github.com/Prakhar-Agarwal-byte/moby@v0.0.0-20231027092010-a14e3e8ab87e/libnetwork/iptables/firewalld_test.go

github.com/Prakhar-Agarwal-byte/moby@v0.0.0-20231027092010-a14e3e8ab87e/libnetwork/iptables/firewalld_test.go (about)

     1  //go:build linux
     2  
     3  package iptables
     4  
     5  import (
     6  	"net"
     7  	"strconv"
     8  	"testing"
     9  
    10  	"github.com/godbus/dbus/v5"
    11  )
    12  
    13  func skipIfNoFirewalld(t *testing.T) {
    14  	t.Helper()
    15  	conn, err := dbus.SystemBus()
    16  	if err != nil {
    17  		t.Skipf("cannot connect to D-bus system bus: %v", err)
    18  	}
    19  	defer conn.Close()
    20  
    21  	var zone string
    22  	err = conn.Object(dbusInterface, dbusPath).Call(dbusInterface+".getDefaultZone", 0).Store(&zone)
    23  	if err != nil {
    24  		t.Skipf("firewalld is not running: %v", err)
    25  	}
    26  }
    27  
    28  func TestFirewalldInit(t *testing.T) {
    29  	skipIfNoFirewalld(t)
    30  	if err := firewalldInit(); err != nil {
    31  		t.Fatal(err)
    32  	}
    33  }
    34  
    35  func TestReloaded(t *testing.T) {
    36  	iptable := GetIptable(IPv4)
    37  	fwdChain, err := iptable.NewChain("FWD", Filter, false)
    38  	if err != nil {
    39  		t.Fatal(err)
    40  	}
    41  
    42  	err = iptable.ProgramChain(fwdChain, bridgeName, false, true)
    43  	if err != nil {
    44  		t.Fatal(err)
    45  	}
    46  	defer fwdChain.Remove()
    47  
    48  	// copy-pasted from iptables_test:TestLink
    49  	ip1 := net.ParseIP("192.168.1.1")
    50  	ip2 := net.ParseIP("192.168.1.2")
    51  	const port = 1234
    52  	const proto = "tcp"
    53  
    54  	err = fwdChain.Link(Append, ip1, ip2, port, proto, bridgeName)
    55  	if err != nil {
    56  		t.Fatal(err)
    57  	} else {
    58  		// to be re-called again later
    59  		OnReloaded(func() { fwdChain.Link(Append, ip1, ip2, port, proto, bridgeName) })
    60  	}
    61  
    62  	rule1 := []string{
    63  		"-i", bridgeName,
    64  		"-o", bridgeName,
    65  		"-p", proto,
    66  		"-s", ip1.String(),
    67  		"-d", ip2.String(),
    68  		"--dport", strconv.Itoa(port),
    69  		"-j", "ACCEPT",
    70  	}
    71  
    72  	if !iptable.Exists(fwdChain.Table, fwdChain.Name, rule1...) {
    73  		t.Fatal("rule1 does not exist")
    74  	}
    75  
    76  	// flush all rules
    77  	fwdChain.Remove()
    78  
    79  	reloaded()
    80  
    81  	// make sure the rules have been recreated
    82  	if !iptable.Exists(fwdChain.Table, fwdChain.Name, rule1...) {
    83  		t.Fatal("rule1 hasn't been recreated")
    84  	}
    85  }
    86  
    87  func TestPassthrough(t *testing.T) {
    88  	skipIfNoFirewalld(t)
    89  	rule1 := []string{
    90  		"-i", "lo",
    91  		"-p", "udp",
    92  		"--dport", "123",
    93  		"-j", "ACCEPT",
    94  	}
    95  
    96  	_, err := Passthrough(Iptables, append([]string{"-A"}, rule1...)...)
    97  	if err != nil {
    98  		t.Fatal(err)
    99  	}
   100  	if !GetIptable(IPv4).Exists(Filter, "INPUT", rule1...) {
   101  		t.Fatal("rule1 does not exist")
   102  	}
   103  }