[libvirt] [tck PATCH 5/4] nwfilter: account for more leading 0's in MAC addresses in ebtables output

Daniel P. Berrangé berrange at redhat.com
Mon Feb 11 10:50:29 UTC 2019 

On Sat, Feb 09, 2019 at 02:03:05PM -0500, Laine Stump wrote:
> Since this test (050-apply-verify-host.t), we can't use a regexp in
> the string to be compared. The fix method that leads to the least
> changes is to use sed to remove potential leading 0's.
> 
> Signed-off-by: Laine Stump <laine at laine.org>
> ---
> 
> (These changes fix *almost* all failures in
> nwfilter/050-apply-verify-host.t on RHEL8. The rest look like they
> might be legitimate problems with ebtables and IPv6)

Interesting, I swear I have previously got that test to succeed so
wonder what's changed since then !

> 
>  scripts/nwfilter/nwfilter2vmtest.sh                     | 2 +-
>  scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall    | 2 +-
>  scripts/nwfilter/nwfilterxml2fwallout/ip-test.fwall     | 2 +-
>  scripts/nwfilter/nwfilterxml2fwallout/mac-test.fwall    | 2 +-
>  scripts/nwfilter/nwfilterxml2fwallout/rarp-test.fwall   | 2 +-
>  scripts/nwfilter/nwfilterxml2fwallout/stp-test.fwall    | 4 ++--
>  scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall | 2 +-
>  scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat  | 2 +-
>  scripts/nwfilter/nwfilterxml2fwallout/vlan-test.fwall   | 4 ++--
>  9 files changed, 11 insertions(+), 11 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange at redhat.com>


> 
> diff --git a/scripts/nwfilter/nwfilter2vmtest.sh b/scripts/nwfilter/nwfilter2vmtest.sh
> index 778013b..2e8c0b0 100644
> --- a/scripts/nwfilter/nwfilter2vmtest.sh
> +++ b/scripts/nwfilter/nwfilter2vmtest.sh
> @@ -653,7 +653,7 @@ main() {
>        exit 1
>    fi
>  
> -  createVM "${vm2}" "${TESTFILTERNAME}" "10.1.1.1" "52:54:0:9f:33:da" \
> +  createVM "${vm2}" "${TESTFILTERNAME}" "10.1.1.1" "52:54:10:9f:33:da" \
>             "${flags}"
>    if [ $? -ne 0 ]; then
>        echo "Could not create VM ${vm2}. Exiting."
> diff --git a/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall
> index 34174a0..a3c04df 100644
> --- a/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall
> +++ b/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall
> @@ -1,4 +1,4 @@
> -#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
> +#ebtables -t nat -L libvirt-I-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | sed s/0a:0b:0c:0d:0e:0f/a:b:c:d:e:f/g | grep -v "^Bridge" | grep -v "^$"
>  -p ARP -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --arp-op Request --arp-htype 12 --arp-ptype 0x22 --arp-mac-src 1:2:3:4:5:6 --arp-mac-dst a:b:c:d:e:f -j ACCEPT 
>  -p ARP -s 1:2:3:4:5:6 --arp-op Request --arp-htype 255 --arp-ptype 0xff -j ACCEPT 
>  -p ARP -s 1:2:3:4:5:6 --arp-op 11 --arp-htype 256 --arp-ptype 0x100 -j ACCEPT 
> diff --git a/scripts/nwfilter/nwfilterxml2fwallout/ip-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/ip-test.fwall
> index 83441c2..6933a15 100644
> --- a/scripts/nwfilter/nwfilterxml2fwallout/ip-test.fwall
> +++ b/scripts/nwfilter/nwfilterxml2fwallout/ip-test.fwall
> @@ -2,7 +2,7 @@
>  -i vnet0 -j libvirt-I-vnet0
>  #ebtables -t nat -L POSTROUTING | grep vnet0
>  -o vnet0 -j libvirt-O-vnet0
> -#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
> +#ebtables -t nat -L libvirt-I-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | grep -v "^Bridge" | grep -v "^$"
>  -p IPv4 -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --ip-src 10.1.2.3 --ip-dst 10.1.2.3 --ip-proto udp --ip-sport 20:22 --ip-dport 100:101 -j ACCEPT 
>  -p IPv4 --ip-src 10.1.0.0/17 --ip-dst 10.1.2.0/24 --ip-tos 0x3F --ip-proto udp -j ACCEPT 
>  #ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$"
> diff --git a/scripts/nwfilter/nwfilterxml2fwallout/mac-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/mac-test.fwall
> index bb00629..7ecace2 100644
> --- a/scripts/nwfilter/nwfilterxml2fwallout/mac-test.fwall
> +++ b/scripts/nwfilter/nwfilterxml2fwallout/mac-test.fwall
> @@ -2,7 +2,7 @@
>  -i vnet0 -j libvirt-I-vnet0
>  #ebtables -t nat -L POSTROUTING | grep vnet0 | grep -v "^Bridge" | grep -v "^$"
>  -o vnet0 -j libvirt-O-vnet0
> -#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
> +#ebtables -t nat -L libvirt-I-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | grep -v "^Bridge" | grep -v "^$"
>  -p ARP -s 1:2:3:4:5:6 -j ACCEPT 
>  #ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$"
>  -p IPv4 -d aa:bb:cc:dd:ee:ff -j ACCEPT 
> diff --git a/scripts/nwfilter/nwfilterxml2fwallout/rarp-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/rarp-test.fwall
> index e0d9c8c..7dd98e5 100644
> --- a/scripts/nwfilter/nwfilterxml2fwallout/rarp-test.fwall
> +++ b/scripts/nwfilter/nwfilterxml2fwallout/rarp-test.fwall
> @@ -1,4 +1,4 @@
> -#ebtables -t nat -L libvirt-I-vnet0 | sed s/0x8035/RARP/g | grep -v "^Bridge" | grep -v "^$"
> +#ebtables -t nat -L libvirt-I-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | sed s/0a:0b:0c:0d:0e:0f/a:b:c:d:e:f/g | sed s/0x8035/RARP/g | grep -v "^Bridge" | grep -v "^$"
>  -p RARP -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --arp-op Request --arp-htype 12 --arp-ptype 0x22 --arp-mac-src 1:2:3:4:5:6 --arp-mac-dst a:b:c:d:e:f -j ACCEPT 
>  -p RARP -s 1:2:3:4:5:6 --arp-op Request --arp-htype 255 --arp-ptype 0xff -j ACCEPT 
>  -p RARP -s 1:2:3:4:5:6 --arp-op 11 --arp-htype 256 --arp-ptype 0x100 -j ACCEPT 
> diff --git a/scripts/nwfilter/nwfilterxml2fwallout/stp-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/stp-test.fwall
> index 5ee2545..b95ea26 100644
> --- a/scripts/nwfilter/nwfilterxml2fwallout/stp-test.fwall
> +++ b/scripts/nwfilter/nwfilterxml2fwallout/stp-test.fwall
> @@ -6,9 +6,9 @@
>  -i vnet0 -j libvirt-I-vnet0
>  #ebtables -t nat -L POSTROUTING | grep vnet0
>  -o vnet0 -j libvirt-O-vnet0
> -#ebtables -t nat -L I-vnet0-stp-xyz | grep -v "^Bridge" | grep -v "^$"
> +#ebtables -t nat -L I-vnet0-stp-xyz | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | sed s/06:05:04:03:02:01/6:5:4:3:2:1/g | grep -v "^Bridge" | grep -v "^$"
>  -s 1:2:3:4:5:6 -d BGA --stp-root-prio 4660:9029  --stp-root-addr 6:5:4:3:2:1 --stp-root-cost 287454020:573785173  -j RETURN 
> -#ebtables -t nat -L O-vnet0-stp-xyz | grep -v "^Bridge" | grep -v "^$"
> +#ebtables -t nat -L O-vnet0-stp-xyz | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | sed s/06:05:04:03:02:01/6:5:4:3:2:1/g | grep -v "^Bridge" | grep -v "^$"
>  -s 1:2:3:4:5:6 -d BGA --stp-type 18 --stp-flags 68 -j CONTINUE 
>  -s 1:2:3:4:5:6 -d BGA --stp-sender-prio 4660  --stp-sender-addr 6:5:4:3:2:1 --stp-port 123:234  --stp-msg-age 5544:5555  --stp-max-age 7777:8888  --stp-hello-time 12345:12346  --stp-forward-delay 54321:65432  -j DROP 
>  
> diff --git a/scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall
> index 849e364..8d1cf76 100644
> --- a/scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall
> +++ b/scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall
> @@ -50,7 +50,7 @@ FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --p
>  -i vnet0 -j libvirt-I-vnet0
>  #ebtables -t nat -L POSTROUTING | grep vnet0 | grep -v "^Bridge" | grep -v "^$"
>  -o vnet0 -j libvirt-O-vnet0
> -#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
> +#ebtables -t nat -L libvirt-I-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | grep -v "^Bridge" | grep -v "^$"
>  -p ARP -s 1:2:3:4:5:6 -j ACCEPT 
>  -p ARP -s 1:2:3:4:5:6 -j DROP 
>  -p ARP -s 1:2:3:4:5:6 -j DROP 
> diff --git a/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat b/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat
> index 1b5f3ce..499ed5b 100644
> --- a/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat
> +++ b/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat
> @@ -24,7 +24,7 @@
>  #ebtables -t nat -L O-vnet0-ipv4 | grep -v "^Bridge" | grep -v "^$"
>  -j ACCEPT 
>  #ebtables -t nat -L I-vnet0-arp-mac | grep -v "^Bridge" | grep -v "^$"
> --p ARP --arp-mac-src 52:54:0:9f:33:da -j RETURN 
> +-p ARP --arp-mac-src 52:54:10:9f:33:da -j RETURN 
>  -j DROP 
>  #ebtables -t nat -L I-vnet0-arp-ip | grep -v "^Bridge" | grep -v "^$"
>  -p ARP --arp-ip-src 10.1.1.1 -j RETURN 
> diff --git a/scripts/nwfilter/nwfilterxml2fwallout/vlan-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/vlan-test.fwall
> index a2fbfd3..4a08381 100644
> --- a/scripts/nwfilter/nwfilterxml2fwallout/vlan-test.fwall
> +++ b/scripts/nwfilter/nwfilterxml2fwallout/vlan-test.fwall
> @@ -1,9 +1,9 @@
> -#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
> +#ebtables -t nat -L libvirt-I-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | grep -v "^Bridge" | grep -v "^$"
>  -p 802_1Q -s aa:bb:cc:dd:ee:ff -d 1:2:3:4:5:6 --vlan-id 291 -j CONTINUE 
>  -p 802_1Q -s aa:bb:cc:dd:ee:ff -d 1:2:3:4:5:6 --vlan-id 1234 -j RETURN 
>  -p 802_1Q -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --vlan-encap 2054 -j DROP 
>  -p 802_1Q -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --vlan-encap 4660 -j ACCEPT 
> -#ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$"
> +#ebtables -t nat -L libvirt-O-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | grep -v "^Bridge" | grep -v "^$"
>  -p 802_1Q -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --vlan-id 291 -j CONTINUE 
>  -p 802_1Q -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --vlan-id 1234 -j RETURN 
>  -p 802_1Q -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --vlan-id 291 -j DROP 
> -- 
> 2.20.1
> 

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvir-list mailing list