[libvirt] [PATCH 0/3] test cases for spoofing prevention

[Daniel P. Berrange]

On Thu, Sep 09, 2010 at 03:59:30PM +0200, Gerhard Stenzel wrote:
> On Thu, 2010-09-09 at 14:48 +0100, Daniel P. Berrange wrote:
> > On Wed, Jun 16, 2010 at 04:08:00PM +0200, gstenzel at linux.vnet.ibm.com wrote:
> > > The following patches add a set of test cases to verify that several spoofing attacks are prevented by the nwfilter subsystem.
> > > 
> > > In order to have a well defined test machine a virtual disk is installed from scratch over the network.
> > > I am currently trying to find a suitable location for the kickstart file.
> > 
> > Do you have the suitable 'ks.cfg' you used with these test scripts ? The
> > test files look good to me and I'm going to commit them all now. We just
> > need the ks.cfg so we can make it work - I'll make it pull it off a floppy
> > disk image
> > 
> > Regards,
> > Daniel
> 
> Here is the one I used. I could update it to a newer fedora version, if
> necessary:

Thanks, this one worked fine for me. I've committed your patches to
the GIT repository, and added a couple of follow on changes. I made
it use virtio instead of scsi for the disk, since RHEL6 doesn't ship
with SCSI enabled. I also use mkisofs to put the kickstart file into
a tiny ISO image and then boot with ks=cdrom:/ks.cfg so we can avoid
needing a web service in the host to provision it. I also changed the
filter name from 'no-spoofing' to 'clean-traffic' since libvirt does
not have any 'no-spoofing' filter by default & IIUC 'clean-traffic'
should be suitable for your tests.

Regards,
Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|