diff options
| author | Kevin Krakauer <krakauer@google.com> | 2019-12-12 14:40:36 -0800 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2019-12-12 14:42:11 -0800 |
| commit | be2754a4b99cc92f13f479f74a5da8b0e6cb5839 (patch) | |
| tree | 17a1cbacb7b477950998555ab896782439436d7c /test/iptables/BUILD | |
| parent | 93d429d5b1e3801fb4c29568bcd40d6854c9fe94 (diff) | |
Add iptables testing framework.
It would be preferrable to test iptables via syscall tests, but there are some
problems with that approach:
* We're limited to loopback-only, as syscall tests involve only a single
container. Other link interfaces (e.g. fdbased) should be tested.
* We'd have to shell out to call iptables anyways, as the iptables syscall
interface itself is too large and complex to work with alone.
* Running the Linux/native version of the syscall test will require root, which
is a pain to configure, is inherently unsafe, and could leave host iptables
misconfigured.
Using the go_test target allows there to be no new test runner.
PiperOrigin-RevId: 285274275
Diffstat (limited to 'test/iptables/BUILD')
| -rw-r--r-- | test/iptables/BUILD | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/test/iptables/BUILD b/test/iptables/BUILD new file mode 100644 index 000000000..fa833c3b2 --- /dev/null +++ b/test/iptables/BUILD @@ -0,0 +1,31 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +package(licenses = ["notice"]) + +go_library( + name = "iptables", + srcs = [ + "filter_input.go", + "iptables.go", + "iptables_util.go", + ], + importpath = "gvisor.dev/gvisor/test/iptables", + visibility = ["//test/iptables:__subpackages__"], +) + +go_test( + name = "iptables_test", + srcs = [ + "iptables_test.go", + ], + embed = [":iptables"], + tags = [ + "local", + "manual", + ], + deps = [ + "//pkg/log", + "//runsc/dockerutil", + "//runsc/testutil", + ], +) |