libvirt/tests
Laine Stump 513122ae93 network: don't forward DNS requests from isolated networks
This is in response to:

  https://bugzilla.redhat.com/show_bug.cgi?id=723862

which points out that a guest on an "isolated" network could
potentially exploit the DNS forwarding provided by dnsmasq to create a
communication channel to the outside.

This patch eliminates that possibility by adding the "--no-resolv"
argument to the dnsmasq commandline, which tells dnsmasq to not
forward on any requests that it can't resolve itself (by looking at
its own static hosts files and runtime list of dhcp clients), but to
instead return a failure for those requests.

This shouldn't cause any undesirable change from current
behavior, even in the case where a guest is currently configured with
multiple interfaces, one of them being connected to an isolated
network, and another to a network that does have connectivity to the
outside. If the isolated network's DNS server is queried for a name
it doesn't know, it will return "Refused" rather than "Unknown", which
indicates to the guest that it should query other servers, so it then
queries the connected DNS server, and gets the desired response.
2011-07-29 17:23:55 -04:00
..
capabilityschemadata microblaze: Add architecture support 2011-07-07 17:49:21 -06:00
commanddata freebsd: Avoid /bin/true in commandtest 2011-07-29 12:12:58 +02:00
confdata maint: improve tests distribution 2010-12-17 11:57:11 -07:00
cputestdata tests: Add unit tests for internal CPU APIs 2010-12-01 14:12:54 +01:00
domainschemadata schema: Move timer element inside clock 2010-11-09 15:35:43 +01:00
domainsnapshotxml2xmlin Domain snapshot RNG and tests. 2010-05-20 13:50:03 -04:00
domainsnapshotxml2xmlout Domain snapshot RNG and tests. 2010-05-20 13:50:03 -04:00
interfaceschemadata Update interface.rng and xml test files to match netcf 0.1.5 2010-01-19 21:13:03 +01:00
networkxml2argvdata network: don't forward DNS requests from isolated networks 2011-07-29 17:23:55 -04:00
networkxml2xmlin bandwidth: Add test cases for network 2011-07-25 13:50:06 +08:00
networkxml2xmlout bandwidth: Add test cases for network 2011-07-25 13:50:06 +08:00
nodedevschemadata nodedev: Add removable storage 'media_label' prop 2009-12-14 14:58:23 +01:00
nodeinfodata Get thread and socket information in virsh nodeinfo. 2010-03-08 09:26:04 -05:00
nwfilterxml2xmlin nwfilter: enable filtering of gratuitous ARP packets 2011-05-23 19:41:18 -04:00
nwfilterxml2xmlout nwfilter: enable filtering of gratuitous ARP packets 2011-05-23 19:41:18 -04:00
qemuhelpdata Add txmode attribute to interface XML for virtio backend 2011-02-17 11:07:58 -05:00
qemuxml2argvdata conf: add <listen> subelement to domain <graphics> element 2011-07-28 13:46:39 -04:00
qemuxml2xmloutdata conf: add <listen> subelement to domain <graphics> element 2011-07-28 13:46:39 -04:00
sexpr2xmldata conf: add <listen> subelement to domain <graphics> element 2011-07-28 13:46:39 -04:00
storagepoolxml2xmlin storage: add support for Vendor and Model in XML 2010-08-19 15:58:43 -06:00
storagepoolxml2xmlout storage: add support for Vendor and Model in XML 2010-08-19 15:58:43 -06:00
storagevolxml2xmlin tests: Add storage volume XML 2 XML tests. 2009-10-16 10:52:27 -04:00
storagevolxml2xmlout tests: Add storage volume XML 2 XML tests. 2009-10-16 10:52:27 -04:00
vmx2xmldata esx: Fix regression in absolute file name handling 2011-05-26 23:32:44 +02:00
xencapsdata maint: improve tests distribution 2010-12-17 11:57:11 -07:00
xmconfigdata conf: add <listen> subelement to domain <graphics> element 2011-07-28 13:46:39 -04:00
xml2sexprdata Do not drop kernel cmdline for xen pv domains 2011-07-11 09:11:15 -06:00
xml2vmxdata esx: Fix regression in absolute file name handling 2011-05-26 23:32:44 +02:00
.gitignore Add a test case for certificate validation 2011-07-22 15:18:32 +01:00
.valgrind.supp tests: suppress more valgrind situations 2011-05-03 08:03:39 -06:00
capabilityschematest Make test suite output less verbose 2010-01-15 16:28:05 +00:00
commandhelper.c build: rename files.h to virfile.h 2011-07-21 10:34:51 -06:00
commandtest.c freebsd: Avoid /bin/true in commandtest 2011-07-29 12:12:58 +02:00
conftest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
cpuset tests: use GPLv2+, not GPLv3 2010-05-12 08:41:10 +02:00
cputest.c maint: rename virBufferVSprintf to virBufferAsprintf 2011-05-05 13:47:40 -06:00
daemon-conf tests: fix daemon-conf testing failure 2010-11-03 11:43:11 +01:00
define-dev-segfault Add domain type checking 2011-07-11 19:38:51 +02:00
domainschematest tests: Test qemuxml2xml when expected xml changes 2010-07-28 16:47:56 -04:00
domainsnapshotschematest Domain snapshot RNG and tests. 2010-05-20 13:50:03 -04:00
esxutilstest.c tests: Use EXIT_AM_SKIP instead of 77 directly 2011-07-09 10:14:38 +02:00
eventtest.c tests: simplify common setup 2011-04-29 10:21:20 -06:00
hashdata.h tests: More unit tests for internal hash APIs 2011-04-27 15:32:30 +02:00
hashtest.c hash: fix memory leak regression 2011-04-29 14:26:40 -06:00
int-overflow tests: Don't use bash if we don't have to 2011-07-29 17:17:21 +02:00
interfaceschematest Make test suite output less verbose 2010-01-15 16:28:05 +00:00
interfacexml2xmltest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
jsontest.c Add test case for parsing JSON docs 2011-06-30 18:04:02 +01:00
libvirtd-fail Fix up "make check" 2009-10-07 12:18:13 +02:00
libvirtd-pool Fix up "make check" 2009-10-07 12:18:13 +02:00
Makefile.am build: avoid non-portable shell in test setup 2011-07-29 11:47:18 -06:00
networkschematest Make test suite output less verbose 2010-01-15 16:28:05 +00:00
networkxml2argvtest.c network: Fix dnsmasq hostsfile creation logic and related tests 2011-06-29 01:59:34 +02:00
networkxml2xmltest.c bandwidth: Add test cases for network 2011-07-25 13:50:06 +08:00
nodedevschematest Make test suite output less verbose 2010-01-15 16:28:05 +00:00
nodedevxml2xmltest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
nodeinfotest.c tests: Unify style of test skipping code 2011-07-29 12:12:58 +02:00
nwfilterschematest nwfilter: Add filter schema for nwfilter XML, extend domain XML schema 2010-04-06 11:09:46 -04:00
nwfilterxml2xmltest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
object-locking.ml maint: typo fixes 2011-06-24 08:01:10 -06:00
oomtrace.pl maint: mark more perl scripts executable 2011-05-16 10:12:21 -06:00
openvzutilstest.c openvz: Add simple test for openvzReadNetworkConf 2011-06-01 11:58:15 +02:00
openvzutilstest.conf openvz: Add simple test for openvzReadNetworkConf 2011-06-01 11:58:15 +02:00
pkix_asn1_tab.c Add a test case for certificate validation 2011-07-22 15:18:32 +01:00
qemuargv2xmltest.c tests: Unify style of test skipping code 2011-07-29 12:12:58 +02:00
qemuhelptest.c tests: Use EXIT_AM_SKIP instead of 77 directly 2011-07-09 10:14:38 +02:00
qemuxml2argvtest.c Add domain type checking 2011-07-11 19:38:51 +02:00
qemuxml2xmltest.c tests: Unify style of test skipping code 2011-07-29 12:12:58 +02:00
qparamtest.c tests: simplify common setup 2011-04-29 10:21:20 -06:00
read-bufsiz build: use portable sed expressions 2010-09-14 08:42:10 -06:00
read-non-seekable tests: use GPLv2+, not GPLv3 2010-05-12 08:41:10 +02:00
reconnect.c tests: Improve output of tests that decide to skip at runtime 2011-07-09 15:47:57 +02:00
schematestutils.sh schematestutils.sh: improve shell portability: avoid "echo -e" 2010-04-14 17:34:12 +02:00
seclabeltest.c Refactor the security drivers to simplify usage 2011-01-10 18:10:52 +00:00
sexpr2xmltest.c Do not drop kernel cmdline for xen pv domains 2011-07-11 09:11:15 -06:00
sockettest.c tests: simplify common setup 2011-04-29 10:21:20 -06:00
ssh.c Introduce a generic object for using network sockets 2011-06-24 11:48:18 +01:00
start tests: use GPLv2+, not GPLv3 2010-05-12 08:41:10 +02:00
statstest.c Skip some xen tests if xend is not running 2011-07-07 17:23:09 -06:00
storagepoolschematest Make test suite output less verbose 2010-01-15 16:28:05 +00:00
storagepoolxml2xmltest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
storagevolschematest Make test suite output less verbose 2010-01-15 16:28:05 +00:00
storagevolxml2xmltest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
test_conf.sh Make test suite output less verbose 2010-01-15 16:28:05 +00:00
test-lib.sh tests: simplify formatting 2011-07-11 09:21:37 -06:00
testutils.c build: rename files.h to virfile.h 2011-07-21 10:34:51 -06:00
testutils.h Provide a simple object for encoding/decoding RPC messages 2011-06-24 11:48:14 +01:00
testutilsqemu.c tests: Fake host capabilities properly 2011-02-15 22:51:37 +01:00
testutilsqemu.h remove all trailing blank lines 2009-07-16 15:06:42 +02:00
testutilsxen.c Fix crashes in Xen capabilities code 2009-07-27 16:45:01 +01:00
testutilsxen.h remove all trailing blank lines 2009-07-16 15:06:42 +02:00
undefine tests: use GPLv2+, not GPLv3 2010-05-12 08:41:10 +02:00
utiltest.c build: avoid 'make syntax-check' failure 2011-07-01 16:46:20 -06:00
vcpupin tests: use GPLv2+, not GPLv3 2010-05-12 08:41:10 +02:00
virbuftest.c maint: rename virBufferVSprintf to virBufferAsprintf 2011-05-05 13:47:40 -06:00
virnetmessagetest.c tests: Fix memory leak in virnetmessagetest 2011-06-29 10:47:54 +08:00
virnetsockettest.c remote/ssh: optional "keyfile" parameter. 2011-07-22 07:49:49 -06:00
virnettlscontexttest.c tests: Unify style of test skipping code 2011-07-29 12:12:58 +02:00
virsh-all tests: use GPLv2+, not GPLv3 2010-05-12 08:41:10 +02:00
virsh-optparse virsh: fix previous patch 2011-07-14 07:14:05 -06:00
virsh-schedinfo tests: use GPLv2+, not GPLv3 2010-05-12 08:41:10 +02:00
virsh-synopsis tests: use GPLv2+, not GPLv3 2010-05-12 08:41:10 +02:00
virshtest.c tests: Unify style of test skipping code 2011-07-29 12:12:58 +02:00
virt-aa-helper-test virt-aa-helper-test cleanups 2010-09-30 15:01:36 -06:00
vmx2xmltest.c tests: Use EXIT_AM_SKIP instead of 77 directly 2011-07-09 10:14:38 +02:00
xencapstest.c build: rename files.h to virfile.h 2011-07-21 10:34:51 -06:00
xmconfigtest.c Add domain type checking 2011-07-11 19:38:51 +02:00
xml2sexprtest.c Add domain type checking 2011-07-11 19:38:51 +02:00
xml2vmxtest.c Add domain type checking 2011-07-11 19:38:51 +02:00