• Laine Stump's avatar
    Fix no-mac-broadcast test · 5185fa52
    Laine Stump authored
    This test is supposed to test that the no-mac-broadcast nwfilter
    properly blocks all outgoing traffic with the MAC broadcast address as
    its destination. When the no-mac-broadcast filter is used by itself,
    though, it blocks even DHCP and ARP requests, meaning that the network
    connection to the guest isn't even enough to allow the test script to
    ssh in to do its work.
    This patch solves the problem by temporarily creating a new nwfilter
    that precedes the no-mac-broadcast rule with clean-traffic (which will
    allow dhcp requests and responses) and allow-arp (as the name
    states). This gives us enough network connection to get into the
    guest, attempt a broadcast ping, and see that it fails.
    (I'm not sure how this test ever reported success in the past. If it
    did, it was only because something else was broken).
    Signed-off-by: default avatarLaine Stump <laine@laine.org>
    Reviewed-by: default avatarDaniel P. Berrangé <berrange@redhat.com>
Last commit
Last update
domain Loading commit data...
hooks Loading commit data...
networks Loading commit data...
nwfilter Loading commit data...
qemu Loading commit data...
selinux Loading commit data...
storage Loading commit data...