 --- a/scripts/nwfilter/220-no-ip-spoofing.t +++ b/scripts/nwfilter/220-no-ip-spoofing.t @@ -83,6 +83,7 @@ my $cmdfile = <