summaryrefslogtreecommitdiffhomepage
path: root/test/iptables
diff options
context:
space:
mode:
Diffstat (limited to 'test/iptables')
-rw-r--r--test/iptables/filter_input.go286
-rw-r--r--test/iptables/filter_output.go200
-rw-r--r--test/iptables/iptables.go12
-rw-r--r--test/iptables/iptables_test.go134
-rw-r--r--test/iptables/nat.go200
5 files changed, 479 insertions, 353 deletions
diff --git a/test/iptables/filter_input.go b/test/iptables/filter_input.go
index c47660026..0f656513e 100644
--- a/test/iptables/filter_input.go
+++ b/test/iptables/filter_input.go
@@ -30,45 +30,47 @@ const (
)
func init() {
- RegisterTestCase(FilterInputDropAll{})
- RegisterTestCase(FilterInputDropDifferentUDPPort{})
- RegisterTestCase(FilterInputDropOnlyUDP{})
- RegisterTestCase(FilterInputDropTCPDestPort{})
- RegisterTestCase(FilterInputDropTCPSrcPort{})
- RegisterTestCase(FilterInputDropUDPPort{})
- RegisterTestCase(FilterInputDropUDP{})
- RegisterTestCase(FilterInputCreateUserChain{})
- RegisterTestCase(FilterInputDefaultPolicyAccept{})
- RegisterTestCase(FilterInputDefaultPolicyDrop{})
- RegisterTestCase(FilterInputReturnUnderflow{})
- RegisterTestCase(FilterInputSerializeJump{})
- RegisterTestCase(FilterInputJumpBasic{})
- RegisterTestCase(FilterInputJumpReturn{})
- RegisterTestCase(FilterInputJumpReturnDrop{})
- RegisterTestCase(FilterInputJumpBuiltin{})
- RegisterTestCase(FilterInputJumpTwice{})
- RegisterTestCase(FilterInputDestination{})
- RegisterTestCase(FilterInputInvertDestination{})
- RegisterTestCase(FilterInputSource{})
- RegisterTestCase(FilterInputInvertSource{})
- RegisterTestCase(FilterInputInterfaceAccept{})
- RegisterTestCase(FilterInputInterfaceDrop{})
- RegisterTestCase(FilterInputInterface{})
- RegisterTestCase(FilterInputInterfaceBeginsWith{})
- RegisterTestCase(FilterInputInterfaceInvertDrop{})
- RegisterTestCase(FilterInputInterfaceInvertAccept{})
+ RegisterTestCase(&FilterInputDropAll{})
+ RegisterTestCase(&FilterInputDropDifferentUDPPort{})
+ RegisterTestCase(&FilterInputDropOnlyUDP{})
+ RegisterTestCase(&FilterInputDropTCPDestPort{})
+ RegisterTestCase(&FilterInputDropTCPSrcPort{})
+ RegisterTestCase(&FilterInputDropUDPPort{})
+ RegisterTestCase(&FilterInputDropUDP{})
+ RegisterTestCase(&FilterInputCreateUserChain{})
+ RegisterTestCase(&FilterInputDefaultPolicyAccept{})
+ RegisterTestCase(&FilterInputDefaultPolicyDrop{})
+ RegisterTestCase(&FilterInputReturnUnderflow{})
+ RegisterTestCase(&FilterInputSerializeJump{})
+ RegisterTestCase(&FilterInputJumpBasic{})
+ RegisterTestCase(&FilterInputJumpReturn{})
+ RegisterTestCase(&FilterInputJumpReturnDrop{})
+ RegisterTestCase(&FilterInputJumpBuiltin{})
+ RegisterTestCase(&FilterInputJumpTwice{})
+ RegisterTestCase(&FilterInputDestination{})
+ RegisterTestCase(&FilterInputInvertDestination{})
+ RegisterTestCase(&FilterInputSource{})
+ RegisterTestCase(&FilterInputInvertSource{})
+ RegisterTestCase(&FilterInputInterfaceAccept{})
+ RegisterTestCase(&FilterInputInterfaceDrop{})
+ RegisterTestCase(&FilterInputInterface{})
+ RegisterTestCase(&FilterInputInterfaceBeginsWith{})
+ RegisterTestCase(&FilterInputInterfaceInvertDrop{})
+ RegisterTestCase(&FilterInputInterfaceInvertAccept{})
}
// FilterInputDropUDP tests that we can drop UDP traffic.
type FilterInputDropUDP struct{ containerCase }
+var _ TestCase = (*FilterInputDropUDP)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputDropUDP) Name() string {
+func (*FilterInputDropUDP) Name() string {
return "FilterInputDropUDP"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputDropUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDropUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "INPUT", "-p", "udp", "-j", "DROP"); err != nil {
return err
}
@@ -88,20 +90,22 @@ func (FilterInputDropUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 b
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputDropUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDropUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, dropPort)
}
// FilterInputDropOnlyUDP tests that "-p udp -j DROP" only affects UDP traffic.
type FilterInputDropOnlyUDP struct{ baseCase }
+var _ TestCase = (*FilterInputDropOnlyUDP)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputDropOnlyUDP) Name() string {
+func (*FilterInputDropOnlyUDP) Name() string {
return "FilterInputDropOnlyUDP"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputDropOnlyUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDropOnlyUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "INPUT", "-p", "udp", "-j", "DROP"); err != nil {
return err
}
@@ -115,7 +119,7 @@ func (FilterInputDropOnlyUDP) ContainerAction(ctx context.Context, ip net.IP, ip
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputDropOnlyUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDropOnlyUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Try to establish a TCP connection with the container, which should
// succeed.
return connectTCP(ctx, ip, acceptPort)
@@ -124,13 +128,15 @@ func (FilterInputDropOnlyUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 b
// FilterInputDropUDPPort tests that we can drop UDP traffic by port.
type FilterInputDropUDPPort struct{ containerCase }
+var _ TestCase = (*FilterInputDropUDPPort)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputDropUDPPort) Name() string {
+func (*FilterInputDropUDPPort) Name() string {
return "FilterInputDropUDPPort"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputDropUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDropUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "INPUT", "-p", "udp", "-m", "udp", "--destination-port", fmt.Sprintf("%d", dropPort), "-j", "DROP"); err != nil {
return err
}
@@ -150,7 +156,7 @@ func (FilterInputDropUDPPort) ContainerAction(ctx context.Context, ip net.IP, ip
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputDropUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDropUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, dropPort)
}
@@ -158,13 +164,15 @@ func (FilterInputDropUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 b
// doesn't drop packets on other ports.
type FilterInputDropDifferentUDPPort struct{ containerCase }
+var _ TestCase = (*FilterInputDropDifferentUDPPort)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputDropDifferentUDPPort) Name() string {
+func (*FilterInputDropDifferentUDPPort) Name() string {
return "FilterInputDropDifferentUDPPort"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputDropDifferentUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDropDifferentUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "INPUT", "-p", "udp", "-m", "udp", "--destination-port", fmt.Sprintf("%d", dropPort), "-j", "DROP"); err != nil {
return err
}
@@ -178,20 +186,22 @@ func (FilterInputDropDifferentUDPPort) ContainerAction(ctx context.Context, ip n
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputDropDifferentUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDropDifferentUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
// FilterInputDropTCPDestPort tests that connections are not accepted on specified source ports.
type FilterInputDropTCPDestPort struct{ baseCase }
+var _ TestCase = (*FilterInputDropTCPDestPort)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputDropTCPDestPort) Name() string {
+func (*FilterInputDropTCPDestPort) Name() string {
return "FilterInputDropTCPDestPort"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputDropTCPDestPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDropTCPDestPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "INPUT", "-p", "tcp", "-m", "tcp", "--dport", fmt.Sprintf("%d", dropPort), "-j", "DROP"); err != nil {
return err
}
@@ -209,7 +219,7 @@ func (FilterInputDropTCPDestPort) ContainerAction(ctx context.Context, ip net.IP
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputDropTCPDestPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDropTCPDestPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Ensure we cannot connect to the container.
timedCtx, cancel := context.WithTimeout(ctx, NegativeTimeout)
defer cancel()
@@ -222,13 +232,15 @@ func (FilterInputDropTCPDestPort) LocalAction(ctx context.Context, ip net.IP, ip
// FilterInputDropTCPSrcPort tests that connections are not accepted on specified source ports.
type FilterInputDropTCPSrcPort struct{ baseCase }
+var _ TestCase = (*FilterInputDropTCPSrcPort)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputDropTCPSrcPort) Name() string {
+func (*FilterInputDropTCPSrcPort) Name() string {
return "FilterInputDropTCPSrcPort"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputDropTCPSrcPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDropTCPSrcPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Drop anything from an ephemeral port.
if err := filterTable(ipv6, "-A", "INPUT", "-p", "tcp", "-m", "tcp", "--sport", "1024:65535", "-j", "DROP"); err != nil {
return err
@@ -247,7 +259,7 @@ func (FilterInputDropTCPSrcPort) ContainerAction(ctx context.Context, ip net.IP,
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputDropTCPSrcPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDropTCPSrcPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Ensure we cannot connect to the container.
timedCtx, cancel := context.WithTimeout(ctx, NegativeTimeout)
defer cancel()
@@ -260,13 +272,15 @@ func (FilterInputDropTCPSrcPort) LocalAction(ctx context.Context, ip net.IP, ipv
// FilterInputDropAll tests that we can drop all traffic to the INPUT chain.
type FilterInputDropAll struct{ containerCase }
+var _ TestCase = (*FilterInputDropAll)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputDropAll) Name() string {
+func (*FilterInputDropAll) Name() string {
return "FilterInputDropAll"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputDropAll) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDropAll) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "INPUT", "-j", "DROP"); err != nil {
return err
}
@@ -286,7 +300,7 @@ func (FilterInputDropAll) ContainerAction(ctx context.Context, ip net.IP, ipv6 b
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputDropAll) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDropAll) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, dropPort)
}
@@ -296,13 +310,15 @@ func (FilterInputDropAll) LocalAction(ctx context.Context, ip net.IP, ipv6 bool)
// misunderstand and save the wrong tables.
type FilterInputMultiUDPRules struct{ baseCase }
+var _ TestCase = (*FilterInputMultiUDPRules)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputMultiUDPRules) Name() string {
+func (*FilterInputMultiUDPRules) Name() string {
return "FilterInputMultiUDPRules"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputMultiUDPRules) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputMultiUDPRules) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
rules := [][]string{
{"-A", "INPUT", "-p", "udp", "-m", "udp", "--destination-port", fmt.Sprintf("%d", dropPort), "-j", "DROP"},
{"-A", "INPUT", "-p", "udp", "-m", "udp", "--destination-port", fmt.Sprintf("%d", acceptPort), "-j", "ACCEPT"},
@@ -312,7 +328,7 @@ func (FilterInputMultiUDPRules) ContainerAction(ctx context.Context, ip net.IP,
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputMultiUDPRules) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputMultiUDPRules) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// No-op.
return nil
}
@@ -321,13 +337,15 @@ func (FilterInputMultiUDPRules) LocalAction(ctx context.Context, ip net.IP, ipv6
// specified.
type FilterInputRequireProtocolUDP struct{ baseCase }
+var _ TestCase = (*FilterInputRequireProtocolUDP)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputRequireProtocolUDP) Name() string {
+func (*FilterInputRequireProtocolUDP) Name() string {
return "FilterInputRequireProtocolUDP"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputRequireProtocolUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputRequireProtocolUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "INPUT", "-m", "udp", "--destination-port", fmt.Sprintf("%d", dropPort), "-j", "DROP"); err == nil {
return errors.New("expected iptables to fail with out \"-p udp\", but succeeded")
}
@@ -335,7 +353,7 @@ func (FilterInputRequireProtocolUDP) ContainerAction(ctx context.Context, ip net
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputRequireProtocolUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputRequireProtocolUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// No-op.
return nil
}
@@ -343,13 +361,15 @@ func (FilterInputRequireProtocolUDP) LocalAction(ctx context.Context, ip net.IP,
// FilterInputCreateUserChain tests chain creation.
type FilterInputCreateUserChain struct{ baseCase }
+var _ TestCase = (*FilterInputCreateUserChain)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputCreateUserChain) Name() string {
+func (*FilterInputCreateUserChain) Name() string {
return "FilterInputCreateUserChain"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputCreateUserChain) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputCreateUserChain) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
rules := [][]string{
// Create a chain.
{"-N", chainName},
@@ -360,7 +380,7 @@ func (FilterInputCreateUserChain) ContainerAction(ctx context.Context, ip net.IP
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputCreateUserChain) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputCreateUserChain) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// No-op.
return nil
}
@@ -368,13 +388,15 @@ func (FilterInputCreateUserChain) LocalAction(ctx context.Context, ip net.IP, ip
// FilterInputDefaultPolicyAccept tests the default ACCEPT policy.
type FilterInputDefaultPolicyAccept struct{ containerCase }
+var _ TestCase = (*FilterInputDefaultPolicyAccept)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputDefaultPolicyAccept) Name() string {
+func (*FilterInputDefaultPolicyAccept) Name() string {
return "FilterInputDefaultPolicyAccept"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputDefaultPolicyAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDefaultPolicyAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Set the default policy to accept, then receive a packet.
if err := filterTable(ipv6, "-P", "INPUT", "ACCEPT"); err != nil {
return err
@@ -383,20 +405,22 @@ func (FilterInputDefaultPolicyAccept) ContainerAction(ctx context.Context, ip ne
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputDefaultPolicyAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDefaultPolicyAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
// FilterInputDefaultPolicyDrop tests the default DROP policy.
type FilterInputDefaultPolicyDrop struct{ containerCase }
+var _ TestCase = (*FilterInputDefaultPolicyDrop)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputDefaultPolicyDrop) Name() string {
+func (*FilterInputDefaultPolicyDrop) Name() string {
return "FilterInputDefaultPolicyDrop"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputDefaultPolicyDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDefaultPolicyDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-P", "INPUT", "DROP"); err != nil {
return err
}
@@ -416,7 +440,7 @@ func (FilterInputDefaultPolicyDrop) ContainerAction(ctx context.Context, ip net.
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputDefaultPolicyDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDefaultPolicyDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
@@ -424,13 +448,15 @@ func (FilterInputDefaultPolicyDrop) LocalAction(ctx context.Context, ip net.IP,
// the underflow rule (i.e. default policy) to be executed.
type FilterInputReturnUnderflow struct{ containerCase }
+var _ TestCase = (*FilterInputReturnUnderflow)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputReturnUnderflow) Name() string {
+func (*FilterInputReturnUnderflow) Name() string {
return "FilterInputReturnUnderflow"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputReturnUnderflow) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputReturnUnderflow) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Add a RETURN rule followed by an unconditional accept, and set the
// default policy to DROP.
rules := [][]string{
@@ -448,20 +474,22 @@ func (FilterInputReturnUnderflow) ContainerAction(ctx context.Context, ip net.IP
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputReturnUnderflow) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputReturnUnderflow) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
// FilterInputSerializeJump verifies that we can serialize jumps.
type FilterInputSerializeJump struct{ baseCase }
+var _ TestCase = (*FilterInputSerializeJump)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputSerializeJump) Name() string {
+func (*FilterInputSerializeJump) Name() string {
return "FilterInputSerializeJump"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputSerializeJump) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputSerializeJump) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Write a JUMP rule, the serialize it with `-L`.
rules := [][]string{
{"-N", chainName},
@@ -472,7 +500,7 @@ func (FilterInputSerializeJump) ContainerAction(ctx context.Context, ip net.IP,
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputSerializeJump) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputSerializeJump) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// No-op.
return nil
}
@@ -480,13 +508,15 @@ func (FilterInputSerializeJump) LocalAction(ctx context.Context, ip net.IP, ipv6
// FilterInputJumpBasic jumps to a chain and executes a rule there.
type FilterInputJumpBasic struct{ containerCase }
+var _ TestCase = (*FilterInputJumpBasic)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputJumpBasic) Name() string {
+func (*FilterInputJumpBasic) Name() string {
return "FilterInputJumpBasic"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputJumpBasic) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputJumpBasic) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
rules := [][]string{
{"-P", "INPUT", "DROP"},
{"-N", chainName},
@@ -502,20 +532,22 @@ func (FilterInputJumpBasic) ContainerAction(ctx context.Context, ip net.IP, ipv6
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputJumpBasic) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputJumpBasic) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
// FilterInputJumpReturn jumps, returns, and executes a rule.
type FilterInputJumpReturn struct{ containerCase }
+var _ TestCase = (*FilterInputJumpReturn)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputJumpReturn) Name() string {
+func (*FilterInputJumpReturn) Name() string {
return "FilterInputJumpReturn"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputJumpReturn) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputJumpReturn) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
rules := [][]string{
{"-N", chainName},
{"-P", "INPUT", "ACCEPT"},
@@ -532,20 +564,22 @@ func (FilterInputJumpReturn) ContainerAction(ctx context.Context, ip net.IP, ipv
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputJumpReturn) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputJumpReturn) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
// FilterInputJumpReturnDrop jumps to a chain, returns, and DROPs packets.
type FilterInputJumpReturnDrop struct{ containerCase }
+var _ TestCase = (*FilterInputJumpReturnDrop)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputJumpReturnDrop) Name() string {
+func (*FilterInputJumpReturnDrop) Name() string {
return "FilterInputJumpReturnDrop"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputJumpReturnDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputJumpReturnDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
rules := [][]string{
{"-N", chainName},
{"-A", "INPUT", "-j", chainName},
@@ -571,20 +605,22 @@ func (FilterInputJumpReturnDrop) ContainerAction(ctx context.Context, ip net.IP,
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputJumpReturnDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputJumpReturnDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, dropPort)
}
// FilterInputJumpBuiltin verifies that jumping to a top-levl chain is illegal.
type FilterInputJumpBuiltin struct{ baseCase }
+var _ TestCase = (*FilterInputJumpBuiltin)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputJumpBuiltin) Name() string {
+func (*FilterInputJumpBuiltin) Name() string {
return "FilterInputJumpBuiltin"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputJumpBuiltin) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputJumpBuiltin) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "INPUT", "-j", "OUTPUT"); err == nil {
return fmt.Errorf("iptables should be unable to jump to a built-in chain")
}
@@ -592,7 +628,7 @@ func (FilterInputJumpBuiltin) ContainerAction(ctx context.Context, ip net.IP, ip
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputJumpBuiltin) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputJumpBuiltin) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// No-op.
return nil
}
@@ -600,13 +636,15 @@ func (FilterInputJumpBuiltin) LocalAction(ctx context.Context, ip net.IP, ipv6 b
// FilterInputJumpTwice jumps twice, then returns twice and executes a rule.
type FilterInputJumpTwice struct{ containerCase }
+var _ TestCase = (*FilterInputJumpTwice)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputJumpTwice) Name() string {
+func (*FilterInputJumpTwice) Name() string {
return "FilterInputJumpTwice"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputJumpTwice) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputJumpTwice) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
const chainName2 = chainName + "2"
rules := [][]string{
{"-P", "INPUT", "DROP"},
@@ -626,7 +664,7 @@ func (FilterInputJumpTwice) ContainerAction(ctx context.Context, ip net.IP, ipv6
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputJumpTwice) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputJumpTwice) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
@@ -634,13 +672,15 @@ func (FilterInputJumpTwice) LocalAction(ctx context.Context, ip net.IP, ipv6 boo
// <ipaddr>`.
type FilterInputDestination struct{ containerCase }
+var _ TestCase = (*FilterInputDestination)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputDestination) Name() string {
+func (*FilterInputDestination) Name() string {
return "FilterInputDestination"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputDestination) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDestination) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
addrs, err := localAddrs(ipv6)
if err != nil {
return err
@@ -660,7 +700,7 @@ func (FilterInputDestination) ContainerAction(ctx context.Context, ip net.IP, ip
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputDestination) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputDestination) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
@@ -668,13 +708,15 @@ func (FilterInputDestination) LocalAction(ctx context.Context, ip net.IP, ipv6 b
// <ipaddr>`.
type FilterInputInvertDestination struct{ containerCase }
+var _ TestCase = (*FilterInputInvertDestination)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputInvertDestination) Name() string {
+func (*FilterInputInvertDestination) Name() string {
return "FilterInputInvertDestination"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputInvertDestination) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputInvertDestination) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Make INPUT's default action DROP, then ACCEPT all packets not bound
// for 127.0.0.1.
rules := [][]string{
@@ -689,7 +731,7 @@ func (FilterInputInvertDestination) ContainerAction(ctx context.Context, ip net.
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputInvertDestination) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputInvertDestination) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
@@ -697,13 +739,15 @@ func (FilterInputInvertDestination) LocalAction(ctx context.Context, ip net.IP,
// <ipaddr>`.
type FilterInputSource struct{ containerCase }
+var _ TestCase = (*FilterInputSource)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputSource) Name() string {
+func (*FilterInputSource) Name() string {
return "FilterInputSource"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputSource) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputSource) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Make INPUT's default action DROP, then ACCEPT all packets from this
// machine.
rules := [][]string{
@@ -718,7 +762,7 @@ func (FilterInputSource) ContainerAction(ctx context.Context, ip net.IP, ipv6 bo
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputSource) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputSource) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
@@ -726,13 +770,15 @@ func (FilterInputSource) LocalAction(ctx context.Context, ip net.IP, ipv6 bool)
// <ipaddr>`.
type FilterInputInvertSource struct{ containerCase }
+var _ TestCase = (*FilterInputInvertSource)(nil)
+
// Name implements TestCase.Name.
-func (FilterInputInvertSource) Name() string {
+func (*FilterInputInvertSource) Name() string {
return "FilterInputInvertSource"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputInvertSource) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputInvertSource) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Make INPUT's default action DROP, then ACCEPT all packets not bound
// for 127.0.0.1.
rules := [][]string{
@@ -747,7 +793,7 @@ func (FilterInputInvertSource) ContainerAction(ctx context.Context, ip net.IP, i
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputInvertSource) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputInvertSource) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
@@ -755,15 +801,15 @@ func (FilterInputInvertSource) LocalAction(ctx context.Context, ip net.IP, ipv6
// matching the iptables rule.
type FilterInputInterfaceAccept struct{ localCase }
-var _ TestCase = FilterInputInterfaceAccept{}
+var _ TestCase = (*FilterInputInterfaceAccept)(nil)
// Name implements TestCase.Name.
-func (FilterInputInterfaceAccept) Name() string {
+func (*FilterInputInterfaceAccept) Name() string {
return "FilterInputInterfaceAccept"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputInterfaceAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputInterfaceAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
ifname, ok := getInterfaceName()
if !ok {
return fmt.Errorf("no interface is present, except loopback")
@@ -779,7 +825,7 @@ func (FilterInputInterfaceAccept) ContainerAction(ctx context.Context, ip net.IP
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputInterfaceAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputInterfaceAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
@@ -787,15 +833,15 @@ func (FilterInputInterfaceAccept) LocalAction(ctx context.Context, ip net.IP, ip
// matching the iptables rule.
type FilterInputInterfaceDrop struct{ localCase }
-var _ TestCase = FilterInputInterfaceDrop{}
+var _ TestCase = (*FilterInputInterfaceDrop)(nil)
// Name implements TestCase.Name.
-func (FilterInputInterfaceDrop) Name() string {
+func (*FilterInputInterfaceDrop) Name() string {
return "FilterInputInterfaceDrop"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputInterfaceDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputInterfaceDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
ifname, ok := getInterfaceName()
if !ok {
return fmt.Errorf("no interface is present, except loopback")
@@ -815,7 +861,7 @@ func (FilterInputInterfaceDrop) ContainerAction(ctx context.Context, ip net.IP,
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputInterfaceDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputInterfaceDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
@@ -823,15 +869,15 @@ func (FilterInputInterfaceDrop) LocalAction(ctx context.Context, ip net.IP, ipv6
// is not matching the interface name in the iptables rule.
type FilterInputInterface struct{ localCase }
-var _ TestCase = FilterInputInterface{}
+var _ TestCase = (*FilterInputInterface)(nil)
// Name implements TestCase.Name.
-func (FilterInputInterface) Name() string {
+func (*FilterInputInterface) Name() string {
return "FilterInputInterface"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputInterface) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputInterface) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "INPUT", "-p", "udp", "-i", "lo", "-j", "DROP"); err != nil {
return err
}
@@ -842,7 +888,7 @@ func (FilterInputInterface) ContainerAction(ctx context.Context, ip net.IP, ipv6
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputInterface) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputInterface) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
@@ -850,15 +896,15 @@ func (FilterInputInterface) LocalAction(ctx context.Context, ip net.IP, ipv6 boo
// interface which begins with the given interface name.
type FilterInputInterfaceBeginsWith struct{ localCase }
-var _ TestCase = FilterInputInterfaceBeginsWith{}
+var _ TestCase = (*FilterInputInterfaceBeginsWith)(nil)
// Name implements TestCase.Name.
-func (FilterInputInterfaceBeginsWith) Name() string {
+func (*FilterInputInterfaceBeginsWith) Name() string {
return "FilterInputInterfaceBeginsWith"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputInterfaceBeginsWith) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputInterfaceBeginsWith) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "INPUT", "-p", "udp", "-i", "e+", "-j", "DROP"); err != nil {
return err
}
@@ -874,7 +920,7 @@ func (FilterInputInterfaceBeginsWith) ContainerAction(ctx context.Context, ip ne
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputInterfaceBeginsWith) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputInterfaceBeginsWith) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
@@ -882,15 +928,15 @@ func (FilterInputInterfaceBeginsWith) LocalAction(ctx context.Context, ip net.IP
// interface not matching the interface name.
type FilterInputInterfaceInvertDrop struct{ baseCase }
-var _ TestCase = FilterInputInterfaceInvertDrop{}
+var _ TestCase = (*FilterInputInterfaceInvertDrop)(nil)
// Name implements TestCase.Name.
-func (FilterInputInterfaceInvertDrop) Name() string {
+func (*FilterInputInterfaceInvertDrop) Name() string {
return "FilterInputInterfaceInvertDrop"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputInterfaceInvertDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputInterfaceInvertDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "INPUT", "-p", "tcp", "!", "-i", "lo", "-j", "DROP"); err != nil {
return err
}
@@ -906,7 +952,7 @@ func (FilterInputInterfaceInvertDrop) ContainerAction(ctx context.Context, ip ne
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputInterfaceInvertDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputInterfaceInvertDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
timedCtx, cancel := context.WithTimeout(ctx, NegativeTimeout)
defer cancel()
if err := connectTCP(timedCtx, ip, acceptPort); err != nil {
@@ -923,15 +969,15 @@ func (FilterInputInterfaceInvertDrop) LocalAction(ctx context.Context, ip net.IP
// not matching the specific incoming interface.
type FilterInputInterfaceInvertAccept struct{ baseCase }
-var _ TestCase = FilterInputInterfaceInvertAccept{}
+var _ TestCase = (*FilterInputInterfaceInvertAccept)(nil)
// Name implements TestCase.Name.
-func (FilterInputInterfaceInvertAccept) Name() string {
+func (*FilterInputInterfaceInvertAccept) Name() string {
return "FilterInputInterfaceInvertAccept"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterInputInterfaceInvertAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputInterfaceInvertAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "INPUT", "-p", "tcp", "!", "-i", "lo", "-j", "ACCEPT"); err != nil {
return err
}
@@ -939,6 +985,6 @@ func (FilterInputInterfaceInvertAccept) ContainerAction(ctx context.Context, ip
}
// LocalAction implements TestCase.LocalAction.
-func (FilterInputInterfaceInvertAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterInputInterfaceInvertAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return connectTCP(ctx, ip, acceptPort)
}
diff --git a/test/iptables/filter_output.go b/test/iptables/filter_output.go
index f4af45e96..590d234bb 100644
--- a/test/iptables/filter_output.go
+++ b/test/iptables/filter_output.go
@@ -22,39 +22,41 @@ import (
)
func init() {
- RegisterTestCase(FilterOutputDropTCPDestPort{})
- RegisterTestCase(FilterOutputDropTCPSrcPort{})
- RegisterTestCase(FilterOutputDestination{})
- RegisterTestCase(FilterOutputInvertDestination{})
- RegisterTestCase(FilterOutputAcceptTCPOwner{})
- RegisterTestCase(FilterOutputDropTCPOwner{})
- RegisterTestCase(FilterOutputAcceptUDPOwner{})
- RegisterTestCase(FilterOutputDropUDPOwner{})
- RegisterTestCase(FilterOutputOwnerFail{})
- RegisterTestCase(FilterOutputAcceptGIDOwner{})
- RegisterTestCase(FilterOutputDropGIDOwner{})
- RegisterTestCase(FilterOutputInvertGIDOwner{})
- RegisterTestCase(FilterOutputInvertUIDOwner{})
- RegisterTestCase(FilterOutputInvertUIDAndGIDOwner{})
- RegisterTestCase(FilterOutputInterfaceAccept{})
- RegisterTestCase(FilterOutputInterfaceDrop{})
- RegisterTestCase(FilterOutputInterface{})
- RegisterTestCase(FilterOutputInterfaceBeginsWith{})
- RegisterTestCase(FilterOutputInterfaceInvertDrop{})
- RegisterTestCase(FilterOutputInterfaceInvertAccept{})
+ RegisterTestCase(&FilterOutputDropTCPDestPort{})
+ RegisterTestCase(&FilterOutputDropTCPSrcPort{})
+ RegisterTestCase(&FilterOutputDestination{})
+ RegisterTestCase(&FilterOutputInvertDestination{})
+ RegisterTestCase(&FilterOutputAcceptTCPOwner{})
+ RegisterTestCase(&FilterOutputDropTCPOwner{})
+ RegisterTestCase(&FilterOutputAcceptUDPOwner{})
+ RegisterTestCase(&FilterOutputDropUDPOwner{})
+ RegisterTestCase(&FilterOutputOwnerFail{})
+ RegisterTestCase(&FilterOutputAcceptGIDOwner{})
+ RegisterTestCase(&FilterOutputDropGIDOwner{})
+ RegisterTestCase(&FilterOutputInvertGIDOwner{})
+ RegisterTestCase(&FilterOutputInvertUIDOwner{})
+ RegisterTestCase(&FilterOutputInvertUIDAndGIDOwner{})
+ RegisterTestCase(&FilterOutputInterfaceAccept{})
+ RegisterTestCase(&FilterOutputInterfaceDrop{})
+ RegisterTestCase(&FilterOutputInterface{})
+ RegisterTestCase(&FilterOutputInterfaceBeginsWith{})
+ RegisterTestCase(&FilterOutputInterfaceInvertDrop{})
+ RegisterTestCase(&FilterOutputInterfaceInvertAccept{})
}
// FilterOutputDropTCPDestPort tests that connections are not accepted on
// specified source ports.
type FilterOutputDropTCPDestPort struct{ baseCase }
+var _ TestCase = (*FilterOutputDropTCPDestPort)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputDropTCPDestPort) Name() string {
+func (*FilterOutputDropTCPDestPort) Name() string {
return "FilterOutputDropTCPDestPort"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputDropTCPDestPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputDropTCPDestPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "OUTPUT", "-p", "tcp", "-m", "tcp", "--dport", "1024:65535", "-j", "DROP"); err != nil {
return err
}
@@ -72,7 +74,7 @@ func (FilterOutputDropTCPDestPort) ContainerAction(ctx context.Context, ip net.I
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputDropTCPDestPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputDropTCPDestPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
timedCtx, cancel := context.WithTimeout(ctx, NegativeTimeout)
defer cancel()
if err := connectTCP(timedCtx, ip, acceptPort); err == nil {
@@ -86,13 +88,15 @@ func (FilterOutputDropTCPDestPort) LocalAction(ctx context.Context, ip net.IP, i
// specified source ports.
type FilterOutputDropTCPSrcPort struct{ baseCase }
+var _ TestCase = (*FilterOutputDropTCPSrcPort)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputDropTCPSrcPort) Name() string {
+func (*FilterOutputDropTCPSrcPort) Name() string {
return "FilterOutputDropTCPSrcPort"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputDropTCPSrcPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputDropTCPSrcPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "OUTPUT", "-p", "tcp", "-m", "tcp", "--sport", fmt.Sprintf("%d", dropPort), "-j", "DROP"); err != nil {
return err
}
@@ -110,7 +114,7 @@ func (FilterOutputDropTCPSrcPort) ContainerAction(ctx context.Context, ip net.IP
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputDropTCPSrcPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputDropTCPSrcPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
timedCtx, cancel := context.WithTimeout(ctx, NegativeTimeout)
defer cancel()
if err := connectTCP(timedCtx, ip, dropPort); err == nil {
@@ -123,13 +127,15 @@ func (FilterOutputDropTCPSrcPort) LocalAction(ctx context.Context, ip net.IP, ip
// FilterOutputAcceptTCPOwner tests that TCP connections from uid owner are accepted.
type FilterOutputAcceptTCPOwner struct{ baseCase }
+var _ TestCase = (*FilterOutputAcceptTCPOwner)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputAcceptTCPOwner) Name() string {
+func (*FilterOutputAcceptTCPOwner) Name() string {
return "FilterOutputAcceptTCPOwner"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputAcceptTCPOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputAcceptTCPOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "OUTPUT", "-p", "tcp", "-m", "owner", "--uid-owner", "root", "-j", "ACCEPT"); err != nil {
return err
}
@@ -139,20 +145,22 @@ func (FilterOutputAcceptTCPOwner) ContainerAction(ctx context.Context, ip net.IP
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputAcceptTCPOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputAcceptTCPOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return connectTCP(ctx, ip, acceptPort)
}
// FilterOutputDropTCPOwner tests that TCP connections from uid owner are dropped.
type FilterOutputDropTCPOwner struct{ baseCase }
+var _ TestCase = (*FilterOutputDropTCPOwner)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputDropTCPOwner) Name() string {
+func (*FilterOutputDropTCPOwner) Name() string {
return "FilterOutputDropTCPOwner"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputDropTCPOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputDropTCPOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "OUTPUT", "-p", "tcp", "-m", "owner", "--uid-owner", "root", "-j", "DROP"); err != nil {
return err
}
@@ -170,7 +178,7 @@ func (FilterOutputDropTCPOwner) ContainerAction(ctx context.Context, ip net.IP,
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputDropTCPOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputDropTCPOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
timedCtx, cancel := context.WithTimeout(ctx, NegativeTimeout)
defer cancel()
if err := connectTCP(timedCtx, ip, acceptPort); err == nil {
@@ -183,13 +191,15 @@ func (FilterOutputDropTCPOwner) LocalAction(ctx context.Context, ip net.IP, ipv6
// FilterOutputAcceptUDPOwner tests that UDP packets from uid owner are accepted.
type FilterOutputAcceptUDPOwner struct{ localCase }
+var _ TestCase = (*FilterOutputAcceptUDPOwner)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputAcceptUDPOwner) Name() string {
+func (*FilterOutputAcceptUDPOwner) Name() string {
return "FilterOutputAcceptUDPOwner"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputAcceptUDPOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputAcceptUDPOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "OUTPUT", "-p", "udp", "-m", "owner", "--uid-owner", "root", "-j", "ACCEPT"); err != nil {
return err
}
@@ -199,7 +209,7 @@ func (FilterOutputAcceptUDPOwner) ContainerAction(ctx context.Context, ip net.IP
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputAcceptUDPOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputAcceptUDPOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Listen for UDP packets on acceptPort.
return listenUDP(ctx, acceptPort)
}
@@ -207,13 +217,15 @@ func (FilterOutputAcceptUDPOwner) LocalAction(ctx context.Context, ip net.IP, ip
// FilterOutputDropUDPOwner tests that UDP packets from uid owner are dropped.
type FilterOutputDropUDPOwner struct{ localCase }
+var _ TestCase = (*FilterOutputDropUDPOwner)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputDropUDPOwner) Name() string {
+func (*FilterOutputDropUDPOwner) Name() string {
return "FilterOutputDropUDPOwner"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputDropUDPOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputDropUDPOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "OUTPUT", "-p", "udp", "-m", "owner", "--uid-owner", "root", "-j", "DROP"); err != nil {
return err
}
@@ -223,7 +235,7 @@ func (FilterOutputDropUDPOwner) ContainerAction(ctx context.Context, ip net.IP,
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputDropUDPOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputDropUDPOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Listen for UDP packets on dropPort.
timedCtx, cancel := context.WithTimeout(ctx, NegativeTimeout)
defer cancel()
@@ -240,13 +252,15 @@ func (FilterOutputDropUDPOwner) LocalAction(ctx context.Context, ip net.IP, ipv6
// will fail.
type FilterOutputOwnerFail struct{ baseCase }
+var _ TestCase = (*FilterOutputOwnerFail)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputOwnerFail) Name() string {
+func (*FilterOutputOwnerFail) Name() string {
return "FilterOutputOwnerFail"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputOwnerFail) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputOwnerFail) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "OUTPUT", "-p", "udp", "-m", "owner", "-j", "ACCEPT"); err == nil {
return fmt.Errorf("invalid argument")
}
@@ -255,7 +269,7 @@ func (FilterOutputOwnerFail) ContainerAction(ctx context.Context, ip net.IP, ipv
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputOwnerFail) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputOwnerFail) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// no-op.
return nil
}
@@ -263,13 +277,15 @@ func (FilterOutputOwnerFail) LocalAction(ctx context.Context, ip net.IP, ipv6 bo
// FilterOutputAcceptGIDOwner tests that TCP connections from gid owner are accepted.
type FilterOutputAcceptGIDOwner struct{ baseCase }
+var _ TestCase = (*FilterOutputAcceptGIDOwner)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputAcceptGIDOwner) Name() string {
+func (*FilterOutputAcceptGIDOwner) Name() string {
return "FilterOutputAcceptGIDOwner"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputAcceptGIDOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputAcceptGIDOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "OUTPUT", "-p", "tcp", "-m", "owner", "--gid-owner", "root", "-j", "ACCEPT"); err != nil {
return err
}
@@ -279,20 +295,22 @@ func (FilterOutputAcceptGIDOwner) ContainerAction(ctx context.Context, ip net.IP
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputAcceptGIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputAcceptGIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return connectTCP(ctx, ip, acceptPort)
}
// FilterOutputDropGIDOwner tests that TCP connections from gid owner are dropped.
type FilterOutputDropGIDOwner struct{ baseCase }
+var _ TestCase = (*FilterOutputDropGIDOwner)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputDropGIDOwner) Name() string {
+func (*FilterOutputDropGIDOwner) Name() string {
return "FilterOutputDropGIDOwner"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputDropGIDOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputDropGIDOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "OUTPUT", "-p", "tcp", "-m", "owner", "--gid-owner", "root", "-j", "DROP"); err != nil {
return err
}
@@ -310,7 +328,7 @@ func (FilterOutputDropGIDOwner) ContainerAction(ctx context.Context, ip net.IP,
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputDropGIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputDropGIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
timedCtx, cancel := context.WithTimeout(ctx, NegativeTimeout)
defer cancel()
if err := connectTCP(timedCtx, ip, acceptPort); err == nil {
@@ -323,13 +341,15 @@ func (FilterOutputDropGIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6
// FilterOutputInvertGIDOwner tests that TCP connections from gid owner are dropped.
type FilterOutputInvertGIDOwner struct{ baseCase }
+var _ TestCase = (*FilterOutputInvertGIDOwner)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputInvertGIDOwner) Name() string {
+func (*FilterOutputInvertGIDOwner) Name() string {
return "FilterOutputInvertGIDOwner"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputInvertGIDOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInvertGIDOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
rules := [][]string{
{"-A", "OUTPUT", "-p", "tcp", "-m", "owner", "!", "--gid-owner", "root", "-j", "ACCEPT"},
{"-A", "OUTPUT", "-p", "tcp", "-j", "DROP"},
@@ -351,7 +371,7 @@ func (FilterOutputInvertGIDOwner) ContainerAction(ctx context.Context, ip net.IP
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputInvertGIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInvertGIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
timedCtx, cancel := context.WithTimeout(ctx, NegativeTimeout)
defer cancel()
if err := connectTCP(timedCtx, ip, acceptPort); err == nil {
@@ -364,13 +384,15 @@ func (FilterOutputInvertGIDOwner) LocalAction(ctx context.Context, ip net.IP, ip
// FilterOutputInvertUIDOwner tests that TCP connections from gid owner are dropped.
type FilterOutputInvertUIDOwner struct{ baseCase }
+var _ TestCase = (*FilterOutputInvertUIDOwner)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputInvertUIDOwner) Name() string {
+func (*FilterOutputInvertUIDOwner) Name() string {
return "FilterOutputInvertUIDOwner"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputInvertUIDOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInvertUIDOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
rules := [][]string{
{"-A", "OUTPUT", "-p", "tcp", "-m", "owner", "!", "--uid-owner", "root", "-j", "DROP"},
{"-A", "OUTPUT", "-p", "tcp", "-j", "ACCEPT"},
@@ -384,7 +406,7 @@ func (FilterOutputInvertUIDOwner) ContainerAction(ctx context.Context, ip net.IP
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputInvertUIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInvertUIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return connectTCP(ctx, ip, acceptPort)
}
@@ -392,13 +414,15 @@ func (FilterOutputInvertUIDOwner) LocalAction(ctx context.Context, ip net.IP, ip
// owner are dropped.
type FilterOutputInvertUIDAndGIDOwner struct{ baseCase }
+var _ TestCase = (*FilterOutputInvertUIDAndGIDOwner)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputInvertUIDAndGIDOwner) Name() string {
+func (*FilterOutputInvertUIDAndGIDOwner) Name() string {
return "FilterOutputInvertUIDAndGIDOwner"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputInvertUIDAndGIDOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInvertUIDAndGIDOwner) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
rules := [][]string{
{"-A", "OUTPUT", "-p", "tcp", "-m", "owner", "!", "--uid-owner", "root", "!", "--gid-owner", "root", "-j", "ACCEPT"},
{"-A", "OUTPUT", "-p", "tcp", "-j", "DROP"},
@@ -420,7 +444,7 @@ func (FilterOutputInvertUIDAndGIDOwner) ContainerAction(ctx context.Context, ip
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputInvertUIDAndGIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInvertUIDAndGIDOwner) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
timedCtx, cancel := context.WithTimeout(ctx, NegativeTimeout)
defer cancel()
if err := connectTCP(timedCtx, ip, acceptPort); err == nil {
@@ -434,13 +458,15 @@ func (FilterOutputInvertUIDAndGIDOwner) LocalAction(ctx context.Context, ip net.
// certain destinations.
type FilterOutputDestination struct{ localCase }
+var _ TestCase = (*FilterOutputDestination)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputDestination) Name() string {
+func (*FilterOutputDestination) Name() string {
return "FilterOutputDestination"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputDestination) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputDestination) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
var rules [][]string
if ipv6 {
rules = [][]string{
@@ -464,7 +490,7 @@ func (FilterOutputDestination) ContainerAction(ctx context.Context, ip net.IP, i
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputDestination) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputDestination) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return listenUDP(ctx, acceptPort)
}
@@ -472,13 +498,15 @@ func (FilterOutputDestination) LocalAction(ctx context.Context, ip net.IP, ipv6
// not headed for a particular destination.
type FilterOutputInvertDestination struct{ localCase }
+var _ TestCase = (*FilterOutputInvertDestination)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputInvertDestination) Name() string {
+func (*FilterOutputInvertDestination) Name() string {
return "FilterOutputInvertDestination"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputInvertDestination) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInvertDestination) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
rules := [][]string{
{"-A", "OUTPUT", "!", "-d", localIP(ipv6), "-j", "ACCEPT"},
{"-P", "OUTPUT", "DROP"},
@@ -491,7 +519,7 @@ func (FilterOutputInvertDestination) ContainerAction(ctx context.Context, ip net
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputInvertDestination) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInvertDestination) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return listenUDP(ctx, acceptPort)
}
@@ -499,13 +527,15 @@ func (FilterOutputInvertDestination) LocalAction(ctx context.Context, ip net.IP,
// matching the iptables rule.
type FilterOutputInterfaceAccept struct{ localCase }
+var _ TestCase = (*FilterOutputInterfaceAccept)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputInterfaceAccept) Name() string {
+func (*FilterOutputInterfaceAccept) Name() string {
return "FilterOutputInterfaceAccept"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputInterfaceAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInterfaceAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
ifname, ok := getInterfaceName()
if !ok {
return fmt.Errorf("no interface is present, except loopback")
@@ -518,7 +548,7 @@ func (FilterOutputInterfaceAccept) ContainerAction(ctx context.Context, ip net.I
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputInterfaceAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInterfaceAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return listenUDP(ctx, acceptPort)
}
@@ -526,13 +556,15 @@ func (FilterOutputInterfaceAccept) LocalAction(ctx context.Context, ip net.IP, i
// matching the iptables rule.
type FilterOutputInterfaceDrop struct{ localCase }
+var _ TestCase = (*FilterOutputInterfaceDrop)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputInterfaceDrop) Name() string {
+func (*FilterOutputInterfaceDrop) Name() string {
return "FilterOutputInterfaceDrop"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputInterfaceDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInterfaceDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
ifname, ok := getInterfaceName()
if !ok {
return fmt.Errorf("no interface is present, except loopback")
@@ -545,7 +577,7 @@ func (FilterOutputInterfaceDrop) ContainerAction(ctx context.Context, ip net.IP,
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputInterfaceDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInterfaceDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
timedCtx, cancel := context.WithTimeout(ctx, NegativeTimeout)
defer cancel()
if err := listenUDP(timedCtx, acceptPort); err == nil {
@@ -561,13 +593,15 @@ func (FilterOutputInterfaceDrop) LocalAction(ctx context.Context, ip net.IP, ipv
// not matching the interface name in the iptables rule.
type FilterOutputInterface struct{ localCase }
+var _ TestCase = (*FilterOutputInterface)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputInterface) Name() string {
+func (*FilterOutputInterface) Name() string {
return "FilterOutputInterface"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputInterface) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInterface) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "OUTPUT", "-p", "udp", "-o", "lo", "-j", "DROP"); err != nil {
return err
}
@@ -576,7 +610,7 @@ func (FilterOutputInterface) ContainerAction(ctx context.Context, ip net.IP, ipv
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputInterface) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInterface) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return listenUDP(ctx, acceptPort)
}
@@ -584,13 +618,15 @@ func (FilterOutputInterface) LocalAction(ctx context.Context, ip net.IP, ipv6 bo
// interface which begins with the given interface name.
type FilterOutputInterfaceBeginsWith struct{ localCase }
+var _ TestCase = (*FilterOutputInterfaceBeginsWith)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputInterfaceBeginsWith) Name() string {
+func (*FilterOutputInterfaceBeginsWith) Name() string {
return "FilterOutputInterfaceBeginsWith"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputInterfaceBeginsWith) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInterfaceBeginsWith) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "OUTPUT", "-p", "udp", "-o", "e+", "-j", "DROP"); err != nil {
return err
}
@@ -599,7 +635,7 @@ func (FilterOutputInterfaceBeginsWith) ContainerAction(ctx context.Context, ip n
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputInterfaceBeginsWith) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInterfaceBeginsWith) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
timedCtx, cancel := context.WithTimeout(ctx, NegativeTimeout)
defer cancel()
if err := listenUDP(timedCtx, acceptPort); err == nil {
@@ -615,13 +651,15 @@ func (FilterOutputInterfaceBeginsWith) LocalAction(ctx context.Context, ip net.I
// packets via interface not matching the interface name.
type FilterOutputInterfaceInvertDrop struct{ baseCase }
+var _ TestCase = (*FilterOutputInterfaceInvertDrop)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputInterfaceInvertDrop) Name() string {
+func (*FilterOutputInterfaceInvertDrop) Name() string {
return "FilterOutputInterfaceInvertDrop"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputInterfaceInvertDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInterfaceInvertDrop) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "OUTPUT", "-p", "tcp", "!", "-o", "lo", "-j", "DROP"); err != nil {
return err
}
@@ -639,7 +677,7 @@ func (FilterOutputInterfaceInvertDrop) ContainerAction(ctx context.Context, ip n
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputInterfaceInvertDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInterfaceInvertDrop) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
timedCtx, cancel := context.WithTimeout(ctx, NegativeTimeout)
defer cancel()
if err := connectTCP(timedCtx, ip, acceptPort); err == nil {
@@ -653,13 +691,15 @@ func (FilterOutputInterfaceInvertDrop) LocalAction(ctx context.Context, ip net.I
// not matching the specific outgoing interface.
type FilterOutputInterfaceInvertAccept struct{ baseCase }
+var _ TestCase = (*FilterOutputInterfaceInvertAccept)(nil)
+
// Name implements TestCase.Name.
-func (FilterOutputInterfaceInvertAccept) Name() string {
+func (*FilterOutputInterfaceInvertAccept) Name() string {
return "FilterOutputInterfaceInvertAccept"
}
// ContainerAction implements TestCase.ContainerAction.
-func (FilterOutputInterfaceInvertAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInterfaceInvertAccept) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := filterTable(ipv6, "-A", "OUTPUT", "-p", "tcp", "!", "-o", "lo", "-j", "ACCEPT"); err != nil {
return err
}
@@ -669,6 +709,6 @@ func (FilterOutputInterfaceInvertAccept) ContainerAction(ctx context.Context, ip
}
// LocalAction implements TestCase.LocalAction.
-func (FilterOutputInterfaceInvertAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*FilterOutputInterfaceInvertAccept) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return connectTCP(ctx, ip, acceptPort)
}
diff --git a/test/iptables/iptables.go b/test/iptables/iptables.go
index c2a03f54c..970587a02 100644
--- a/test/iptables/iptables.go
+++ b/test/iptables/iptables.go
@@ -64,12 +64,12 @@ type TestCase interface {
type baseCase struct{}
// ContainerSufficient implements TestCase.ContainerSufficient.
-func (baseCase) ContainerSufficient() bool {
+func (*baseCase) ContainerSufficient() bool {
return false
}
// LocalSufficient implements TestCase.LocalSufficient.
-func (baseCase) LocalSufficient() bool {
+func (*baseCase) LocalSufficient() bool {
return false
}
@@ -78,12 +78,12 @@ func (baseCase) LocalSufficient() bool {
type localCase struct{}
// ContainerSufficient implements TestCase.ContainerSufficient.
-func (localCase) ContainerSufficient() bool {
+func (*localCase) ContainerSufficient() bool {
return false
}
// LocalSufficient implements TestCase.LocalSufficient.
-func (localCase) LocalSufficient() bool {
+func (*localCase) LocalSufficient() bool {
return true
}
@@ -92,12 +92,12 @@ func (localCase) LocalSufficient() bool {
type containerCase struct{}
// ContainerSufficient implements TestCase.ContainerSufficient.
-func (containerCase) ContainerSufficient() bool {
+func (*containerCase) ContainerSufficient() bool {
return true
}
// LocalSufficient implements TestCase.LocalSufficient.
-func (containerCase) LocalSufficient() bool {
+func (*containerCase) LocalSufficient() bool {
return false
}
diff --git a/test/iptables/iptables_test.go b/test/iptables/iptables_test.go
index ef92e3fff..d6c69a319 100644
--- a/test/iptables/iptables_test.go
+++ b/test/iptables/iptables_test.go
@@ -166,254 +166,254 @@ func sendIP(ip net.IP) error {
}
func TestFilterInputDropUDP(t *testing.T) {
- singleTest(t, FilterInputDropUDP{})
+ singleTest(t, &FilterInputDropUDP{})
}
func TestFilterInputDropUDPPort(t *testing.T) {
- singleTest(t, FilterInputDropUDPPort{})
+ singleTest(t, &FilterInputDropUDPPort{})
}
func TestFilterInputDropDifferentUDPPort(t *testing.T) {
- singleTest(t, FilterInputDropDifferentUDPPort{})
+ singleTest(t, &FilterInputDropDifferentUDPPort{})
}
func TestFilterInputDropAll(t *testing.T) {
- singleTest(t, FilterInputDropAll{})
+ singleTest(t, &FilterInputDropAll{})
}
func TestFilterInputDropOnlyUDP(t *testing.T) {
- singleTest(t, FilterInputDropOnlyUDP{})
+ singleTest(t, &FilterInputDropOnlyUDP{})
}
func TestFilterInputDropTCPDestPort(t *testing.T) {
- singleTest(t, FilterInputDropTCPDestPort{})
+ singleTest(t, &FilterInputDropTCPDestPort{})
}
func TestFilterInputDropTCPSrcPort(t *testing.T) {
- singleTest(t, FilterInputDropTCPSrcPort{})
+ singleTest(t, &FilterInputDropTCPSrcPort{})
}
func TestFilterInputCreateUserChain(t *testing.T) {
- singleTest(t, FilterInputCreateUserChain{})
+ singleTest(t, &FilterInputCreateUserChain{})
}
func TestFilterInputDefaultPolicyAccept(t *testing.T) {
- singleTest(t, FilterInputDefaultPolicyAccept{})
+ singleTest(t, &FilterInputDefaultPolicyAccept{})
}
func TestFilterInputDefaultPolicyDrop(t *testing.T) {
- singleTest(t, FilterInputDefaultPolicyDrop{})
+ singleTest(t, &FilterInputDefaultPolicyDrop{})
}
func TestFilterInputReturnUnderflow(t *testing.T) {
- singleTest(t, FilterInputReturnUnderflow{})
+ singleTest(t, &FilterInputReturnUnderflow{})
}
func TestFilterOutputDropTCPDestPort(t *testing.T) {
- singleTest(t, FilterOutputDropTCPDestPort{})
+ singleTest(t, &FilterOutputDropTCPDestPort{})
}
func TestFilterOutputDropTCPSrcPort(t *testing.T) {
- singleTest(t, FilterOutputDropTCPSrcPort{})
+ singleTest(t, &FilterOutputDropTCPSrcPort{})
}
func TestFilterOutputAcceptTCPOwner(t *testing.T) {
- singleTest(t, FilterOutputAcceptTCPOwner{})
+ singleTest(t, &FilterOutputAcceptTCPOwner{})
}
func TestFilterOutputDropTCPOwner(t *testing.T) {
- singleTest(t, FilterOutputDropTCPOwner{})
+ singleTest(t, &FilterOutputDropTCPOwner{})
}
func TestFilterOutputAcceptUDPOwner(t *testing.T) {
- singleTest(t, FilterOutputAcceptUDPOwner{})
+ singleTest(t, &FilterOutputAcceptUDPOwner{})
}
func TestFilterOutputDropUDPOwner(t *testing.T) {
- singleTest(t, FilterOutputDropUDPOwner{})
+ singleTest(t, &FilterOutputDropUDPOwner{})
}
func TestFilterOutputOwnerFail(t *testing.T) {
- singleTest(t, FilterOutputOwnerFail{})
+ singleTest(t, &FilterOutputOwnerFail{})
}
func TestFilterOutputAcceptGIDOwner(t *testing.T) {
- singleTest(t, FilterOutputAcceptGIDOwner{})
+ singleTest(t, &FilterOutputAcceptGIDOwner{})
}
func TestFilterOutputDropGIDOwner(t *testing.T) {
- singleTest(t, FilterOutputDropGIDOwner{})
+ singleTest(t, &FilterOutputDropGIDOwner{})
}
func TestFilterOutputInvertGIDOwner(t *testing.T) {
- singleTest(t, FilterOutputInvertGIDOwner{})
+ singleTest(t, &FilterOutputInvertGIDOwner{})
}
func TestFilterOutputInvertUIDOwner(t *testing.T) {
- singleTest(t, FilterOutputInvertUIDOwner{})
+ singleTest(t, &FilterOutputInvertUIDOwner{})
}
func TestFilterOutputInvertUIDAndGIDOwner(t *testing.T) {
- singleTest(t, FilterOutputInvertUIDAndGIDOwner{})
+ singleTest(t, &FilterOutputInvertUIDAndGIDOwner{})
}
func TestFilterOutputInterfaceAccept(t *testing.T) {
- singleTest(t, FilterOutputInterfaceAccept{})
+ singleTest(t, &FilterOutputInterfaceAccept{})
}
func TestFilterOutputInterfaceDrop(t *testing.T) {
- singleTest(t, FilterOutputInterfaceDrop{})
+ singleTest(t, &FilterOutputInterfaceDrop{})
}
func TestFilterOutputInterface(t *testing.T) {
- singleTest(t, FilterOutputInterface{})
+ singleTest(t, &FilterOutputInterface{})
}
func TestFilterOutputInterfaceBeginsWith(t *testing.T) {
- singleTest(t, FilterOutputInterfaceBeginsWith{})
+ singleTest(t, &FilterOutputInterfaceBeginsWith{})
}
func TestFilterOutputInterfaceInvertDrop(t *testing.T) {
- singleTest(t, FilterOutputInterfaceInvertDrop{})
+ singleTest(t, &FilterOutputInterfaceInvertDrop{})
}
func TestFilterOutputInterfaceInvertAccept(t *testing.T) {
- singleTest(t, FilterOutputInterfaceInvertAccept{})
+ singleTest(t, &FilterOutputInterfaceInvertAccept{})
}
func TestJumpSerialize(t *testing.T) {
- singleTest(t, FilterInputSerializeJump{})
+ singleTest(t, &FilterInputSerializeJump{})
}
func TestJumpBasic(t *testing.T) {
- singleTest(t, FilterInputJumpBasic{})
+ singleTest(t, &FilterInputJumpBasic{})
}
func TestJumpReturn(t *testing.T) {
- singleTest(t, FilterInputJumpReturn{})
+ singleTest(t, &FilterInputJumpReturn{})
}
func TestJumpReturnDrop(t *testing.T) {
- singleTest(t, FilterInputJumpReturnDrop{})
+ singleTest(t, &FilterInputJumpReturnDrop{})
}
func TestJumpBuiltin(t *testing.T) {
- singleTest(t, FilterInputJumpBuiltin{})
+ singleTest(t, &FilterInputJumpBuiltin{})
}
func TestJumpTwice(t *testing.T) {
- singleTest(t, FilterInputJumpTwice{})
+ singleTest(t, &FilterInputJumpTwice{})
}
func TestInputDestination(t *testing.T) {
- singleTest(t, FilterInputDestination{})
+ singleTest(t, &FilterInputDestination{})
}
func TestInputInvertDestination(t *testing.T) {
- singleTest(t, FilterInputInvertDestination{})
+ singleTest(t, &FilterInputInvertDestination{})
}
func TestFilterOutputDestination(t *testing.T) {
- singleTest(t, FilterOutputDestination{})
+ singleTest(t, &FilterOutputDestination{})
}
func TestFilterOutputInvertDestination(t *testing.T) {
- singleTest(t, FilterOutputInvertDestination{})
+ singleTest(t, &FilterOutputInvertDestination{})
}
func TestNATPreRedirectUDPPort(t *testing.T) {
- singleTest(t, NATPreRedirectUDPPort{})
+ singleTest(t, &NATPreRedirectUDPPort{})
}
func TestNATPreRedirectTCPPort(t *testing.T) {
- singleTest(t, NATPreRedirectTCPPort{})
+ singleTest(t, &NATPreRedirectTCPPort{})
}
func TestNATPreRedirectTCPOutgoing(t *testing.T) {
- singleTest(t, NATPreRedirectTCPOutgoing{})
+ singleTest(t, &NATPreRedirectTCPOutgoing{})
}
func TestNATOutRedirectTCPIncoming(t *testing.T) {
- singleTest(t, NATOutRedirectTCPIncoming{})
+ singleTest(t, &NATOutRedirectTCPIncoming{})
}
func TestNATOutRedirectUDPPort(t *testing.T) {
- singleTest(t, NATOutRedirectUDPPort{})
+ singleTest(t, &NATOutRedirectUDPPort{})
}
func TestNATOutRedirectTCPPort(t *testing.T) {
- singleTest(t, NATOutRedirectTCPPort{})
+ singleTest(t, &NATOutRedirectTCPPort{})
}
func TestNATDropUDP(t *testing.T) {
- singleTest(t, NATDropUDP{})
+ singleTest(t, &NATDropUDP{})
}
func TestNATAcceptAll(t *testing.T) {
- singleTest(t, NATAcceptAll{})
+ singleTest(t, &NATAcceptAll{})
}
func TestNATOutRedirectIP(t *testing.T) {
- singleTest(t, NATOutRedirectIP{})
+ singleTest(t, &NATOutRedirectIP{})
}
func TestNATOutDontRedirectIP(t *testing.T) {
- singleTest(t, NATOutDontRedirectIP{})
+ singleTest(t, &NATOutDontRedirectIP{})
}
func TestNATOutRedirectInvert(t *testing.T) {
- singleTest(t, NATOutRedirectInvert{})
+ singleTest(t, &NATOutRedirectInvert{})
}
func TestNATPreRedirectIP(t *testing.T) {
- singleTest(t, NATPreRedirectIP{})
+ singleTest(t, &NATPreRedirectIP{})
}
func TestNATPreDontRedirectIP(t *testing.T) {
- singleTest(t, NATPreDontRedirectIP{})
+ singleTest(t, &NATPreDontRedirectIP{})
}
func TestNATPreRedirectInvert(t *testing.T) {
- singleTest(t, NATPreRedirectInvert{})
+ singleTest(t, &NATPreRedirectInvert{})
}
func TestNATRedirectRequiresProtocol(t *testing.T) {
- singleTest(t, NATRedirectRequiresProtocol{})
+ singleTest(t, &NATRedirectRequiresProtocol{})
}
func TestNATLoopbackSkipsPrerouting(t *testing.T) {
- singleTest(t, NATLoopbackSkipsPrerouting{})
+ singleTest(t, &NATLoopbackSkipsPrerouting{})
}
func TestInputSource(t *testing.T) {
- singleTest(t, FilterInputSource{})
+ singleTest(t, &FilterInputSource{})
}
func TestInputInvertSource(t *testing.T) {
- singleTest(t, FilterInputInvertSource{})
+ singleTest(t, &FilterInputInvertSource{})
}
func TestInputInterfaceAccept(t *testing.T) {
- singleTest(t, FilterInputInterfaceAccept{})
+ singleTest(t, &FilterInputInterfaceAccept{})
}
func TestInputInterfaceDrop(t *testing.T) {
- singleTest(t, FilterInputInterfaceDrop{})
+ singleTest(t, &FilterInputInterfaceDrop{})
}
func TestInputInterface(t *testing.T) {
- singleTest(t, FilterInputInterface{})
+ singleTest(t, &FilterInputInterface{})
}
func TestInputInterfaceBeginsWith(t *testing.T) {
- singleTest(t, FilterInputInterfaceBeginsWith{})
+ singleTest(t, &FilterInputInterfaceBeginsWith{})
}
func TestInputInterfaceInvertDrop(t *testing.T) {
- singleTest(t, FilterInputInterfaceInvertDrop{})
+ singleTest(t, &FilterInputInterfaceInvertDrop{})
}
func TestInputInterfaceInvertAccept(t *testing.T) {
- singleTest(t, FilterInputInterfaceInvertAccept{})
+ singleTest(t, &FilterInputInterfaceInvertAccept{})
}
func TestFilterAddrs(t *testing.T) {
@@ -442,17 +442,17 @@ func TestFilterAddrs(t *testing.T) {
}
func TestNATPreOriginalDst(t *testing.T) {
- singleTest(t, NATPreOriginalDst{})
+ singleTest(t, &NATPreOriginalDst{})
}
func TestNATOutOriginalDst(t *testing.T) {
- singleTest(t, NATOutOriginalDst{})
+ singleTest(t, &NATOutOriginalDst{})
}
func TestNATPreRECVORIGDSTADDR(t *testing.T) {
- singleTest(t, NATPreRECVORIGDSTADDR{})
+ singleTest(t, &NATPreRECVORIGDSTADDR{})
}
func TestNATOutRECVORIGDSTADDR(t *testing.T) {
- singleTest(t, NATOutRECVORIGDSTADDR{})
+ singleTest(t, &NATOutRECVORIGDSTADDR{})
}
diff --git a/test/iptables/nat.go b/test/iptables/nat.go
index c3874240f..7ff8510a7 100644
--- a/test/iptables/nat.go
+++ b/test/iptables/nat.go
@@ -28,38 +28,40 @@ import (
const redirectPort = 42
func init() {
- RegisterTestCase(NATPreRedirectUDPPort{})
- RegisterTestCase(NATPreRedirectTCPPort{})
- RegisterTestCase(NATPreRedirectTCPOutgoing{})
- RegisterTestCase(NATOutRedirectTCPIncoming{})
- RegisterTestCase(NATOutRedirectUDPPort{})
- RegisterTestCase(NATOutRedirectTCPPort{})
- RegisterTestCase(NATDropUDP{})
- RegisterTestCase(NATAcceptAll{})
- RegisterTestCase(NATPreRedirectIP{})
- RegisterTestCase(NATPreDontRedirectIP{})
- RegisterTestCase(NATPreRedirectInvert{})
- RegisterTestCase(NATOutRedirectIP{})
- RegisterTestCase(NATOutDontRedirectIP{})
- RegisterTestCase(NATOutRedirectInvert{})
- RegisterTestCase(NATRedirectRequiresProtocol{})
- RegisterTestCase(NATLoopbackSkipsPrerouting{})
- RegisterTestCase(NATPreOriginalDst{})
- RegisterTestCase(NATOutOriginalDst{})
- RegisterTestCase(NATPreRECVORIGDSTADDR{})
- RegisterTestCase(NATOutRECVORIGDSTADDR{})
+ RegisterTestCase(&NATPreRedirectUDPPort{})
+ RegisterTestCase(&NATPreRedirectTCPPort{})
+ RegisterTestCase(&NATPreRedirectTCPOutgoing{})
+ RegisterTestCase(&NATOutRedirectTCPIncoming{})
+ RegisterTestCase(&NATOutRedirectUDPPort{})
+ RegisterTestCase(&NATOutRedirectTCPPort{})
+ RegisterTestCase(&NATDropUDP{})
+ RegisterTestCase(&NATAcceptAll{})
+ RegisterTestCase(&NATPreRedirectIP{})
+ RegisterTestCase(&NATPreDontRedirectIP{})
+ RegisterTestCase(&NATPreRedirectInvert{})
+ RegisterTestCase(&NATOutRedirectIP{})
+ RegisterTestCase(&NATOutDontRedirectIP{})
+ RegisterTestCase(&NATOutRedirectInvert{})
+ RegisterTestCase(&NATRedirectRequiresProtocol{})
+ RegisterTestCase(&NATLoopbackSkipsPrerouting{})
+ RegisterTestCase(&NATPreOriginalDst{})
+ RegisterTestCase(&NATOutOriginalDst{})
+ RegisterTestCase(&NATPreRECVORIGDSTADDR{})
+ RegisterTestCase(&NATOutRECVORIGDSTADDR{})
}
// NATPreRedirectUDPPort tests that packets are redirected to different port.
type NATPreRedirectUDPPort struct{ containerCase }
+var _ TestCase = (*NATPreRedirectUDPPort)(nil)
+
// Name implements TestCase.Name.
-func (NATPreRedirectUDPPort) Name() string {
+func (*NATPreRedirectUDPPort) Name() string {
return "NATPreRedirectUDPPort"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATPreRedirectUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATPreRedirectUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := natTable(ipv6, "-A", "PREROUTING", "-p", "udp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", redirectPort)); err != nil {
return err
}
@@ -72,20 +74,22 @@ func (NATPreRedirectUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv
}
// LocalAction implements TestCase.LocalAction.
-func (NATPreRedirectUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATPreRedirectUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
// NATPreRedirectTCPPort tests that connections are redirected on specified ports.
type NATPreRedirectTCPPort struct{ baseCase }
+var _ TestCase = (*NATPreRedirectTCPPort)(nil)
+
// Name implements TestCase.Name.
-func (NATPreRedirectTCPPort) Name() string {
+func (*NATPreRedirectTCPPort) Name() string {
return "NATPreRedirectTCPPort"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATPreRedirectTCPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATPreRedirectTCPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := natTable(ipv6, "-A", "PREROUTING", "-p", "tcp", "-m", "tcp", "--dport", fmt.Sprintf("%d", dropPort), "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", acceptPort)); err != nil {
return err
}
@@ -95,7 +99,7 @@ func (NATPreRedirectTCPPort) ContainerAction(ctx context.Context, ip net.IP, ipv
}
// LocalAction implements TestCase.LocalAction.
-func (NATPreRedirectTCPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATPreRedirectTCPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return connectTCP(ctx, ip, dropPort)
}
@@ -103,13 +107,15 @@ func (NATPreRedirectTCPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bo
// affected by PREROUTING connection tracking.
type NATPreRedirectTCPOutgoing struct{ baseCase }
+var _ TestCase = (*NATPreRedirectTCPOutgoing)(nil)
+
// Name implements TestCase.Name.
-func (NATPreRedirectTCPOutgoing) Name() string {
+func (*NATPreRedirectTCPOutgoing) Name() string {
return "NATPreRedirectTCPOutgoing"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATPreRedirectTCPOutgoing) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATPreRedirectTCPOutgoing) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Redirect all incoming TCP traffic to a closed port.
if err := natTable(ipv6, "-A", "PREROUTING", "-p", "tcp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", dropPort)); err != nil {
return err
@@ -120,7 +126,7 @@ func (NATPreRedirectTCPOutgoing) ContainerAction(ctx context.Context, ip net.IP,
}
// LocalAction implements TestCase.LocalAction.
-func (NATPreRedirectTCPOutgoing) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATPreRedirectTCPOutgoing) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return listenTCP(ctx, acceptPort)
}
@@ -128,13 +134,15 @@ func (NATPreRedirectTCPOutgoing) LocalAction(ctx context.Context, ip net.IP, ipv
// affected by OUTPUT connection tracking.
type NATOutRedirectTCPIncoming struct{ baseCase }
+var _ TestCase = (*NATOutRedirectTCPIncoming)(nil)
+
// Name implements TestCase.Name.
-func (NATOutRedirectTCPIncoming) Name() string {
+func (*NATOutRedirectTCPIncoming) Name() string {
return "NATOutRedirectTCPIncoming"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATOutRedirectTCPIncoming) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATOutRedirectTCPIncoming) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Redirect all outgoing TCP traffic to a closed port.
if err := natTable(ipv6, "-A", "OUTPUT", "-p", "tcp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", dropPort)); err != nil {
return err
@@ -145,25 +153,27 @@ func (NATOutRedirectTCPIncoming) ContainerAction(ctx context.Context, ip net.IP,
}
// LocalAction implements TestCase.LocalAction.
-func (NATOutRedirectTCPIncoming) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATOutRedirectTCPIncoming) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return connectTCP(ctx, ip, acceptPort)
}
// NATOutRedirectUDPPort tests that packets are redirected to different port.
type NATOutRedirectUDPPort struct{ containerCase }
+var _ TestCase = (*NATOutRedirectUDPPort)(nil)
+
// Name implements TestCase.Name.
-func (NATOutRedirectUDPPort) Name() string {
+func (*NATOutRedirectUDPPort) Name() string {
return "NATOutRedirectUDPPort"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATOutRedirectUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATOutRedirectUDPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return loopbackTest(ctx, ipv6, net.ParseIP(nowhereIP(ipv6)), "-A", "OUTPUT", "-p", "udp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", acceptPort))
}
// LocalAction implements TestCase.LocalAction.
-func (NATOutRedirectUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATOutRedirectUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// No-op.
return nil
}
@@ -172,13 +182,15 @@ func (NATOutRedirectUDPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bo
// port.
type NATDropUDP struct{ containerCase }
+var _ TestCase = (*NATDropUDP)(nil)
+
// Name implements TestCase.Name.
-func (NATDropUDP) Name() string {
+func (*NATDropUDP) Name() string {
return "NATDropUDP"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATDropUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATDropUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := natTable(ipv6, "-A", "PREROUTING", "-p", "udp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", redirectPort)); err != nil {
return err
}
@@ -195,20 +207,22 @@ func (NATDropUDP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) err
}
// LocalAction implements TestCase.LocalAction.
-func (NATDropUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATDropUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
// NATAcceptAll tests that all UDP packets are accepted.
type NATAcceptAll struct{ containerCase }
+var _ TestCase = (*NATAcceptAll)(nil)
+
// Name implements TestCase.Name.
-func (NATAcceptAll) Name() string {
+func (*NATAcceptAll) Name() string {
return "NATAcceptAll"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATAcceptAll) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATAcceptAll) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := natTable(ipv6, "-A", "PREROUTING", "-p", "udp", "-j", "ACCEPT"); err != nil {
return err
}
@@ -221,7 +235,7 @@ func (NATAcceptAll) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) e
}
// LocalAction implements TestCase.LocalAction.
-func (NATAcceptAll) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATAcceptAll) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
@@ -229,13 +243,15 @@ func (NATAcceptAll) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error
// redirects them.
type NATOutRedirectIP struct{ baseCase }
+var _ TestCase = (*NATOutRedirectIP)(nil)
+
// Name implements TestCase.Name.
-func (NATOutRedirectIP) Name() string {
+func (*NATOutRedirectIP) Name() string {
return "NATOutRedirectIP"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATOutRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATOutRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Redirect OUTPUT packets to a listening localhost port.
return loopbackTest(ctx, ipv6, net.ParseIP(nowhereIP(ipv6)),
"-A", "OUTPUT",
@@ -245,7 +261,7 @@ func (NATOutRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 boo
}
// LocalAction implements TestCase.LocalAction.
-func (NATOutRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATOutRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// No-op.
return nil
}
@@ -254,13 +270,15 @@ func (NATOutRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) e
// packets it shouldn't.
type NATOutDontRedirectIP struct{ localCase }
+var _ TestCase = (*NATOutDontRedirectIP)(nil)
+
// Name implements TestCase.Name.
-func (NATOutDontRedirectIP) Name() string {
+func (*NATOutDontRedirectIP) Name() string {
return "NATOutDontRedirectIP"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATOutDontRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATOutDontRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := natTable(ipv6, "-A", "OUTPUT", "-d", localIP(ipv6), "-p", "udp", "-j", "REDIRECT", "--to-port", fmt.Sprintf("%d", dropPort)); err != nil {
return err
}
@@ -268,20 +286,22 @@ func (NATOutDontRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6
}
// LocalAction implements TestCase.LocalAction.
-func (NATOutDontRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATOutDontRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return listenUDP(ctx, acceptPort)
}
// NATOutRedirectInvert tests that iptables can match with "! -d".
type NATOutRedirectInvert struct{ baseCase }
+var _ TestCase = (*NATOutRedirectInvert)(nil)
+
// Name implements TestCase.Name.
-func (NATOutRedirectInvert) Name() string {
+func (*NATOutRedirectInvert) Name() string {
return "NATOutRedirectInvert"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATOutRedirectInvert) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATOutRedirectInvert) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Redirect OUTPUT packets to a listening localhost port.
dest := "192.0.2.2"
if ipv6 {
@@ -295,7 +315,7 @@ func (NATOutRedirectInvert) ContainerAction(ctx context.Context, ip net.IP, ipv6
}
// LocalAction implements TestCase.LocalAction.
-func (NATOutRedirectInvert) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATOutRedirectInvert) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// No-op.
return nil
}
@@ -304,13 +324,15 @@ func (NATOutRedirectInvert) LocalAction(ctx context.Context, ip net.IP, ipv6 boo
// destination IP and redirect them.
type NATPreRedirectIP struct{ containerCase }
+var _ TestCase = (*NATPreRedirectIP)(nil)
+
// Name implements TestCase.Name.
-func (NATPreRedirectIP) Name() string {
+func (*NATPreRedirectIP) Name() string {
return "NATPreRedirectIP"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATPreRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATPreRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
addrs, err := localAddrs(ipv6)
if err != nil {
return err
@@ -327,7 +349,7 @@ func (NATPreRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 boo
}
// LocalAction implements TestCase.LocalAction.
-func (NATPreRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATPreRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, dropPort)
}
@@ -335,13 +357,15 @@ func (NATPreRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) e
// packets it shouldn't.
type NATPreDontRedirectIP struct{ containerCase }
+var _ TestCase = (*NATPreDontRedirectIP)(nil)
+
// Name implements TestCase.Name.
-func (NATPreDontRedirectIP) Name() string {
+func (*NATPreDontRedirectIP) Name() string {
return "NATPreDontRedirectIP"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATPreDontRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATPreDontRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := natTable(ipv6, "-A", "PREROUTING", "-p", "udp", "-d", localIP(ipv6), "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", dropPort)); err != nil {
return err
}
@@ -349,20 +373,22 @@ func (NATPreDontRedirectIP) ContainerAction(ctx context.Context, ip net.IP, ipv6
}
// LocalAction implements TestCase.LocalAction.
-func (NATPreDontRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATPreDontRedirectIP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
// NATPreRedirectInvert tests that iptables can match with "! -d".
type NATPreRedirectInvert struct{ containerCase }
+var _ TestCase = (*NATPreRedirectInvert)(nil)
+
// Name implements TestCase.Name.
-func (NATPreRedirectInvert) Name() string {
+func (*NATPreRedirectInvert) Name() string {
return "NATPreRedirectInvert"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATPreRedirectInvert) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATPreRedirectInvert) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := natTable(ipv6, "-A", "PREROUTING", "-p", "udp", "!", "-d", localIP(ipv6), "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", acceptPort)); err != nil {
return err
}
@@ -370,7 +396,7 @@ func (NATPreRedirectInvert) ContainerAction(ctx context.Context, ip net.IP, ipv6
}
// LocalAction implements TestCase.LocalAction.
-func (NATPreRedirectInvert) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATPreRedirectInvert) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, dropPort)
}
@@ -378,13 +404,15 @@ func (NATPreRedirectInvert) LocalAction(ctx context.Context, ip net.IP, ipv6 boo
// protocol to be specified with -p.
type NATRedirectRequiresProtocol struct{ baseCase }
+var _ TestCase = (*NATRedirectRequiresProtocol)(nil)
+
// Name implements TestCase.Name.
-func (NATRedirectRequiresProtocol) Name() string {
+func (*NATRedirectRequiresProtocol) Name() string {
return "NATRedirectRequiresProtocol"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATRedirectRequiresProtocol) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATRedirectRequiresProtocol) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := natTable(ipv6, "-A", "PREROUTING", "-d", localIP(ipv6), "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", acceptPort)); err == nil {
return errors.New("expected an error using REDIRECT --to-ports without a protocol")
}
@@ -392,7 +420,7 @@ func (NATRedirectRequiresProtocol) ContainerAction(ctx context.Context, ip net.I
}
// LocalAction implements TestCase.LocalAction.
-func (NATRedirectRequiresProtocol) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATRedirectRequiresProtocol) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// No-op.
return nil
}
@@ -400,13 +428,15 @@ func (NATRedirectRequiresProtocol) LocalAction(ctx context.Context, ip net.IP, i
// NATOutRedirectTCPPort tests that connections are redirected on specified ports.
type NATOutRedirectTCPPort struct{ baseCase }
+var _ TestCase = (*NATOutRedirectTCPPort)(nil)
+
// Name implements TestCase.Name.
-func (NATOutRedirectTCPPort) Name() string {
+func (*NATOutRedirectTCPPort) Name() string {
return "NATOutRedirectTCPPort"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATOutRedirectTCPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATOutRedirectTCPPort) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := natTable(ipv6, "-A", "OUTPUT", "-p", "tcp", "-m", "tcp", "--dport", fmt.Sprintf("%d", dropPort), "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", acceptPort)); err != nil {
return err
}
@@ -438,7 +468,7 @@ func (NATOutRedirectTCPPort) ContainerAction(ctx context.Context, ip net.IP, ipv
}
// LocalAction implements TestCase.LocalAction.
-func (NATOutRedirectTCPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATOutRedirectTCPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return nil
}
@@ -446,13 +476,15 @@ func (NATOutRedirectTCPPort) LocalAction(ctx context.Context, ip net.IP, ipv6 bo
// affected by PREROUTING rules.
type NATLoopbackSkipsPrerouting struct{ baseCase }
+var _ TestCase = (*NATLoopbackSkipsPrerouting)(nil)
+
// Name implements TestCase.Name.
-func (NATLoopbackSkipsPrerouting) Name() string {
+func (*NATLoopbackSkipsPrerouting) Name() string {
return "NATLoopbackSkipsPrerouting"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATLoopbackSkipsPrerouting) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATLoopbackSkipsPrerouting) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Redirect anything sent to localhost to an unused port.
dest := []byte{127, 0, 0, 1}
if err := natTable(ipv6, "-A", "PREROUTING", "-p", "tcp", "-j", "REDIRECT", "--to-port", fmt.Sprintf("%d", dropPort)); err != nil {
@@ -473,7 +505,7 @@ func (NATLoopbackSkipsPrerouting) ContainerAction(ctx context.Context, ip net.IP
}
// LocalAction implements TestCase.LocalAction.
-func (NATLoopbackSkipsPrerouting) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATLoopbackSkipsPrerouting) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// No-op.
return nil
}
@@ -482,13 +514,15 @@ func (NATLoopbackSkipsPrerouting) LocalAction(ctx context.Context, ip net.IP, ip
// of PREROUTING NATted packets.
type NATPreOriginalDst struct{ baseCase }
+var _ TestCase = (*NATPreOriginalDst)(nil)
+
// Name implements TestCase.Name.
-func (NATPreOriginalDst) Name() string {
+func (*NATPreOriginalDst) Name() string {
return "NATPreOriginalDst"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATPreOriginalDst) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATPreOriginalDst) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Redirect incoming TCP connections to acceptPort.
if err := natTable(ipv6, "-A", "PREROUTING",
"-p", "tcp",
@@ -505,7 +539,7 @@ func (NATPreOriginalDst) ContainerAction(ctx context.Context, ip net.IP, ipv6 bo
}
// LocalAction implements TestCase.LocalAction.
-func (NATPreOriginalDst) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATPreOriginalDst) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return connectTCP(ctx, ip, dropPort)
}
@@ -513,13 +547,15 @@ func (NATPreOriginalDst) LocalAction(ctx context.Context, ip net.IP, ipv6 bool)
// of OUTBOUND NATted packets.
type NATOutOriginalDst struct{ baseCase }
+var _ TestCase = (*NATOutOriginalDst)(nil)
+
// Name implements TestCase.Name.
-func (NATOutOriginalDst) Name() string {
+func (*NATOutOriginalDst) Name() string {
return "NATOutOriginalDst"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATOutOriginalDst) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATOutOriginalDst) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// Redirect incoming TCP connections to acceptPort.
if err := natTable(ipv6, "-A", "OUTPUT", "-p", "tcp", "-j", "REDIRECT", "--to-port", fmt.Sprintf("%d", acceptPort)); err != nil {
return err
@@ -537,7 +573,7 @@ func (NATOutOriginalDst) ContainerAction(ctx context.Context, ip net.IP, ipv6 bo
}
// LocalAction implements TestCase.LocalAction.
-func (NATOutOriginalDst) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATOutOriginalDst) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// No-op.
return nil
}
@@ -650,13 +686,15 @@ func loopbackTest(ctx context.Context, ipv6 bool, dest net.IP, args ...string) e
// address on the PREROUTING chain.
type NATPreRECVORIGDSTADDR struct{ containerCase }
+var _ TestCase = (*NATPreRECVORIGDSTADDR)(nil)
+
// Name implements TestCase.Name.
-func (NATPreRECVORIGDSTADDR) Name() string {
+func (*NATPreRECVORIGDSTADDR) Name() string {
return "NATPreRECVORIGDSTADDR"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATPreRECVORIGDSTADDR) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATPreRECVORIGDSTADDR) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := natTable(ipv6, "-A", "PREROUTING", "-p", "udp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", redirectPort)); err != nil {
return err
}
@@ -669,7 +707,7 @@ func (NATPreRECVORIGDSTADDR) ContainerAction(ctx context.Context, ip net.IP, ipv
}
// LocalAction implements TestCase.LocalAction.
-func (NATPreRECVORIGDSTADDR) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATPreRECVORIGDSTADDR) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
return sendUDPLoop(ctx, ip, acceptPort)
}
@@ -677,13 +715,15 @@ func (NATPreRECVORIGDSTADDR) LocalAction(ctx context.Context, ip net.IP, ipv6 bo
// address on the OUTPUT chain.
type NATOutRECVORIGDSTADDR struct{ containerCase }
+var _ TestCase = (*NATOutRECVORIGDSTADDR)(nil)
+
// Name implements TestCase.Name.
-func (NATOutRECVORIGDSTADDR) Name() string {
+func (*NATOutRECVORIGDSTADDR) Name() string {
return "NATOutRECVORIGDSTADDR"
}
// ContainerAction implements TestCase.ContainerAction.
-func (NATOutRECVORIGDSTADDR) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATOutRECVORIGDSTADDR) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error {
if err := natTable(ipv6, "-A", "OUTPUT", "-p", "udp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", redirectPort)); err != nil {
return err
}
@@ -712,7 +752,7 @@ func (NATOutRECVORIGDSTADDR) ContainerAction(ctx context.Context, ip net.IP, ipv
}
// LocalAction implements TestCase.LocalAction.
-func (NATOutRECVORIGDSTADDR) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
+func (*NATOutRECVORIGDSTADDR) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error {
// No-op.
return nil
}