tests: improve spoof_ip test
Not only check if full round trip ping (does not) work, but also if just echo-request get filtered.
This commit is contained in:
parent
379add52ba
commit
4d6bfbab4d
@ -325,6 +325,9 @@ class VmNetworkingMixin(object):
|
|||||||
self.loop.run_until_complete(self.testvm1.start())
|
self.loop.run_until_complete(self.testvm1.start())
|
||||||
|
|
||||||
self.assertEqual(self.run_cmd(self.testvm1, self.ping_ip), 0)
|
self.assertEqual(self.run_cmd(self.testvm1, self.ping_ip), 0)
|
||||||
|
self.assertEqual(self.run_cmd(self.testnetvm,
|
||||||
|
'iptables -I INPUT -i vif+ ! -s {} -p icmp -j LOG'.format(
|
||||||
|
self.testvm1.ip)), 0)
|
||||||
self.loop.run_until_complete(self.testvm1.run_for_stdio(
|
self.loop.run_until_complete(self.testvm1.run_for_stdio(
|
||||||
'ip addr flush dev eth0 && '
|
'ip addr flush dev eth0 && '
|
||||||
'ip addr add 10.137.1.128/24 dev eth0 && '
|
'ip addr add 10.137.1.128/24 dev eth0 && '
|
||||||
@ -332,6 +335,16 @@ class VmNetworkingMixin(object):
|
|||||||
user='root'))
|
user='root'))
|
||||||
self.assertNotEqual(self.run_cmd(self.testvm1, self.ping_ip), 0,
|
self.assertNotEqual(self.run_cmd(self.testvm1, self.ping_ip), 0,
|
||||||
"Spoofed ping should be blocked")
|
"Spoofed ping should be blocked")
|
||||||
|
try:
|
||||||
|
(output, _) = self.loop.run_until_complete(
|
||||||
|
self.testnetvm.run_for_stdio('iptables -nxvL INPUT',
|
||||||
|
user='root'))
|
||||||
|
except subprocess.CalledProcessError:
|
||||||
|
self.fail('iptables -nxvL INPUT failed')
|
||||||
|
|
||||||
|
output = output.decode().splitlines()
|
||||||
|
packets = output[2].lstrip().split()[0]
|
||||||
|
self.assertEquals(packets, '0', 'Some packet hit the INPUT rule')
|
||||||
|
|
||||||
def test_100_late_xldevd_startup(self):
|
def test_100_late_xldevd_startup(self):
|
||||||
"""Regression test for #1990"""
|
"""Regression test for #1990"""
|
||||||
|
Loading…
Reference in New Issue
Block a user