On 02/08/2018 02:19 PM, Laine Stump wrote:
This test changes the IP address of the guest interface so that it can send out a packet with a different source IP address. It may have worked properly with older versions of Fedora running on the test guest, but at least in Fedora 27, NetworkManager keeps the dhclient process running after it has already acquired an IP address, and if you set the interface offline and then back on, dhclient will very quickly re-acquire the IP address, so the test ends up sending a ping from the *same* address, the packet passes the filters, and the test fails. The solution is to just kill the dhclient process. This allows the manually set IP address to "stick". Since the guest is shutdown immediately after this test, it doesn't matter that dhclient is no longer running. (We *do* need to set the IP address back to its original setting though, so that the ssh socket used for the test (which is connecting via the same interface) won't hang and delay completion of the test (also causing it to fail). Signed-off-by: Laine Stump <laine@xxxxxxxxx>
Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>
--- "New" in V2 - this line was previously sneaked into the middle of the patch that removed path specifiers from binary names in guest-side scripts, but it really deserves an explanation. scripts/nwfilter/220-no-ip-spoofing.t | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/nwfilter/220-no-ip-spoofing.t b/scripts/nwfilter/220-no-ip-spoofing.t index 72dcae8..9e1bb70 100644 --- a/scripts/nwfilter/220-no-ip-spoofing.t +++ b/scripts/nwfilter/220-no-ip-spoofing.t @@ -83,6 +83,7 @@ my $cmdfile = <<EOF; echo "DEV=\\\$(ip link | head -3 | tail -1 | awk '{print \\\$2}' | sed -e 's/://') MASK=\\\$(ip addr show \\\$DEV | grep 'inet ' | awk '{print \\\$2}' | sed -e 's/.*\\///;q') ip addr show \\\$DEV +kill \\\$(pidof dhclient) ip link set \\\$DEV down ip addr flush dev \\\$DEV ip addr add 192.168.122.183/\\\$MASK dev \\\$DEV
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list