README
¶
iptables Tests
iptables tests are run via scripts/iptables\_test.sh.
Test Structure
Each test implements TestCase, providing (1) a function to run inside the
container and (2) a function to run locally. Those processes are given each
others' IP addresses. The test succeeds when both functions succeed.
The function inside the container (ContainerAction) typically sets some
iptables rules and then tries to send or receive packets. The local function
(LocalAction) will typically just send or receive packets.
Adding Tests
-
Add your test to the
iptablespackage. -
Register the test in an
initfunction viaRegisterTestCase(seefilter_input.goas an example). -
Add it to
iptables_test.go(see the other tests in that file).
Your test is now runnable with bazel!
Run individual tests
Build the testing Docker container:
$ bazel run //test/iptables/runner -- --norun
Run an individual test via:
$ bazel test //test/iptables:iptables_test --test_filter=<TESTNAME>
To run an individual test with runc:
$ bazel test //test/iptables:iptables_test --test_filter=<TESTNAME> --test_arg=--runtime=runc
Documentation
¶
Overview ¶
Package iptables contains a set of iptables tests implemented as TestCases
Index ¶
Constants ¶
const IPExchangePort = 2349
IPExchangePort is the port the container listens on to receive the IP address of the local process.
Variables ¶
var Tests = map[string]TestCase{}
Tests maps test names to TestCase.
New TestCases are added by calling RegisterTestCase in an init function.
Functions ¶
func RegisterTestCase ¶
func RegisterTestCase(tc TestCase)
RegisterTestCase registers tc so it can be run.
Types ¶
type FilterInputDropDifferentUDPPort ¶
type FilterInputDropDifferentUDPPort struct{}
FilterInputDropDifferentUDPPort tests that dropping traffic for a single UDP port doesn't drop packets on other ports.
func (FilterInputDropDifferentUDPPort) ContainerAction ¶
func (FilterInputDropDifferentUDPPort) ContainerAction(ip net.IP) error
ContainerAction implements TestCase.ContainerAction.
func (FilterInputDropDifferentUDPPort) LocalAction ¶
func (FilterInputDropDifferentUDPPort) LocalAction(ip net.IP) error
LocalAction implements TestCase.LocalAction.
func (FilterInputDropDifferentUDPPort) Name ¶
func (FilterInputDropDifferentUDPPort) Name() string
Name implements TestCase.Name.
type FilterInputDropUDP ¶
type FilterInputDropUDP struct{}
FilterInputDropUDP tests that we can drop UDP traffic.
func (FilterInputDropUDP) ContainerAction ¶
func (FilterInputDropUDP) ContainerAction(ip net.IP) error
ContainerAction implements TestCase.ContainerAction.
func (FilterInputDropUDP) LocalAction ¶
func (FilterInputDropUDP) LocalAction(ip net.IP) error
LocalAction implements TestCase.LocalAction.
func (FilterInputDropUDP) Name ¶
func (FilterInputDropUDP) Name() string
Name implements TestCase.Name.
type FilterInputDropUDPPort ¶
type FilterInputDropUDPPort struct{}
FilterInputDropUDPPort tests that we can drop UDP traffic by port.
func (FilterInputDropUDPPort) ContainerAction ¶
func (FilterInputDropUDPPort) ContainerAction(ip net.IP) error
ContainerAction implements TestCase.ContainerAction.
func (FilterInputDropUDPPort) LocalAction ¶
func (FilterInputDropUDPPort) LocalAction(ip net.IP) error
LocalAction implements TestCase.LocalAction.
func (FilterInputDropUDPPort) Name ¶
func (FilterInputDropUDPPort) Name() string
Name implements TestCase.Name.
type TestCase ¶
type TestCase interface {
// Name returns the name of the test.
Name() string
// ContainerAction runs inside the container. It receives the IP of the
// local process.
ContainerAction(ip net.IP) error
// LocalAction runs locally. It receives the IP of the container.
LocalAction(ip net.IP) error
}
A TestCase contains one action to run in the container and one to run locally. The actions run concurrently and each must succeed for the test pass.
Source Files
Directories