History

Kevin Krakauer ed60bc326b Fix readme formatting. PiperOrigin-RevId: 288402480		2020-01-06 16:49:34 -08:00
..
runner	Internal change.	2019-12-17 16:21:48 -08:00
BUILD	Add iptables testing framework.	2019-12-12 14:42:11 -08:00
README.md	Fix readme formatting.	2020-01-06 16:49:34 -08:00
filter_input.go	Add iptables testing framework.	2019-12-12 14:42:11 -08:00
iptables.go	Add iptables testing framework.	2019-12-12 14:42:11 -08:00
iptables_test.go	Add iptables testing framework.	2019-12-12 14:42:11 -08:00
iptables_util.go	Add iptables testing framework.	2019-12-12 14:42:11 -08:00

README.md

iptables Tests

iptables tests are run via scripts/iptables_test.sh.

Test Structure

Each test implements TestCase, providing (1) a function to run inside the container and (2) a function to run locally. Those processes are given each others' IP addresses. The test succeeds when both functions succeed.

The function inside the container (ContainerAction) typically sets some iptables rules and then tries to send or receive packets. The local function (LocalAction) will typically just send or receive packets.

Adding Tests

Add your test to the iptables package.
Register the test in an init function via RegisterTestCase (see filter_input.go as an example).
Add it to iptables_test.go (see the other tests in that file).

Your test is now runnable with bazel!

Run individual tests

Build the testing Docker container:

$ bazel run //test/iptables/runner -- --norun

Run an individual test via:

$ bazel test //test/iptables:iptables_test --test_filter=<TESTNAME>

To run an individual test with runc:

$ bazel test //test/iptables:iptables_test --test_filter=<TESTNAME> --test_arg=--runtime=runc