Re: [PATCH] KVM-test: Add a new test: privacy test

["Michael S. Tsirkin" <mst@redhat.com>]

On Mon, Feb 28, 2011 at 07:20:38PM +0800, Amos Kong wrote:
> Communicate between two vms, and try to capture packages from another vm in
> the same lan.
> This test used tcpdump, so we need limit it with Linux guests.
> 
> Signed-off-by: Amos Kong <akong@redhat.com>

I don't think there's any such privacy guarantee for a plain
bridged setup: the bridge might flood packets to
all endpoints sometimes, and rx mac address filters
even if present are guest controllable so they represent
a performance optimization, not a privacy guarantee.

This is analogous to a physical shared lan: any box can
enable promisc mode and snoop on packets.

You need vlans, or netfilter, or some other filtering
if you want to enforce privacy.

> ---
>  client/tests/kvm/tests/privacy.py      |   44 ++++++++++++++++++++++++++++++++
>  client/tests/kvm/tests_base.cfg.sample |    8 +++++-
>  2 files changed, 51 insertions(+), 1 deletions(-)
>  create mode 100644 client/tests/kvm/tests/privacy.py
> 
> diff --git a/client/tests/kvm/tests/privacy.py b/client/tests/kvm/tests/privacy.py
> new file mode 100644
> index 0000000..d052c66
> --- /dev/null
> +++ b/client/tests/kvm/tests/privacy.py
> @@ -0,0 +1,44 @@
> +import logging, time
> +from autotest_lib.client.common_lib import error
> +import kvm_test_utils
> +
> +
> +def run_privacy(test, params, env):
> +    """
> +    Privacy test
> +
> +    1) Boot up three vms
> +    2) Flood ping vm1 from vm2
> +    3) Verify if we can capture ICMP packages from vm3
> +
> +    @param test: kvm test object
> +    @param params: Dictionary with the test parameters
> +    @param env: Dictionary with test environment.
> +    """
> +    timeout = float(params.get("login_timeout", 360))
> +    vm1 = kvm_test_utils.get_living_vm(env, params.get("main_vm"))
> +    vm2 = kvm_test_utils.get_living_vm(env, "vm2")
> +    vm3 = kvm_test_utils.get_living_vm(env, "vm3")
> +    session_vm1 = kvm_test_utils.wait_for_login(vm1, 0, timeout, 0, 2)
> +    session_vm2 = kvm_test_utils.wait_for_login(vm2, 0, timeout, 0, 2)
> +    session_vm3 = kvm_test_utils.wait_for_login(vm3, 0, timeout, 0, 2)
> +
> +    ip = vm1.get_address()
> +    session_vm2.sendline("ping -f %s" % ip)
> +    ethname = kvm_test_utils.get_linux_ifname(session_vm3,
> +                                              vm3.get_mac_address(0))
> +    sleep_time = int(params.get("sleep_time", 60))
> +    cmd = "sleep %s && killall tcpdump & tcpdump -le -vv icmp and" \
> +          " dst %s -i %s > /tmp/result" % (sleep_time, ip, ethname)
> +
> +    session_vm3.get_command_output(cmd, timeout=int(sleep_time+60))
> +    time.sleep(sleep_time)
> +    s, o = session_vm3.get_command_status_output("grep ICMP /tmp/result")
> +    if s == 0:
> +        raise error.TestFail("VM3 unexpected captured ICMP packages(vm2->vm1)!")
> +    else:
> +        logging.debug("Privacy test pass!")
> +
> +    session_vm1.close()
> +    session_vm2.close()
> +    session_vm3.close()
> diff --git a/client/tests/kvm/tests_base.cfg.sample b/client/tests/kvm/tests_base.cfg.sample
> index 661d6fe..29b7d97 100644
> --- a/client/tests/kvm/tests_base.cfg.sample
> +++ b/client/tests/kvm/tests_base.cfg.sample
> @@ -666,6 +666,12 @@ variants:
>          mgroup_count = 20
>          flood_minutes = 1
>  
> +    - privacy:
> +        type = privacy
> +        vms += " vm2 vm3"
> +        kill_vm = yes
> +        image_snapshot = yes
> +
>      - pxe:
>          type = pxe
>          images = pxe
> @@ -1737,7 +1743,7 @@ variants:
>      # Windows section
>      - @Windows:
>          no autotest, linux_s3, vlan, ioquit, unattended_install.url, unattended_install.nfs, unattended_install.remote_ks
> -        no jumbo, nicdriver_unload, nic_promisc, multicast, mac_change, ethtool, clock_getres
> +        no jumbo, nicdriver_unload, nic_promisc, multicast, mac_change, ethtool, clock_getres, privacy
>  
>          shutdown_command = shutdown /s /f /t 0
>          reboot_command = shutdown /r /f /t 0