"ping"/"ping6" command support in rootwrap filters
To have correct support in rootwrap, "ping"/"ping6" command should have the correct filters in rootwrap. Because "ping" command is harmless, "CommandFilter" is used to allow any binary call, regardless of the parameters used and the order. Nevertheless, this patch also proposes to use "ping"/"ping6" with the same parameters and a specific order, to help in the debug process: - ping[6] -W <timeout> <address> - ping[6] -W <timeout> -c <count> <address> - ping[6] -W <timeout> -c <count> -i <interval> <address> Those commands could be called from inside a namespace. The needed filter is also added in this patch. Change-Id: Ie5cbc0dcc76672b26cd2605f08cfd17a30b4c905 Closes-Bug: #1863006
This commit is contained in:
parent
0ef4233d89
commit
cc3b9df426
|
@ -12,10 +12,10 @@
|
|||
# from inside a namespace which requires root
|
||||
# _alt variants allow to match -c and -w in any order
|
||||
# (used by NeutronDebugAgent.ping_all)
|
||||
ping: RegExpFilter, ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
|
||||
ping_alt: RegExpFilter, ping, root, ping, -c, \d+, -w, \d+, [0-9\.]+
|
||||
ping6: RegExpFilter, ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+
|
||||
ping6_alt: RegExpFilter, ping6, root, ping6, -c, \d+, -w, \d+, [0-9A-Fa-f:]+
|
||||
ping: CommandFilter, ping, root
|
||||
ping6: CommandFilter, ping6, root
|
||||
ping_exec: IpNetnsExecFilter, ping, root
|
||||
ping6_exec: IpNetnsExecFilter, ping6, root
|
||||
|
||||
# "sleep" command, only for testing
|
||||
sleep: RegExpFilter, sleep, root, sleep, \d+
|
||||
|
|
|
@ -111,7 +111,7 @@ def assert_ping(src_namespace, dst_ip, timeout=1, count=3):
|
|||
ipversion = netaddr.IPAddress(dst_ip).version
|
||||
ping_command = 'ping' if ipversion == 4 else 'ping6'
|
||||
ns_ip_wrapper = ip_lib.IPWrapper(src_namespace)
|
||||
ns_ip_wrapper.netns.execute([ping_command, '-c', count, '-W', timeout,
|
||||
ns_ip_wrapper.netns.execute([ping_command, '-W', timeout, '-c', count,
|
||||
dst_ip])
|
||||
|
||||
|
||||
|
@ -124,7 +124,7 @@ def assert_async_ping(src_namespace, dst_ip, timeout=1, count=1, interval=1):
|
|||
# cannot be used and it needs to be done using the following workaround.
|
||||
for _index in range(count):
|
||||
start_time = time.time()
|
||||
ns_ip_wrapper.netns.execute([ping_command, '-c', '1', '-W', timeout,
|
||||
ns_ip_wrapper.netns.execute([ping_command, '-W', timeout, '-c', '1',
|
||||
dst_ip])
|
||||
end_time = time.time()
|
||||
diff = end_time - start_time
|
||||
|
@ -416,11 +416,12 @@ class Pinger(object):
|
|||
raise RuntimeError("This pinger has already a running process")
|
||||
ip_version = common_utils.get_ip_version(self.address)
|
||||
ping_exec = 'ping' if ip_version == n_const.IP_VERSION_4 else 'ping6'
|
||||
cmd = [ping_exec, self.address, '-W', str(self.timeout)]
|
||||
cmd = [ping_exec, '-W', str(self.timeout)]
|
||||
if self.count:
|
||||
cmd.extend(['-c', str(self.count)])
|
||||
if self.interval:
|
||||
cmd.extend(['-i', str(self.interval)])
|
||||
cmd.append(self.address)
|
||||
self.proc = RootHelperProcess(cmd, namespace=self.namespace)
|
||||
|
||||
def stop(self):
|
||||
|
|
|
@ -320,7 +320,7 @@ class L3AgentTestCase(framework.L3AgentTestFramework):
|
|||
# Verify that the ping replys with fip
|
||||
ns_ip_wrapper = ip_lib.IPWrapper(src_machine.namespace)
|
||||
result = ns_ip_wrapper.netns.execute(
|
||||
['ping', '-c', 1, '-W', 5, dst_fip])
|
||||
['ping', '-W', 5, '-c', 1, dst_fip])
|
||||
self._assert_ping_reply_from_expected_address(result, dst_fip)
|
||||
|
||||
def _setup_address_scope(self, internal_address_scope1,
|
||||
|
|
Loading…
Reference in New Issue