def test_install_arp_spoofing_existing_jump(self): # Note(cfb): We don't call this with contextlib.nested() because # arp_protect.install.arp_spoofing_protection() has a decorator # which is a non-nested context manager and they don't play nice # together with mock at all. ebtables_p = mock.patch.object(arp_protect, 'ebtables') ebtables = ebtables_p.start() current_rules = [ 'Bridge table: filter', '', 'Bridge chain: INPUT, entries: 0, policy: ACCEPT', '', 'Bridge chain: FORWARD, entries: 2, policy: ACCEPT', '-p ARP -i %s -j %s' % (self.VIF, self.CHAIN_NAME), '', 'Bridge chain: OUTPUT, entries: 0, policy: ACCEPT', '', ] arp_protect.install_arp_spoofing_protection(self.VIF, [self.FIXED_IP], current_rules) expected = [ mock.call(['-N', self.CHAIN_NAME, '-P', 'DROP']), mock.call(['-F', self.CHAIN_NAME]), mock.call(['-A', self.CHAIN_NAME, '-p', 'ARP', '--arp-ip-src', self.FIXED_IP, '-j', 'ACCEPT']), ] ebtables.assert_has_calls(expected)
def test_install_arp_spoofing_single_ip(self): # Note(cfb): We don't call this with contextlib.nested() because # arp_protect.install.arp_spoofing_protection() has a decorator # which is a non-nested context manager and they don't play nice # together with mock at all. ebtables_p = mock.patch.object(arp_protect, 'ebtables') ebtables = ebtables_p.start() arp_protect.install_arp_spoofing_protection( self.VIF, [self.FIXED_IP], self.EBTABLES_EMPTY_SAMPLE) expected = [ mock.call(['-N', self.CHAIN_NAME, '-P', 'DROP']), mock.call(['-F', self.CHAIN_NAME]), mock.call(['-A', self.CHAIN_NAME, '-p', 'ARP', '--arp-ip-src', self.FIXED_IP, '-j', 'ACCEPT']), mock.call(['-A', 'FORWARD', '-i', self.VIF, '-j', self.CHAIN_NAME, '-p', 'ARP']), ] ebtables.assert_has_calls(expected)