[libvirt] [tck PATCH v2 4/5] kill dhclient before attempting to change guest IP in no-ip-spoofing test
Stefan Berger
stefanb at linux.vnet.ibm.com
Thu Feb 8 23:16:46 UTC 2018
On 02/08/2018 02:19 PM, Laine Stump wrote:
> This test changes the IP address of the guest interface so that it can
> send out a packet with a different source IP address. It may have
> worked properly with older versions of Fedora running on the test
> guest, but at least in Fedora 27, NetworkManager keeps the dhclient
> process running after it has already acquired an IP address, and if
> you set the interface offline and then back on, dhclient will very
> quickly re-acquire the IP address, so the test ends up sending a ping
> from the *same* address, the packet passes the filters, and the test
> fails.
>
> The solution is to just kill the dhclient process. This allows the
> manually set IP address to "stick". Since the guest is shutdown
> immediately after this test, it doesn't matter that dhclient is no
> longer running. (We *do* need to set the IP address back to its
> original setting though, so that the ssh socket used for the test
> (which is connecting via the same interface) won't hang and delay
> completion of the test (also causing it to fail).
>
> Signed-off-by: Laine Stump <laine at laine.org>
Reviewed-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
> ---
>
> "New" in V2 - this line was previously sneaked into the middle of the
> patch that removed path specifiers from binary names in guest-side
> scripts, but it really deserves an explanation.
>
> scripts/nwfilter/220-no-ip-spoofing.t | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/scripts/nwfilter/220-no-ip-spoofing.t b/scripts/nwfilter/220-no-ip-spoofing.t
> index 72dcae8..9e1bb70 100644
> --- a/scripts/nwfilter/220-no-ip-spoofing.t
> +++ b/scripts/nwfilter/220-no-ip-spoofing.t
> @@ -83,6 +83,7 @@ my $cmdfile = <<EOF;
> echo "DEV=\\\$(ip link | head -3 | tail -1 | awk '{print \\\$2}' | sed -e 's/://')
> MASK=\\\$(ip addr show \\\$DEV | grep 'inet ' | awk '{print \\\$2}' | sed -e 's/.*\\///;q')
> ip addr show \\\$DEV
> +kill \\\$(pidof dhclient)
> ip link set \\\$DEV down
> ip addr flush dev \\\$DEV
> ip addr add 192.168.122.183/\\\$MASK dev \\\$DEV
More information about the libvir-list
mailing list