On Thu, Feb 08, 2018 at 02:19:38PM -0500, Laine Stump wrote: > This test changes the IP address of the guest interface so that it can > send out a packet with a different source IP address. It may have > worked properly with older versions of Fedora running on the test > guest, but at least in Fedora 27, NetworkManager keeps the dhclient > process running after it has already acquired an IP address, and if > you set the interface offline and then back on, dhclient will very > quickly re-acquire the IP address, so the test ends up sending a ping > from the *same* address, the packet passes the filters, and the test > fails. > > The solution is to just kill the dhclient process. This allows the > manually set IP address to "stick". Since the guest is shutdown > immediately after this test, it doesn't matter that dhclient is no > longer running. (We *do* need to set the IP address back to its > original setting though, so that the ssh socket used for the test > (which is connecting via the same interface) won't hang and delay > completion of the test (also causing it to fail). > > Signed-off-by: Laine Stump <laine@xxxxxxxxx> > --- > > "New" in V2 - this line was previously sneaked into the middle of the > patch that removed path specifiers from binary names in guest-side > scripts, but it really deserves an explanation. > > scripts/nwfilter/220-no-ip-spoofing.t | 1 + > 1 file changed, 1 insertion(+) Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list