This test is supposed to test that the no-mac-broadcast nwfilter
properly blocks all outgoing traffic with the MAC broadcast address as
its destination. When the no-mac-broadcast filter is used by itself,
though, it blocks even DHCP and ARP requests, meaning that the network
connection to the guest isn't even enough to allow the test script to
ssh in to do its work.
This patch solves the problem by temporarily creating a new nwfilter
that precedes the no-mac-broadcast rule with clean-traffic (which will
allow dhcp requests and responses) and allow-arp (as the name
states). This gives us enough network connection to get into the
guest, attempt a broadcast ping, and see that it fails.
(I'm not sure how this test ever reported success in the past. If it
did, it was only because something else was broken).
Signed-off-by: Laine Stump <email@example.com>
Reviewed-by: Daniel P. Berrangé <firstname.lastname@example.org>