diff options
author | Kevin Krakauer <krakauer@google.com> | 2020-11-09 10:48:16 -0800 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-11-09 10:50:43 -0800 |
commit | 16caaf79f8f85233c6921d1ee953f365007d7a68 (patch) | |
tree | 71c44cb36c4609a0a98f0e8c21b3464c5c391918 | |
parent | 0fb5353e45f166460d5846576c20479072207a06 (diff) |
iptables: add documentation about enabing docker ipv6
PiperOrigin-RevId: 341439435
-rw-r--r-- | test/iptables/README.md | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/test/iptables/README.md b/test/iptables/README.md index 28ab195ca..1196f8eb5 100644 --- a/test/iptables/README.md +++ b/test/iptables/README.md @@ -2,8 +2,38 @@ iptables tests are run via `make iptables-tests`. -iptables requires raw socket support, so you must add the `--net-raw=true` flag -to `/etc/docker/daemon.json` in order to use it. +iptables require some extra Docker configuration to work. Enable IPv6 in +`/etc/docker/daemon.json` (make sure to restart Docker if you change this file): + +```json +{ + "experimental": true, + "fixed-cidr-v6": "2001:db8:1::/64", + "ipv6": true, + // Runtimes and other Docker config... +} +``` + +And if you're running manually (i.e. not using the `make` target), you'll need +to: + +* Enable iptables via `modprobe iptables_filter && modprobe ip6table_filter`. +* Enable `--net-raw` in your chosen runtime in `/etc/docker/daemon.json` (make + sure to restart Docker if you change this file). + +The resulting runtime should look something like this: + +```json +"runsc": { + "path": "/tmp/iptables/runsc", + "runtimeArgs": [ + "--debug-log", + "/tmp/iptables/logs/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND%", + "--net-raw" + ] +}, +// ... +``` ## Test Structure |