tests: improve spoof_ip test

Not only check if full round trip ping (does not) work, but also if just
echo-request get filtered.
This commit is contained in:
Marek Marczykowski-Górecki 2017-12-03 03:15:14 +01:00
parent 379add52ba
commit 4d6bfbab4d
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724

View File

@ -325,6 +325,9 @@ class VmNetworkingMixin(object):
self.loop.run_until_complete(self.testvm1.start()) self.loop.run_until_complete(self.testvm1.start())
self.assertEqual(self.run_cmd(self.testvm1, self.ping_ip), 0) self.assertEqual(self.run_cmd(self.testvm1, self.ping_ip), 0)
self.assertEqual(self.run_cmd(self.testnetvm,
'iptables -I INPUT -i vif+ ! -s {} -p icmp -j LOG'.format(
self.testvm1.ip)), 0)
self.loop.run_until_complete(self.testvm1.run_for_stdio( self.loop.run_until_complete(self.testvm1.run_for_stdio(
'ip addr flush dev eth0 && ' 'ip addr flush dev eth0 && '
'ip addr add 10.137.1.128/24 dev eth0 && ' 'ip addr add 10.137.1.128/24 dev eth0 && '
@ -332,6 +335,16 @@ class VmNetworkingMixin(object):
user='root')) user='root'))
self.assertNotEqual(self.run_cmd(self.testvm1, self.ping_ip), 0, self.assertNotEqual(self.run_cmd(self.testvm1, self.ping_ip), 0,
"Spoofed ping should be blocked") "Spoofed ping should be blocked")
try:
(output, _) = self.loop.run_until_complete(
self.testnetvm.run_for_stdio('iptables -nxvL INPUT',
user='root'))
except subprocess.CalledProcessError:
self.fail('iptables -nxvL INPUT failed')
output = output.decode().splitlines()
packets = output[2].lstrip().split()[0]
self.assertEquals(packets, '0', 'Some packet hit the INPUT rule')
def test_100_late_xldevd_startup(self): def test_100_late_xldevd_startup(self):
"""Regression test for #1990""" """Regression test for #1990"""