diff options
author | Toshi Kikuchi <toshik@google.com> | 2021-02-11 14:37:37 -0800 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-02-11 14:39:41 -0800 |
commit | 2129dfff61526879ca6a681e7a498d1e0d9ace34 (patch) | |
tree | 9418ae4b091fb42e02ddf04a77f8922eb7e0ea90 /test/iptables/nat.go | |
parent | c833eed80a4ceaf9da852ef361dd5f4864eb647d (diff) |
iptables test: Implement testCase interface on pointers
Implementing interfaces on value types causes the interface to be
implemented by both the value type and the pointer type of the
implementer. This complicates type assertion as it requires the
assertion to check for both the pointer type and the value type.
PiperOrigin-RevId: 357061063
Diffstat (limited to 'test/iptables/nat.go')
-rw-r--r-- | test/iptables/nat.go | 200 |
1 files changed, 120 insertions, 80 deletions
diff --git a/test/iptables/nat.go b/test/iptables/nat.go index c3874240f..7ff8510a7 100644 --- a/test/iptables/nat.go +++ b/test/iptables/nat.go @@ -28,38 +28,40 @@ import ( const redirectPort = 42 func init() { - RegisterTestCase(NATPreRedirectUDPPort{}) - RegisterTestCase(NATPreRedirectTCPPort{}) - RegisterTestCase(NATPreRedirectTCPOutgoing{}) - RegisterTestCase(NATOutRedirectTCPIncoming{}) - RegisterTestCase(NATOutRedirectUDPPort{}) - RegisterTestCase(NATOutRedirectTCPPort{}) - RegisterTestCase(NATDropUDP{}) - RegisterTestCase(NATAcceptAll{}) - RegisterTestCase(NATPreRedirectIP{}) - RegisterTestCase(NATPreDontRedirectIP{}) - RegisterTestCase(NATPreRedirectInvert{}) - RegisterTestCase(NATOutRedirectIP{}) - RegisterTestCase(NATOutDontRedirectIP{}) - RegisterTestCase(NATOutRedirectInvert{}) - RegisterTestCase(NATRedirectRequiresProtocol{}) - RegisterTestCase(NATLoopbackSkipsPrerouting{}) - RegisterTestCase(NATPreOriginalDst{}) - RegisterTestCase(NATOutOriginalDst{}) - RegisterTestCase(NATPreRECVORIGDSTADDR{}) - RegisterTestCase(NATOutRECVORIGDSTADDR{}) + RegisterTestCase(&NATPreRedirectUDPPort{}) + RegisterTestCase(&NATPreRedirectTCPPort{}) + RegisterTestCase(&NATPreRedirectTCPOutgoing{}) + RegisterTestCase(&NATOutRedirectTCPIncoming{}) + RegisterTestCase(&NATOutRedirectUDPPort{}) + RegisterTestCase(&NATOutRedirectTCPPort{}) + RegisterTestCase(&NATDropUDP{}) + RegisterTestCase(&NATAcceptAll{}) + RegisterTestCase(&NATPreRedirectIP{}) + RegisterTestCase(&NATPreDontRedirectIP{}) + RegisterTestCase(&NATPreRedirectInvert{}) + RegisterTestCase(&NATOutRedirectIP{}) + RegisterTestCase(&NATOutDontRedirectIP{}) + RegisterTestCase(&NATOutRedirectInvert{}) + RegisterTestCase(&NATRedirectRequiresProtocol{}) + RegisterTestCase(&NATLoopbackSkipsPrerouting{}) + RegisterTestCase(&NATPreOriginalDst{}) + RegisterTestCase(&NATOutOriginalDst{}) + RegisterTestCase(&NATPreRECVORIGDSTADDR{}) + RegisterTestCase(&NATOutRECVORIGDSTADDR{}) } // NATPreRedirectUDPPort tests that packets are redirected to different port. type NATPreRedirectUDPPort struct{ containerCase } +var _ TestCase = (*NATPreRedirectUDPPort)(nil) + // Name implements TestCase.Name. -func (NATPreRedirectUDPPort) Name() string { +func (*NATPreRedirectUDPPort) Name() string { return "NATPreRedirectUDPPort" } // ContainerAction implements TestCase.ContainerAction. -func (NATPreRedirectUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATPreRedirectUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { if err := natTable(ipv6, "-A", "PREROUTING", "-p", "udp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", redirectPort)); err != nil { return err } @@ -72,20 +74,22 @@ func (NATPreRedirectUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv } // LocalAction implements TestCase.LocalAction. -func (NATPreRedirectUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATPreRedirectUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { return sendUDPLoop(ctx, ip, acceptPort) } // NATPreRedirectTCPPort tests that connections are redirected on specified ports. type NATPreRedirectTCPPort struct{ baseCase } +var _ TestCase = (*NATPreRedirectTCPPort)(nil) + // Name implements TestCase.Name. -func (NATPreRedirectTCPPort) Name() string { +func (*NATPreRedirectTCPPort) Name() string { return "NATPreRedirectTCPPort" } // ContainerAction implements TestCase.ContainerAction. -func (NATPreRedirectTCPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATPreRedirectTCPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { if err := natTable(ipv6, "-A", "PREROUTING", "-p", "tcp", "-m", "tcp", "--dport", fmt.Sprintf("%d", dropPort), "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", acceptPort)); err != nil { return err } @@ -95,7 +99,7 @@ func (NATPreRedirectTCPPort) ContainerAction(ctx context.Context, ip net.IP, ipv } // LocalAction implements TestCase.LocalAction. -func (NATPreRedirectTCPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATPreRedirectTCPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { return connectTCP(ctx, ip, dropPort) } @@ -103,13 +107,15 @@ func (NATPreRedirectTCPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bo // affected by PREROUTING connection tracking. type NATPreRedirectTCPOutgoing struct{ baseCase } +var _ TestCase = (*NATPreRedirectTCPOutgoing)(nil) + // Name implements TestCase.Name. -func (NATPreRedirectTCPOutgoing) Name() string { +func (*NATPreRedirectTCPOutgoing) Name() string { return "NATPreRedirectTCPOutgoing" } // ContainerAction implements TestCase.ContainerAction. -func (NATPreRedirectTCPOutgoing) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATPreRedirectTCPOutgoing) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { // Redirect all incoming TCP traffic to a closed port. if err := natTable(ipv6, "-A", "PREROUTING", "-p", "tcp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", dropPort)); err != nil { return err @@ -120,7 +126,7 @@ func (NATPreRedirectTCPOutgoing) ContainerAction(ctx context.Context, ip net.IP, } // LocalAction implements TestCase.LocalAction. -func (NATPreRedirectTCPOutgoing) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATPreRedirectTCPOutgoing) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { return listenTCP(ctx, acceptPort) } @@ -128,13 +134,15 @@ func (NATPreRedirectTCPOutgoing) LocalAction(ctx context.Context, ip net.IP, ipv // affected by OUTPUT connection tracking. type NATOutRedirectTCPIncoming struct{ baseCase } +var _ TestCase = (*NATOutRedirectTCPIncoming)(nil) + // Name implements TestCase.Name. -func (NATOutRedirectTCPIncoming) Name() string { +func (*NATOutRedirectTCPIncoming) Name() string { return "NATOutRedirectTCPIncoming" } // ContainerAction implements TestCase.ContainerAction. -func (NATOutRedirectTCPIncoming) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATOutRedirectTCPIncoming) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { // Redirect all outgoing TCP traffic to a closed port. if err := natTable(ipv6, "-A", "OUTPUT", "-p", "tcp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", dropPort)); err != nil { return err @@ -145,25 +153,27 @@ func (NATOutRedirectTCPIncoming) ContainerAction(ctx context.Context, ip net.IP, } // LocalAction implements TestCase.LocalAction. -func (NATOutRedirectTCPIncoming) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATOutRedirectTCPIncoming) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { return connectTCP(ctx, ip, acceptPort) } // NATOutRedirectUDPPort tests that packets are redirected to different port. type NATOutRedirectUDPPort struct{ containerCase } +var _ TestCase = (*NATOutRedirectUDPPort)(nil) + // Name implements TestCase.Name. -func (NATOutRedirectUDPPort) Name() string { +func (*NATOutRedirectUDPPort) Name() string { return "NATOutRedirectUDPPort" } // ContainerAction implements TestCase.ContainerAction. -func (NATOutRedirectUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATOutRedirectUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { return loopbackTest(ctx, ipv6, net.ParseIP(nowhereIP(ipv6)), "-A", "OUTPUT", "-p", "udp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", acceptPort)) } // LocalAction implements TestCase.LocalAction. -func (NATOutRedirectUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATOutRedirectUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { // No-op. return nil } @@ -172,13 +182,15 @@ func (NATOutRedirectUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bo // port. type NATDropUDP struct{ containerCase } +var _ TestCase = (*NATDropUDP)(nil) + // Name implements TestCase.Name. -func (NATDropUDP) Name() string { +func (*NATDropUDP) Name() string { return "NATDropUDP" } // ContainerAction implements TestCase.ContainerAction. -func (NATDropUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATDropUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { if err := natTable(ipv6, "-A", "PREROUTING", "-p", "udp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", redirectPort)); err != nil { return err } @@ -195,20 +207,22 @@ func (NATDropUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) err } // LocalAction implements TestCase.LocalAction. -func (NATDropUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATDropUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { return sendUDPLoop(ctx, ip, acceptPort) } // NATAcceptAll tests that all UDP packets are accepted. type NATAcceptAll struct{ containerCase } +var _ TestCase = (*NATAcceptAll)(nil) + // Name implements TestCase.Name. -func (NATAcceptAll) Name() string { +func (*NATAcceptAll) Name() string { return "NATAcceptAll" } // ContainerAction implements TestCase.ContainerAction. -func (NATAcceptAll) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATAcceptAll) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { if err := natTable(ipv6, "-A", "PREROUTING", "-p", "udp", "-j", "ACCEPT"); err != nil { return err } @@ -221,7 +235,7 @@ func (NATAcceptAll) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) e } // LocalAction implements TestCase.LocalAction. -func (NATAcceptAll) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATAcceptAll) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { return sendUDPLoop(ctx, ip, acceptPort) } @@ -229,13 +243,15 @@ func (NATAcceptAll) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error // redirects them. type NATOutRedirectIP struct{ baseCase } +var _ TestCase = (*NATOutRedirectIP)(nil) + // Name implements TestCase.Name. -func (NATOutRedirectIP) Name() string { +func (*NATOutRedirectIP) Name() string { return "NATOutRedirectIP" } // ContainerAction implements TestCase.ContainerAction. -func (NATOutRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATOutRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { // Redirect OUTPUT packets to a listening localhost port. return loopbackTest(ctx, ipv6, net.ParseIP(nowhereIP(ipv6)), "-A", "OUTPUT", @@ -245,7 +261,7 @@ func (NATOutRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 boo } // LocalAction implements TestCase.LocalAction. -func (NATOutRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATOutRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { // No-op. return nil } @@ -254,13 +270,15 @@ func (NATOutRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) e // packets it shouldn't. type NATOutDontRedirectIP struct{ localCase } +var _ TestCase = (*NATOutDontRedirectIP)(nil) + // Name implements TestCase.Name. -func (NATOutDontRedirectIP) Name() string { +func (*NATOutDontRedirectIP) Name() string { return "NATOutDontRedirectIP" } // ContainerAction implements TestCase.ContainerAction. -func (NATOutDontRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATOutDontRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { if err := natTable(ipv6, "-A", "OUTPUT", "-d", localIP(ipv6), "-p", "udp", "-j", "REDIRECT", "--to-port", fmt.Sprintf("%d", dropPort)); err != nil { return err } @@ -268,20 +286,22 @@ func (NATOutDontRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 } // LocalAction implements TestCase.LocalAction. -func (NATOutDontRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATOutDontRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { return listenUDP(ctx, acceptPort) } // NATOutRedirectInvert tests that iptables can match with "! -d". type NATOutRedirectInvert struct{ baseCase } +var _ TestCase = (*NATOutRedirectInvert)(nil) + // Name implements TestCase.Name. -func (NATOutRedirectInvert) Name() string { +func (*NATOutRedirectInvert) Name() string { return "NATOutRedirectInvert" } // ContainerAction implements TestCase.ContainerAction. -func (NATOutRedirectInvert) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATOutRedirectInvert) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { // Redirect OUTPUT packets to a listening localhost port. dest := "192.0.2.2" if ipv6 { @@ -295,7 +315,7 @@ func (NATOutRedirectInvert) ContainerAction(ctx context.Context, ip net.IP, ipv6 } // LocalAction implements TestCase.LocalAction. -func (NATOutRedirectInvert) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATOutRedirectInvert) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { // No-op. return nil } @@ -304,13 +324,15 @@ func (NATOutRedirectInvert) LocalAction(ctx context.Context, ip net.IP, ipv6 boo // destination IP and redirect them. type NATPreRedirectIP struct{ containerCase } +var _ TestCase = (*NATPreRedirectIP)(nil) + // Name implements TestCase.Name. -func (NATPreRedirectIP) Name() string { +func (*NATPreRedirectIP) Name() string { return "NATPreRedirectIP" } // ContainerAction implements TestCase.ContainerAction. -func (NATPreRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATPreRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { addrs, err := localAddrs(ipv6) if err != nil { return err @@ -327,7 +349,7 @@ func (NATPreRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 boo } // LocalAction implements TestCase.LocalAction. -func (NATPreRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATPreRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { return sendUDPLoop(ctx, ip, dropPort) } @@ -335,13 +357,15 @@ func (NATPreRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) e // packets it shouldn't. type NATPreDontRedirectIP struct{ containerCase } +var _ TestCase = (*NATPreDontRedirectIP)(nil) + // Name implements TestCase.Name. -func (NATPreDontRedirectIP) Name() string { +func (*NATPreDontRedirectIP) Name() string { return "NATPreDontRedirectIP" } // ContainerAction implements TestCase.ContainerAction. -func (NATPreDontRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATPreDontRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { if err := natTable(ipv6, "-A", "PREROUTING", "-p", "udp", "-d", localIP(ipv6), "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", dropPort)); err != nil { return err } @@ -349,20 +373,22 @@ func (NATPreDontRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 } // LocalAction implements TestCase.LocalAction. -func (NATPreDontRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATPreDontRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { return sendUDPLoop(ctx, ip, acceptPort) } // NATPreRedirectInvert tests that iptables can match with "! -d". type NATPreRedirectInvert struct{ containerCase } +var _ TestCase = (*NATPreRedirectInvert)(nil) + // Name implements TestCase.Name. -func (NATPreRedirectInvert) Name() string { +func (*NATPreRedirectInvert) Name() string { return "NATPreRedirectInvert" } // ContainerAction implements TestCase.ContainerAction. -func (NATPreRedirectInvert) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATPreRedirectInvert) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { if err := natTable(ipv6, "-A", "PREROUTING", "-p", "udp", "!", "-d", localIP(ipv6), "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", acceptPort)); err != nil { return err } @@ -370,7 +396,7 @@ func (NATPreRedirectInvert) ContainerAction(ctx context.Context, ip net.IP, ipv6 } // LocalAction implements TestCase.LocalAction. -func (NATPreRedirectInvert) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATPreRedirectInvert) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { return sendUDPLoop(ctx, ip, dropPort) } @@ -378,13 +404,15 @@ func (NATPreRedirectInvert) LocalAction(ctx context.Context, ip net.IP, ipv6 boo // protocol to be specified with -p. type NATRedirectRequiresProtocol struct{ baseCase } +var _ TestCase = (*NATRedirectRequiresProtocol)(nil) + // Name implements TestCase.Name. -func (NATRedirectRequiresProtocol) Name() string { +func (*NATRedirectRequiresProtocol) Name() string { return "NATRedirectRequiresProtocol" } // ContainerAction implements TestCase.ContainerAction. -func (NATRedirectRequiresProtocol) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATRedirectRequiresProtocol) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { if err := natTable(ipv6, "-A", "PREROUTING", "-d", localIP(ipv6), "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", acceptPort)); err == nil { return errors.New("expected an error using REDIRECT --to-ports without a protocol") } @@ -392,7 +420,7 @@ func (NATRedirectRequiresProtocol) ContainerAction(ctx context.Context, ip net.I } // LocalAction implements TestCase.LocalAction. -func (NATRedirectRequiresProtocol) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATRedirectRequiresProtocol) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { // No-op. return nil } @@ -400,13 +428,15 @@ func (NATRedirectRequiresProtocol) LocalAction(ctx context.Context, ip net.IP, i // NATOutRedirectTCPPort tests that connections are redirected on specified ports. type NATOutRedirectTCPPort struct{ baseCase } +var _ TestCase = (*NATOutRedirectTCPPort)(nil) + // Name implements TestCase.Name. -func (NATOutRedirectTCPPort) Name() string { +func (*NATOutRedirectTCPPort) Name() string { return "NATOutRedirectTCPPort" } // ContainerAction implements TestCase.ContainerAction. -func (NATOutRedirectTCPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATOutRedirectTCPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { if err := natTable(ipv6, "-A", "OUTPUT", "-p", "tcp", "-m", "tcp", "--dport", fmt.Sprintf("%d", dropPort), "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", acceptPort)); err != nil { return err } @@ -438,7 +468,7 @@ func (NATOutRedirectTCPPort) ContainerAction(ctx context.Context, ip net.IP, ipv } // LocalAction implements TestCase.LocalAction. -func (NATOutRedirectTCPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATOutRedirectTCPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { return nil } @@ -446,13 +476,15 @@ func (NATOutRedirectTCPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bo // affected by PREROUTING rules. type NATLoopbackSkipsPrerouting struct{ baseCase } +var _ TestCase = (*NATLoopbackSkipsPrerouting)(nil) + // Name implements TestCase.Name. -func (NATLoopbackSkipsPrerouting) Name() string { +func (*NATLoopbackSkipsPrerouting) Name() string { return "NATLoopbackSkipsPrerouting" } // ContainerAction implements TestCase.ContainerAction. -func (NATLoopbackSkipsPrerouting) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATLoopbackSkipsPrerouting) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { // Redirect anything sent to localhost to an unused port. dest := []byte{127, 0, 0, 1} if err := natTable(ipv6, "-A", "PREROUTING", "-p", "tcp", "-j", "REDIRECT", "--to-port", fmt.Sprintf("%d", dropPort)); err != nil { @@ -473,7 +505,7 @@ func (NATLoopbackSkipsPrerouting) ContainerAction(ctx context.Context, ip net.IP } // LocalAction implements TestCase.LocalAction. -func (NATLoopbackSkipsPrerouting) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATLoopbackSkipsPrerouting) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { // No-op. return nil } @@ -482,13 +514,15 @@ func (NATLoopbackSkipsPrerouting) LocalAction(ctx context.Context, ip net.IP, ip // of PREROUTING NATted packets. type NATPreOriginalDst struct{ baseCase } +var _ TestCase = (*NATPreOriginalDst)(nil) + // Name implements TestCase.Name. -func (NATPreOriginalDst) Name() string { +func (*NATPreOriginalDst) Name() string { return "NATPreOriginalDst" } // ContainerAction implements TestCase.ContainerAction. -func (NATPreOriginalDst) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATPreOriginalDst) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { // Redirect incoming TCP connections to acceptPort. if err := natTable(ipv6, "-A", "PREROUTING", "-p", "tcp", @@ -505,7 +539,7 @@ func (NATPreOriginalDst) ContainerAction(ctx context.Context, ip net.IP, ipv6 bo } // LocalAction implements TestCase.LocalAction. -func (NATPreOriginalDst) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATPreOriginalDst) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { return connectTCP(ctx, ip, dropPort) } @@ -513,13 +547,15 @@ func (NATPreOriginalDst) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) // of OUTBOUND NATted packets. type NATOutOriginalDst struct{ baseCase } +var _ TestCase = (*NATOutOriginalDst)(nil) + // Name implements TestCase.Name. -func (NATOutOriginalDst) Name() string { +func (*NATOutOriginalDst) Name() string { return "NATOutOriginalDst" } // ContainerAction implements TestCase.ContainerAction. -func (NATOutOriginalDst) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATOutOriginalDst) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { // Redirect incoming TCP connections to acceptPort. if err := natTable(ipv6, "-A", "OUTPUT", "-p", "tcp", "-j", "REDIRECT", "--to-port", fmt.Sprintf("%d", acceptPort)); err != nil { return err @@ -537,7 +573,7 @@ func (NATOutOriginalDst) ContainerAction(ctx context.Context, ip net.IP, ipv6 bo } // LocalAction implements TestCase.LocalAction. -func (NATOutOriginalDst) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATOutOriginalDst) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { // No-op. return nil } @@ -650,13 +686,15 @@ func loopbackTest(ctx context.Context, ipv6 bool, dest net.IP, args ...string) e // address on the PREROUTING chain. type NATPreRECVORIGDSTADDR struct{ containerCase } +var _ TestCase = (*NATPreRECVORIGDSTADDR)(nil) + // Name implements TestCase.Name. -func (NATPreRECVORIGDSTADDR) Name() string { +func (*NATPreRECVORIGDSTADDR) Name() string { return "NATPreRECVORIGDSTADDR" } // ContainerAction implements TestCase.ContainerAction. -func (NATPreRECVORIGDSTADDR) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATPreRECVORIGDSTADDR) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { if err := natTable(ipv6, "-A", "PREROUTING", "-p", "udp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", redirectPort)); err != nil { return err } @@ -669,7 +707,7 @@ func (NATPreRECVORIGDSTADDR) ContainerAction(ctx context.Context, ip net.IP, ipv } // LocalAction implements TestCase.LocalAction. -func (NATPreRECVORIGDSTADDR) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATPreRECVORIGDSTADDR) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { return sendUDPLoop(ctx, ip, acceptPort) } @@ -677,13 +715,15 @@ func (NATPreRECVORIGDSTADDR) LocalAction(ctx context.Context, ip net.IP, ipv6 bo // address on the OUTPUT chain. type NATOutRECVORIGDSTADDR struct{ containerCase } +var _ TestCase = (*NATOutRECVORIGDSTADDR)(nil) + // Name implements TestCase.Name. -func (NATOutRECVORIGDSTADDR) Name() string { +func (*NATOutRECVORIGDSTADDR) Name() string { return "NATOutRECVORIGDSTADDR" } // ContainerAction implements TestCase.ContainerAction. -func (NATOutRECVORIGDSTADDR) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATOutRECVORIGDSTADDR) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { if err := natTable(ipv6, "-A", "OUTPUT", "-p", "udp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", redirectPort)); err != nil { return err } @@ -712,7 +752,7 @@ func (NATOutRECVORIGDSTADDR) ContainerAction(ctx context.Context, ip net.IP, ipv } // LocalAction implements TestCase.LocalAction. -func (NATOutRECVORIGDSTADDR) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { +func (*NATOutRECVORIGDSTADDR) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { // No-op. return nil } |