From 6cc8e2d814f99439e01c308e16f6631d75578ec0 Mon Sep 17 00:00:00 2001 From: Nayana Bidari Date: Thu, 9 Jan 2020 10:03:22 -0800 Subject: Add test to check iptables redirect port rule --- test/iptables/filter_input.go | 28 ++++++++++++++++++++++++++++ test/iptables/iptables_test.go | 7 +++++++ 2 files changed, 35 insertions(+) (limited to 'test/iptables') diff --git a/test/iptables/filter_input.go b/test/iptables/filter_input.go index 923f44e68..41bb85369 100644 --- a/test/iptables/filter_input.go +++ b/test/iptables/filter_input.go @@ -23,6 +23,7 @@ import ( const ( dropPort = 2401 acceptPort = 2402 + redirectPort = 42 sendloopDuration = 2 * time.Second network = "udp4" ) @@ -31,6 +32,7 @@ func init() { RegisterTestCase(FilterInputDropUDP{}) RegisterTestCase(FilterInputDropUDPPort{}) RegisterTestCase(FilterInputDropDifferentUDPPort{}) + RegisterTestCase(FilterInputRedirectUDPPort{}) } // FilterInputDropUDP tests that we can drop UDP traffic. @@ -122,3 +124,29 @@ func (FilterInputDropDifferentUDPPort) ContainerAction(ip net.IP) error { func (FilterInputDropDifferentUDPPort) LocalAction(ip net.IP) error { return sendUDPLoop(ip, acceptPort, sendloopDuration) } + +// FilterInputRedirectUDPPort tests that packets are redirected to different port. +type FilterInputRedirectUDPPort struct{} + +// Name implements TestCase.Name. +func (FilterInputRedirectUDPPort) Name() string { + return "FilterInputRedirectUDPPort" +} + +// ContainerAction implements TestCase.ContainerAction. +func (FilterInputRedirectUDPPort) ContainerAction(ip net.IP) error { + if err := filterTable("-t", "nat", "-A", "PREROUTING", "-p", "udp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", redirectPort)); err != nil { + return err + } + + if err := listenUDP(redirectPort, sendloopDuration); err != nil { + return fmt.Errorf("packets on port %d should be allowed, but encountered an error: %v", acceptPort, redirectPort, err) + } + + return nil +} + +// LocalAction implements TestCase.LocalAction. +func (FilterInputRedirectUDPPort) LocalAction(ip net.IP) error { + return sendUDPLoop(ip, acceptPort, sendloopDuration) +} diff --git a/test/iptables/iptables_test.go b/test/iptables/iptables_test.go index bfbf1bb87..d57ddc0fe 100644 --- a/test/iptables/iptables_test.go +++ b/test/iptables/iptables_test.go @@ -177,3 +177,10 @@ func TestFilterInputDropDifferentUDPPort(t *testing.T) { t.Fatal(err) } } + +func TestFilterInputRedirectUDPPort(t *testing.T) { + if err := singleTest(FilterInputRedirectUDPPort{}); err != nil { + t.Fatal(err) + } +} + -- cgit v1.2.3 From 04abc9cf558930472605bf740a4333d6fafe5930 Mon Sep 17 00:00:00 2001 From: Nayana Bidari Date: Thu, 9 Jan 2020 15:38:28 -0800 Subject: Add test for redirect port Fix the indentation and print statements. Moved the NAT redirect tests to new file. Added negative test to check redirect rule on ports other than redirected port. --- test/iptables/BUILD | 1 + test/iptables/filter_input.go | 28 -------------- test/iptables/iptables_test.go | 9 ++++- test/iptables/nat.go | 83 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 91 insertions(+), 30 deletions(-) create mode 100644 test/iptables/nat.go (limited to 'test/iptables') diff --git a/test/iptables/BUILD b/test/iptables/BUILD index fa833c3b2..68eed721e 100644 --- a/test/iptables/BUILD +++ b/test/iptables/BUILD @@ -8,6 +8,7 @@ go_library( "filter_input.go", "iptables.go", "iptables_util.go", + "nat.go", ], importpath = "gvisor.dev/gvisor/test/iptables", visibility = ["//test/iptables:__subpackages__"], diff --git a/test/iptables/filter_input.go b/test/iptables/filter_input.go index 41bb85369..923f44e68 100644 --- a/test/iptables/filter_input.go +++ b/test/iptables/filter_input.go @@ -23,7 +23,6 @@ import ( const ( dropPort = 2401 acceptPort = 2402 - redirectPort = 42 sendloopDuration = 2 * time.Second network = "udp4" ) @@ -32,7 +31,6 @@ func init() { RegisterTestCase(FilterInputDropUDP{}) RegisterTestCase(FilterInputDropUDPPort{}) RegisterTestCase(FilterInputDropDifferentUDPPort{}) - RegisterTestCase(FilterInputRedirectUDPPort{}) } // FilterInputDropUDP tests that we can drop UDP traffic. @@ -124,29 +122,3 @@ func (FilterInputDropDifferentUDPPort) ContainerAction(ip net.IP) error { func (FilterInputDropDifferentUDPPort) LocalAction(ip net.IP) error { return sendUDPLoop(ip, acceptPort, sendloopDuration) } - -// FilterInputRedirectUDPPort tests that packets are redirected to different port. -type FilterInputRedirectUDPPort struct{} - -// Name implements TestCase.Name. -func (FilterInputRedirectUDPPort) Name() string { - return "FilterInputRedirectUDPPort" -} - -// ContainerAction implements TestCase.ContainerAction. -func (FilterInputRedirectUDPPort) ContainerAction(ip net.IP) error { - if err := filterTable("-t", "nat", "-A", "PREROUTING", "-p", "udp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", redirectPort)); err != nil { - return err - } - - if err := listenUDP(redirectPort, sendloopDuration); err != nil { - return fmt.Errorf("packets on port %d should be allowed, but encountered an error: %v", acceptPort, redirectPort, err) - } - - return nil -} - -// LocalAction implements TestCase.LocalAction. -func (FilterInputRedirectUDPPort) LocalAction(ip net.IP) error { - return sendUDPLoop(ip, acceptPort, sendloopDuration) -} diff --git a/test/iptables/iptables_test.go b/test/iptables/iptables_test.go index d57ddc0fe..fce9247aa 100644 --- a/test/iptables/iptables_test.go +++ b/test/iptables/iptables_test.go @@ -178,9 +178,14 @@ func TestFilterInputDropDifferentUDPPort(t *testing.T) { } } -func TestFilterInputRedirectUDPPort(t *testing.T) { - if err := singleTest(FilterInputRedirectUDPPort{}); err != nil { +func TestFilterNATRedirectUDPPort(t *testing.T) { + if err := singleTest(FilterNATRedirectUDPPort{}); err != nil { t.Fatal(err) } } +func TestFilterNATDropUDP(t *testing.T) { + if err := singleTest(FilterNATDropUDP{}); err != nil { + t.Fatal(err) + } +} diff --git a/test/iptables/nat.go b/test/iptables/nat.go new file mode 100644 index 000000000..6deabf217 --- /dev/null +++ b/test/iptables/nat.go @@ -0,0 +1,83 @@ +// Copyright 2019 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package iptables + +import ( + "fmt" + "net" +) + +const ( + redirectPort = 42 +) + +func init() { + RegisterTestCase(FilterNATRedirectUDPPort{}) + RegisterTestCase(FilterNATDropUDP{}) +} + +// FilterInputRedirectUDPPort tests that packets are redirected to different port. +type FilterNATRedirectUDPPort struct{} + +// Name implements TestCase.Name. +func (FilterNATRedirectUDPPort) Name() string { + return "FilterNATRedirectUDPPort" +} + +// ContainerAction implements TestCase.ContainerAction. +func (FilterNATRedirectUDPPort) ContainerAction(ip net.IP) error { + if err := filterTable("-t", "nat", "-A", "PREROUTING", "-p", "udp", "-j", "REDIRECT", "--to-ports", + fmt.Sprintf("%d", redirectPort)); err != nil { + return err + } + + if err := listenUDP(redirectPort, sendloopDuration); err != nil { + return fmt.Errorf("packets on port %d should be allowed, but encountered an error: %v", redirectPort, err) + } + + return nil +} + +// LocalAction implements TestCase.LocalAction. +func (FilterNATRedirectUDPPort) LocalAction(ip net.IP) error { + return sendUDPLoop(ip, acceptPort, sendloopDuration) +} + +// FilterNATDropUDP tests that packets are not received in ports other than redirect port. +type FilterNATDropUDP struct{} + +// Name implements TestCase.Name. +func (FilterNATDropUDP) Name() string { + return "FilterNATDropUDP" +} + +// ContainerAction implements TestCase.ContainerAction. +func (FilterNATDropUDP) ContainerAction(ip net.IP) error { + if err := filterTable("-t", "nat", "-A", "PREROUTING", "-p", "udp", "-j", "REDIRECT", "--to-ports", + fmt.Sprintf("%d", redirectPort)); err != nil { + return err + } + + if err := listenUDP(acceptPort, sendloopDuration); err == nil { + return fmt.Errorf("packets on port %d should have been redirected to port %d", acceptPort, redirectPort) + } + + return nil +} + +// LocalAction implements TestCase.LocalAction. +func (FilterNATDropUDP) LocalAction(ip net.IP) error { + return sendUDPLoop(ip, acceptPort, sendloopDuration) +} -- cgit v1.2.3 From 9aeb053bbaf834aab5b716b8645996943262b525 Mon Sep 17 00:00:00 2001 From: Nayana Bidari Date: Fri, 10 Jan 2020 09:05:25 -0800 Subject: Add tests for redirect port Fix indentation and change function names. --- test/iptables/iptables_test.go | 10 +++++----- test/iptables/nat.go | 45 +++++++++++++++++++++--------------------- 2 files changed, 27 insertions(+), 28 deletions(-) (limited to 'test/iptables') diff --git a/test/iptables/iptables_test.go b/test/iptables/iptables_test.go index fce9247aa..05f27569f 100644 --- a/test/iptables/iptables_test.go +++ b/test/iptables/iptables_test.go @@ -178,14 +178,14 @@ func TestFilterInputDropDifferentUDPPort(t *testing.T) { } } -func TestFilterNATRedirectUDPPort(t *testing.T) { - if err := singleTest(FilterNATRedirectUDPPort{}); err != nil { +func TestNATRedirectUDPPort(t *testing.T) { + if err := singleTest(NATRedirectUDPPort{}); err != nil { t.Fatal(err) } } -func TestFilterNATDropUDP(t *testing.T) { - if err := singleTest(FilterNATDropUDP{}); err != nil { - t.Fatal(err) +func TestNATDropUDP(t *testing.T) { + if err := singleTest(NATDropUDP{}); err != nil { + t.Fatal(err) } } diff --git a/test/iptables/nat.go b/test/iptables/nat.go index 6deabf217..72c413af2 100644 --- a/test/iptables/nat.go +++ b/test/iptables/nat.go @@ -1,4 +1,4 @@ -// Copyright 2019 The gVisor Authors. +// Copyright 2020 The gVisor Authors. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -15,56 +15,55 @@ package iptables import ( - "fmt" - "net" + "fmt" + "net" ) const ( - redirectPort = 42 + redirectPort = 42 ) func init() { - RegisterTestCase(FilterNATRedirectUDPPort{}) - RegisterTestCase(FilterNATDropUDP{}) + RegisterTestCase(NATRedirectUDPPort{}) + RegisterTestCase(NATDropUDP{}) } -// FilterInputRedirectUDPPort tests that packets are redirected to different port. -type FilterNATRedirectUDPPort struct{} +// InputRedirectUDPPort tests that packets are redirected to different port. +type NATRedirectUDPPort struct{} // Name implements TestCase.Name. -func (FilterNATRedirectUDPPort) Name() string { - return "FilterNATRedirectUDPPort" +func (NATRedirectUDPPort) Name() string { + return "NATRedirectUDPPort" } // ContainerAction implements TestCase.ContainerAction. -func (FilterNATRedirectUDPPort) ContainerAction(ip net.IP) error { - if err := filterTable("-t", "nat", "-A", "PREROUTING", "-p", "udp", "-j", "REDIRECT", "--to-ports", +func (NATRedirectUDPPort) ContainerAction(ip net.IP) error { + if err := filterTable("-t", "nat", "-A", "PREROUTING", "-p", "udp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", redirectPort)); err != nil { return err } if err := listenUDP(redirectPort, sendloopDuration); err != nil { - return fmt.Errorf("packets on port %d should be allowed, but encountered an error: %v", redirectPort, err) + return fmt.Errorf("packets on port %d should be allowed, but encountered an error: %v", redirectPort, err) } - return nil } // LocalAction implements TestCase.LocalAction. -func (FilterNATRedirectUDPPort) LocalAction(ip net.IP) error { - return sendUDPLoop(ip, acceptPort, sendloopDuration) +func (NATRedirectUDPPort) LocalAction(ip net.IP) error { + return sendUDPLoop(ip, acceptPort, sendloopDuration) } -// FilterNATDropUDP tests that packets are not received in ports other than redirect port. -type FilterNATDropUDP struct{} +// NATDropUDP tests that packets are not received in ports other than redirect port. +type NATDropUDP struct{} // Name implements TestCase.Name. -func (FilterNATDropUDP) Name() string { - return "FilterNATDropUDP" +func (NATDropUDP) Name() string { + return "NATDropUDP" } // ContainerAction implements TestCase.ContainerAction. -func (FilterNATDropUDP) ContainerAction(ip net.IP) error { +func (NATDropUDP) ContainerAction(ip net.IP) error { if err := filterTable("-t", "nat", "-A", "PREROUTING", "-p", "udp", "-j", "REDIRECT", "--to-ports", fmt.Sprintf("%d", redirectPort)); err != nil { return err @@ -78,6 +77,6 @@ func (FilterNATDropUDP) ContainerAction(ip net.IP) error { } // LocalAction implements TestCase.LocalAction. -func (FilterNATDropUDP) LocalAction(ip net.IP) error { - return sendUDPLoop(ip, acceptPort, sendloopDuration) +func (NATDropUDP) LocalAction(ip net.IP) error { + return sendUDPLoop(ip, acceptPort, sendloopDuration) } -- cgit v1.2.3 From 98327a94cce7597589ac22b8557c5d9a2a03464d Mon Sep 17 00:00:00 2001 From: Nayana Bidari Date: Mon, 13 Jan 2020 09:11:40 -0800 Subject: Add test for iptables TCP rule Added tests for tcp protocol with input and output rules including options sport and dport Increased timeout in iptables_test as TCP tests were timing out with existing value. --- test/iptables/BUILD | 1 + test/iptables/filter_input.go | 66 +++++++++++++++++++++++++++++++ test/iptables/filter_output.go | 89 ++++++++++++++++++++++++++++++++++++++++++ test/iptables/iptables_test.go | 26 +++++++++++- test/iptables/iptables_util.go | 55 ++++++++++++++++++++++++++ 5 files changed, 236 insertions(+), 1 deletion(-) create mode 100644 test/iptables/filter_output.go (limited to 'test/iptables') diff --git a/test/iptables/BUILD b/test/iptables/BUILD index 68eed721e..372ba7abf 100644 --- a/test/iptables/BUILD +++ b/test/iptables/BUILD @@ -6,6 +6,7 @@ go_library( name = "iptables", srcs = [ "filter_input.go", + "filter_output.go", "iptables.go", "iptables_util.go", "nat.go", diff --git a/test/iptables/filter_input.go b/test/iptables/filter_input.go index 923f44e68..1c04601df 100644 --- a/test/iptables/filter_input.go +++ b/test/iptables/filter_input.go @@ -31,6 +31,8 @@ func init() { RegisterTestCase(FilterInputDropUDP{}) RegisterTestCase(FilterInputDropUDPPort{}) RegisterTestCase(FilterInputDropDifferentUDPPort{}) + RegisterTestCase(FilterInputDropTCPDestPort{}) + RegisterTestCase(FilterInputDropTCPSrcPort{}) } // FilterInputDropUDP tests that we can drop UDP traffic. @@ -122,3 +124,67 @@ func (FilterInputDropDifferentUDPPort) ContainerAction(ip net.IP) error { func (FilterInputDropDifferentUDPPort) LocalAction(ip net.IP) error { return sendUDPLoop(ip, acceptPort, sendloopDuration) } + +// FilterInputDropTCP tests that connections are not accepted on specified source ports. +type FilterInputDropTCPDestPort struct{} + +// Name implements TestCase.Name. +func (FilterInputDropTCPDestPort) Name() string { + return "FilterInputDropTCPDestPort" +} + +// ContainerAction implements TestCase.ContainerAction. +func (FilterInputDropTCPDestPort) ContainerAction(ip net.IP) error { + if err := filterTable("-A", "INPUT", "-p", "tcp", "-m", "tcp", "--dport", + fmt.Sprintf("%d", dropPort), "-j", "DROP"); err != nil { + return err + } + + // Listen for TCP packets on drop port. + if err := listenTCP(dropPort, sendloopDuration); err == nil { + return fmt.Errorf("Connections on port %d should not be accepted, but got accepted", dropPort) + } + + return nil +} + +// LocalAction implements TestCase.LocalAction. +func (FilterInputDropTCPDestPort) LocalAction(ip net.IP) error { + if err := connectTCP(ip, dropPort, acceptPort, sendloopDuration); err == nil { + return fmt.Errorf("Connection destined to port %d should not be accepted, but got accepted", dropPort) + } + + return nil +} + +// FilterInputDropTCPSrcPort tests that connections are not accepted on specified source ports. +type FilterInputDropTCPSrcPort struct{} + +// Name implements TestCase.Name. +func (FilterInputDropTCPSrcPort) Name() string { + return "FilterInputDropTCPSrcPort" +} + +// ContainerAction implements TestCase.ContainerAction. +func (FilterInputDropTCPSrcPort) ContainerAction(ip net.IP) error { + if err := filterTable("-A", "INPUT", "-p", "tcp", "-m", "tcp", "--sport", + fmt.Sprintf("%d", dropPort), "-j", "DROP"); err != nil { + return err + } + + // Listen for TCP packets on accept port. + if err := listenTCP(acceptPort, sendloopDuration); err == nil { + return fmt.Errorf("connections destined to port %d should not be accepted, but got accepted", dropPort) + } + + return nil +} + +// LocalAction implements TestCase.LocalAction. +func (FilterInputDropTCPSrcPort) LocalAction(ip net.IP) error { + if err := connectTCP(ip, acceptPort, dropPort, sendloopDuration); err == nil { + return fmt.Errorf("connection sent from port %d should not be accepted", dropPort) + } + + return nil +} diff --git a/test/iptables/filter_output.go b/test/iptables/filter_output.go new file mode 100644 index 000000000..63d74e4f4 --- /dev/null +++ b/test/iptables/filter_output.go @@ -0,0 +1,89 @@ +// Copyright 2020 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package iptables + +import ( + "fmt" + "net" +) + +func init() { + RegisterTestCase(FilterOutputDropTCPDestPort{}) + RegisterTestCase(FilterOutputDropTCPSrcPort{}) +} + +// FilterOutputDropTCPDestPort tests that connections are not accepted on specified source ports. +type FilterOutputDropTCPDestPort struct{} + +// Name implements TestCase.Name. +func (FilterOutputDropTCPDestPort) Name() string { + return "FilterOutputDropTCPDestPort" +} + +// ContainerAction implements TestCase.ContainerAction. +func (FilterOutputDropTCPDestPort) ContainerAction(ip net.IP) error { + if err := filterTable("-A", "OUTPUT", "-p", "tcp", "-m", "tcp", "--dport", + fmt.Sprintf("%d", dropPort), "-j", "DROP"); err != nil { + return err + } + + // Listen for TCP packets on accept port. + if err := listenTCP(acceptPort, sendloopDuration); err == nil { + return fmt.Errorf("connections destined to port %d should not be accepted, but got accepted", dropPort) + } + + return nil +} + +// LocalAction implements TestCase.LocalAction. +func (FilterOutputDropTCPDestPort) LocalAction(ip net.IP) error { + if err := connectTCP(ip, acceptPort, dropPort, sendloopDuration); err == nil { + return fmt.Errorf("connection sent from port %d should not be accepted, but got accepted", dropPort) + } + + return nil +} + +// FilterOutputDropTCPSrcPort tests that connections are not accepted on specified source ports. +type FilterOutputDropTCPSrcPort struct{} + +// Name implements TestCase.Name. +func (FilterOutputDropTCPSrcPort) Name() string { + return "FilterOutputDropTCPSrcPort" +} + +// ContainerAction implements TestCase.ContainerAction. +func (FilterOutputDropTCPSrcPort) ContainerAction(ip net.IP) error { + if err := filterTable("-A", "OUTPUT", "-p", "tcp", "-m", "tcp", "--sport", + fmt.Sprintf("%d", dropPort), "-j", "DROP"); err != nil { + return err + } + + // Listen for TCP packets on drop port. + if err := listenTCP(dropPort, sendloopDuration); err == nil { + return fmt.Errorf("connections on port %d should not be accepted, but got accepted", dropPort) + } + + return nil +} + +// LocalAction implements TestCase.LocalAction. +func (FilterOutputDropTCPSrcPort) LocalAction(ip net.IP) error { + if err := connectTCP(ip, dropPort, acceptPort, sendloopDuration); err == nil { + return fmt.Errorf("connection destined to port %d should not be accepted, but got accepted", dropPort) + } + + return nil +} diff --git a/test/iptables/iptables_test.go b/test/iptables/iptables_test.go index 05f27569f..3eeb75b8b 100644 --- a/test/iptables/iptables_test.go +++ b/test/iptables/iptables_test.go @@ -28,7 +28,7 @@ import ( "gvisor.dev/gvisor/runsc/testutil" ) -const timeout time.Duration = 10 * time.Second +const timeout time.Duration = 18 * time.Second var image = flag.String("image", "bazel/test/iptables/runner:runner", "image to run tests in") @@ -189,3 +189,27 @@ func TestNATDropUDP(t *testing.T) { t.Fatal(err) } } + +func TestFilterInputDropTCPDestPort(t *testing.T) { + if err := singleTest(FilterInputDropTCPDestPort{}); err != nil { + t.Fatal(err) + } +} + +func TestFilterInputDropTCPSrcPort(t *testing.T) { + if err := singleTest(FilterInputDropTCPSrcPort{}); err != nil { + t.Fatal(err) + } +} + +func TestFilterOutputDropTCPDestPort(t *testing.T) { + if err := singleTest(FilterOutputDropTCPDestPort{}); err != nil { + t.Fatal(err) + } +} + +func TestFilterOutputDropTCPSrcPort(t *testing.T) { + if err := singleTest(FilterOutputDropTCPSrcPort{}); err != nil { + t.Fatal(err) + } +} diff --git a/test/iptables/iptables_util.go b/test/iptables/iptables_util.go index 3a4d11f1a..44945bd89 100644 --- a/test/iptables/iptables_util.go +++ b/test/iptables/iptables_util.go @@ -80,3 +80,58 @@ func sendUDPLoop(ip net.IP, port int, duration time.Duration) error { return nil } + +// listenTCP listens for connections on a TCP port +func listenTCP(port int, timeout time.Duration) error { + localAddr := net.TCPAddr{ + Port: port, + } + + // Starts listening on port + lConn, err := net.ListenTCP("tcp4", &localAddr) + if err != nil { + return err + } + defer lConn.Close() + + // Accept connections on port + lConn.SetDeadline(time.Now().Add(timeout)) + conn, err := lConn.AcceptTCP() + if err == nil { + conn.Close() + } + return err +} + +// connectTCP connects the TCP server over specified local port, server IP +// and remote/server port +func connectTCP(ip net.IP, remotePort int, localPort int, duration time.Duration) error { + remote := net.TCPAddr{ + IP: ip, + Port: remotePort, + } + + local := net.TCPAddr{ + Port: localPort, + } + + // Container may not be up. Retry DialTCP + // over a given duration + to := time.After(duration) + var res error + for timedOut := false; !timedOut; { + conn, err := net.DialTCP("tcp4", &local, &remote) + res = err + if res == nil { + conn.Close() + return nil + } + select{ + case <-to: + timedOut = true + default: + time.Sleep(200 * time.Millisecond) + } + } + return res +} -- cgit v1.2.3