On 02/08/2018 02:19 PM, Laine Stump wrote:
In the no-mac-broadcast test, a ping is sent to 192.168.122.255, but tcpdump is set to look for packets with a destination IP of 255.255.255.255. Change it to check for the correct IP address and also for mac broadcast (which is what the no-mac-broadcast filter actually looks at). This should eliminate the "false success" that was happening because tcpdump wasn't actually seeing the broadcast packet the guest was sending, as well as catching the "false failure" caused by tcpdump seeing other traffic from the guest unrelated to the test (which happened to be broadcasts sent to 255.255.255.255). Signed-off-by: Laine Stump <laine@xxxxxxxxx>
Review-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>
--- Unchanged from V1, it just had no review. scripts/nwfilter/230-no-mac-broadcast.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/nwfilter/230-no-mac-broadcast.t b/scripts/nwfilter/230-no-mac-broadcast.t index 6ab20d8..758005c 100644 --- a/scripts/nwfilter/230-no-mac-broadcast.t +++ b/scripts/nwfilter/230-no-mac-broadcast.t @@ -80,7 +80,7 @@ ok($ebtable =~ "-d Broadcast -j DROP", "check ebtables entry for \"-d Broadcast # prepare tcpdump diag "prepare tcpdump"; -system("/usr/sbin/tcpdump -v -i virbr0 -n host 255.255.255.255 2> /tmp/tcpdump.log &"); +system("/usr/sbin/tcpdump -v -i virbr0 -n host 192.168.122.255 and ether host ff:ff:ff:ff:ff:ff 2> /tmp/tcpdump.log &"); # log into guest diag "ssh'ing into $guestip";
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list