On Tue, Mar 06, 2018 at 12:56:47PM -0500, Laine Stump wrote: > This test is supposed to test that the no-mac-broadcast nwfilter > properly blocks all outgoing traffic with the MAC broadcast address as > its destination. When the no-mac-broadcast filter is used by itself, > though, it blocks even DHCP and ARP requests, meaning that the network > connection to the guest isn't even enough to allow the test script to > ssh in to do its work. > > This patch solves the problem by temporarily creating a new nwfilter > that precedes the no-mac-broadcast rule with clean-traffic (which will > allow dhcp requests and responses) and allow-arp (as the name > states). This gives us enough network connection to get into the > guest, attempt a broadcast ping, and see that it fails. > > (I'm not sure how this test ever reported success in the past. If it > did, it was only because something else was broken). > > Signed-off-by: Laine Stump <laine@xxxxxxxxx> > --- > scripts/nwfilter/230-no-mac-broadcast.t | 29 ++++++++++++++++++++++++++++- > 1 file changed, 28 insertions(+), 1 deletion(-) Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
