github.com/cilium/cilium@v1.16.2/pkg/ipam/pool_privileged_test.go

github.com/cilium/cilium@v1.16.2/pkg/ipam/pool_privileged_test.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package ipam
     5  
     6  import (
     7  	"net"
     8  	"testing"
     9  
    10  	. "github.com/onsi/gomega"
    11  	"github.com/vishvananda/netlink"
    12  	"golang.org/x/sys/unix"
    13  
    14  	"github.com/cilium/cilium/pkg/datapath/linux/route"
    15  	"github.com/cilium/cilium/pkg/testutils"
    16  	"github.com/cilium/cilium/pkg/testutils/netns"
    17  )
    18  
    19  func Test_cleanupUnreachableRoutes(t *testing.T) {
    20  	testutils.PrivilegedTest(t)
    21  
    22  	RegisterTestingT(t)
    23  
    24  	// temporary network namespace to ensure routes don't interfere with test system
    25  	ns := netns.NewNetNS(t)
    26  
    27  	parseCIDR := func(s string) *net.IPNet {
    28  		t.Helper()
    29  		_, cidr, err := net.ParseCIDR(s)
    30  		Expect(err).ToNot(HaveOccurred())
    31  		return cidr
    32  	}
    33  
    34  	getUnreachableRoutes := func(family int) []netlink.Route {
    35  		t.Helper()
    36  		routes, err := netlink.RouteListFiltered(family, &netlink.Route{
    37  			Type: unix.RTN_UNREACHABLE,
    38  		}, netlink.RT_FILTER_TYPE)
    39  		Expect(err).ToNot(HaveOccurred())
    40  		return routes
    41  	}
    42  
    43  	ns.Do(func() error {
    44  		for _, podIPs := range []string{
    45  			"10.10.0.1/32", "10.10.0.2/32", "10.20.0.1/32",
    46  			"fe80::1/128", "fe80:beef::2/128", "fe80:c0fe::3/128",
    47  		} {
    48  			err := netlink.RouteReplace(&netlink.Route{
    49  				Dst:   parseCIDR(podIPs),
    50  				Table: route.MainTable,
    51  				Type:  unix.RTN_UNREACHABLE,
    52  			})
    53  			Expect(err).ToNot(HaveOccurred())
    54  		}
    55  		err := cleanupUnreachableRoutes("10.10.0.0/24")
    56  		Expect(err).ToNot(HaveOccurred())
    57  
    58  		// Ensure only first two IPv4 routes are cleaned up
    59  		leftover := getUnreachableRoutes(netlink.FAMILY_V4)
    60  		Expect(err).ToNot(HaveOccurred())
    61  		Expect(leftover).To(HaveLen(1))
    62  		Expect(leftover[0].Dst).To(Equal(parseCIDR("10.20.0.1/32")))
    63  
    64  		// Remove remaining route
    65  		err = cleanupUnreachableRoutes("10.20.0.0/24")
    66  		Expect(err).ToNot(HaveOccurred())
    67  		leftover = getUnreachableRoutes(netlink.FAMILY_V4)
    68  		Expect(leftover).To(BeEmpty())
    69  
    70  		// Remove IPv6 routes
    71  		err = cleanupUnreachableRoutes("fe80::/16")
    72  		Expect(err).ToNot(HaveOccurred())
    73  		leftover = getUnreachableRoutes(netlink.FAMILY_V6)
    74  		Expect(leftover).To(BeEmpty())
    75  
    76  		return nil
    77  	})
    78  }