README ¶
iptables Tests
iptables tests are run via make iptables-tests
.
iptables require some extra Docker configuration to work. Enable IPv6 in
/etc/docker/daemon.json
(make sure to restart Docker if you change this file):
{
"experimental": true,
"fixed-cidr-v6": "2001:db8:1::/64",
"ipv6": true,
// Runtimes and other Docker config...
}
And if you're running manually (i.e. not using the make
target), you'll need
to:
- Enable iptables via
modprobe iptable_filter && modprobe ip6table_filter
. - Enable
--net-raw
in your chosen runtime in/etc/docker/daemon.json
(make sure to restart Docker if you change this file).
The resulting runtime should look something like this:
"runsc": {
"path": "/tmp/iptables/runsc",
"runtimeArgs": [
"--debug-log",
"/tmp/iptables/logs/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND%",
"--net-raw"
]
},
// ...
Test Structure
Each test implements TestCase
, providing (1) a function to run inside the
container and (2) a function to run locally. Those processes are given each
others' IP addresses. The test succeeds when both functions succeed.
The function inside the container (ContainerAction
) typically sets some
iptables rules and then tries to send or receive packets. The local function
(LocalAction
) will typically just send or receive packets.
Adding Tests
-
Add your test to the
iptables
package. -
Register the test in an
init
function viaRegisterTestCase
(seefilter_input.go
as an example). -
Add it to
iptables_test.go
(see the other tests in that file).
Your test is now runnable with bazel!
Run individual tests
Build and install runsc
. Re-run this when you modify gVisor:
$ bazel build //runsc && sudo cp bazel-out/k8-fastbuild-ST-4c64f0b3d5c7/bin/runsc/runsc_/runsc $(which runsc)
Build the testing Docker container. Re-run this when you modify the test code in this directory:
$ make load-iptables
Run an individual test via:
$ bazel test //test/iptables:iptables_test --test_filter=<TESTNAME>
To run an individual test with runc
:
$ bazel test //test/iptables:iptables_test --test_filter=<TESTNAME> --test_env=RUNTIME=runc
Documentation ¶
Overview ¶
Package iptables contains a set of iptables tests implemented as TestCases
Index ¶
- Constants
- Variables
- func RegisterTestCase(tc TestCase)
- type FilterInputCreateUserChain
- func (*FilterInputCreateUserChain) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputCreateUserChain) ContainerSufficient() bool
- func (*FilterInputCreateUserChain) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputCreateUserChain) LocalSufficient() bool
- func (*FilterInputCreateUserChain) Name() string
- type FilterInputDefaultPolicyAccept
- func (*FilterInputDefaultPolicyAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDefaultPolicyAccept) ContainerSufficient() bool
- func (*FilterInputDefaultPolicyAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDefaultPolicyAccept) LocalSufficient() bool
- func (*FilterInputDefaultPolicyAccept) Name() string
- type FilterInputDefaultPolicyDrop
- func (*FilterInputDefaultPolicyDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDefaultPolicyDrop) ContainerSufficient() bool
- func (*FilterInputDefaultPolicyDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDefaultPolicyDrop) LocalSufficient() bool
- func (*FilterInputDefaultPolicyDrop) Name() string
- type FilterInputDestination
- func (*FilterInputDestination) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDestination) ContainerSufficient() bool
- func (*FilterInputDestination) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDestination) LocalSufficient() bool
- func (*FilterInputDestination) Name() string
- type FilterInputDropAll
- func (*FilterInputDropAll) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDropAll) ContainerSufficient() bool
- func (*FilterInputDropAll) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDropAll) LocalSufficient() bool
- func (*FilterInputDropAll) Name() string
- type FilterInputDropDifferentUDPPort
- func (*FilterInputDropDifferentUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDropDifferentUDPPort) ContainerSufficient() bool
- func (*FilterInputDropDifferentUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDropDifferentUDPPort) LocalSufficient() bool
- func (*FilterInputDropDifferentUDPPort) Name() string
- type FilterInputDropOnlyUDP
- func (*FilterInputDropOnlyUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDropOnlyUDP) ContainerSufficient() bool
- func (*FilterInputDropOnlyUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDropOnlyUDP) LocalSufficient() bool
- func (*FilterInputDropOnlyUDP) Name() string
- type FilterInputDropTCPDestPort
- func (*FilterInputDropTCPDestPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDropTCPDestPort) ContainerSufficient() bool
- func (*FilterInputDropTCPDestPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDropTCPDestPort) LocalSufficient() bool
- func (*FilterInputDropTCPDestPort) Name() string
- type FilterInputDropTCPSrcPort
- func (*FilterInputDropTCPSrcPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDropTCPSrcPort) ContainerSufficient() bool
- func (*FilterInputDropTCPSrcPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDropTCPSrcPort) LocalSufficient() bool
- func (*FilterInputDropTCPSrcPort) Name() string
- type FilterInputDropUDP
- func (*FilterInputDropUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDropUDP) ContainerSufficient() bool
- func (*FilterInputDropUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDropUDP) LocalSufficient() bool
- func (*FilterInputDropUDP) Name() string
- type FilterInputDropUDPPort
- func (*FilterInputDropUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDropUDPPort) ContainerSufficient() bool
- func (*FilterInputDropUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputDropUDPPort) LocalSufficient() bool
- func (*FilterInputDropUDPPort) Name() string
- type FilterInputInterface
- func (*FilterInputInterface) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInterface) ContainerSufficient() bool
- func (*FilterInputInterface) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInterface) LocalSufficient() bool
- func (*FilterInputInterface) Name() string
- type FilterInputInterfaceAccept
- func (*FilterInputInterfaceAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInterfaceAccept) ContainerSufficient() bool
- func (*FilterInputInterfaceAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInterfaceAccept) LocalSufficient() bool
- func (*FilterInputInterfaceAccept) Name() string
- type FilterInputInterfaceBeginsWith
- func (*FilterInputInterfaceBeginsWith) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInterfaceBeginsWith) ContainerSufficient() bool
- func (*FilterInputInterfaceBeginsWith) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInterfaceBeginsWith) LocalSufficient() bool
- func (*FilterInputInterfaceBeginsWith) Name() string
- type FilterInputInterfaceDrop
- func (*FilterInputInterfaceDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInterfaceDrop) ContainerSufficient() bool
- func (*FilterInputInterfaceDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInterfaceDrop) LocalSufficient() bool
- func (*FilterInputInterfaceDrop) Name() string
- type FilterInputInterfaceInvertAccept
- func (*FilterInputInterfaceInvertAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInterfaceInvertAccept) ContainerSufficient() bool
- func (*FilterInputInterfaceInvertAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInterfaceInvertAccept) LocalSufficient() bool
- func (*FilterInputInterfaceInvertAccept) Name() string
- type FilterInputInterfaceInvertDrop
- func (*FilterInputInterfaceInvertDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInterfaceInvertDrop) ContainerSufficient() bool
- func (*FilterInputInterfaceInvertDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInterfaceInvertDrop) LocalSufficient() bool
- func (*FilterInputInterfaceInvertDrop) Name() string
- type FilterInputInvertDestination
- func (*FilterInputInvertDestination) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInvertDestination) ContainerSufficient() bool
- func (*FilterInputInvertDestination) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInvertDestination) LocalSufficient() bool
- func (*FilterInputInvertDestination) Name() string
- type FilterInputInvertDportAccept
- func (*FilterInputInvertDportAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInvertDportAccept) ContainerSufficient() bool
- func (*FilterInputInvertDportAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInvertDportAccept) LocalSufficient() bool
- func (*FilterInputInvertDportAccept) Name() string
- type FilterInputInvertDportDrop
- func (*FilterInputInvertDportDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInvertDportDrop) ContainerSufficient() bool
- func (*FilterInputInvertDportDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInvertDportDrop) LocalSufficient() bool
- func (*FilterInputInvertDportDrop) Name() string
- type FilterInputInvertSource
- func (*FilterInputInvertSource) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInvertSource) ContainerSufficient() bool
- func (*FilterInputInvertSource) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputInvertSource) LocalSufficient() bool
- func (*FilterInputInvertSource) Name() string
- type FilterInputJumpBasic
- func (*FilterInputJumpBasic) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputJumpBasic) ContainerSufficient() bool
- func (*FilterInputJumpBasic) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputJumpBasic) LocalSufficient() bool
- func (*FilterInputJumpBasic) Name() string
- type FilterInputJumpBuiltin
- func (*FilterInputJumpBuiltin) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputJumpBuiltin) ContainerSufficient() bool
- func (*FilterInputJumpBuiltin) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputJumpBuiltin) LocalSufficient() bool
- func (*FilterInputJumpBuiltin) Name() string
- type FilterInputJumpReturn
- func (*FilterInputJumpReturn) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputJumpReturn) ContainerSufficient() bool
- func (*FilterInputJumpReturn) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputJumpReturn) LocalSufficient() bool
- func (*FilterInputJumpReturn) Name() string
- type FilterInputJumpReturnDrop
- func (*FilterInputJumpReturnDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputJumpReturnDrop) ContainerSufficient() bool
- func (*FilterInputJumpReturnDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputJumpReturnDrop) LocalSufficient() bool
- func (*FilterInputJumpReturnDrop) Name() string
- type FilterInputJumpTwice
- func (*FilterInputJumpTwice) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputJumpTwice) ContainerSufficient() bool
- func (*FilterInputJumpTwice) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputJumpTwice) LocalSufficient() bool
- func (*FilterInputJumpTwice) Name() string
- type FilterInputMultiUDPRules
- func (*FilterInputMultiUDPRules) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputMultiUDPRules) ContainerSufficient() bool
- func (*FilterInputMultiUDPRules) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputMultiUDPRules) LocalSufficient() bool
- func (*FilterInputMultiUDPRules) Name() string
- type FilterInputRequireProtocolUDP
- func (*FilterInputRequireProtocolUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputRequireProtocolUDP) ContainerSufficient() bool
- func (*FilterInputRequireProtocolUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputRequireProtocolUDP) LocalSufficient() bool
- func (*FilterInputRequireProtocolUDP) Name() string
- type FilterInputReturnUnderflow
- func (*FilterInputReturnUnderflow) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputReturnUnderflow) ContainerSufficient() bool
- func (*FilterInputReturnUnderflow) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputReturnUnderflow) LocalSufficient() bool
- func (*FilterInputReturnUnderflow) Name() string
- type FilterInputSerializeJump
- func (*FilterInputSerializeJump) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputSerializeJump) ContainerSufficient() bool
- func (*FilterInputSerializeJump) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputSerializeJump) LocalSufficient() bool
- func (*FilterInputSerializeJump) Name() string
- type FilterInputSource
- func (*FilterInputSource) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputSource) ContainerSufficient() bool
- func (*FilterInputSource) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterInputSource) LocalSufficient() bool
- func (*FilterInputSource) Name() string
- type FilterOutputAcceptGIDOwner
- func (*FilterOutputAcceptGIDOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputAcceptGIDOwner) ContainerSufficient() bool
- func (*FilterOutputAcceptGIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputAcceptGIDOwner) LocalSufficient() bool
- func (*FilterOutputAcceptGIDOwner) Name() string
- type FilterOutputAcceptTCPOwner
- func (*FilterOutputAcceptTCPOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputAcceptTCPOwner) ContainerSufficient() bool
- func (*FilterOutputAcceptTCPOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputAcceptTCPOwner) LocalSufficient() bool
- func (*FilterOutputAcceptTCPOwner) Name() string
- type FilterOutputAcceptUDPOwner
- func (*FilterOutputAcceptUDPOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputAcceptUDPOwner) ContainerSufficient() bool
- func (*FilterOutputAcceptUDPOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputAcceptUDPOwner) LocalSufficient() bool
- func (*FilterOutputAcceptUDPOwner) Name() string
- type FilterOutputDestination
- func (*FilterOutputDestination) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputDestination) ContainerSufficient() bool
- func (*FilterOutputDestination) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputDestination) LocalSufficient() bool
- func (*FilterOutputDestination) Name() string
- type FilterOutputDropGIDOwner
- func (*FilterOutputDropGIDOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputDropGIDOwner) ContainerSufficient() bool
- func (*FilterOutputDropGIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputDropGIDOwner) LocalSufficient() bool
- func (*FilterOutputDropGIDOwner) Name() string
- type FilterOutputDropTCPDestPort
- func (*FilterOutputDropTCPDestPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputDropTCPDestPort) ContainerSufficient() bool
- func (*FilterOutputDropTCPDestPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputDropTCPDestPort) LocalSufficient() bool
- func (*FilterOutputDropTCPDestPort) Name() string
- type FilterOutputDropTCPOwner
- func (*FilterOutputDropTCPOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputDropTCPOwner) ContainerSufficient() bool
- func (*FilterOutputDropTCPOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputDropTCPOwner) LocalSufficient() bool
- func (*FilterOutputDropTCPOwner) Name() string
- type FilterOutputDropTCPSrcPort
- func (*FilterOutputDropTCPSrcPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputDropTCPSrcPort) ContainerSufficient() bool
- func (*FilterOutputDropTCPSrcPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputDropTCPSrcPort) LocalSufficient() bool
- func (*FilterOutputDropTCPSrcPort) Name() string
- type FilterOutputDropUDPOwner
- func (*FilterOutputDropUDPOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputDropUDPOwner) ContainerSufficient() bool
- func (*FilterOutputDropUDPOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputDropUDPOwner) LocalSufficient() bool
- func (*FilterOutputDropUDPOwner) Name() string
- type FilterOutputInterface
- func (*FilterOutputInterface) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInterface) ContainerSufficient() bool
- func (*FilterOutputInterface) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInterface) LocalSufficient() bool
- func (*FilterOutputInterface) Name() string
- type FilterOutputInterfaceAccept
- func (*FilterOutputInterfaceAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInterfaceAccept) ContainerSufficient() bool
- func (*FilterOutputInterfaceAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInterfaceAccept) LocalSufficient() bool
- func (*FilterOutputInterfaceAccept) Name() string
- type FilterOutputInterfaceBeginsWith
- func (*FilterOutputInterfaceBeginsWith) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInterfaceBeginsWith) ContainerSufficient() bool
- func (*FilterOutputInterfaceBeginsWith) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInterfaceBeginsWith) LocalSufficient() bool
- func (*FilterOutputInterfaceBeginsWith) Name() string
- type FilterOutputInterfaceDrop
- func (*FilterOutputInterfaceDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInterfaceDrop) ContainerSufficient() bool
- func (*FilterOutputInterfaceDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInterfaceDrop) LocalSufficient() bool
- func (*FilterOutputInterfaceDrop) Name() string
- type FilterOutputInterfaceInvertAccept
- func (*FilterOutputInterfaceInvertAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInterfaceInvertAccept) ContainerSufficient() bool
- func (*FilterOutputInterfaceInvertAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInterfaceInvertAccept) LocalSufficient() bool
- func (*FilterOutputInterfaceInvertAccept) Name() string
- type FilterOutputInterfaceInvertDrop
- func (*FilterOutputInterfaceInvertDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInterfaceInvertDrop) ContainerSufficient() bool
- func (*FilterOutputInterfaceInvertDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInterfaceInvertDrop) LocalSufficient() bool
- func (*FilterOutputInterfaceInvertDrop) Name() string
- type FilterOutputInvertDestination
- func (*FilterOutputInvertDestination) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInvertDestination) ContainerSufficient() bool
- func (*FilterOutputInvertDestination) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInvertDestination) LocalSufficient() bool
- func (*FilterOutputInvertDestination) Name() string
- type FilterOutputInvertGIDOwner
- func (*FilterOutputInvertGIDOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInvertGIDOwner) ContainerSufficient() bool
- func (*FilterOutputInvertGIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInvertGIDOwner) LocalSufficient() bool
- func (*FilterOutputInvertGIDOwner) Name() string
- type FilterOutputInvertSportAccept
- func (*FilterOutputInvertSportAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInvertSportAccept) ContainerSufficient() bool
- func (*FilterOutputInvertSportAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInvertSportAccept) LocalSufficient() bool
- func (*FilterOutputInvertSportAccept) Name() string
- type FilterOutputInvertSportDrop
- func (*FilterOutputInvertSportDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInvertSportDrop) ContainerSufficient() bool
- func (*FilterOutputInvertSportDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInvertSportDrop) LocalSufficient() bool
- func (*FilterOutputInvertSportDrop) Name() string
- type FilterOutputInvertUIDAndGIDOwner
- func (*FilterOutputInvertUIDAndGIDOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInvertUIDAndGIDOwner) ContainerSufficient() bool
- func (*FilterOutputInvertUIDAndGIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInvertUIDAndGIDOwner) LocalSufficient() bool
- func (*FilterOutputInvertUIDAndGIDOwner) Name() string
- type FilterOutputInvertUIDOwner
- func (*FilterOutputInvertUIDOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInvertUIDOwner) ContainerSufficient() bool
- func (*FilterOutputInvertUIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputInvertUIDOwner) LocalSufficient() bool
- func (*FilterOutputInvertUIDOwner) Name() string
- type FilterOutputOwnerFail
- func (*FilterOutputOwnerFail) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputOwnerFail) ContainerSufficient() bool
- func (*FilterOutputOwnerFail) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*FilterOutputOwnerFail) LocalSufficient() bool
- func (*FilterOutputOwnerFail) Name() string
- type NATAcceptAll
- type NATDropUDP
- type NATLoopbackSkipsPrerouting
- func (*NATLoopbackSkipsPrerouting) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATLoopbackSkipsPrerouting) ContainerSufficient() bool
- func (*NATLoopbackSkipsPrerouting) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATLoopbackSkipsPrerouting) LocalSufficient() bool
- func (*NATLoopbackSkipsPrerouting) Name() string
- type NATOutDNAT
- type NATOutDNATAddrOnly
- func (*NATOutDNATAddrOnly) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutDNATAddrOnly) ContainerSufficient() bool
- func (*NATOutDNATAddrOnly) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutDNATAddrOnly) LocalSufficient() bool
- func (*NATOutDNATAddrOnly) Name() string
- type NATOutDNATPortOnly
- func (*NATOutDNATPortOnly) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutDNATPortOnly) ContainerSufficient() bool
- func (*NATOutDNATPortOnly) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutDNATPortOnly) LocalSufficient() bool
- func (*NATOutDNATPortOnly) Name() string
- type NATOutDontRedirectIP
- func (*NATOutDontRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutDontRedirectIP) ContainerSufficient() bool
- func (*NATOutDontRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutDontRedirectIP) LocalSufficient() bool
- func (*NATOutDontRedirectIP) Name() string
- type NATOutOriginalDst
- func (*NATOutOriginalDst) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutOriginalDst) ContainerSufficient() bool
- func (*NATOutOriginalDst) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutOriginalDst) LocalSufficient() bool
- func (*NATOutOriginalDst) Name() string
- type NATOutRECVORIGDSTADDR
- func (*NATOutRECVORIGDSTADDR) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutRECVORIGDSTADDR) ContainerSufficient() bool
- func (*NATOutRECVORIGDSTADDR) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutRECVORIGDSTADDR) LocalSufficient() bool
- func (*NATOutRECVORIGDSTADDR) Name() string
- type NATOutRedirectIP
- func (*NATOutRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutRedirectIP) ContainerSufficient() bool
- func (*NATOutRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutRedirectIP) LocalSufficient() bool
- func (*NATOutRedirectIP) Name() string
- type NATOutRedirectInvert
- func (*NATOutRedirectInvert) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutRedirectInvert) ContainerSufficient() bool
- func (*NATOutRedirectInvert) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutRedirectInvert) LocalSufficient() bool
- func (*NATOutRedirectInvert) Name() string
- type NATOutRedirectTCPIncoming
- func (*NATOutRedirectTCPIncoming) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutRedirectTCPIncoming) ContainerSufficient() bool
- func (*NATOutRedirectTCPIncoming) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutRedirectTCPIncoming) LocalSufficient() bool
- func (*NATOutRedirectTCPIncoming) Name() string
- type NATOutRedirectTCPPort
- func (*NATOutRedirectTCPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutRedirectTCPPort) ContainerSufficient() bool
- func (*NATOutRedirectTCPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutRedirectTCPPort) LocalSufficient() bool
- func (*NATOutRedirectTCPPort) Name() string
- type NATOutRedirectUDPPort
- func (*NATOutRedirectUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutRedirectUDPPort) ContainerSufficient() bool
- func (*NATOutRedirectUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATOutRedirectUDPPort) LocalSufficient() bool
- func (*NATOutRedirectUDPPort) Name() string
- type NATPostSNATTCP
- func (t *NATPostSNATTCP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPostSNATTCP) ContainerSufficient() bool
- func (t *NATPostSNATTCP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPostSNATTCP) LocalSufficient() bool
- func (t *NATPostSNATTCP) Name() string
- type NATPostSNATUDP
- func (t *NATPostSNATUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPostSNATUDP) ContainerSufficient() bool
- func (t *NATPostSNATUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPostSNATUDP) LocalSufficient() bool
- func (t *NATPostSNATUDP) Name() string
- type NATPreDontRedirectIP
- func (*NATPreDontRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPreDontRedirectIP) ContainerSufficient() bool
- func (*NATPreDontRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPreDontRedirectIP) LocalSufficient() bool
- func (*NATPreDontRedirectIP) Name() string
- type NATPreOriginalDst
- func (*NATPreOriginalDst) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPreOriginalDst) ContainerSufficient() bool
- func (*NATPreOriginalDst) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPreOriginalDst) LocalSufficient() bool
- func (*NATPreOriginalDst) Name() string
- type NATPreRECVORIGDSTADDR
- func (*NATPreRECVORIGDSTADDR) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPreRECVORIGDSTADDR) ContainerSufficient() bool
- func (*NATPreRECVORIGDSTADDR) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPreRECVORIGDSTADDR) LocalSufficient() bool
- func (*NATPreRECVORIGDSTADDR) Name() string
- type NATPreRedirectIP
- func (*NATPreRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPreRedirectIP) ContainerSufficient() bool
- func (*NATPreRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPreRedirectIP) LocalSufficient() bool
- func (*NATPreRedirectIP) Name() string
- type NATPreRedirectInvert
- func (*NATPreRedirectInvert) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPreRedirectInvert) ContainerSufficient() bool
- func (*NATPreRedirectInvert) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPreRedirectInvert) LocalSufficient() bool
- func (*NATPreRedirectInvert) Name() string
- type NATPreRedirectTCPOutgoing
- func (*NATPreRedirectTCPOutgoing) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPreRedirectTCPOutgoing) ContainerSufficient() bool
- func (*NATPreRedirectTCPOutgoing) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPreRedirectTCPOutgoing) LocalSufficient() bool
- func (*NATPreRedirectTCPOutgoing) Name() string
- type NATPreRedirectTCPPort
- func (*NATPreRedirectTCPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPreRedirectTCPPort) ContainerSufficient() bool
- func (*NATPreRedirectTCPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPreRedirectTCPPort) LocalSufficient() bool
- func (*NATPreRedirectTCPPort) Name() string
- type NATPreRedirectUDPPort
- func (*NATPreRedirectUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPreRedirectUDPPort) ContainerSufficient() bool
- func (*NATPreRedirectUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATPreRedirectUDPPort) LocalSufficient() bool
- func (*NATPreRedirectUDPPort) Name() string
- type NATRedirectRequiresProtocol
- func (*NATRedirectRequiresProtocol) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATRedirectRequiresProtocol) ContainerSufficient() bool
- func (*NATRedirectRequiresProtocol) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
- func (*NATRedirectRequiresProtocol) LocalSufficient() bool
- func (*NATRedirectRequiresProtocol) Name() string
- type TestCase
Constants ¶
const IPExchangePort = 2349
IPExchangePort is the port the container listens on to receive the IP address of the local process.
const NegativeTimeout = 2 * time.Second
NegativeTimeout is the time tests should wait to establish the negative case, i.e. that connections are not made.
const SO_ORIGINAL_DST = 80
SO_ORIGINAL_DST gets the original destination of a redirected packet via getsockopt.
const TerminalStatement = "Finished!"
TerminalStatement is the last statement in the test runner.
const TestTimeout = 10 * time.Second
TestTimeout is the timeout used for all tests.
Variables ¶
var Tests = map[string]TestCase{}
Tests maps test names to TestCase.
New TestCases are added by calling RegisterTestCase in an init function.
Functions ¶
func RegisterTestCase ¶
func RegisterTestCase(tc TestCase)
RegisterTestCase registers tc so it can be run.
Types ¶
type FilterInputCreateUserChain ¶
type FilterInputCreateUserChain struct {
// contains filtered or unexported fields
}
FilterInputCreateUserChain tests chain creation.
func (*FilterInputCreateUserChain) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputCreateUserChain) ContainerSufficient ¶
func (*FilterInputCreateUserChain) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputCreateUserChain) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputCreateUserChain) LocalSufficient ¶
func (*FilterInputCreateUserChain) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputCreateUserChain) Name ¶
func (*FilterInputCreateUserChain) Name() string
Name implements TestCase.Name.
type FilterInputDefaultPolicyAccept ¶
type FilterInputDefaultPolicyAccept struct {
// contains filtered or unexported fields
}
FilterInputDefaultPolicyAccept tests the default ACCEPT policy.
func (*FilterInputDefaultPolicyAccept) ContainerAction ¶
func (*FilterInputDefaultPolicyAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputDefaultPolicyAccept) ContainerSufficient ¶
func (*FilterInputDefaultPolicyAccept) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputDefaultPolicyAccept) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputDefaultPolicyAccept) LocalSufficient ¶
func (*FilterInputDefaultPolicyAccept) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputDefaultPolicyAccept) Name ¶
func (*FilterInputDefaultPolicyAccept) Name() string
Name implements TestCase.Name.
type FilterInputDefaultPolicyDrop ¶
type FilterInputDefaultPolicyDrop struct {
// contains filtered or unexported fields
}
FilterInputDefaultPolicyDrop tests the default DROP policy.
func (*FilterInputDefaultPolicyDrop) ContainerAction ¶
func (*FilterInputDefaultPolicyDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputDefaultPolicyDrop) ContainerSufficient ¶
func (*FilterInputDefaultPolicyDrop) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputDefaultPolicyDrop) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputDefaultPolicyDrop) LocalSufficient ¶
func (*FilterInputDefaultPolicyDrop) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputDefaultPolicyDrop) Name ¶
func (*FilterInputDefaultPolicyDrop) Name() string
Name implements TestCase.Name.
type FilterInputDestination ¶
type FilterInputDestination struct {
// contains filtered or unexported fields
}
FilterInputDestination verifies that we can filter packets via `-d <ipaddr>`.
func (*FilterInputDestination) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputDestination) ContainerSufficient ¶
func (*FilterInputDestination) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputDestination) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputDestination) LocalSufficient ¶
func (*FilterInputDestination) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputDestination) Name ¶
func (*FilterInputDestination) Name() string
Name implements TestCase.Name.
type FilterInputDropAll ¶
type FilterInputDropAll struct {
// contains filtered or unexported fields
}
FilterInputDropAll tests that we can drop all traffic to the INPUT chain.
func (*FilterInputDropAll) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputDropAll) ContainerSufficient ¶
func (*FilterInputDropAll) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputDropAll) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputDropAll) LocalSufficient ¶
func (*FilterInputDropAll) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputDropAll) Name ¶
func (*FilterInputDropAll) Name() string
Name implements TestCase.Name.
type FilterInputDropDifferentUDPPort ¶
type FilterInputDropDifferentUDPPort struct {
// contains filtered or unexported fields
}
FilterInputDropDifferentUDPPort tests that dropping traffic for a single UDP port doesn't drop packets on other ports.
func (*FilterInputDropDifferentUDPPort) ContainerAction ¶
func (*FilterInputDropDifferentUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputDropDifferentUDPPort) ContainerSufficient ¶
func (*FilterInputDropDifferentUDPPort) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputDropDifferentUDPPort) LocalAction ¶
func (*FilterInputDropDifferentUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
LocalAction implements TestCase.LocalAction.
func (*FilterInputDropDifferentUDPPort) LocalSufficient ¶
func (*FilterInputDropDifferentUDPPort) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputDropDifferentUDPPort) Name ¶
func (*FilterInputDropDifferentUDPPort) Name() string
Name implements TestCase.Name.
type FilterInputDropOnlyUDP ¶
type FilterInputDropOnlyUDP struct {
// contains filtered or unexported fields
}
FilterInputDropOnlyUDP tests that "-p udp -j DROP" only affects UDP traffic.
func (*FilterInputDropOnlyUDP) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputDropOnlyUDP) ContainerSufficient ¶
func (*FilterInputDropOnlyUDP) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputDropOnlyUDP) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputDropOnlyUDP) LocalSufficient ¶
func (*FilterInputDropOnlyUDP) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputDropOnlyUDP) Name ¶
func (*FilterInputDropOnlyUDP) Name() string
Name implements TestCase.Name.
type FilterInputDropTCPDestPort ¶
type FilterInputDropTCPDestPort struct {
// contains filtered or unexported fields
}
FilterInputDropTCPDestPort tests that connections are not accepted on specified source ports.
func (*FilterInputDropTCPDestPort) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputDropTCPDestPort) ContainerSufficient ¶
func (*FilterInputDropTCPDestPort) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputDropTCPDestPort) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputDropTCPDestPort) LocalSufficient ¶
func (*FilterInputDropTCPDestPort) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputDropTCPDestPort) Name ¶
func (*FilterInputDropTCPDestPort) Name() string
Name implements TestCase.Name.
type FilterInputDropTCPSrcPort ¶
type FilterInputDropTCPSrcPort struct {
// contains filtered or unexported fields
}
FilterInputDropTCPSrcPort tests that connections are not accepted on specified source ports.
func (*FilterInputDropTCPSrcPort) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputDropTCPSrcPort) ContainerSufficient ¶
func (*FilterInputDropTCPSrcPort) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputDropTCPSrcPort) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputDropTCPSrcPort) LocalSufficient ¶
func (*FilterInputDropTCPSrcPort) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputDropTCPSrcPort) Name ¶
func (*FilterInputDropTCPSrcPort) Name() string
Name implements TestCase.Name.
type FilterInputDropUDP ¶
type FilterInputDropUDP struct {
// contains filtered or unexported fields
}
FilterInputDropUDP tests that we can drop UDP traffic.
func (*FilterInputDropUDP) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputDropUDP) ContainerSufficient ¶
func (*FilterInputDropUDP) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputDropUDP) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputDropUDP) LocalSufficient ¶
func (*FilterInputDropUDP) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputDropUDP) Name ¶
func (*FilterInputDropUDP) Name() string
Name implements TestCase.Name.
type FilterInputDropUDPPort ¶
type FilterInputDropUDPPort struct {
// contains filtered or unexported fields
}
FilterInputDropUDPPort tests that we can drop UDP traffic by port.
func (*FilterInputDropUDPPort) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputDropUDPPort) ContainerSufficient ¶
func (*FilterInputDropUDPPort) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputDropUDPPort) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputDropUDPPort) LocalSufficient ¶
func (*FilterInputDropUDPPort) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputDropUDPPort) Name ¶
func (*FilterInputDropUDPPort) Name() string
Name implements TestCase.Name.
type FilterInputInterface ¶
type FilterInputInterface struct {
// contains filtered or unexported fields
}
FilterInputInterface tests that packets are not dropped from interface which is not matching the interface name in the iptables rule.
func (*FilterInputInterface) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputInterface) ContainerSufficient ¶
func (*FilterInputInterface) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputInterface) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputInterface) LocalSufficient ¶
func (*FilterInputInterface) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputInterface) Name ¶
func (*FilterInputInterface) Name() string
Name implements TestCase.Name.
type FilterInputInterfaceAccept ¶
type FilterInputInterfaceAccept struct {
// contains filtered or unexported fields
}
FilterInputInterfaceAccept tests that packets are accepted from interface matching the iptables rule.
func (*FilterInputInterfaceAccept) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputInterfaceAccept) ContainerSufficient ¶
func (*FilterInputInterfaceAccept) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputInterfaceAccept) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputInterfaceAccept) LocalSufficient ¶
func (*FilterInputInterfaceAccept) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputInterfaceAccept) Name ¶
func (*FilterInputInterfaceAccept) Name() string
Name implements TestCase.Name.
type FilterInputInterfaceBeginsWith ¶
type FilterInputInterfaceBeginsWith struct {
// contains filtered or unexported fields
}
FilterInputInterfaceBeginsWith tests that packets are dropped from an interface which begins with the given interface name.
func (*FilterInputInterfaceBeginsWith) ContainerAction ¶
func (*FilterInputInterfaceBeginsWith) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputInterfaceBeginsWith) ContainerSufficient ¶
func (*FilterInputInterfaceBeginsWith) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputInterfaceBeginsWith) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputInterfaceBeginsWith) LocalSufficient ¶
func (*FilterInputInterfaceBeginsWith) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputInterfaceBeginsWith) Name ¶
func (*FilterInputInterfaceBeginsWith) Name() string
Name implements TestCase.Name.
type FilterInputInterfaceDrop ¶
type FilterInputInterfaceDrop struct {
// contains filtered or unexported fields
}
FilterInputInterfaceDrop tests that packets are dropped from interface matching the iptables rule.
func (*FilterInputInterfaceDrop) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputInterfaceDrop) ContainerSufficient ¶
func (*FilterInputInterfaceDrop) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputInterfaceDrop) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputInterfaceDrop) LocalSufficient ¶
func (*FilterInputInterfaceDrop) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputInterfaceDrop) Name ¶
func (*FilterInputInterfaceDrop) Name() string
Name implements TestCase.Name.
type FilterInputInterfaceInvertAccept ¶
type FilterInputInterfaceInvertAccept struct {
// contains filtered or unexported fields
}
FilterInputInterfaceInvertAccept tests that we can selectively accept packets not matching the specific incoming interface.
func (*FilterInputInterfaceInvertAccept) ContainerAction ¶
func (*FilterInputInterfaceInvertAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputInterfaceInvertAccept) ContainerSufficient ¶
func (*FilterInputInterfaceInvertAccept) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputInterfaceInvertAccept) LocalAction ¶
func (*FilterInputInterfaceInvertAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
LocalAction implements TestCase.LocalAction.
func (*FilterInputInterfaceInvertAccept) LocalSufficient ¶
func (*FilterInputInterfaceInvertAccept) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputInterfaceInvertAccept) Name ¶
func (*FilterInputInterfaceInvertAccept) Name() string
Name implements TestCase.Name.
type FilterInputInterfaceInvertDrop ¶
type FilterInputInterfaceInvertDrop struct {
// contains filtered or unexported fields
}
FilterInputInterfaceInvertDrop tests that we selectively drop packets from interface not matching the interface name.
func (*FilterInputInterfaceInvertDrop) ContainerAction ¶
func (*FilterInputInterfaceInvertDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputInterfaceInvertDrop) ContainerSufficient ¶
func (*FilterInputInterfaceInvertDrop) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputInterfaceInvertDrop) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputInterfaceInvertDrop) LocalSufficient ¶
func (*FilterInputInterfaceInvertDrop) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputInterfaceInvertDrop) Name ¶
func (*FilterInputInterfaceInvertDrop) Name() string
Name implements TestCase.Name.
type FilterInputInvertDestination ¶
type FilterInputInvertDestination struct {
// contains filtered or unexported fields
}
FilterInputInvertDestination verifies that we can filter packets via `! -d <ipaddr>`.
func (*FilterInputInvertDestination) ContainerAction ¶
func (*FilterInputInvertDestination) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputInvertDestination) ContainerSufficient ¶
func (*FilterInputInvertDestination) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputInvertDestination) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputInvertDestination) LocalSufficient ¶
func (*FilterInputInvertDestination) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputInvertDestination) Name ¶
func (*FilterInputInvertDestination) Name() string
Name implements TestCase.Name.
type FilterInputInvertDportAccept ¶
type FilterInputInvertDportAccept struct {
// contains filtered or unexported fields
}
FilterInputInvertDportAccept tests that we can send packets on a negated --dport match
func (*FilterInputInvertDportAccept) ContainerAction ¶
func (*FilterInputInvertDportAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputInvertDportAccept) ContainerSufficient ¶
func (*FilterInputInvertDportAccept) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputInvertDportAccept) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputInvertDportAccept) LocalSufficient ¶
func (*FilterInputInvertDportAccept) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputInvertDportAccept) Name ¶
func (*FilterInputInvertDportAccept) Name() string
Name implements TestCase.Name.
type FilterInputInvertDportDrop ¶
type FilterInputInvertDportDrop struct {
// contains filtered or unexported fields
}
FilterInputInvertDportDrop tests that we can send packets on a negated --dport match
func (*FilterInputInvertDportDrop) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputInvertDportDrop) ContainerSufficient ¶
func (*FilterInputInvertDportDrop) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputInvertDportDrop) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputInvertDportDrop) LocalSufficient ¶
func (*FilterInputInvertDportDrop) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputInvertDportDrop) Name ¶
func (*FilterInputInvertDportDrop) Name() string
Name implements TestCase.Name.
type FilterInputInvertSource ¶
type FilterInputInvertSource struct {
// contains filtered or unexported fields
}
FilterInputInvertSource verifies that we can filter packets via `! -s <ipaddr>`.
func (*FilterInputInvertSource) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputInvertSource) ContainerSufficient ¶
func (*FilterInputInvertSource) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputInvertSource) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputInvertSource) LocalSufficient ¶
func (*FilterInputInvertSource) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputInvertSource) Name ¶
func (*FilterInputInvertSource) Name() string
Name implements TestCase.Name.
type FilterInputJumpBasic ¶
type FilterInputJumpBasic struct {
// contains filtered or unexported fields
}
FilterInputJumpBasic jumps to a chain and executes a rule there.
func (*FilterInputJumpBasic) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputJumpBasic) ContainerSufficient ¶
func (*FilterInputJumpBasic) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputJumpBasic) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputJumpBasic) LocalSufficient ¶
func (*FilterInputJumpBasic) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputJumpBasic) Name ¶
func (*FilterInputJumpBasic) Name() string
Name implements TestCase.Name.
type FilterInputJumpBuiltin ¶
type FilterInputJumpBuiltin struct {
// contains filtered or unexported fields
}
FilterInputJumpBuiltin verifies that jumping to a top-levl chain is illegal.
func (*FilterInputJumpBuiltin) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputJumpBuiltin) ContainerSufficient ¶
func (*FilterInputJumpBuiltin) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputJumpBuiltin) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputJumpBuiltin) LocalSufficient ¶
func (*FilterInputJumpBuiltin) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputJumpBuiltin) Name ¶
func (*FilterInputJumpBuiltin) Name() string
Name implements TestCase.Name.
type FilterInputJumpReturn ¶
type FilterInputJumpReturn struct {
// contains filtered or unexported fields
}
FilterInputJumpReturn jumps, returns, and executes a rule.
func (*FilterInputJumpReturn) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputJumpReturn) ContainerSufficient ¶
func (*FilterInputJumpReturn) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputJumpReturn) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputJumpReturn) LocalSufficient ¶
func (*FilterInputJumpReturn) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputJumpReturn) Name ¶
func (*FilterInputJumpReturn) Name() string
Name implements TestCase.Name.
type FilterInputJumpReturnDrop ¶
type FilterInputJumpReturnDrop struct {
// contains filtered or unexported fields
}
FilterInputJumpReturnDrop jumps to a chain, returns, and DROPs packets.
func (*FilterInputJumpReturnDrop) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputJumpReturnDrop) ContainerSufficient ¶
func (*FilterInputJumpReturnDrop) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputJumpReturnDrop) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputJumpReturnDrop) LocalSufficient ¶
func (*FilterInputJumpReturnDrop) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputJumpReturnDrop) Name ¶
func (*FilterInputJumpReturnDrop) Name() string
Name implements TestCase.Name.
type FilterInputJumpTwice ¶
type FilterInputJumpTwice struct {
// contains filtered or unexported fields
}
FilterInputJumpTwice jumps twice, then returns twice and executes a rule.
func (*FilterInputJumpTwice) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputJumpTwice) ContainerSufficient ¶
func (*FilterInputJumpTwice) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputJumpTwice) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputJumpTwice) LocalSufficient ¶
func (*FilterInputJumpTwice) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputJumpTwice) Name ¶
func (*FilterInputJumpTwice) Name() string
Name implements TestCase.Name.
type FilterInputMultiUDPRules ¶
type FilterInputMultiUDPRules struct {
// contains filtered or unexported fields
}
FilterInputMultiUDPRules verifies that multiple UDP rules are applied correctly. This has the added benefit of testing whether we're serializing rules correctly -- if we do it incorrectly, the iptables tool will misunderstand and save the wrong tables.
func (*FilterInputMultiUDPRules) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputMultiUDPRules) ContainerSufficient ¶
func (*FilterInputMultiUDPRules) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputMultiUDPRules) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputMultiUDPRules) LocalSufficient ¶
func (*FilterInputMultiUDPRules) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputMultiUDPRules) Name ¶
func (*FilterInputMultiUDPRules) Name() string
Name implements TestCase.Name.
type FilterInputRequireProtocolUDP ¶
type FilterInputRequireProtocolUDP struct {
// contains filtered or unexported fields
}
FilterInputRequireProtocolUDP checks that "-m udp" requires "-p udp" to be specified.
func (*FilterInputRequireProtocolUDP) ContainerAction ¶
func (*FilterInputRequireProtocolUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputRequireProtocolUDP) ContainerSufficient ¶
func (*FilterInputRequireProtocolUDP) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputRequireProtocolUDP) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputRequireProtocolUDP) LocalSufficient ¶
func (*FilterInputRequireProtocolUDP) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputRequireProtocolUDP) Name ¶
func (*FilterInputRequireProtocolUDP) Name() string
Name implements TestCase.Name.
type FilterInputReturnUnderflow ¶
type FilterInputReturnUnderflow struct {
// contains filtered or unexported fields
}
FilterInputReturnUnderflow tests that -j RETURN in a built-in chain causes the underflow rule (i.e. default policy) to be executed.
func (*FilterInputReturnUnderflow) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputReturnUnderflow) ContainerSufficient ¶
func (*FilterInputReturnUnderflow) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputReturnUnderflow) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputReturnUnderflow) LocalSufficient ¶
func (*FilterInputReturnUnderflow) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputReturnUnderflow) Name ¶
func (*FilterInputReturnUnderflow) Name() string
Name implements TestCase.Name.
type FilterInputSerializeJump ¶
type FilterInputSerializeJump struct {
// contains filtered or unexported fields
}
FilterInputSerializeJump verifies that we can serialize jumps.
func (*FilterInputSerializeJump) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputSerializeJump) ContainerSufficient ¶
func (*FilterInputSerializeJump) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputSerializeJump) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputSerializeJump) LocalSufficient ¶
func (*FilterInputSerializeJump) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputSerializeJump) Name ¶
func (*FilterInputSerializeJump) Name() string
Name implements TestCase.Name.
type FilterInputSource ¶
type FilterInputSource struct {
// contains filtered or unexported fields
}
FilterInputSource verifies that we can filter packets via `-s <ipaddr>`.
func (*FilterInputSource) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterInputSource) ContainerSufficient ¶
func (*FilterInputSource) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterInputSource) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterInputSource) LocalSufficient ¶
func (*FilterInputSource) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterInputSource) Name ¶
func (*FilterInputSource) Name() string
Name implements TestCase.Name.
type FilterOutputAcceptGIDOwner ¶
type FilterOutputAcceptGIDOwner struct {
// contains filtered or unexported fields
}
FilterOutputAcceptGIDOwner tests that TCP connections from gid owner are accepted.
func (*FilterOutputAcceptGIDOwner) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputAcceptGIDOwner) ContainerSufficient ¶
func (*FilterOutputAcceptGIDOwner) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputAcceptGIDOwner) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputAcceptGIDOwner) LocalSufficient ¶
func (*FilterOutputAcceptGIDOwner) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputAcceptGIDOwner) Name ¶
func (*FilterOutputAcceptGIDOwner) Name() string
Name implements TestCase.Name.
type FilterOutputAcceptTCPOwner ¶
type FilterOutputAcceptTCPOwner struct {
// contains filtered or unexported fields
}
FilterOutputAcceptTCPOwner tests that TCP connections from uid owner are accepted.
func (*FilterOutputAcceptTCPOwner) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputAcceptTCPOwner) ContainerSufficient ¶
func (*FilterOutputAcceptTCPOwner) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputAcceptTCPOwner) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputAcceptTCPOwner) LocalSufficient ¶
func (*FilterOutputAcceptTCPOwner) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputAcceptTCPOwner) Name ¶
func (*FilterOutputAcceptTCPOwner) Name() string
Name implements TestCase.Name.
type FilterOutputAcceptUDPOwner ¶
type FilterOutputAcceptUDPOwner struct {
// contains filtered or unexported fields
}
FilterOutputAcceptUDPOwner tests that UDP packets from uid owner are accepted.
func (*FilterOutputAcceptUDPOwner) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputAcceptUDPOwner) ContainerSufficient ¶
func (*FilterOutputAcceptUDPOwner) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputAcceptUDPOwner) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputAcceptUDPOwner) LocalSufficient ¶
func (*FilterOutputAcceptUDPOwner) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputAcceptUDPOwner) Name ¶
func (*FilterOutputAcceptUDPOwner) Name() string
Name implements TestCase.Name.
type FilterOutputDestination ¶
type FilterOutputDestination struct {
// contains filtered or unexported fields
}
FilterOutputDestination tests that we can selectively allow packets to certain destinations.
func (*FilterOutputDestination) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputDestination) ContainerSufficient ¶
func (*FilterOutputDestination) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputDestination) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputDestination) LocalSufficient ¶
func (*FilterOutputDestination) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputDestination) Name ¶
func (*FilterOutputDestination) Name() string
Name implements TestCase.Name.
type FilterOutputDropGIDOwner ¶
type FilterOutputDropGIDOwner struct {
// contains filtered or unexported fields
}
FilterOutputDropGIDOwner tests that TCP connections from gid owner are dropped.
func (*FilterOutputDropGIDOwner) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputDropGIDOwner) ContainerSufficient ¶
func (*FilterOutputDropGIDOwner) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputDropGIDOwner) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputDropGIDOwner) LocalSufficient ¶
func (*FilterOutputDropGIDOwner) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputDropGIDOwner) Name ¶
func (*FilterOutputDropGIDOwner) Name() string
Name implements TestCase.Name.
type FilterOutputDropTCPDestPort ¶
type FilterOutputDropTCPDestPort struct {
// contains filtered or unexported fields
}
FilterOutputDropTCPDestPort tests that connections are not accepted on specified source ports.
func (*FilterOutputDropTCPDestPort) ContainerAction ¶
func (*FilterOutputDropTCPDestPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputDropTCPDestPort) ContainerSufficient ¶
func (*FilterOutputDropTCPDestPort) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputDropTCPDestPort) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputDropTCPDestPort) LocalSufficient ¶
func (*FilterOutputDropTCPDestPort) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputDropTCPDestPort) Name ¶
func (*FilterOutputDropTCPDestPort) Name() string
Name implements TestCase.Name.
type FilterOutputDropTCPOwner ¶
type FilterOutputDropTCPOwner struct {
// contains filtered or unexported fields
}
FilterOutputDropTCPOwner tests that TCP connections from uid owner are dropped.
func (*FilterOutputDropTCPOwner) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputDropTCPOwner) ContainerSufficient ¶
func (*FilterOutputDropTCPOwner) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputDropTCPOwner) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputDropTCPOwner) LocalSufficient ¶
func (*FilterOutputDropTCPOwner) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputDropTCPOwner) Name ¶
func (*FilterOutputDropTCPOwner) Name() string
Name implements TestCase.Name.
type FilterOutputDropTCPSrcPort ¶
type FilterOutputDropTCPSrcPort struct {
// contains filtered or unexported fields
}
FilterOutputDropTCPSrcPort tests that connections are not accepted on specified source ports.
func (*FilterOutputDropTCPSrcPort) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputDropTCPSrcPort) ContainerSufficient ¶
func (*FilterOutputDropTCPSrcPort) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputDropTCPSrcPort) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputDropTCPSrcPort) LocalSufficient ¶
func (*FilterOutputDropTCPSrcPort) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputDropTCPSrcPort) Name ¶
func (*FilterOutputDropTCPSrcPort) Name() string
Name implements TestCase.Name.
type FilterOutputDropUDPOwner ¶
type FilterOutputDropUDPOwner struct {
// contains filtered or unexported fields
}
FilterOutputDropUDPOwner tests that UDP packets from uid owner are dropped.
func (*FilterOutputDropUDPOwner) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputDropUDPOwner) ContainerSufficient ¶
func (*FilterOutputDropUDPOwner) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputDropUDPOwner) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputDropUDPOwner) LocalSufficient ¶
func (*FilterOutputDropUDPOwner) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputDropUDPOwner) Name ¶
func (*FilterOutputDropUDPOwner) Name() string
Name implements TestCase.Name.
type FilterOutputInterface ¶
type FilterOutputInterface struct {
// contains filtered or unexported fields
}
FilterOutputInterface tests that packets are sent via interface which is not matching the interface name in the iptables rule.
func (*FilterOutputInterface) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputInterface) ContainerSufficient ¶
func (*FilterOutputInterface) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputInterface) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputInterface) LocalSufficient ¶
func (*FilterOutputInterface) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputInterface) Name ¶
func (*FilterOutputInterface) Name() string
Name implements TestCase.Name.
type FilterOutputInterfaceAccept ¶
type FilterOutputInterfaceAccept struct {
// contains filtered or unexported fields
}
FilterOutputInterfaceAccept tests that packets are sent via interface matching the iptables rule.
func (*FilterOutputInterfaceAccept) ContainerAction ¶
func (*FilterOutputInterfaceAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputInterfaceAccept) ContainerSufficient ¶
func (*FilterOutputInterfaceAccept) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputInterfaceAccept) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputInterfaceAccept) LocalSufficient ¶
func (*FilterOutputInterfaceAccept) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputInterfaceAccept) Name ¶
func (*FilterOutputInterfaceAccept) Name() string
Name implements TestCase.Name.
type FilterOutputInterfaceBeginsWith ¶
type FilterOutputInterfaceBeginsWith struct {
// contains filtered or unexported fields
}
FilterOutputInterfaceBeginsWith tests that packets are not sent via an interface which begins with the given interface name.
func (*FilterOutputInterfaceBeginsWith) ContainerAction ¶
func (*FilterOutputInterfaceBeginsWith) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputInterfaceBeginsWith) ContainerSufficient ¶
func (*FilterOutputInterfaceBeginsWith) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputInterfaceBeginsWith) LocalAction ¶
func (*FilterOutputInterfaceBeginsWith) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
LocalAction implements TestCase.LocalAction.
func (*FilterOutputInterfaceBeginsWith) LocalSufficient ¶
func (*FilterOutputInterfaceBeginsWith) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputInterfaceBeginsWith) Name ¶
func (*FilterOutputInterfaceBeginsWith) Name() string
Name implements TestCase.Name.
type FilterOutputInterfaceDrop ¶
type FilterOutputInterfaceDrop struct {
// contains filtered or unexported fields
}
FilterOutputInterfaceDrop tests that packets are not sent via interface matching the iptables rule.
func (*FilterOutputInterfaceDrop) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputInterfaceDrop) ContainerSufficient ¶
func (*FilterOutputInterfaceDrop) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputInterfaceDrop) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputInterfaceDrop) LocalSufficient ¶
func (*FilterOutputInterfaceDrop) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputInterfaceDrop) Name ¶
func (*FilterOutputInterfaceDrop) Name() string
Name implements TestCase.Name.
type FilterOutputInterfaceInvertAccept ¶
type FilterOutputInterfaceInvertAccept struct {
// contains filtered or unexported fields
}
FilterOutputInterfaceInvertAccept tests that we can selectively send packets not matching the specific outgoing interface.
func (*FilterOutputInterfaceInvertAccept) ContainerAction ¶
func (*FilterOutputInterfaceInvertAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputInterfaceInvertAccept) ContainerSufficient ¶
func (*FilterOutputInterfaceInvertAccept) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputInterfaceInvertAccept) LocalAction ¶
func (*FilterOutputInterfaceInvertAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
LocalAction implements TestCase.LocalAction.
func (*FilterOutputInterfaceInvertAccept) LocalSufficient ¶
func (*FilterOutputInterfaceInvertAccept) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputInterfaceInvertAccept) Name ¶
func (*FilterOutputInterfaceInvertAccept) Name() string
Name implements TestCase.Name.
type FilterOutputInterfaceInvertDrop ¶
type FilterOutputInterfaceInvertDrop struct {
// contains filtered or unexported fields
}
FilterOutputInterfaceInvertDrop tests that we selectively do not send packets via interface not matching the interface name.
func (*FilterOutputInterfaceInvertDrop) ContainerAction ¶
func (*FilterOutputInterfaceInvertDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputInterfaceInvertDrop) ContainerSufficient ¶
func (*FilterOutputInterfaceInvertDrop) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputInterfaceInvertDrop) LocalAction ¶
func (*FilterOutputInterfaceInvertDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
LocalAction implements TestCase.LocalAction.
func (*FilterOutputInterfaceInvertDrop) LocalSufficient ¶
func (*FilterOutputInterfaceInvertDrop) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputInterfaceInvertDrop) Name ¶
func (*FilterOutputInterfaceInvertDrop) Name() string
Name implements TestCase.Name.
type FilterOutputInvertDestination ¶
type FilterOutputInvertDestination struct {
// contains filtered or unexported fields
}
FilterOutputInvertDestination tests that we can selectively allow packets not headed for a particular destination.
func (*FilterOutputInvertDestination) ContainerAction ¶
func (*FilterOutputInvertDestination) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputInvertDestination) ContainerSufficient ¶
func (*FilterOutputInvertDestination) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputInvertDestination) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputInvertDestination) LocalSufficient ¶
func (*FilterOutputInvertDestination) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputInvertDestination) Name ¶
func (*FilterOutputInvertDestination) Name() string
Name implements TestCase.Name.
type FilterOutputInvertGIDOwner ¶
type FilterOutputInvertGIDOwner struct {
// contains filtered or unexported fields
}
FilterOutputInvertGIDOwner tests that TCP connections from gid owner are dropped.
func (*FilterOutputInvertGIDOwner) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputInvertGIDOwner) ContainerSufficient ¶
func (*FilterOutputInvertGIDOwner) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputInvertGIDOwner) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputInvertGIDOwner) LocalSufficient ¶
func (*FilterOutputInvertGIDOwner) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputInvertGIDOwner) Name ¶
func (*FilterOutputInvertGIDOwner) Name() string
Name implements TestCase.Name.
type FilterOutputInvertSportAccept ¶
type FilterOutputInvertSportAccept struct {
// contains filtered or unexported fields
}
FilterOutputInvertSportAccept tests that we can send packets on a negated --sport match
func (*FilterOutputInvertSportAccept) ContainerAction ¶
func (*FilterOutputInvertSportAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputInvertSportAccept) ContainerSufficient ¶
func (*FilterOutputInvertSportAccept) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputInvertSportAccept) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputInvertSportAccept) LocalSufficient ¶
func (*FilterOutputInvertSportAccept) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputInvertSportAccept) Name ¶
func (*FilterOutputInvertSportAccept) Name() string
Name implements TestCase.Name.
type FilterOutputInvertSportDrop ¶
type FilterOutputInvertSportDrop struct {
// contains filtered or unexported fields
}
FilterOutputInvertSportDrop tests that we can send packets on a negated --dport match
func (*FilterOutputInvertSportDrop) ContainerAction ¶
func (*FilterOutputInvertSportDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputInvertSportDrop) ContainerSufficient ¶
func (*FilterOutputInvertSportDrop) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputInvertSportDrop) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputInvertSportDrop) LocalSufficient ¶
func (*FilterOutputInvertSportDrop) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputInvertSportDrop) Name ¶
func (*FilterOutputInvertSportDrop) Name() string
Name implements TestCase.Name.
type FilterOutputInvertUIDAndGIDOwner ¶
type FilterOutputInvertUIDAndGIDOwner struct {
// contains filtered or unexported fields
}
FilterOutputInvertUIDAndGIDOwner tests that TCP connections from uid and gid owner are dropped.
func (*FilterOutputInvertUIDAndGIDOwner) ContainerAction ¶
func (*FilterOutputInvertUIDAndGIDOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputInvertUIDAndGIDOwner) ContainerSufficient ¶
func (*FilterOutputInvertUIDAndGIDOwner) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputInvertUIDAndGIDOwner) LocalAction ¶
func (*FilterOutputInvertUIDAndGIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
LocalAction implements TestCase.LocalAction.
func (*FilterOutputInvertUIDAndGIDOwner) LocalSufficient ¶
func (*FilterOutputInvertUIDAndGIDOwner) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputInvertUIDAndGIDOwner) Name ¶
func (*FilterOutputInvertUIDAndGIDOwner) Name() string
Name implements TestCase.Name.
type FilterOutputInvertUIDOwner ¶
type FilterOutputInvertUIDOwner struct {
// contains filtered or unexported fields
}
FilterOutputInvertUIDOwner tests that TCP connections from gid owner are dropped.
func (*FilterOutputInvertUIDOwner) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputInvertUIDOwner) ContainerSufficient ¶
func (*FilterOutputInvertUIDOwner) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputInvertUIDOwner) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputInvertUIDOwner) LocalSufficient ¶
func (*FilterOutputInvertUIDOwner) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputInvertUIDOwner) Name ¶
func (*FilterOutputInvertUIDOwner) Name() string
Name implements TestCase.Name.
type FilterOutputOwnerFail ¶
type FilterOutputOwnerFail struct {
// contains filtered or unexported fields
}
FilterOutputOwnerFail tests that without uid/gid option, owner rule will fail.
func (*FilterOutputOwnerFail) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*FilterOutputOwnerFail) ContainerSufficient ¶
func (*FilterOutputOwnerFail) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*FilterOutputOwnerFail) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*FilterOutputOwnerFail) LocalSufficient ¶
func (*FilterOutputOwnerFail) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*FilterOutputOwnerFail) Name ¶
func (*FilterOutputOwnerFail) Name() string
Name implements TestCase.Name.
type NATAcceptAll ¶
type NATAcceptAll struct {
// contains filtered or unexported fields
}
NATAcceptAll tests that all UDP packets are accepted.
func (*NATAcceptAll) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATAcceptAll) ContainerSufficient ¶
func (*NATAcceptAll) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATAcceptAll) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATAcceptAll) LocalSufficient ¶
func (*NATAcceptAll) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
type NATDropUDP ¶
type NATDropUDP struct {
// contains filtered or unexported fields
}
NATDropUDP tests that packets are not received in ports other than redirect port.
func (*NATDropUDP) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATDropUDP) ContainerSufficient ¶
func (*NATDropUDP) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATDropUDP) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATDropUDP) LocalSufficient ¶
func (*NATDropUDP) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
type NATLoopbackSkipsPrerouting ¶
type NATLoopbackSkipsPrerouting struct {
// contains filtered or unexported fields
}
NATLoopbackSkipsPrerouting tests that packets sent via loopback aren't affected by PREROUTING rules.
func (*NATLoopbackSkipsPrerouting) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATLoopbackSkipsPrerouting) ContainerSufficient ¶
func (*NATLoopbackSkipsPrerouting) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATLoopbackSkipsPrerouting) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATLoopbackSkipsPrerouting) LocalSufficient ¶
func (*NATLoopbackSkipsPrerouting) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATLoopbackSkipsPrerouting) Name ¶
func (*NATLoopbackSkipsPrerouting) Name() string
Name implements TestCase.Name.
type NATOutDNAT ¶
type NATOutDNAT struct {
// contains filtered or unexported fields
}
NATOutDNAT tests that the source port/IP in the packets are modified as expected. It tests the latest-implemented revision of the DNAT target.
func (*NATOutDNAT) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATOutDNAT) ContainerSufficient ¶
func (*NATOutDNAT) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATOutDNAT) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATOutDNAT) LocalSufficient ¶
func (*NATOutDNAT) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
type NATOutDNATAddrOnly ¶
type NATOutDNATAddrOnly struct {
// contains filtered or unexported fields
}
NATOutDNATAddrOnly tests that the source IP only in the packets are modified as expected. It tests the latest-implemented revision of the DNAT target.
func (*NATOutDNATAddrOnly) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATOutDNATAddrOnly) ContainerSufficient ¶
func (*NATOutDNATAddrOnly) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATOutDNATAddrOnly) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATOutDNATAddrOnly) LocalSufficient ¶
func (*NATOutDNATAddrOnly) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATOutDNATAddrOnly) Name ¶
func (*NATOutDNATAddrOnly) Name() string
Name implements TestCase.Name.
type NATOutDNATPortOnly ¶
type NATOutDNATPortOnly struct {
// contains filtered or unexported fields
}
NATOutDNATPortOnly tests that the source port only in the packets are modified as expected. It tests the latest-implemented revision of the DNAT target.
func (*NATOutDNATPortOnly) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATOutDNATPortOnly) ContainerSufficient ¶
func (*NATOutDNATPortOnly) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATOutDNATPortOnly) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATOutDNATPortOnly) LocalSufficient ¶
func (*NATOutDNATPortOnly) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATOutDNATPortOnly) Name ¶
func (*NATOutDNATPortOnly) Name() string
Name implements TestCase.Name.
type NATOutDontRedirectIP ¶
type NATOutDontRedirectIP struct {
// contains filtered or unexported fields
}
NATOutDontRedirectIP tests that iptables matching with "-d" does not match packets it shouldn't.
func (*NATOutDontRedirectIP) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATOutDontRedirectIP) ContainerSufficient ¶
func (*NATOutDontRedirectIP) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATOutDontRedirectIP) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATOutDontRedirectIP) LocalSufficient ¶
func (*NATOutDontRedirectIP) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATOutDontRedirectIP) Name ¶
func (*NATOutDontRedirectIP) Name() string
Name implements TestCase.Name.
type NATOutOriginalDst ¶
type NATOutOriginalDst struct {
// contains filtered or unexported fields
}
NATOutOriginalDst tests that SO_ORIGINAL_DST returns the pre-NAT destination of OUTBOUND NATted packets.
func (*NATOutOriginalDst) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATOutOriginalDst) ContainerSufficient ¶
func (*NATOutOriginalDst) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATOutOriginalDst) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATOutOriginalDst) LocalSufficient ¶
func (*NATOutOriginalDst) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATOutOriginalDst) Name ¶
func (*NATOutOriginalDst) Name() string
Name implements TestCase.Name.
type NATOutRECVORIGDSTADDR ¶
type NATOutRECVORIGDSTADDR struct {
// contains filtered or unexported fields
}
NATOutRECVORIGDSTADDR tests that IP{V6}_RECVORIGDSTADDR gets the post-NAT address on the OUTPUT chain.
func (*NATOutRECVORIGDSTADDR) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATOutRECVORIGDSTADDR) ContainerSufficient ¶
func (*NATOutRECVORIGDSTADDR) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATOutRECVORIGDSTADDR) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATOutRECVORIGDSTADDR) LocalSufficient ¶
func (*NATOutRECVORIGDSTADDR) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATOutRECVORIGDSTADDR) Name ¶
func (*NATOutRECVORIGDSTADDR) Name() string
Name implements TestCase.Name.
type NATOutRedirectIP ¶
type NATOutRedirectIP struct {
// contains filtered or unexported fields
}
NATOutRedirectIP uses iptables to select packets based on destination IP and redirects them.
func (*NATOutRedirectIP) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATOutRedirectIP) ContainerSufficient ¶
func (*NATOutRedirectIP) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATOutRedirectIP) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATOutRedirectIP) LocalSufficient ¶
func (*NATOutRedirectIP) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATOutRedirectIP) Name ¶
func (*NATOutRedirectIP) Name() string
Name implements TestCase.Name.
type NATOutRedirectInvert ¶
type NATOutRedirectInvert struct {
// contains filtered or unexported fields
}
NATOutRedirectInvert tests that iptables can match with "! -d".
func (*NATOutRedirectInvert) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATOutRedirectInvert) ContainerSufficient ¶
func (*NATOutRedirectInvert) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATOutRedirectInvert) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATOutRedirectInvert) LocalSufficient ¶
func (*NATOutRedirectInvert) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATOutRedirectInvert) Name ¶
func (*NATOutRedirectInvert) Name() string
Name implements TestCase.Name.
type NATOutRedirectTCPIncoming ¶
type NATOutRedirectTCPIncoming struct {
// contains filtered or unexported fields
}
NATOutRedirectTCPIncoming verifies that incoming TCP connections aren't affected by OUTPUT connection tracking.
func (*NATOutRedirectTCPIncoming) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATOutRedirectTCPIncoming) ContainerSufficient ¶
func (*NATOutRedirectTCPIncoming) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATOutRedirectTCPIncoming) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATOutRedirectTCPIncoming) LocalSufficient ¶
func (*NATOutRedirectTCPIncoming) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATOutRedirectTCPIncoming) Name ¶
func (*NATOutRedirectTCPIncoming) Name() string
Name implements TestCase.Name.
type NATOutRedirectTCPPort ¶
type NATOutRedirectTCPPort struct {
// contains filtered or unexported fields
}
NATOutRedirectTCPPort tests that connections are redirected on specified ports.
func (*NATOutRedirectTCPPort) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATOutRedirectTCPPort) ContainerSufficient ¶
func (*NATOutRedirectTCPPort) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATOutRedirectTCPPort) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATOutRedirectTCPPort) LocalSufficient ¶
func (*NATOutRedirectTCPPort) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATOutRedirectTCPPort) Name ¶
func (*NATOutRedirectTCPPort) Name() string
Name implements TestCase.Name.
type NATOutRedirectUDPPort ¶
type NATOutRedirectUDPPort struct {
// contains filtered or unexported fields
}
NATOutRedirectUDPPort tests that packets are redirected to different port.
func (*NATOutRedirectUDPPort) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATOutRedirectUDPPort) ContainerSufficient ¶
func (*NATOutRedirectUDPPort) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATOutRedirectUDPPort) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATOutRedirectUDPPort) LocalSufficient ¶
func (*NATOutRedirectUDPPort) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATOutRedirectUDPPort) Name ¶
func (*NATOutRedirectUDPPort) Name() string
Name implements TestCase.Name.
type NATPostSNATTCP ¶
type NATPostSNATTCP struct {
// contains filtered or unexported fields
}
NATPostSNATTCP tests that the source port/IP in the packets are modified as expected. It tests the latest-implemented revision of the SNAT target.
func (*NATPostSNATTCP) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATPostSNATTCP) ContainerSufficient ¶
func (*NATPostSNATTCP) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATPostSNATTCP) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATPostSNATTCP) LocalSufficient ¶
func (*NATPostSNATTCP) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
type NATPostSNATUDP ¶
type NATPostSNATUDP struct {
// contains filtered or unexported fields
}
NATPostSNATUDP tests that the source port/IP in the packets are modified as expected. It tests the latest-implemented revision of the SNAT target.
func (*NATPostSNATUDP) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATPostSNATUDP) ContainerSufficient ¶
func (*NATPostSNATUDP) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATPostSNATUDP) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATPostSNATUDP) LocalSufficient ¶
func (*NATPostSNATUDP) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
type NATPreDontRedirectIP ¶
type NATPreDontRedirectIP struct {
// contains filtered or unexported fields
}
NATPreDontRedirectIP tests that iptables matching with "-d" does not match packets it shouldn't.
func (*NATPreDontRedirectIP) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATPreDontRedirectIP) ContainerSufficient ¶
func (*NATPreDontRedirectIP) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATPreDontRedirectIP) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATPreDontRedirectIP) LocalSufficient ¶
func (*NATPreDontRedirectIP) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATPreDontRedirectIP) Name ¶
func (*NATPreDontRedirectIP) Name() string
Name implements TestCase.Name.
type NATPreOriginalDst ¶
type NATPreOriginalDst struct {
// contains filtered or unexported fields
}
NATPreOriginalDst tests that SO_ORIGINAL_DST returns the pre-NAT destination of PREROUTING NATted packets.
func (*NATPreOriginalDst) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATPreOriginalDst) ContainerSufficient ¶
func (*NATPreOriginalDst) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATPreOriginalDst) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATPreOriginalDst) LocalSufficient ¶
func (*NATPreOriginalDst) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATPreOriginalDst) Name ¶
func (*NATPreOriginalDst) Name() string
Name implements TestCase.Name.
type NATPreRECVORIGDSTADDR ¶
type NATPreRECVORIGDSTADDR struct {
// contains filtered or unexported fields
}
NATPreRECVORIGDSTADDR tests that IP{V6}_RECVORIGDSTADDR gets the post-NAT address on the PREROUTING chain.
func (*NATPreRECVORIGDSTADDR) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATPreRECVORIGDSTADDR) ContainerSufficient ¶
func (*NATPreRECVORIGDSTADDR) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATPreRECVORIGDSTADDR) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATPreRECVORIGDSTADDR) LocalSufficient ¶
func (*NATPreRECVORIGDSTADDR) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATPreRECVORIGDSTADDR) Name ¶
func (*NATPreRECVORIGDSTADDR) Name() string
Name implements TestCase.Name.
type NATPreRedirectIP ¶
type NATPreRedirectIP struct {
// contains filtered or unexported fields
}
NATPreRedirectIP tests that we can use iptables to select packets based on destination IP and redirect them.
func (*NATPreRedirectIP) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATPreRedirectIP) ContainerSufficient ¶
func (*NATPreRedirectIP) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATPreRedirectIP) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATPreRedirectIP) LocalSufficient ¶
func (*NATPreRedirectIP) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATPreRedirectIP) Name ¶
func (*NATPreRedirectIP) Name() string
Name implements TestCase.Name.
type NATPreRedirectInvert ¶
type NATPreRedirectInvert struct {
// contains filtered or unexported fields
}
NATPreRedirectInvert tests that iptables can match with "! -d".
func (*NATPreRedirectInvert) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATPreRedirectInvert) ContainerSufficient ¶
func (*NATPreRedirectInvert) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATPreRedirectInvert) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATPreRedirectInvert) LocalSufficient ¶
func (*NATPreRedirectInvert) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATPreRedirectInvert) Name ¶
func (*NATPreRedirectInvert) Name() string
Name implements TestCase.Name.
type NATPreRedirectTCPOutgoing ¶
type NATPreRedirectTCPOutgoing struct {
// contains filtered or unexported fields
}
NATPreRedirectTCPOutgoing verifies that outgoing TCP connections aren't affected by PREROUTING connection tracking.
func (*NATPreRedirectTCPOutgoing) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATPreRedirectTCPOutgoing) ContainerSufficient ¶
func (*NATPreRedirectTCPOutgoing) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATPreRedirectTCPOutgoing) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATPreRedirectTCPOutgoing) LocalSufficient ¶
func (*NATPreRedirectTCPOutgoing) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATPreRedirectTCPOutgoing) Name ¶
func (*NATPreRedirectTCPOutgoing) Name() string
Name implements TestCase.Name.
type NATPreRedirectTCPPort ¶
type NATPreRedirectTCPPort struct {
// contains filtered or unexported fields
}
NATPreRedirectTCPPort tests that connections are redirected on specified ports.
func (*NATPreRedirectTCPPort) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATPreRedirectTCPPort) ContainerSufficient ¶
func (*NATPreRedirectTCPPort) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATPreRedirectTCPPort) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATPreRedirectTCPPort) LocalSufficient ¶
func (*NATPreRedirectTCPPort) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATPreRedirectTCPPort) Name ¶
func (*NATPreRedirectTCPPort) Name() string
Name implements TestCase.Name.
type NATPreRedirectUDPPort ¶
type NATPreRedirectUDPPort struct {
// contains filtered or unexported fields
}
NATPreRedirectUDPPort tests that packets are redirected to different port.
func (*NATPreRedirectUDPPort) ContainerAction ¶
ContainerAction implements TestCase.ContainerAction.
func (*NATPreRedirectUDPPort) ContainerSufficient ¶
func (*NATPreRedirectUDPPort) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATPreRedirectUDPPort) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATPreRedirectUDPPort) LocalSufficient ¶
func (*NATPreRedirectUDPPort) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATPreRedirectUDPPort) Name ¶
func (*NATPreRedirectUDPPort) Name() string
Name implements TestCase.Name.
type NATRedirectRequiresProtocol ¶
type NATRedirectRequiresProtocol struct {
// contains filtered or unexported fields
}
NATRedirectRequiresProtocol tests that use of the --to-ports flag requires a protocol to be specified with -p.
func (*NATRedirectRequiresProtocol) ContainerAction ¶
func (*NATRedirectRequiresProtocol) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error
ContainerAction implements TestCase.ContainerAction.
func (*NATRedirectRequiresProtocol) ContainerSufficient ¶
func (*NATRedirectRequiresProtocol) ContainerSufficient() bool
ContainerSufficient implements TestCase.ContainerSufficient.
func (*NATRedirectRequiresProtocol) LocalAction ¶
LocalAction implements TestCase.LocalAction.
func (*NATRedirectRequiresProtocol) LocalSufficient ¶
func (*NATRedirectRequiresProtocol) LocalSufficient() bool
LocalSufficient implements TestCase.LocalSufficient.
func (*NATRedirectRequiresProtocol) Name ¶
func (*NATRedirectRequiresProtocol) Name() string
Name implements TestCase.Name.
type TestCase ¶
type TestCase interface { // Name returns the name of the test. Name() string // ContainerAction runs inside the container. It receives the IP of the // local process. ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error // LocalAction runs locally. It receives the IP of the container. LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error // ContainerSufficient indicates whether ContainerAction's return value // alone indicates whether the test succeeded. ContainerSufficient() bool // LocalSufficient indicates whether LocalAction's return value alone // indicates whether the test succeeded. LocalSufficient() bool }
A TestCase contains one action to run in the container and one to run locally. The actions run concurrently and each must succeed for the test pass.