From nobody Thu May 15 21:39:07 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1518117679942678.7547709164659;
 Thu, 8 Feb 2018 11:21:19 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 6B9F262EBB;
	Thu,  8 Feb 2018 19:21:18 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 3FD14620D8;
	Thu,  8 Feb 2018 19:21:18 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0156F4A471;
	Thu,  8 Feb 2018 19:21:18 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w18JJnkl002792 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 8 Feb 2018 14:19:49 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 2BA422166BB6; Thu,  8 Feb 2018 19:19:49 +0000 (UTC)
Received: from vhost2.laine.org (ovpn-117-170.phx2.redhat.com [10.3.117.170])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 75F952166BAE;
	Thu,  8 Feb 2018 19:19:48 +0000 (UTC)
From: Laine Stump <laine@laine.org>
To: libvir-list@redhat.com
Date: Thu,  8 Feb 2018 14:19:38 -0500
Message-Id: <20180208191939.30269-5-laine@laine.org>
In-Reply-To: <20180208191939.30269-1-laine@laine.org>
References: <20180208191939.30269-1-laine@laine.org>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-loop: libvir-list@redhat.com
Subject: [libvirt] [tck PATCH v2 4/5] kill dhclient before attempting to
	change guest IP in no-ip-spoofing test
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]);
 Thu, 08 Feb 2018 19:21:18 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

This test changes the IP address of the guest interface so that it can
send out a packet with a different source IP address. It may have
worked properly with older versions of Fedora running on the test
guest, but at least in Fedora 27, NetworkManager keeps the dhclient
process running after it has already acquired an IP address, and if
you set the interface offline and then back on, dhclient will very
quickly re-acquire the IP address, so the test ends up sending a ping
from the *same* address, the packet passes the filters, and the test
fails.

The solution is to just kill the dhclient process. This allows the
manually set IP address to "stick". Since the guest is shutdown
immediately after this test, it doesn't matter that dhclient is no
longer running. (We *do* need to set the IP address back to its
original setting though, so that the ssh socket used for the test
(which is connecting via the same interface) won't hang and delay
completion of the test (also causing it to fail).

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---

"New" in V2 - this line was previously sneaked into the middle of the
patch that removed path specifiers from binary names in guest-side
scripts, but it really deserves an explanation.

 scripts/nwfilter/220-no-ip-spoofing.t | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/nwfilter/220-no-ip-spoofing.t b/scripts/nwfilter/220-n=
o-ip-spoofing.t
index 72dcae8..9e1bb70 100644
--- a/scripts/nwfilter/220-no-ip-spoofing.t
+++ b/scripts/nwfilter/220-no-ip-spoofing.t
@@ -83,6 +83,7 @@ my $cmdfile =3D <<EOF;
 echo "DEV=3D\\\$(ip link | head -3 | tail -1 | awk '{print \\\$2}' | sed -=
e 's/://')
 MASK=3D\\\$(ip addr show \\\$DEV | grep 'inet ' | awk '{print \\\$2}' | se=
d -e 's/.*\\///;q')
 ip addr show \\\$DEV
+kill \\\$(pidof dhclient)
 ip link set \\\$DEV down
 ip addr flush dev \\\$DEV
 ip addr add 192.168.122.183/\\\$MASK dev \\\$DEV
--=20
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list