On Mon, Feb 28, 2011 at 07:20:38PM +0800, Amos Kong wrote:
> Communicate between two vms, and try to capture packages from another vm in
> the same lan.
> This test used tcpdump, so we need limit it with Linux guests.
>
> Signed-off-by: Amos Kong <akong@xxxxxxxxxx>
I don't think there's any such privacy guarantee for a plain
bridged setup: the bridge might flood packets to
all endpoints sometimes, and rx mac address filters
even if present are guest controllable so they represent
a performance optimization, not a privacy guarantee.
This is analogous to a physical shared lan: any box can
enable promisc mode and snoop on packets.
You need vlans, or netfilter, or some other filtering
if you want to enforce privacy.
> ---
> client/tests/kvm/tests/privacy.py | 44 ++++++++++++++++++++++++++++++++
> client/tests/kvm/tests_base.cfg.sample | 8 +++++-
> 2 files changed, 51 insertions(+), 1 deletions(-)
> create mode 100644 client/tests/kvm/tests/privacy.py
>
> diff --git a/client/tests/kvm/tests/privacy.py b/client/tests/kvm/tests/privacy.py
> new file mode 100644
> index 0000000..d052c66
> --- /dev/null
> +++ b/client/tests/kvm/tests/privacy.py
> @@ -0,0 +1,44 @@
> +import logging, time
> +from autotest_lib.client.common_lib import error
> +import kvm_test_utils
> +
> +
> +def run_privacy(test, params, env):
> + """
> + Privacy test
> +
> + 1) Boot up three vms
> + 2) Flood ping vm1 from vm2
> + 3) Verify if we can capture ICMP packages from vm3
> +
> + @param test: kvm test object
> + @param params: Dictionary with the test parameters
> + @param env: Dictionary with test environment.
> + """
> + timeout = float(params.get("login_timeout", 360))
> + vm1 = kvm_test_utils.get_living_vm(env, params.get("main_vm"))
> + vm2 = kvm_test_utils.get_living_vm(env, "vm2")
> + vm3 = kvm_test_utils.get_living_vm(env, "vm3")
> + session_vm1 = kvm_test_utils.wait_for_login(vm1, 0, timeout, 0, 2)
> + session_vm2 = kvm_test_utils.wait_for_login(vm2, 0, timeout, 0, 2)
> + session_vm3 = kvm_test_utils.wait_for_login(vm3, 0, timeout, 0, 2)
> +
> + ip = vm1.get_address()
> + session_vm2.sendline("ping -f %s" % ip)
> + ethname = kvm_test_utils.get_linux_ifname(session_vm3,
> + vm3.get_mac_address(0))
> + sleep_time = int(params.get("sleep_time", 60))
> + cmd = "sleep %s && killall tcpdump & tcpdump -le -vv icmp and" \
> + " dst %s -i %s > /tmp/result" % (sleep_time, ip, ethname)
> +
> + session_vm3.get_command_output(cmd, timeout=int(sleep_time+60))
> + time.sleep(sleep_time)
> + s, o = session_vm3.get_command_status_output("grep ICMP /tmp/result")
> + if s == 0:
> + raise error.TestFail("VM3 unexpected captured ICMP packages(vm2->vm1)!")
> + else:
> + logging.debug("Privacy test pass!")
> +
> + session_vm1.close()
> + session_vm2.close()
> + session_vm3.close()
> diff --git a/client/tests/kvm/tests_base.cfg.sample b/client/tests/kvm/tests_base.cfg.sample
> index 661d6fe..29b7d97 100644
> --- a/client/tests/kvm/tests_base.cfg.sample
> +++ b/client/tests/kvm/tests_base.cfg.sample
> @@ -666,6 +666,12 @@ variants:
> mgroup_count = 20
> flood_minutes = 1
>
> + - privacy:
> + type = privacy
> + vms += " vm2 vm3"
> + kill_vm = yes
> + image_snapshot = yes
> +
> - pxe:
> type = pxe
> images = pxe
> @@ -1737,7 +1743,7 @@ variants:
> # Windows section
> - @Windows:
> no autotest, linux_s3, vlan, ioquit, unattended_install.url, unattended_install.nfs, unattended_install.remote_ks
> - no jumbo, nicdriver_unload, nic_promisc, multicast, mac_change, ethtool, clock_getres
> + no jumbo, nicdriver_unload, nic_promisc, multicast, mac_change, ethtool, clock_getres, privacy
>
> shutdown_command = shutdown /s /f /t 0
> reboot_command = shutdown /r /f /t 0
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
