def test_flat_override(self):
"""Makes sure flat_interface flag overrides network bridge_interface.
Allows heterogeneous networks a la bug 833426
"""
driver = linux_net.LinuxBridgeInterfaceDriver()
info = {}
@staticmethod
def test_ensure(bridge, interface, network, gateway):
info['passed_interface'] = interface
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, 'ensure_bridge',
test_ensure)
network = {
"bridge": "br100",
"bridge_interface": "base_interface",
"share_address": False,
}
driver.plug(network, "fakemac")
self.assertEqual(info['passed_interface'], "base_interface")
self.flags(flat_interface="override_interface")
driver.plug(network, "fakemac")
self.assertEqual(info['passed_interface'], "override_interface")
def test_ensure_bridge_brings_up_interface(self):
calls = {
'device_exists': [mock.call('bridge')],
'_execute': [
mock.call('brctl',
'addif',
'bridge',
'eth0',
run_as_root=True,
check_exit_code=False),
mock.call('ip',
'link',
'set',
'eth0',
'up',
run_as_root=True,
check_exit_code=False),
mock.call('ip', 'route', 'show', 'dev', 'eth0'),
mock.call('ip', 'addr', 'show', 'dev', 'eth0', 'scope',
'global'),
]
}
with contextlib.nested(
mock.patch.object(linux_net,
'device_exists',
return_value=True),
mock.patch.object(linux_net, '_execute',
return_value=('', ''))) as (device_exists,
_execute):
driver = linux_net.LinuxBridgeInterfaceDriver()
driver.ensure_bridge('bridge', 'eth0')
device_exists.assert_has_calls(calls['device_exists'])
_execute.assert_has_calls(calls['_execute'])
def test_vlan_override(self):
"""Makes sure vlan_interface flag overrides network bridge_interface.
Allows heterogeneous networks a la bug 833426
"""
driver = linux_net.LinuxBridgeInterfaceDriver()
info = {}
@staticmethod
def test_ensure(vlan, bridge, interface, network, mac_address):
info['passed_interface'] = interface
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver,
'ensure_vlan_bridge', test_ensure)
network = {
"bridge": "br100",
"bridge_interface": "base_interface",
"vlan": "fake"
}
self.flags(vlan_interface="")
driver.plug(network, "fakemac")
self.assertEqual(info['passed_interface'], "base_interface")
self.flags(vlan_interface="override_interface")
driver.plug(network, "fakemac")
self.assertEqual(info['passed_interface'], "override_interface")
driver.plug(network, "fakemac")
def test_ensure_bridge_brclt_addif_exception(self):
def fake_execute(*cmd, **kwargs):
if ('brctl', 'addif', 'bridge', 'eth0') == cmd:
return ('', 'some error happens')
else:
return ('', '')
with contextlib.nested(
mock.patch.object(linux_net, 'device_exists', return_value=True),
mock.patch.object(linux_net, '_execute', fake_execute)
) as (device_exists, _):
driver = linux_net.LinuxBridgeInterfaceDriver()
self.assertRaises(exception.NovaException,
driver.ensure_bridge, 'bridge', 'eth0')
device_exists.assert_called_once_with('bridge')
def test_linux_bridge_driver_plug(self):
"""Makes sure plug doesn't drop FORWARD by default.
Ensures bug 890195 doesn't reappear."""
def fake_execute(*args, **kwargs):
return "", ""
self.stubs.Set(utils, 'execute', fake_execute)
def verify_add_rule(chain, rule):
self.assertEqual(chain, 'FORWARD')
self.assertIn('ACCEPT', rule)
self.stubs.Set(linux_net.iptables_manager.ipv4['filter'], 'add_rule',
verify_add_rule)
driver = linux_net.LinuxBridgeInterfaceDriver()
driver.plug({"bridge": "br100", "bridge_interface": "eth0"}, "fakemac")
def test_isolated_host(self):
self.flags(fake_network=False, share_dhcp_address=True)
# NOTE(vish): use a fresh copy of the manager for each test
self.stubs.Set(linux_net, 'iptables_manager',
linux_net.IptablesManager())
self.stubs.Set(linux_net, 'binary_name', 'test')
executes = []
def fake_execute(*args, **kwargs):
executes.append(args)
return "", ""
self.stubs.Set(utils, 'execute', fake_execute)
driver = linux_net.LinuxBridgeInterfaceDriver()
@staticmethod
def fake_ensure(bridge, interface, network, gateway):
return bridge
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, 'ensure_bridge',
fake_ensure)
iface = 'eth0'
dhcp = '192.168.1.1'
network = {
'dhcp_server': dhcp,
'share_address': False,
'bridge': 'br100',
'bridge_interface': iface
}
driver.plug(network, 'fakemac')
expected = [
('ebtables', '-t', 'filter', '-D', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'FORWARD', '-p', 'IPv4', '-i',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'FORWARD', '-p', 'IPv4', '-i',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'FORWARD', '-p', 'IPv4', '-o',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'FORWARD', '-p', 'IPv4', '-o',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
('iptables-save', '-c'),
('iptables-restore', '-c'),
('ip6tables-save', '-c'),
('ip6tables-restore', '-c'),
]
self.assertEqual(executes, expected)
executes = []
@staticmethod
def fake_remove(bridge, gateway):
return
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, 'remove_bridge',
fake_remove)
driver.unplug(network)
expected = [
('ebtables', '-t', 'filter', '-D', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'FORWARD', '-p', 'IPv4', '-i',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'FORWARD', '-p', 'IPv4', '-o',
iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68',
'-j', 'DROP'),
]
self.assertEqual(executes, expected)
def test_isolated_host_iptables_logdrop(self):
# Ensure that a different drop action for iptables doesn't change
# the drop action for ebtables.
self.flags(fake_network=False,
share_dhcp_address=True,
iptables_drop_action='LOGDROP')
# NOTE(vish): use a fresh copy of the manager for each test
self.stubs.Set(linux_net, 'iptables_manager',
linux_net.IptablesManager())
self.stubs.Set(linux_net, 'binary_name', 'test')
executes = []
inputs = []
def fake_execute(*args, **kwargs):
executes.append(args)
process_input = kwargs.get('process_input')
if process_input:
inputs.append(process_input)
return "", ""
self.stubs.Set(utils, 'execute', fake_execute)
driver = linux_net.LinuxBridgeInterfaceDriver()
@staticmethod
def fake_ensure(bridge, interface, network, gateway):
return bridge
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, 'ensure_bridge',
fake_ensure)
iface = 'eth0'
dhcp = '192.168.1.1'
network = {
'dhcp_server': dhcp,
'bridge': 'br100',
'bridge_interface': iface
}
driver.plug(network, 'fakemac')
expected = [
('ebtables', '-t', 'filter', '-D', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-I', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('iptables-save', '-c'),
('iptables-restore', '-c'),
('ip6tables-save', '-c'),
('ip6tables-restore', '-c'),
]
self.assertEqual(executes, expected)
expected_inputs = [
('-A test-FORWARD -m physdev --physdev-in %s '
'-d 255.255.255.255 -p udp --dport 67 -j LOGDROP' % iface),
('-A test-FORWARD -m physdev --physdev-out %s '
'-d 255.255.255.255 -p udp --dport 67 -j LOGDROP' % iface),
('-A test-FORWARD -m physdev --physdev-in %s '
'-d 192.168.1.1 -j LOGDROP' % iface),
('-A test-FORWARD -m physdev --physdev-out %s '
'-s 192.168.1.1 -j LOGDROP' % iface),
]
for inp in expected_inputs:
self.assertIn(inp, inputs[0])
executes = []
inputs = []
@staticmethod
def fake_remove(bridge, gateway):
return
self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, 'remove_bridge',
fake_remove)
driver.unplug(network)
expected = [
('ebtables', '-t', 'filter', '-D', 'INPUT', '-p', 'ARP', '-i',
iface, '--arp-ip-dst', dhcp, '-j', 'DROP'),
('ebtables', '-t', 'filter', '-D', 'OUTPUT', '-p', 'ARP', '-o',
iface, '--arp-ip-src', dhcp, '-j', 'DROP'),
('iptables-save', '-c'),
('iptables-restore', '-c'),
('ip6tables-save', '-c'),
('ip6tables-restore', '-c'),
]
self.assertEqual(executes, expected)
for inp in expected_inputs:
self.assertNotIn(inp, inputs[0])
