diff options
author | Nayana Bidari <nybidari@google.com> | 2020-01-09 10:03:22 -0800 |
---|---|---|
committer | Nayana Bidari <nybidari@google.com> | 2020-01-09 10:24:26 -0800 |
commit | 6cc8e2d814f99439e01c308e16f6631d75578ec0 (patch) | |
tree | 1080b01bcc361327f961cf4c0e39fb335a3d7f60 /test | |
parent | d057871f410088fe6825b1dde695f015e36abf73 (diff) |
Add test to check iptables redirect port rule
Diffstat (limited to 'test')
-rw-r--r-- | test/iptables/filter_input.go | 28 | ||||
-rw-r--r-- | test/iptables/iptables_test.go | 7 |
2 files changed, 35 insertions, 0 deletions
diff --git a/test/iptables/filter_input.go b/test/iptables/filter_input.go index 923f44e68..41bb85369 100644 --- a/test/iptables/filter_input.go +++ b/test/iptables/filter_input.go @@ -23,6 +23,7 @@ import ( const ( dropPort = 2401 acceptPort = 2402 + redirectPort = 42 sendloopDuration = 2 * time.Second network = "udp4" ) @@ -31,6 +32,7 @@ func init() { RegisterTestCase(FilterInputDropUDP{}) RegisterTestCase(FilterInputDropUDPPort{}) RegisterTestCase(FilterInputDropDifferentUDPPort{}) + RegisterTestCase(FilterInputRedirectUDPPort{}) } // FilterInputDropUDP tests that we can drop UDP traffic. @@ -122,3 +124,29 @@ func (FilterInputDropDifferentUDPPort) ContainerAction(ip net.IP) error { func (FilterInputDropDifferentUDPPort) LocalAction(ip net.IP) error { return sendUDPLoop(ip, acceptPort, sendloopDuration) } + +// FilterInputRedirectUDPPort tests that packets are redirected to different port. +type FilterInputRedirectUDPPort struct{} + +// Name implements TestCase.Name. +func (FilterInputRedirectUDPPort) Name() string { + return "FilterInputRedirectUDPPort" +} + +// ContainerAction implements TestCase.ContainerAction. +func (FilterInputRedirectUDPPort) ContainerAction(ip net.IP) error { + if err := filterTable("-t", "nat", "-A", "PREROUTING", "-p", "udp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", redirectPort)); err != nil { + return err + } + + if err := listenUDP(redirectPort, sendloopDuration); err != nil { + return fmt.Errorf("packets on port %d should be allowed, but encountered an error: %v", acceptPort, redirectPort, err) + } + + return nil +} + +// LocalAction implements TestCase.LocalAction. +func (FilterInputRedirectUDPPort) LocalAction(ip net.IP) error { + return sendUDPLoop(ip, acceptPort, sendloopDuration) +} diff --git a/test/iptables/iptables_test.go b/test/iptables/iptables_test.go index bfbf1bb87..d57ddc0fe 100644 --- a/test/iptables/iptables_test.go +++ b/test/iptables/iptables_test.go @@ -177,3 +177,10 @@ func TestFilterInputDropDifferentUDPPort(t *testing.T) { t.Fatal(err) } } + +func TestFilterInputRedirectUDPPort(t *testing.T) { + if err := singleTest(FilterInputRedirectUDPPort{}); err != nil { + t.Fatal(err) + } +} + |