summaryrefslogtreecommitdiffhomepage
path: root/test/iptables
AgeCommit message (Collapse)Author
2020-03-18Merge pull request #2187 from kevinGC:deflake-connectTCPgVisor bot
PiperOrigin-RevId: 301716568
2020-03-18iptables: deflake DropTCP*Port testsKevin Krakauer
These tests could timeout because net.DialTCP didn't respect the timeout.
2020-03-18iptables: skip tests for not-yet-supported featuresKevin Krakauer
PiperOrigin-RevId: 301686266
2020-03-18Automated rollback of changelist 301476456Kevin Krakauer
PiperOrigin-RevId: 301650898
2020-03-17iptables: fix type in script name, mark some new tests as skippedKevin Krakauer
PiperOrigin-RevId: 301476456
2020-03-16Merge pull request #1943 from kevinGC:ipt-filter-ipgVisor bot
PiperOrigin-RevId: 301197007
2020-03-11iptables: ready tests to be enabled in kokoroKevin Krakauer
Fixed flakes (tested via --runs_per_test=100) and added skips for not-yet-implemented features. Once submitted, the iptables tests will be ready to enable in kokoro.
2020-02-26iptables: filter by IP address (and range)Kevin Krakauer
Enables commands such as: $ iptables -A INPUT -d 127.0.0.1 -j ACCEPT $ iptables -t nat -A PREROUTING ! -d 127.0.0.1 -j REDIRECT Also adds a bunch of REDIRECT+destination tests.
2020-02-25Merge branch 'master' into iptablesnybidari
2020-02-25Add nat table support for iptables.Nayana Bidari
- commit the changes for the comments.
2020-02-18iptables: use "-t nat" for NAT testsgVisor bot
PiperOrigin-RevId: 295835807
2020-02-18Merge pull request #1850 from kevinGC:jump2gVisor bot
PiperOrigin-RevId: 295785052
2020-02-18Add nat table support for iptables.Nayana Bidari
Add nat table support for Prerouting hook with Redirect option. Add tests to check redirect of ports.
2020-02-13We can now create and jump in iptables. For example:Kevin Krakauer
$ iptables -N foochain $ iptables -A INPUT -j foochain
2020-02-12iptables: User chainsKevin Krakauer
- Adds creation of user chains via `-N <chainname>` - Adds `-j RETURN` support for built-in chains, which triggers the chain's underflow rule (usually the default policy). - Adds tests for chain creation, default policies, and `-j RETURN' from built-in chains.
2020-02-10iptables: add instructions for runsc building.Kevin Krakauer
The readme didn't mention that users need to: - `bazel build` when working on iptables tests - enable raw sockets in /etc/docker/daemon.json. PiperOrigin-RevId: 294260169
2020-02-06Fix `bazel run` target in docs.Kevin Krakauer
PiperOrigin-RevId: 293676954
2020-02-04Merge pull request #1683 from kevinGC:ipt-udp-matchersgVisor bot
PiperOrigin-RevId: 293243342
2020-01-29Fix iptables tests that were broken by rename.Kevin Krakauer
The name of the runner binary target changed from "runner" to "runner-image", causing iptables tests to fail. PiperOrigin-RevId: 292242263
2020-01-27Cleanup for GH review.Kevin Krakauer
2020-01-27Standardize on tools directory.Adin Scannell
PiperOrigin-RevId: 291745021
2020-01-24Merge branch 'master' into ipt-udp-matchersKevin Krakauer
2020-01-23Merge pull request #1617 from kevinGC:iptables-write-filter-protogVisor bot
PiperOrigin-RevId: 291249314
2020-01-21Add UDP matchers.Kevin Krakauer
2020-01-21More little fixes.Kevin Krakauer
2020-01-21Fixing stuffKevin Krakauer
2020-01-21Merge branch 'master' into iptables-write-filter-protoKevin Krakauer
2020-01-21Merge pull request #1558 from kevinGC:iptables-write-input-dropgVisor bot
PiperOrigin-RevId: 290793754
2020-01-17Merge pull request #1541 from nybidari:iptablesgVisor bot
PiperOrigin-RevId: 290273561
2020-01-13Merge branch 'iptables-write-input-drop' into iptables-write-filter-protoKevin Krakauer
2020-01-13Merge branch 'master' into iptables-write-input-dropKevin Krakauer
2020-01-13Add test for iptables TCP ruleNayana Bidari
Added tests for tcp protocol with input and output rules including options sport and dport Increased timeout in iptables_test as TCP tests were timing out with existing value.
2020-01-10Add tests for redirect portNayana Bidari
Fix indentation and change function names.
2020-01-09Add test for redirect portNayana Bidari
Fix the indentation and print statements. Moved the NAT redirect tests to new file. Added negative test to check redirect rule on ports other than redirected port.
2020-01-09Added a test that we don't pass yetKevin Krakauer
2020-01-09Add test to check iptables redirect port ruleNayana Bidari
2020-01-08Working on filtering by protocol.Kevin Krakauer
2020-01-08Built dead-simple traversal, but now getting depedency cycle error :'(Kevin Krakauer
2020-01-08Added test for unconditional DROP on the filter INPUT chainKevin Krakauer
2020-01-08NewlineKevin Krakauer
2020-01-08Revert filter_input changeKevin Krakauer
2020-01-08Minor fixes to comments and loggingKevin Krakauer
2020-01-08Write simple ACCEPT rules to the filter table.Kevin Krakauer
This gets us closer to passing the iptables tests and opens up iptables so it can be worked on by multiple people. A few restrictions are enforced for security (i.e. we don't want to let users write a bunch of iptables rules and then just not enforce them): - Only the filter table is writable. - Only ACCEPT rules with no matching criteria can be added.
2020-01-06Fix readme formatting.Kevin Krakauer
PiperOrigin-RevId: 288402480
2019-12-17Internal change.Kevin Krakauer
PiperOrigin-RevId: 286083614
2019-12-12Add iptables testing framework.Kevin Krakauer
It would be preferrable to test iptables via syscall tests, but there are some problems with that approach: * We're limited to loopback-only, as syscall tests involve only a single container. Other link interfaces (e.g. fdbased) should be tested. * We'd have to shell out to call iptables anyways, as the iptables syscall interface itself is too large and complex to work with alone. * Running the Linux/native version of the syscall test will require root, which is a pain to configure, is inherently unsafe, and could leave host iptables misconfigured. Using the go_test target allows there to be no new test runner. PiperOrigin-RevId: 285274275
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 20:11:18 +0000