public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH] KVM-test: Add a new test: privacy test
@ 2011-02-28 11:20 Amos Kong
  2011-02-28 11:32 ` Michael S. Tsirkin
  0 siblings, 1 reply; 3+ messages in thread
From: Amos Kong @ 2011-02-28 11:20 UTC (permalink / raw)
  To: autotest; +Cc: kvm, mst

Communicate between two vms, and try to capture packages from another vm in
the same lan.
This test used tcpdump, so we need limit it with Linux guests.

Signed-off-by: Amos Kong <akong@redhat.com>
---
 client/tests/kvm/tests/privacy.py      |   44 ++++++++++++++++++++++++++++++++
 client/tests/kvm/tests_base.cfg.sample |    8 +++++-
 2 files changed, 51 insertions(+), 1 deletions(-)
 create mode 100644 client/tests/kvm/tests/privacy.py

diff --git a/client/tests/kvm/tests/privacy.py b/client/tests/kvm/tests/privacy.py
new file mode 100644
index 0000000..d052c66
--- /dev/null
+++ b/client/tests/kvm/tests/privacy.py
@@ -0,0 +1,44 @@
+import logging, time
+from autotest_lib.client.common_lib import error
+import kvm_test_utils
+
+
+def run_privacy(test, params, env):
+    """
+    Privacy test
+
+    1) Boot up three vms
+    2) Flood ping vm1 from vm2
+    3) Verify if we can capture ICMP packages from vm3
+
+    @param test: kvm test object
+    @param params: Dictionary with the test parameters
+    @param env: Dictionary with test environment.
+    """
+    timeout = float(params.get("login_timeout", 360))
+    vm1 = kvm_test_utils.get_living_vm(env, params.get("main_vm"))
+    vm2 = kvm_test_utils.get_living_vm(env, "vm2")
+    vm3 = kvm_test_utils.get_living_vm(env, "vm3")
+    session_vm1 = kvm_test_utils.wait_for_login(vm1, 0, timeout, 0, 2)
+    session_vm2 = kvm_test_utils.wait_for_login(vm2, 0, timeout, 0, 2)
+    session_vm3 = kvm_test_utils.wait_for_login(vm3, 0, timeout, 0, 2)
+
+    ip = vm1.get_address()
+    session_vm2.sendline("ping -f %s" % ip)
+    ethname = kvm_test_utils.get_linux_ifname(session_vm3,
+                                              vm3.get_mac_address(0))
+    sleep_time = int(params.get("sleep_time", 60))
+    cmd = "sleep %s && killall tcpdump & tcpdump -le -vv icmp and" \
+          " dst %s -i %s > /tmp/result" % (sleep_time, ip, ethname)
+
+    session_vm3.get_command_output(cmd, timeout=int(sleep_time+60))
+    time.sleep(sleep_time)
+    s, o = session_vm3.get_command_status_output("grep ICMP /tmp/result")
+    if s == 0:
+        raise error.TestFail("VM3 unexpected captured ICMP packages(vm2->vm1)!")
+    else:
+        logging.debug("Privacy test pass!")
+
+    session_vm1.close()
+    session_vm2.close()
+    session_vm3.close()
diff --git a/client/tests/kvm/tests_base.cfg.sample b/client/tests/kvm/tests_base.cfg.sample
index 661d6fe..29b7d97 100644
--- a/client/tests/kvm/tests_base.cfg.sample
+++ b/client/tests/kvm/tests_base.cfg.sample
@@ -666,6 +666,12 @@ variants:
         mgroup_count = 20
         flood_minutes = 1
 
+    - privacy:
+        type = privacy
+        vms += " vm2 vm3"
+        kill_vm = yes
+        image_snapshot = yes
+
     - pxe:
         type = pxe
         images = pxe
@@ -1737,7 +1743,7 @@ variants:
     # Windows section
     - @Windows:
         no autotest, linux_s3, vlan, ioquit, unattended_install.url, unattended_install.nfs, unattended_install.remote_ks
-        no jumbo, nicdriver_unload, nic_promisc, multicast, mac_change, ethtool, clock_getres
+        no jumbo, nicdriver_unload, nic_promisc, multicast, mac_change, ethtool, clock_getres, privacy
 
         shutdown_command = shutdown /s /f /t 0
         reboot_command = shutdown /r /f /t 0

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] KVM-test: Add a new test: privacy test
  2011-02-28 11:20 [PATCH] KVM-test: Add a new test: privacy test Amos Kong
@ 2011-02-28 11:32 ` Michael S. Tsirkin
  2011-03-15  4:29   ` Lucas Meneghel Rodrigues
  0 siblings, 1 reply; 3+ messages in thread
From: Michael S. Tsirkin @ 2011-02-28 11:32 UTC (permalink / raw)
  To: Amos Kong; +Cc: autotest, lmr, kvm

On Mon, Feb 28, 2011 at 07:20:38PM +0800, Amos Kong wrote:
> Communicate between two vms, and try to capture packages from another vm in
> the same lan.
> This test used tcpdump, so we need limit it with Linux guests.
> 
> Signed-off-by: Amos Kong <akong@redhat.com>

I don't think there's any such privacy guarantee for a plain
bridged setup: the bridge might flood packets to
all endpoints sometimes, and rx mac address filters
even if present are guest controllable so they represent
a performance optimization, not a privacy guarantee.

This is analogous to a physical shared lan: any box can
enable promisc mode and snoop on packets.

You need vlans, or netfilter, or some other filtering
if you want to enforce privacy.

> ---
>  client/tests/kvm/tests/privacy.py      |   44 ++++++++++++++++++++++++++++++++
>  client/tests/kvm/tests_base.cfg.sample |    8 +++++-
>  2 files changed, 51 insertions(+), 1 deletions(-)
>  create mode 100644 client/tests/kvm/tests/privacy.py
> 
> diff --git a/client/tests/kvm/tests/privacy.py b/client/tests/kvm/tests/privacy.py
> new file mode 100644
> index 0000000..d052c66
> --- /dev/null
> +++ b/client/tests/kvm/tests/privacy.py
> @@ -0,0 +1,44 @@
> +import logging, time
> +from autotest_lib.client.common_lib import error
> +import kvm_test_utils
> +
> +
> +def run_privacy(test, params, env):
> +    """
> +    Privacy test
> +
> +    1) Boot up three vms
> +    2) Flood ping vm1 from vm2
> +    3) Verify if we can capture ICMP packages from vm3
> +
> +    @param test: kvm test object
> +    @param params: Dictionary with the test parameters
> +    @param env: Dictionary with test environment.
> +    """
> +    timeout = float(params.get("login_timeout", 360))
> +    vm1 = kvm_test_utils.get_living_vm(env, params.get("main_vm"))
> +    vm2 = kvm_test_utils.get_living_vm(env, "vm2")
> +    vm3 = kvm_test_utils.get_living_vm(env, "vm3")
> +    session_vm1 = kvm_test_utils.wait_for_login(vm1, 0, timeout, 0, 2)
> +    session_vm2 = kvm_test_utils.wait_for_login(vm2, 0, timeout, 0, 2)
> +    session_vm3 = kvm_test_utils.wait_for_login(vm3, 0, timeout, 0, 2)
> +
> +    ip = vm1.get_address()
> +    session_vm2.sendline("ping -f %s" % ip)
> +    ethname = kvm_test_utils.get_linux_ifname(session_vm3,
> +                                              vm3.get_mac_address(0))
> +    sleep_time = int(params.get("sleep_time", 60))
> +    cmd = "sleep %s && killall tcpdump & tcpdump -le -vv icmp and" \
> +          " dst %s -i %s > /tmp/result" % (sleep_time, ip, ethname)
> +
> +    session_vm3.get_command_output(cmd, timeout=int(sleep_time+60))
> +    time.sleep(sleep_time)
> +    s, o = session_vm3.get_command_status_output("grep ICMP /tmp/result")
> +    if s == 0:
> +        raise error.TestFail("VM3 unexpected captured ICMP packages(vm2->vm1)!")
> +    else:
> +        logging.debug("Privacy test pass!")
> +
> +    session_vm1.close()
> +    session_vm2.close()
> +    session_vm3.close()
> diff --git a/client/tests/kvm/tests_base.cfg.sample b/client/tests/kvm/tests_base.cfg.sample
> index 661d6fe..29b7d97 100644
> --- a/client/tests/kvm/tests_base.cfg.sample
> +++ b/client/tests/kvm/tests_base.cfg.sample
> @@ -666,6 +666,12 @@ variants:
>          mgroup_count = 20
>          flood_minutes = 1
>  
> +    - privacy:
> +        type = privacy
> +        vms += " vm2 vm3"
> +        kill_vm = yes
> +        image_snapshot = yes
> +
>      - pxe:
>          type = pxe
>          images = pxe
> @@ -1737,7 +1743,7 @@ variants:
>      # Windows section
>      - @Windows:
>          no autotest, linux_s3, vlan, ioquit, unattended_install.url, unattended_install.nfs, unattended_install.remote_ks
> -        no jumbo, nicdriver_unload, nic_promisc, multicast, mac_change, ethtool, clock_getres
> +        no jumbo, nicdriver_unload, nic_promisc, multicast, mac_change, ethtool, clock_getres, privacy
>  
>          shutdown_command = shutdown /s /f /t 0
>          reboot_command = shutdown /r /f /t 0

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] KVM-test: Add a new test: privacy test
  2011-02-28 11:32 ` Michael S. Tsirkin
@ 2011-03-15  4:29   ` Lucas Meneghel Rodrigues
  0 siblings, 0 replies; 3+ messages in thread
From: Lucas Meneghel Rodrigues @ 2011-03-15  4:29 UTC (permalink / raw)
  To: Michael S. Tsirkin; +Cc: Amos Kong, autotest, kvm

On Mon, 2011-02-28 at 13:32 +0200, Michael S. Tsirkin wrote:
> On Mon, Feb 28, 2011 at 07:20:38PM +0800, Amos Kong wrote:
> > Communicate between two vms, and try to capture packages from another vm in
> > the same lan.
> > This test used tcpdump, so we need limit it with Linux guests.
> > 
> > Signed-off-by: Amos Kong <akong@redhat.com>
> 
> I don't think there's any such privacy guarantee for a plain
> bridged setup: the bridge might flood packets to
> all endpoints sometimes, and rx mac address filters
> even if present are guest controllable so they represent
> a performance optimization, not a privacy guarantee.
> 
> This is analogous to a physical shared lan: any box can
> enable promisc mode and snoop on packets.
> 
> You need vlans, or netfilter, or some other filtering
> if you want to enforce privacy.

Amos, per Michael's comments, perhaps we should put vm1 and vm2 on a
vlan and vm3 on a different vlan to have a more valid packet privacy
testing? I'll refrain from adding this test to the upstream tree until
we have a more satisfactory test/solution.


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-03-15  4:29 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-02-28 11:20 [PATCH] KVM-test: Add a new test: privacy test Amos Kong
2011-02-28 11:32 ` Michael S. Tsirkin
2011-03-15  4:29   ` Lucas Meneghel Rodrigues

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox