summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorKevin Krakauer <krakauer@google.com>2020-11-09 10:48:16 -0800
committergVisor bot <gvisor-bot@google.com>2020-11-09 10:50:43 -0800
commit16caaf79f8f85233c6921d1ee953f365007d7a68 (patch)
tree71c44cb36c4609a0a98f0e8c21b3464c5c391918
parent0fb5353e45f166460d5846576c20479072207a06 (diff)
iptables: add documentation about enabing docker ipv6
PiperOrigin-RevId: 341439435
-rw-r--r--test/iptables/README.md34
1 files changed, 32 insertions, 2 deletions
diff --git a/test/iptables/README.md b/test/iptables/README.md
index 28ab195ca..1196f8eb5 100644
--- a/test/iptables/README.md
+++ b/test/iptables/README.md
@@ -2,8 +2,38 @@
iptables tests are run via `make iptables-tests`.
-iptables requires raw socket support, so you must add the `--net-raw=true` flag
-to `/etc/docker/daemon.json` in order to use it.
+iptables require some extra Docker configuration to work. Enable IPv6 in
+`/etc/docker/daemon.json` (make sure to restart Docker if you change this file):
+
+```json
+{
+ "experimental": true,
+ "fixed-cidr-v6": "2001:db8:1::/64",
+ "ipv6": true,
+ // Runtimes and other Docker config...
+}
+```
+
+And if you're running manually (i.e. not using the `make` target), you'll need
+to:
+
+* Enable iptables via `modprobe iptables_filter && modprobe ip6table_filter`.
+* Enable `--net-raw` in your chosen runtime in `/etc/docker/daemon.json` (make
+ sure to restart Docker if you change this file).
+
+The resulting runtime should look something like this:
+
+```json
+"runsc": {
+ "path": "/tmp/iptables/runsc",
+ "runtimeArgs": [
+ "--debug-log",
+ "/tmp/iptables/logs/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND%",
+ "--net-raw"
+ ]
+},
+// ...
+```
## Test Structure