7 files changed, 129 insertions, 69 deletions
diff --git a/test/packetimpact/runner/BUILD b/test/packetimpact/runner/BUILD
index 0b68a760a..bad4f0183 100644
--- a/test/packetimpact/runner/BUILD
+++ b/test/packetimpact/runner/BUILD
@@ -16,5 +16,6 @@ go_test(
     deps = [
         "//pkg/test/dockerutil",
         "//test/packetimpact/netdevs",
+        "@com_github_docker_docker//api/types/mount:go_default_library",
     ],
 )
diff --git a/test/packetimpact/runner/defs.bzl b/test/packetimpact/runner/defs.bzl
index ea66b9756..77cdfea12 100644
--- a/test/packetimpact/runner/defs.bzl
+++ b/test/packetimpact/runner/defs.bzl
@@ -20,12 +20,12 @@ def _packetimpact_test_impl(ctx):
     ])
     ctx.actions.write(bench, bench_content, is_executable = True)
 
-    transitive_files = depset()
+    transitive_files = []
     if hasattr(ctx.attr._test_runner, "data_runfiles"):
-        transitive_files = depset(ctx.attr._test_runner.data_runfiles.files)
+        transitive_files.append(ctx.attr._test_runner.data_runfiles.files)
     runfiles = ctx.runfiles(
         files = [test_runner] + ctx.files.testbench_binary + ctx.files._posix_server_binary,
-        transitive_files = transitive_files,
+        transitive_files = depset(transitive = transitive_files),
         collect_default = True,
         collect_data = True,
     )
diff --git a/test/packetimpact/runner/packetimpact_test.go b/test/packetimpact/runner/packetimpact_test.go
index c0a2620de..397ca3ba5 100644
--- a/test/packetimpact/runner/packetimpact_test.go
+++ b/test/packetimpact/runner/packetimpact_test.go
@@ -16,6 +16,7 @@
 package packetimpact_test
 
 import (
+	"context"
 	"flag"
 	"fmt"
 	"io/ioutil"
@@ -29,6 +30,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/docker/docker/api/types/mount"
 	"gvisor.dev/gvisor/pkg/test/dockerutil"
 	"gvisor.dev/gvisor/test/packetimpact/netdevs"
 )
@@ -94,15 +96,16 @@ func TestOne(t *testing.T) {
 		}
 	}
 	dockerutil.EnsureSupportedDockerVersion()
+	ctx := context.Background()
 
 	// Create the networks needed for the test. One control network is needed for
 	// the gRPC control packets and one test network on which to transmit the test
 	// packets.
-	ctrlNet := dockerutil.NewDockerNetwork(logger("ctrlNet"))
-	testNet := dockerutil.NewDockerNetwork(logger("testNet"))
-	for _, dn := range []*dockerutil.DockerNetwork{ctrlNet, testNet} {
+	ctrlNet := dockerutil.NewNetwork(ctx, logger("ctrlNet"))
+	testNet := dockerutil.NewNetwork(ctx, logger("testNet"))
+	for _, dn := range []*dockerutil.Network{ctrlNet, testNet} {
 		for {
-			if err := createDockerNetwork(dn); err != nil {
+			if err := createDockerNetwork(ctx, dn); err != nil {
 				t.Log("creating docker network:", err)
 				const wait = 100 * time.Millisecond
 				t.Logf("sleeping %s and will try creating docker network again", wait)
@@ -113,11 +116,19 @@ func TestOne(t *testing.T) {
 			}
 			break
 		}
-		defer func(dn *dockerutil.DockerNetwork) {
-			if err := dn.Cleanup(); err != nil {
+		defer func(dn *dockerutil.Network) {
+			if err := dn.Cleanup(ctx); err != nil {
 				t.Errorf("unable to cleanup container %s: %s", dn.Name, err)
 			}
 		}(dn)
+		// Sanity check.
+		inspect, err := dn.Inspect(ctx)
+		if err != nil {
+			t.Fatalf("failed to inspect network %s: %v", dn.Name, err)
+		} else if inspect.Name != dn.Name {
+			t.Fatalf("name mismatch for network want: %s got: %s", dn.Name, inspect.Name)
+		}
+
 	}
 
 	tmpDir, err := ioutil.TempDir("", "container-output")
@@ -128,42 +139,51 @@ func TestOne(t *testing.T) {
 
 	const testOutputDir = "/tmp/testoutput"
 
-	runOpts := dockerutil.RunOpts{
-		Image:      "packetimpact",
-		CapAdd:     []string{"NET_ADMIN"},
-		Extra:      []string{"--sysctl", "net.ipv6.conf.all.disable_ipv6=0", "--rm", "-v", tmpDir + ":" + testOutputDir},
-		Foreground: true,
-	}
-
 	// Create the Docker container for the DUT.
-	dut := dockerutil.MakeDocker(logger("dut"))
+	dut := dockerutil.MakeContainer(ctx, logger("dut"))
 	if *dutPlatform == "linux" {
 		dut.Runtime = ""
 	}
 
+	runOpts := dockerutil.RunOpts{
+		Image:  "packetimpact",
+		CapAdd: []string{"NET_ADMIN"},
+		Mounts: []mount.Mount{mount.Mount{
+			Type:     mount.TypeBind,
+			Source:   tmpDir,
+			Target:   testOutputDir,
+			ReadOnly: false,
+		}},
+	}
+
 	const containerPosixServerBinary = "/packetimpact/posix_server"
 	dut.CopyFiles(&runOpts, "/packetimpact", "/test/packetimpact/dut/posix_server")
 
-	if err := dut.Create(runOpts, containerPosixServerBinary, "--ip=0.0.0.0", "--port="+ctrlPort); err != nil {
-		t.Fatalf("unable to create container %s: %s", dut.Name, err)
+	conf, hostconf, _ := dut.ConfigsFrom(runOpts, containerPosixServerBinary, "--ip=0.0.0.0", "--port="+ctrlPort)
+	hostconf.AutoRemove = true
+	hostconf.Sysctls = map[string]string{"net.ipv6.conf.all.disable_ipv6": "0"}
+
+	if err := dut.CreateFrom(ctx, conf, hostconf, nil); err != nil {
+		t.Fatalf("unable to create container %s: %v", dut.Name, err)
 	}
-	defer dut.CleanUp()
+
+	defer dut.CleanUp(ctx)
 
 	// Add ctrlNet as eth1 and testNet as eth2.
 	const testNetDev = "eth2"
-	if err := addNetworks(dut, dutAddr, []*dockerutil.DockerNetwork{ctrlNet, testNet}); err != nil {
+	if err := addNetworks(ctx, dut, dutAddr, []*dockerutil.Network{ctrlNet, testNet}); err != nil {
 		t.Fatal(err)
 	}
 
-	if err := dut.Start(); err != nil {
+	if err := dut.Start(ctx); err != nil {
 		t.Fatalf("unable to start container %s: %s", dut.Name, err)
 	}
 
-	if _, err := dut.WaitForOutput("Server listening.*\n", 60*time.Second); err != nil {
+	if _, err := dut.WaitForOutput(ctx, "Server listening.*\n", 60*time.Second); err != nil {
 		t.Fatalf("%s on container %s never listened: %s", containerPosixServerBinary, dut.Name, err)
 	}
 
-	dutTestDevice, dutDeviceInfo, err := deviceByIP(dut, addressInSubnet(dutAddr, *testNet.Subnet))
+	dutTestDevice, dutDeviceInfo, err := deviceByIP(ctx, dut, addressInSubnet(dutAddr, *testNet.Subnet))
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -173,11 +193,11 @@ func TestOne(t *testing.T) {
 	// Netstack as DUT doesn't assign IPv6 addresses automatically so do it if
 	// needed.
 	if remoteIPv6 == nil {
-		if _, err := dut.Exec(dockerutil.RunOpts{}, "ip", "addr", "add", netdevs.MACToIP(remoteMAC).String(), "scope", "link", "dev", dutTestDevice); err != nil {
+		if _, err := dut.Exec(ctx, dockerutil.ExecOpts{}, "ip", "addr", "add", netdevs.MACToIP(remoteMAC).String(), "scope", "link", "dev", dutTestDevice); err != nil {
 			t.Fatalf("unable to ip addr add on container %s: %s", dut.Name, err)
 		}
 		// Now try again, to make sure that it worked.
-		_, dutDeviceInfo, err = deviceByIP(dut, addressInSubnet(dutAddr, *testNet.Subnet))
+		_, dutDeviceInfo, err = deviceByIP(ctx, dut, addressInSubnet(dutAddr, *testNet.Subnet))
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -188,16 +208,20 @@ func TestOne(t *testing.T) {
 	}
 
 	// Create the Docker container for the testbench.
-	testbench := dockerutil.MakeDocker(logger("testbench"))
+	testbench := dockerutil.MakeContainer(ctx, logger("testbench"))
 	testbench.Runtime = "" // The testbench always runs on Linux.
 
 	tbb := path.Base(*testbenchBinary)
 	containerTestbenchBinary := "/packetimpact/" + tbb
 	runOpts = dockerutil.RunOpts{
-		Image:      "packetimpact",
-		CapAdd:     []string{"NET_ADMIN"},
-		Extra:      []string{"--sysctl", "net.ipv6.conf.all.disable_ipv6=0", "--rm", "-v", tmpDir + ":" + testOutputDir},
-		Foreground: true,
+		Image:  "packetimpact",
+		CapAdd: []string{"NET_ADMIN"},
+		Mounts: []mount.Mount{mount.Mount{
+			Type:     mount.TypeBind,
+			Source:   tmpDir,
+			Target:   testOutputDir,
+			ReadOnly: false,
+		}},
 	}
 	testbench.CopyFiles(&runOpts, "/packetimpact", "/test/packetimpact/tests/"+tbb)
 
@@ -227,30 +251,31 @@ func TestOne(t *testing.T) {
 		}
 	}()
 
-	if err := testbench.Create(runOpts, snifferArgs...); err != nil {
+	conf, hostconf, _ = testbench.ConfigsFrom(runOpts, snifferArgs...)
+	hostconf.AutoRemove = true
+	hostconf.Sysctls = map[string]string{"net.ipv6.conf.all.disable_ipv6": "0"}
+
+	if err := testbench.CreateFrom(ctx, conf, hostconf, nil); err != nil {
 		t.Fatalf("unable to create container %s: %s", testbench.Name, err)
 	}
-	defer testbench.CleanUp()
+	defer testbench.CleanUp(ctx)
 
 	// Add ctrlNet as eth1 and testNet as eth2.
-	if err := addNetworks(testbench, testbenchAddr, []*dockerutil.DockerNetwork{ctrlNet, testNet}); err != nil {
+	if err := addNetworks(ctx, testbench, testbenchAddr, []*dockerutil.Network{ctrlNet, testNet}); err != nil {
 		t.Fatal(err)
 	}
 
-	if err := testbench.Start(); err != nil {
+	if err := testbench.Start(ctx); err != nil {
 		t.Fatalf("unable to start container %s: %s", testbench.Name, err)
 	}
 
 	// Kill so that it will flush output.
 	defer func() {
-		// Wait 1 second before killing tcpdump to give it time to flush
-		// any packets.  On linux tests killing it immediately can
-		// sometimes result in partial pcaps.
 		time.Sleep(1 * time.Second)
-		testbench.Exec(dockerutil.RunOpts{}, "killall", snifferArgs[0])
+		testbench.Exec(ctx, dockerutil.ExecOpts{}, "killall", snifferArgs[0])
 	}()
 
-	if _, err := testbench.WaitForOutput(snifferRegex, 60*time.Second); err != nil {
+	if _, err := testbench.WaitForOutput(ctx, snifferRegex, 60*time.Second); err != nil {
 		t.Fatalf("sniffer on %s never listened: %s", dut.Name, err)
 	}
 
@@ -258,8 +283,8 @@ func TestOne(t *testing.T) {
 	// will issue a RST. To prevent this IPtables can be used to filter out all
 	// incoming packets. The raw socket that packetimpact tests use will still see
 	// everything.
-	if _, err := testbench.Exec(dockerutil.RunOpts{}, "iptables", "-A", "INPUT", "-i", testNetDev, "-j", "DROP"); err != nil {
-		t.Fatalf("unable to Exec iptables on container %s: %s", testbench.Name, err)
+	if logs, err := testbench.Exec(ctx, dockerutil.ExecOpts{}, "iptables", "-A", "INPUT", "-i", testNetDev, "-j", "DROP"); err != nil {
+		t.Fatalf("unable to Exec iptables on container %s: %s, logs from testbench:\n%s", testbench.Name, err, logs)
 	}
 
 	// FIXME(b/156449515): Some piece of the system has a race. The old
@@ -282,20 +307,20 @@ func TestOne(t *testing.T) {
 		"--device", testNetDev,
 		"--dut_type", *dutPlatform,
 	)
-	_, err = testbench.Exec(dockerutil.RunOpts{}, testArgs...)
+	logs, err := testbench.Exec(ctx, dockerutil.ExecOpts{}, testArgs...)
 	if !*expectFailure && err != nil {
-		t.Fatal("test failed:", err)
+		t.Fatalf("test failed: %v, logs from testbench:\n%s", err, logs)
 	}
 	if *expectFailure && err == nil {
-		t.Fatal("test failure expected but the test succeeded, enable the test and mark the corresponding bug as fixed")
+		t.Fatalf("test failure expected but the test succeeded, enable the test and mark the corresponding bug as fixed, logs from testbench:\n%s", logs)
 	}
 }
 
-func addNetworks(d *dockerutil.Docker, addr net.IP, networks []*dockerutil.DockerNetwork) error {
+func addNetworks(ctx context.Context, d *dockerutil.Container, addr net.IP, networks []*dockerutil.Network) error {
 	for _, dn := range networks {
 		ip := addressInSubnet(addr, *dn.Subnet)
 		// Connect to the network with the specified IP address.
-		if err := dn.Connect(d, "--ip", ip.String()); err != nil {
+		if err := dn.Connect(ctx, d, ip.String(), ""); err != nil {
 			return fmt.Errorf("unable to connect container %s to network %s: %w", d.Name, dn.Name, err)
 		}
 	}
@@ -313,9 +338,9 @@ func addressInSubnet(addr net.IP, subnet net.IPNet) net.IP {
 	return net.IP(octets)
 }
 
-// makeDockerNetwork makes a randomly-named network that will start with the
+// createDockerNetwork makes a randomly-named network that will start with the
 // namePrefix. The network will be a random /24 subnet.
-func createDockerNetwork(n *dockerutil.DockerNetwork) error {
+func createDockerNetwork(ctx context.Context, n *dockerutil.Network) error {
 	randSource := rand.NewSource(time.Now().UnixNano())
 	r1 := rand.New(randSource)
 	// Class C, 192.0.0.0 to 223.255.255.255, transitionally has mask 24.
@@ -324,12 +349,12 @@ func createDockerNetwork(n *dockerutil.DockerNetwork) error {
 		IP:   ip,
 		Mask: ip.DefaultMask(),
 	}
-	return n.Create()
+	return n.Create(ctx)
 }
 
 // deviceByIP finds a deviceInfo and device name from an IP address.
-func deviceByIP(d *dockerutil.Docker, ip net.IP) (string, netdevs.DeviceInfo, error) {
-	out, err := d.Exec(dockerutil.RunOpts{}, "ip", "addr", "show")
+func deviceByIP(ctx context.Context, d *dockerutil.Container, ip net.IP) (string, netdevs.DeviceInfo, error) {
+	out, err := d.Exec(ctx, dockerutil.ExecOpts{}, "ip", "addr", "show")
 	if err != nil {
 		return "", netdevs.DeviceInfo{}, fmt.Errorf("listing devices on %s container: %w", d.Name, err)
 	}
diff --git a/test/packetimpact/testbench/testbench.go b/test/packetimpact/testbench/testbench.go
index d64f32a5b..6530036a8 100644
--- a/test/packetimpact/testbench/testbench.go
+++ b/test/packetimpact/testbench/testbench.go
@@ -31,23 +31,30 @@ var (
 	DUTType = ""
 	// Device is the local device on the test network.
 	Device = ""
+
 	// LocalIPv4 is the local IPv4 address on the test network.
 	LocalIPv4 = ""
+	// RemoteIPv4 is the DUT's IPv4 address on the test network.
+	RemoteIPv4 = ""
+	// IPv4PrefixLength is the network prefix length of the IPv4 test network.
+	IPv4PrefixLength = 0
+
 	// LocalIPv6 is the local IPv6 address on the test network.
 	LocalIPv6 = ""
+	// RemoteIPv6 is the DUT's IPv6 address on the test network.
+	RemoteIPv6 = ""
+
 	// LocalMAC is the local MAC address on the test network.
 	LocalMAC = ""
+	// RemoteMAC is the DUT's MAC address on the test network.
+	RemoteMAC = ""
+
 	// POSIXServerIP is the POSIX server's IP address on the control network.
 	POSIXServerIP = ""
 	// POSIXServerPort is the UDP port the POSIX server is bound to on the
 	// control network.
 	POSIXServerPort = 40000
-	// RemoteIPv4 is the DUT's IPv4 address on the test network.
-	RemoteIPv4 = ""
-	// RemoteIPv6 is the DUT's IPv6 address on the test network.
-	RemoteIPv6 = ""
-	// RemoteMAC is the DUT's MAC address on the test network.
-	RemoteMAC = ""
+
 	// RPCKeepalive is the gRPC keepalive.
 	RPCKeepalive = 10 * time.Second
 	// RPCTimeout is the gRPC timeout.
@@ -91,6 +98,12 @@ func genPseudoFlags() error {
 	LocalMAC = deviceInfo.MAC.String()
 	LocalIPv6 = deviceInfo.IPv6Addr.String()
 
+	if deviceInfo.IPv4Net != nil {
+		IPv4PrefixLength, _ = deviceInfo.IPv4Net.Mask.Size()
+	} else {
+		IPv4PrefixLength, _ = net.ParseIP(LocalIPv4).DefaultMask().Size()
+	}
+
 	return nil
 }
 
diff --git a/test/packetimpact/tests/BUILD b/test/packetimpact/tests/BUILD
index 85749c559..3f538b5c6 100644
--- a/test/packetimpact/tests/BUILD
+++ b/test/packetimpact/tests/BUILD
@@ -18,8 +18,6 @@ packetimpact_go_test(
 packetimpact_go_test(
     name = "ipv4_id_uniqueness",
     srcs = ["ipv4_id_uniqueness_test.go"],
-    # TODO(b/157506701) Fix netstack then remove the line below.
-    expect_netstack_failure = True,
     deps = [
         "//pkg/abi/linux",
         "//pkg/tcpip/header",
@@ -29,8 +27,8 @@ packetimpact_go_test(
 )
 
 packetimpact_go_test(
-    name = "udp_recv_multicast",
-    srcs = ["udp_recv_multicast_test.go"],
+    name = "udp_recv_mcast_bcast",
+    srcs = ["udp_recv_mcast_bcast_test.go"],
     # TODO(b/152813495): Fix netstack then remove the line below.
     expect_netstack_failure = True,
     deps = [
diff --git a/test/packetimpact/tests/tcp_zero_window_probe_retransmit_test.go b/test/packetimpact/tests/tcp_zero_window_probe_retransmit_test.go
index 5ab193181..8c89d57c9 100644
--- a/test/packetimpact/tests/tcp_zero_window_probe_retransmit_test.go
+++ b/test/packetimpact/tests/tcp_zero_window_probe_retransmit_test.go
@@ -88,8 +88,8 @@ func TestZeroWindowProbeRetransmit(t *testing.T) {
 			continue
 		}
 		// Check if the probes came at exponentially increasing intervals.
-		if p := time.Since(start); p < current-startProbeDuration {
-			t.Fatalf("zero probe came sooner interval %d probe %d\n", p, i)
+		if got, want := time.Since(start), current-startProbeDuration; got < want {
+			t.Errorf("got zero probe %d after %s, want >= %s", i, got, want)
 		}
 		// Acknowledge the zero-window probes from the dut.
 		conn.Send(testbench.TCP{AckNum: ackProbe, Flags: testbench.Uint8(header.TCPFlagAck), WindowSize: testbench.Uint16(0)})
diff --git a/test/packetimpact/tests/udp_recv_multicast_test.go b/test/packetimpact/tests/udp_recv_mcast_bcast_test.go
index 77a9bfa1d..263a54291 100644
--- a/test/packetimpact/tests/udp_recv_multicast_test.go
+++ b/test/packetimpact/tests/udp_recv_mcast_bcast_test.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package udp_recv_multicast_test
+package udp_recv_mcast_bcast_test
 
 import (
 	"flag"
@@ -28,13 +28,36 @@ func init() {
 	testbench.RegisterFlags(flag.CommandLine)
 }
 
-func TestUDPRecvMulticast(t *testing.T) {
+func TestUDPRecvMulticastBroadcast(t *testing.T) {
 	dut := testbench.NewDUT(t)
 	defer dut.TearDown()
-	boundFD, remotePort := dut.CreateBoundSocket(unix.SOCK_DGRAM, unix.IPPROTO_UDP, net.ParseIP("0.0.0.0"))
+	boundFD, remotePort := dut.CreateBoundSocket(unix.SOCK_DGRAM, unix.IPPROTO_UDP, net.IPv4(0, 0, 0, 0))
 	defer dut.Close(boundFD)
 	conn := testbench.NewUDPIPv4(t, testbench.UDP{DstPort: &remotePort}, testbench.UDP{SrcPort: &remotePort})
 	defer conn.Close()
-	conn.SendIP(testbench.IPv4{DstAddr: testbench.Address(tcpip.Address(net.ParseIP("224.0.0.1").To4()))}, testbench.UDP{})
-	dut.Recv(boundFD, 100, 0)
+
+	for _, bcastAddr := range []net.IP{
+		broadcastAddr(net.ParseIP(testbench.RemoteIPv4), net.CIDRMask(testbench.IPv4PrefixLength, 32)),
+		net.IPv4(255, 255, 255, 255),
+		net.IPv4(224, 0, 0, 1),
+	} {
+		payload := testbench.GenerateRandomPayload(t, 1<<10)
+		conn.SendIP(
+			testbench.IPv4{DstAddr: testbench.Address(tcpip.Address(bcastAddr.To4()))},
+			testbench.UDP{},
+			&testbench.Payload{Bytes: payload},
+		)
+		t.Logf("Receiving packet sent to address: %s", bcastAddr)
+		if got, want := string(dut.Recv(boundFD, int32(len(payload)), 0)), string(payload); got != want {
+			t.Errorf("received payload does not match sent payload got: %s, want: %s", got, want)
+		}
+	}
+}
+
+func broadcastAddr(ip net.IP, mask net.IPMask) net.IP {
+	ip4 := ip.To4()
+	for i := range ip4 {
+		ip4[i] |= ^mask[i]
+	}
+	return ip4
 }