summaryrefslogtreecommitdiffhomepage
path: root/test/iptables
diff options
context:
space:
mode:
authorNayana Bidari <nybidari@google.com>2020-01-09 10:03:22 -0800
committerNayana Bidari <nybidari@google.com>2020-01-09 10:24:26 -0800
commit6cc8e2d814f99439e01c308e16f6631d75578ec0 (patch)
tree1080b01bcc361327f961cf4c0e39fb335a3d7f60 /test/iptables
parentd057871f410088fe6825b1dde695f015e36abf73 (diff)
Add test to check iptables redirect port rule
Diffstat (limited to 'test/iptables')
-rw-r--r--test/iptables/filter_input.go28
-rw-r--r--test/iptables/iptables_test.go7
2 files changed, 35 insertions, 0 deletions
diff --git a/test/iptables/filter_input.go b/test/iptables/filter_input.go
index 923f44e68..41bb85369 100644
--- a/test/iptables/filter_input.go
+++ b/test/iptables/filter_input.go
@@ -23,6 +23,7 @@ import (
const (
dropPort = 2401
acceptPort = 2402
+ redirectPort = 42
sendloopDuration = 2 * time.Second
network = "udp4"
)
@@ -31,6 +32,7 @@ func init() {
RegisterTestCase(FilterInputDropUDP{})
RegisterTestCase(FilterInputDropUDPPort{})
RegisterTestCase(FilterInputDropDifferentUDPPort{})
+ RegisterTestCase(FilterInputRedirectUDPPort{})
}
// FilterInputDropUDP tests that we can drop UDP traffic.
@@ -122,3 +124,29 @@ func (FilterInputDropDifferentUDPPort) ContainerAction(ip net.IP) error {
func (FilterInputDropDifferentUDPPort) LocalAction(ip net.IP) error {
return sendUDPLoop(ip, acceptPort, sendloopDuration)
}
+
+// FilterInputRedirectUDPPort tests that packets are redirected to different port.
+type FilterInputRedirectUDPPort struct{}
+
+// Name implements TestCase.Name.
+func (FilterInputRedirectUDPPort) Name() string {
+ return "FilterInputRedirectUDPPort"
+}
+
+// ContainerAction implements TestCase.ContainerAction.
+func (FilterInputRedirectUDPPort) ContainerAction(ip net.IP) error {
+ if err := filterTable("-t", "nat", "-A", "PREROUTING", "-p", "udp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", redirectPort)); err != nil {
+ return err
+ }
+
+ if err := listenUDP(redirectPort, sendloopDuration); err != nil {
+ return fmt.Errorf("packets on port %d should be allowed, but encountered an error: %v", acceptPort, redirectPort, err)
+ }
+
+ return nil
+}
+
+// LocalAction implements TestCase.LocalAction.
+func (FilterInputRedirectUDPPort) LocalAction(ip net.IP) error {
+ return sendUDPLoop(ip, acceptPort, sendloopDuration)
+}
diff --git a/test/iptables/iptables_test.go b/test/iptables/iptables_test.go
index bfbf1bb87..d57ddc0fe 100644
--- a/test/iptables/iptables_test.go
+++ b/test/iptables/iptables_test.go
@@ -177,3 +177,10 @@ func TestFilterInputDropDifferentUDPPort(t *testing.T) {
t.Fatal(err)
}
}
+
+func TestFilterInputRedirectUDPPort(t *testing.T) {
+ if err := singleTest(FilterInputRedirectUDPPort{}); err != nil {
+ t.Fatal(err)
+ }
+}
+