On Wed, Feb 07, 2018 at 09:04:57PM -0500, Laine Stump wrote: > Once the correct filter is enabled for the no-mac-broadcast test, the > original test to validate ebtables rules is no longer correct - it was > checking for the presence of the test guest's MAC address in the > ebtables output on the host, but the no-mac-broadcast filter doesn't > have the guest's MAC address anywhere. This patch changes the code to > look for "-d Broadcast -j DROP", which actually is added to ebtables > for no-mac-broadcast. > --- > scripts/nwfilter/230-no-mac-broadcast.t | 7 ++----- > 1 file changed, 2 insertions(+), 5 deletions(-) > > diff --git a/scripts/nwfilter/230-no-mac-broadcast.t b/scripts/nwfilter/230-no-mac-broadcast.t > index 292c056..8895a53 100644 > --- a/scripts/nwfilter/230-no-mac-broadcast.t > +++ b/scripts/nwfilter/230-no-mac-broadcast.t > @@ -74,12 +74,9 @@ diag "ip is $guestip"; > > # check ebtables entry > my $ebtables = (-e '/sbin/ebtables') ? '/sbin/ebtables' : '/usr/sbin/ebtables'; > -my $ebtable = `$ebtables -L;$ebtables -t nat -L`; > +my $ebtable = `$ebtables -t nat -L`; > diag $ebtable; > -# ebtables shortens :00: to :0: so we need to do that too > -$_ = $mac; > -s/00/0/g; > -ok($ebtable =~ $_, "check ebtables entry"); > +ok($ebtable =~ "-d Broadcast -j DROP", "check ebtables entry for \"-d Broadcast -j DROP\""); > > # prepare tcpdump > diag "prepare tcpdump"; Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
