diff options
author | Kevin Krakauer <krakauer@google.com> | 2019-12-12 14:40:36 -0800 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2019-12-12 14:42:11 -0800 |
commit | be2754a4b99cc92f13f479f74a5da8b0e6cb5839 (patch) | |
tree | 17a1cbacb7b477950998555ab896782439436d7c /runsc | |
parent | 93d429d5b1e3801fb4c29568bcd40d6854c9fe94 (diff) |
Add iptables testing framework.
It would be preferrable to test iptables via syscall tests, but there are some
problems with that approach:
* We're limited to loopback-only, as syscall tests involve only a single
container. Other link interfaces (e.g. fdbased) should be tested.
* We'd have to shell out to call iptables anyways, as the iptables syscall
interface itself is too large and complex to work with alone.
* Running the Linux/native version of the syscall test will require root, which
is a pain to configure, is inherently unsafe, and could leave host iptables
misconfigured.
Using the go_test target allows there to be no new test runner.
PiperOrigin-RevId: 285274275
Diffstat (limited to 'runsc')
-rw-r--r-- | runsc/dockerutil/dockerutil.go | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/runsc/dockerutil/dockerutil.go b/runsc/dockerutil/dockerutil.go index 57f6ae8de..9b6346ca2 100644 --- a/runsc/dockerutil/dockerutil.go +++ b/runsc/dockerutil/dockerutil.go @@ -380,6 +380,16 @@ func (d *Docker) FindPort(sandboxPort int) (int, error) { return port, nil } +// FindIP returns the IP address of the container as a string. +func (d *Docker) FindIP() (string, error) { + const format = `{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}` + out, err := do("inspect", "-f", format, d.Name) + if err != nil { + return "", fmt.Errorf("error retrieving IP: %v", err) + } + return strings.TrimSpace(out), nil +} + // SandboxPid returns the PID to the sandbox process. func (d *Docker) SandboxPid() (int, error) { out, err := do("inspect", "-f={{.State.Pid}}", d.Name) |