diff options
Diffstat (limited to 'test/iptables')
| -rw-r--r-- | test/iptables/filter_input.go | 1 | ||||
| -rw-r--r-- | test/iptables/filter_output.go | 2 | ||||
| -rw-r--r-- | test/iptables/iptables_test.go | 4 | ||||
| -rw-r--r-- | test/iptables/nat.go | 30 |
4 files changed, 21 insertions, 16 deletions
diff --git a/test/iptables/filter_input.go b/test/iptables/filter_input.go index b45d448b8..37a1a6694 100644 --- a/test/iptables/filter_input.go +++ b/test/iptables/filter_input.go @@ -328,6 +328,7 @@ func (FilterInputRequireProtocolUDP) ContainerAction(ctx context.Context, ip net return nil } +// LocalAction implements TestCase.LocalAction. func (FilterInputRequireProtocolUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { // No-op. return nil diff --git a/test/iptables/filter_output.go b/test/iptables/filter_output.go index d3e5efd4f..f4af45e96 100644 --- a/test/iptables/filter_output.go +++ b/test/iptables/filter_output.go @@ -248,7 +248,7 @@ func (FilterOutputOwnerFail) Name() string { // ContainerAction implements TestCase.ContainerAction. func (FilterOutputOwnerFail) ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error { if err := filterTable(ipv6, "-A", "OUTPUT", "-p", "udp", "-m", "owner", "-j", "ACCEPT"); err == nil { - return fmt.Errorf("Invalid argument") + return fmt.Errorf("invalid argument") } return nil diff --git a/test/iptables/iptables_test.go b/test/iptables/iptables_test.go index 834f7615f..4733146c0 100644 --- a/test/iptables/iptables_test.go +++ b/test/iptables/iptables_test.go @@ -89,6 +89,10 @@ func iptablesTest(t *testing.T, test TestCase, ipv6 bool) { // Get the container IP. ip, err := d.FindIP(ctx, ipv6) if err != nil { + // If ipv6 is not configured, don't fail. + if ipv6 && err == dockerutil.ErrNoIP { + t.Skipf("No ipv6 address is available.") + } t.Fatalf("failed to get container IP: %v", err) } diff --git a/test/iptables/nat.go b/test/iptables/nat.go index b98d99fb8..495241482 100644 --- a/test/iptables/nat.go +++ b/test/iptables/nat.go @@ -621,24 +621,24 @@ func listenForRedirectedConn(ctx context.Context, ipv6 bool, originalDsts []net. } } return fmt.Errorf("SO_ORIGINAL_DST returned %+v, but wanted one of %+v (note: port numbers are in network byte order)", got, originalDsts) - } else { - got, err := originalDestination4(connFD) - if err != nil { - return err + } + + got, err := originalDestination4(connFD) + if err != nil { + return err + } + // The original destination could be any of our IPs. + for _, dst := range originalDsts { + want := syscall.RawSockaddrInet4{ + Family: syscall.AF_INET, + Port: htons(dropPort), } - // The original destination could be any of our IPs. - for _, dst := range originalDsts { - want := syscall.RawSockaddrInet4{ - Family: syscall.AF_INET, - Port: htons(dropPort), - } - copy(want.Addr[:], dst.To4()) - if got == want { - return nil - } + copy(want.Addr[:], dst.To4()) + if got == want { + return nil } - return fmt.Errorf("SO_ORIGINAL_DST returned %+v, but wanted one of %+v (note: port numbers are in network byte order)", got, originalDsts) } + return fmt.Errorf("SO_ORIGINAL_DST returned %+v, but wanted one of %+v (note: port numbers are in network byte order)", got, originalDsts) } // loopbackTests runs an iptables rule and ensures that packets sent to |