gvisor

Commit Graph

Author	SHA1	Message	Date
Kevin Krakauer	4054b021f0	iptables: ready tests to be enabled in kokoro Fixed flakes (tested via --runs_per_test=100) and added skips for not-yet-implemented features. Once submitted, the iptables tests will be ready to enable in kokoro.	2020-03-11 15:13:58 -07:00
Kevin Krakauer	0ade523f06	Fix iptables tests that were broken by rename. The name of the runner binary target changed from "runner" to "runner-image", causing iptables tests to fail. PiperOrigin-RevId: 292242263	2020-01-29 16:27:12 -08:00
Kevin Krakauer	be2754a4b9	Add iptables testing framework. It would be preferrable to test iptables via syscall tests, but there are some problems with that approach: * We're limited to loopback-only, as syscall tests involve only a single container. Other link interfaces (e.g. fdbased) should be tested. * We'd have to shell out to call iptables anyways, as the iptables syscall interface itself is too large and complex to work with alone. * Running the Linux/native version of the syscall test will require root, which is a pain to configure, is inherently unsafe, and could leave host iptables misconfigured. Using the go_test target allows there to be no new test runner. PiperOrigin-RevId: 285274275	2019-12-12 14:42:11 -08:00

Author

SHA1

Message

Date

Kevin Krakauer

4054b021f0

iptables: ready tests to be enabled in kokoro

Fixed flakes (tested via --runs_per_test=100) and added skips for
not-yet-implemented features. Once submitted, the iptables tests will be
ready to enable in kokoro.

2020-03-11 15:13:58 -07:00

Kevin Krakauer

0ade523f06

Fix iptables tests that were broken by rename.

The name of the runner binary target changed from "runner" to "runner-image",
causing iptables tests to fail.

PiperOrigin-RevId: 292242263

2020-01-29 16:27:12 -08:00

Kevin Krakauer

be2754a4b9

Add iptables testing framework.

It would be preferrable to test iptables via syscall tests, but there are some
problems with that approach:

* We're limited to loopback-only, as syscall tests involve only a single
  container. Other link interfaces (e.g. fdbased) should be tested.
* We'd have to shell out to call iptables anyways, as the iptables syscall
  interface itself is too large and complex to work with alone.
* Running the Linux/native version of the syscall test will require root, which
  is a pain to configure, is inherently unsafe, and could leave host iptables
  misconfigured.

Using the go_test target allows there to be no new test runner.

PiperOrigin-RevId: 285274275

2019-12-12 14:42:11 -08:00

3 Commits