be2754a4b9
It would be preferrable to test iptables via syscall tests, but there are some problems with that approach: * We're limited to loopback-only, as syscall tests involve only a single container. Other link interfaces (e.g. fdbased) should be tested. * We'd have to shell out to call iptables anyways, as the iptables syscall interface itself is too large and complex to work with alone. * Running the Linux/native version of the syscall test will require root, which is a pain to configure, is inherently unsafe, and could leave host iptables misconfigured. Using the go_test target allows there to be no new test runner. PiperOrigin-RevId: 285274275 |
||
---|---|---|
.. | ||
benchmarks.sh | ||
build.sh | ||
common.sh | ||
common_bazel.sh | ||
dev.sh | ||
do_tests.sh | ||
docker_tests.sh | ||
go.sh | ||
hostnet_tests.sh | ||
iptables_tests.sh | ||
kvm_tests.sh | ||
make_tests.sh | ||
overlay_tests.sh | ||
release.sh | ||
root_tests.sh | ||
runtime_tests.sh | ||
simple_tests.sh | ||
swgso_tests.sh | ||
syscall_kvm_tests.sh | ||
syscall_tests.sh |