def test_flat_override(self):
"""Makes sure flat_interface flag overrides network bridge_interface.
Allows heterogeneous networks a la bug 833426
"""
driver = linux_net.LinuxBridgeInterfaceDriver()
info = {}
@classmethod
def test_ensure(_self, bridge, interface, network, gateway):
info['passed_interface'] = interface
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver,
'ensure_bridge', test_ensure)
network = {
"bridge": "br100",
"bridge_interface": "base_interface",
}
driver.plug(network, "fakemac")
self.assertEqual(info['passed_interface'], "base_interface")
self.flags(flat_interface="override_interface")
driver.plug(network, "fakemac")
self.assertEqual(info['passed_interface'], "override_interface")
def test_flat_override(self):
"""Makes sure flat_interface flag overrides network bridge_interface.
Allows heterogeneous networks a la bug 833426
"""
driver = linux_net.LinuxBridgeInterfaceDriver()
info = {}
@staticmethod
def test_ensure(bridge, interface, network, gateway):
info['passed_interface'] = interface
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, 'ensure_bridge',
test_ensure)
network = {
"bridge": "br100",
"bridge_interface": "base_interface",
"share_address": False,
}
driver.plug(network, "fakemac")
self.assertEqual(info['passed_interface'], "base_interface")
self.flags(flat_interface="override_interface")
driver.plug(network, "fakemac")
self.assertEqual(info['passed_interface'], "override_interface")
def test_linux_bridge_driver_plug(self):
"""Makes sure plug doesn't drop FORWARD by default.
Ensures bug 890195 doesn't reappear."""
def fake_execute(*args, **kwargs):
return "", ""
self.stubs.Set(utils, 'execute', fake_execute)
def verify_add_rule(chain, rule):
self.assertEqual(chain, 'FORWARD')
self.assertIn('ACCEPT', rule)
self.stubs.Set(linux_net.iptables_manager.ipv4['filter'], 'add_rule',
verify_add_rule)
driver = linux_net.LinuxBridgeInterfaceDriver()
driver.plug({"bridge": "br100", "bridge_interface": "eth0"}, "fakemac")
def test_linux_bridge_driver_plug(self):
"""Makes sure plug doesn't drop FORWARD by default.
Ensures bug 890195 doesn't reappear."""
def fake_execute(*args, **kwargs):
return "", ""
self.stubs.Set(utils, 'execute', fake_execute)
def verify_add_rule(chain, rule):
self.assertEqual(chain, 'FORWARD')
self.assertIn('ACCEPT', rule)
self.stubs.Set(linux_net.iptables_manager.ipv4['filter'],
'add_rule', verify_add_rule)
driver = linux_net.LinuxBridgeInterfaceDriver()
driver.plug({"bridge": "br100", "bridge_interface": "eth0"},
"fakemac")
def test_linux_bridge_driver_plug(self):
"""Makes sure plug doesn't drop FORWARD by default.
Ensures bug 890195 doesn't reappear.
"""
def fake_execute(*args, **kwargs):
return "", ""
self.stubs.Set(utils, "execute", fake_execute)
def verify_add_rule(chain, rule):
self.assertEqual(chain, "FORWARD")
self.assertIn("ACCEPT", rule)
self.stubs.Set(linux_net.iptables_manager.ipv4["filter"], "add_rule", verify_add_rule)
driver = linux_net.LinuxBridgeInterfaceDriver()
driver.plug({"bridge": "br100", "bridge_interface": "eth0", "share_address": False}, "fakemac")
def test_vlan_override(self):
"""Makes sure vlan_interface flag overrides network bridge_interface.
Allows heterogeneous networks a la bug 833426
"""
driver = linux_net.LinuxBridgeInterfaceDriver()
info = {}
@staticmethod
def test_ensure(vlan, bridge, interface, network, mac_address):
info['passed_interface'] = interface
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver,
'ensure_vlan_bridge', test_ensure)
network = {
"bridge": "br100",
"bridge_interface": "base_interface",
"vlan": "fake"
}
self.flags(vlan_interface="")
driver.plug(network, "fakemac")
self.assertEqual(info['passed_interface'], "base_interface")
self.flags(vlan_interface="override_interface")
driver.plug(network, "fakemac")
self.assertEqual(info['passed_interface'], "override_interface")
driver.plug(network, "fakemac")
def test_vlan_override(self):
"""Makes sure vlan_interface flag overrides network bridge_interface.
Allows heterogeneous networks a la bug 833426
"""
driver = linux_net.LinuxBridgeInterfaceDriver()
info = {}
@staticmethod
def test_ensure(vlan, bridge, interface, network, mac_address):
info['passed_interface'] = interface
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver,
'ensure_vlan_bridge', test_ensure)
network = {
"bridge": "br100",
"bridge_interface": "base_interface",
"vlan": "fake"
}
self.flags(vlan_interface="")
driver.plug(network, "fakemac")
self.assertEqual(info['passed_interface'], "base_interface")
self.flags(vlan_interface="override_interface")
driver.plug(network, "fakemac")
self.assertEqual(info['passed_interface'], "override_interface")
driver.plug(network, "fakemac")
def test_isolated_host_iptables_logdrop(self):
# Ensure that a different drop action for iptables doesn't change
# the drop action for ebtables.
self.flags(fake_network=False,
share_dhcp_address=True,
iptables_drop_action='LOGDROP')
# NOTE(vish): use a fresh copy of the manager for each test
self.stubs.Set(linux_net, 'iptables_manager',
linux_net.IptablesManager())
self.stubs.Set(linux_net, 'binary_name', 'test')
executes = []
inputs = []
def fake_execute(*args, **kwargs):
executes.append(args)
process_input = kwargs.get('process_input')
if process_input:
inputs.append(process_input)
return "", ""
self.stubs.Set(utils, 'execute', fake_execute)
driver = linux_net.LinuxBridgeInterfaceDriver()
@classmethod
def fake_ensure(_self, bridge, interface, network, gateway):
return bridge
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver,
'ensure_bridge', fake_ensure)
iface = 'eth0'
dhcp = '192.168.1.1'
network = {'dhcp_server': dhcp,
'bridge': 'br100',
'bridge_interface': iface}
driver.plug(network, 'fakemac')
expected = [
('ebtables', '-t', 'filter', '-D', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('iptables-save', '-c'),
('iptables-restore', '-c'),
('ip6tables-save', '-c'),
('ip6tables-restore', '-c'),
]
self.assertEqual(executes, expected)
expected_inputs = [
('-A test-FORWARD -m physdev --physdev-in %s '
'-d 255.255.255.255 -p udp --dport 67 -j LOGDROP' % iface),
('-A test-FORWARD -m physdev --physdev-out %s '
'-d 255.255.255.255 -p udp --dport 67 -j LOGDROP' % iface),
('-A test-FORWARD -m physdev --physdev-in %s '
'-d 192.168.1.1 -j LOGDROP' % iface),
('-A test-FORWARD -m physdev --physdev-out %s '
'-s 192.168.1.1 -j LOGDROP' % iface),
]
for inp in expected_inputs:
self.assertTrue(inp in inputs[0])
executes = []
inputs = []
@classmethod
def fake_remove(_self, bridge, gateway):
return
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver,
'remove_bridge', fake_remove)
driver.unplug(network)
expected = [
('ebtables', '-t', 'filter', '-D', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('iptables-save', '-c'),
('iptables-restore', '-c'),
('ip6tables-save', '-c'),
('ip6tables-restore', '-c'),
]
self.assertEqual(executes, expected)
for inp in expected_inputs:
self.assertFalse(inp in inputs[0])
def test_isolated_host(self):
self.flags(fake_network=False, share_dhcp_address=True)
# NOTE(vish): use a fresh copy of the manager for each test
self.stubs.Set(linux_net, 'iptables_manager',
linux_net.IptablesManager())
self.stubs.Set(linux_net, 'binary_name', 'test')
executes = []
def fake_execute(*args, **kwargs):
executes.append(args)
return "", ""
self.stubs.Set(utils, 'execute', fake_execute)
driver = linux_net.LinuxBridgeInterfaceDriver()
@staticmethod
def fake_ensure(bridge, interface, network, gateway):
return bridge
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, 'ensure_bridge',
fake_ensure)
iface = 'eth0'
dhcp = '192.168.1.1'
network = {
'dhcp_server': dhcp,
'share_address': False,
'bridge': 'br100',
'bridge_interface': iface
}
driver.plug(network, 'fakemac')
expected = [
('ebtables', '-t', 'filter', '-D', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'FORWARD', '-p', 'IPv4', '-i',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'FORWARD', '-p', 'IPv4', '-i',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'FORWARD', '-p', 'IPv4', '-o',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'FORWARD', '-p', 'IPv4', '-o',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
('iptables-save', '-c'),
('iptables-restore', '-c'),
('ip6tables-save', '-c'),
('ip6tables-restore', '-c'),
]
self.assertEqual(executes, expected)
executes = []
@staticmethod
def fake_remove(bridge, gateway):
return
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, 'remove_bridge',
fake_remove)
driver.unplug(network)
expected = [
('ebtables', '-t', 'filter', '-D', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'FORWARD', '-p', 'IPv4', '-i',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'FORWARD', '-p', 'IPv4', '-o',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
]
self.assertEqual(executes, expected)
def test_isolated_host_iptables_logdrop(self):
# Ensure that a different drop action for iptables doesn't change
# the drop action for ebtables.
self.flags(fake_network=False,
share_dhcp_address=True,
iptables_drop_action='LOGDROP')
# NOTE(vish): use a fresh copy of the manager for each test
self.stubs.Set(linux_net, 'iptables_manager',
linux_net.IptablesManager())
self.stubs.Set(linux_net, 'binary_name', 'test')
executes = []
inputs = []
def fake_execute(*args, **kwargs):
executes.append(args)
process_input = kwargs.get('process_input')
if process_input:
inputs.append(process_input)
return "", ""
self.stubs.Set(utils, 'execute', fake_execute)
driver = linux_net.LinuxBridgeInterfaceDriver()
@staticmethod
def fake_ensure(bridge, interface, network, gateway):
return bridge
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, 'ensure_bridge',
fake_ensure)
iface = 'eth0'
dhcp = '192.168.1.1'
network = {
'dhcp_server': dhcp,
'bridge': 'br100',
'bridge_interface': iface
}
driver.plug(network, 'fakemac')
expected = [
('ebtables', '-t', 'filter', '-D', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('iptables-save', '-c'),
('iptables-restore', '-c'),
('ip6tables-save', '-c'),
('ip6tables-restore', '-c'),
]
self.assertEqual(executes, expected)
expected_inputs = [
('-A test-FORWARD -m physdev --physdev-in %s '
'-d 255.255.255.255 -p udp --dport 67 -j LOGDROP' % iface),
('-A test-FORWARD -m physdev --physdev-out %s '
'-d 255.255.255.255 -p udp --dport 67 -j LOGDROP' % iface),
('-A test-FORWARD -m physdev --physdev-in %s '
'-d 192.168.1.1 -j LOGDROP' % iface),
('-A test-FORWARD -m physdev --physdev-out %s '
'-s 192.168.1.1 -j LOGDROP' % iface),
]
for inp in expected_inputs:
self.assertIn(inp, inputs[0])
executes = []
inputs = []
@staticmethod
def fake_remove(bridge, gateway):
return
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, 'remove_bridge',
fake_remove)
driver.unplug(network)
expected = [
('ebtables', '-t', 'filter', '-D', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('iptables-save', '-c'),
('iptables-restore', '-c'),
('ip6tables-save', '-c'),
('ip6tables-restore', '-c'),
]
self.assertEqual(executes, expected)
for inp in expected_inputs:
self.assertNotIn(inp, inputs[0])
def test_isolated_host(self):
self.flags(fake_network=False, share_dhcp_address=True)
# NOTE(vish): use a fresh copy of the manager for each test
self.stubs.Set(linux_net, "iptables_manager", linux_net.IptablesManager())
self.stubs.Set(linux_net, "binary_name", "test")
executes = []
inputs = []
def fake_execute(*args, **kwargs):
executes.append(args)
process_input = kwargs.get("process_input")
if process_input:
inputs.append(process_input)
return "", ""
self.stubs.Set(utils, "execute", fake_execute)
driver = linux_net.LinuxBridgeInterfaceDriver()
@classmethod
def fake_ensure(_self, bridge, interface, network, gateway):
return bridge
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, "ensure_bridge", fake_ensure)
iface = "eth0"
dhcp = "192.168.1.1"
network = {"dhcp_server": dhcp, "bridge": "br100", "bridge_interface": iface}
driver.plug(network, "fakemac")
expected = [
("ebtables", "-t", "filter", "-D", "INPUT", "-p", "ARP", "-i", iface, "--arp-ip-dst", dhcp, "-j", "DROP"),
("ebtables", "-t", "filter", "-I", "INPUT", "-p", "ARP", "-i", iface, "--arp-ip-dst", dhcp, "-j", "DROP"),
("ebtables", "-t", "filter", "-D", "OUTPUT", "-p", "ARP", "-o", iface, "--arp-ip-src", dhcp, "-j", "DROP"),
("ebtables", "-t", "filter", "-I", "OUTPUT", "-p", "ARP", "-o", iface, "--arp-ip-src", dhcp, "-j", "DROP"),
("iptables-save", "-c"),
("iptables-restore", "-c"),
("ip6tables-save", "-c"),
("ip6tables-restore", "-c"),
]
self.assertEqual(executes, expected)
expected_inputs = [
"-A test-FORWARD -m physdev --physdev-in %s " "-d 255.255.255.255 -p udp --dport 67 -j DROP" % iface,
"-A test-FORWARD -m physdev --physdev-out %s " "-d 255.255.255.255 -p udp --dport 67 -j DROP" % iface,
"-A test-FORWARD -m physdev --physdev-in %s " "-d 192.168.1.1 -j DROP" % iface,
"-A test-FORWARD -m physdev --physdev-out %s " "-s 192.168.1.1 -j DROP" % iface,
]
for inp in expected_inputs:
self.assertTrue(inp in inputs[0])
executes = []
inputs = []
@classmethod
def fake_remove(_self, bridge, gateway):
return
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, "remove_bridge", fake_remove)
driver.unplug(network)
expected = [
("ebtables", "-t", "filter", "-D", "INPUT", "-p", "ARP", "-i", iface, "--arp-ip-dst", dhcp, "-j", "DROP"),
("ebtables", "-t", "filter", "-D", "OUTPUT", "-p", "ARP", "-o", iface, "--arp-ip-src", dhcp, "-j", "DROP"),
("iptables-save", "-c"),
("iptables-restore", "-c"),
("ip6tables-save", "-c"),
("ip6tables-restore", "-c"),
]
self.assertEqual(executes, expected)
for inp in expected_inputs:
self.assertFalse(inp in inputs[0])
def test_isolated_host(self):
self.flags(fake_network=False,
share_dhcp_address=True)
# NOTE(vish): use a fresh copy of the manager for each test
self.stubs.Set(linux_net, 'iptables_manager',
linux_net.IptablesManager())
self.stubs.Set(linux_net, 'binary_name', 'test')
executes = []
def fake_execute(*args, **kwargs):
executes.append(args)
return "", ""
self.stubs.Set(utils, 'execute', fake_execute)
driver = linux_net.LinuxBridgeInterfaceDriver()
@staticmethod
def fake_ensure(bridge, interface, network, gateway):
return bridge
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver,
'ensure_bridge', fake_ensure)
iface = 'eth0'
dhcp = '192.168.1.1'
network = {'dhcp_server': dhcp,
'share_address': False,
'bridge': 'br100',
'bridge_interface': iface}
driver.plug(network, 'fakemac')
expected = [
('ebtables', '-t', 'filter', '-D', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'FORWARD', '-p', 'IPv4', '-i',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'FORWARD', '-p', 'IPv4', '-i',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'FORWARD', '-p', 'IPv4', '-o',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'FORWARD', '-p', 'IPv4', '-o',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
('iptables-save', '-c'),
('iptables-restore', '-c'),
('ip6tables-save', '-c'),
('ip6tables-restore', '-c'),
]
self.assertEqual(executes, expected)
executes = []
@staticmethod
def fake_remove(bridge, gateway):
return
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver,
'remove_bridge', fake_remove)
driver.unplug(network)
expected = [
('ebtables', '-t', 'filter', '-D', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'FORWARD', '-p', 'IPv4', '-i',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'FORWARD', '-p', 'IPv4', '-o',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
]
self.assertEqual(executes, expected)
def test_isolated_host(self):
self.flags(fake_network=False, share_dhcp_address=True)
# NOTE(vish): use a fresh copy of the manager for each test
self.stubs.Set(linux_net, "iptables_manager", linux_net.IptablesManager())
self.stubs.Set(linux_net, "binary_name", "test")
executes = []
def fake_execute(*args, **kwargs):
executes.append(args)
return "", ""
self.stubs.Set(utils, "execute", fake_execute)
driver = linux_net.LinuxBridgeInterfaceDriver()
@staticmethod
def fake_ensure(bridge, interface, network, gateway):
return bridge
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, "ensure_bridge", fake_ensure)
iface = "eth0"
dhcp = "192.168.1.1"
network = {"dhcp_server": dhcp, "share_address": False, "bridge": "br100", "bridge_interface": iface}
driver.plug(network, "fakemac")
expected = [
("ebtables", "-t", "filter", "-D", "INPUT", "-p", "ARP", "-i", iface, "--arp-ip-dst", dhcp, "-j", "DROP"),
("ebtables", "-t", "filter", "-I", "INPUT", "-p", "ARP", "-i", iface, "--arp-ip-dst", dhcp, "-j", "DROP"),
("ebtables", "-t", "filter", "-D", "OUTPUT", "-p", "ARP", "-o", iface, "--arp-ip-src", dhcp, "-j", "DROP"),
("ebtables", "-t", "filter", "-I", "OUTPUT", "-p", "ARP", "-o", iface, "--arp-ip-src", dhcp, "-j", "DROP"),
(
"ebtables",
"-t",
"filter",
"-D",
"FORWARD",
"-p",
"IPv4",
"-i",
iface,
"--ip-protocol",
"udp",
"--ip-destination-port",
"67:68",
"-j",
"DROP",
),
(
"ebtables",
"-t",
"filter",
"-I",
"FORWARD",
"-p",
"IPv4",
"-i",
iface,
"--ip-protocol",
"udp",
"--ip-destination-port",
"67:68",
"-j",
"DROP",
),
(
"ebtables",
"-t",
"filter",
"-D",
"FORWARD",
"-p",
"IPv4",
"-o",
iface,
"--ip-protocol",
"udp",
"--ip-destination-port",
"67:68",
"-j",
"DROP",
),
(
"ebtables",
"-t",
"filter",
"-I",
"FORWARD",
"-p",
"IPv4",
"-o",
iface,
"--ip-protocol",
"udp",
"--ip-destination-port",
"67:68",
"-j",
"DROP",
),
("iptables-save", "-c"),
("iptables-restore", "-c"),
("ip6tables-save", "-c"),
("ip6tables-restore", "-c"),
]
self.assertEqual(executes, expected)
executes = []
@staticmethod
def fake_remove(bridge, gateway):
return
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, "remove_bridge", fake_remove)
driver.unplug(network)
expected = [
("ebtables", "-t", "filter", "-D", "INPUT", "-p", "ARP", "-i", iface, "--arp-ip-dst", dhcp, "-j", "DROP"),
("ebtables", "-t", "filter", "-D", "OUTPUT", "-p", "ARP", "-o", iface, "--arp-ip-src", dhcp, "-j", "DROP"),
(
"ebtables",
"-t",
"filter",
"-D",
"FORWARD",
"-p",
"IPv4",
"-i",
iface,
"--ip-protocol",
"udp",
"--ip-destination-port",
"67:68",
"-j",
"DROP",
),
(
"ebtables",
"-t",
"filter",
"-D",
"FORWARD",
"-p",
"IPv4",
"-o",
iface,
"--ip-protocol",
"udp",
"--ip-destination-port",
"67:68",
"-j",
"DROP",
),
]
self.assertEqual(executes, expected)