github.com/rish1988/moby@v25.0.2+incompatible/libnetwork/drivers/bridge/bridge_linux_test.go (about) 1 package bridge 2 3 import ( 4 "bytes" 5 "encoding/json" 6 "fmt" 7 "net" 8 "os/exec" 9 "regexp" 10 "strconv" 11 "testing" 12 13 "github.com/docker/docker/internal/testutils/netnsutils" 14 "github.com/docker/docker/libnetwork/driverapi" 15 "github.com/docker/docker/libnetwork/ipamutils" 16 "github.com/docker/docker/libnetwork/iptables" 17 "github.com/docker/docker/libnetwork/netlabel" 18 "github.com/docker/docker/libnetwork/netutils" 19 "github.com/docker/docker/libnetwork/options" 20 "github.com/docker/docker/libnetwork/portallocator" 21 "github.com/docker/docker/libnetwork/types" 22 "github.com/vishvananda/netlink" 23 "gotest.tools/v3/assert" 24 is "gotest.tools/v3/assert/cmp" 25 ) 26 27 func TestEndpointMarshalling(t *testing.T) { 28 ip1, _ := types.ParseCIDR("172.22.0.9/16") 29 ip2, _ := types.ParseCIDR("2001:db8::9") 30 mac, _ := net.ParseMAC("ac:bd:24:57:66:77") 31 e := &bridgeEndpoint{ 32 id: "d2c015a1fe5930650cbcd50493efba0500bcebd8ee1f4401a16319f8a567de33", 33 nid: "ee33fbb43c323f1920b6b35a0101552ac22ede960d0e5245e9738bccc68b2415", 34 addr: ip1, 35 addrv6: ip2, 36 macAddress: mac, 37 srcName: "veth123456", 38 config: &endpointConfiguration{MacAddress: mac}, 39 containerConfig: &containerConfiguration{ 40 ParentEndpoints: []string{"one", "due", "three"}, 41 ChildEndpoints: []string{"four", "five", "six"}, 42 }, 43 extConnConfig: &connectivityConfiguration{ 44 ExposedPorts: []types.TransportPort{ 45 { 46 Proto: 6, 47 Port: uint16(18), 48 }, 49 }, 50 PortBindings: []types.PortBinding{ 51 { 52 Proto: 6, 53 IP: net.ParseIP("17210.33.9.56"), 54 Port: uint16(18), 55 HostPort: uint16(3000), 56 HostPortEnd: uint16(14000), 57 }, 58 }, 59 }, 60 portMapping: []types.PortBinding{ 61 { 62 Proto: 17, 63 IP: net.ParseIP("172.33.9.56"), 64 Port: uint16(99), 65 HostIP: net.ParseIP("10.10.100.2"), 66 HostPort: uint16(9900), 67 HostPortEnd: uint16(10000), 68 }, 69 { 70 Proto: 6, 71 IP: net.ParseIP("171.33.9.56"), 72 Port: uint16(55), 73 HostIP: net.ParseIP("10.11.100.2"), 74 HostPort: uint16(5500), 75 HostPortEnd: uint16(55000), 76 }, 77 }, 78 } 79 80 b, err := json.Marshal(e) 81 if err != nil { 82 t.Fatal(err) 83 } 84 85 ee := &bridgeEndpoint{} 86 err = json.Unmarshal(b, ee) 87 if err != nil { 88 t.Fatal(err) 89 } 90 91 if e.id != ee.id || e.nid != ee.nid || e.srcName != ee.srcName || !bytes.Equal(e.macAddress, ee.macAddress) || 92 !types.CompareIPNet(e.addr, ee.addr) || !types.CompareIPNet(e.addrv6, ee.addrv6) || 93 !compareEpConfig(e.config, ee.config) || 94 !compareContainerConfig(e.containerConfig, ee.containerConfig) || 95 !compareConnConfig(e.extConnConfig, ee.extConnConfig) || 96 !compareBindings(e.portMapping, ee.portMapping) { 97 t.Fatalf("JSON marsh/unmarsh failed.\nOriginal:\n%#v\nDecoded:\n%#v", e, ee) 98 } 99 } 100 101 func compareEpConfig(a, b *endpointConfiguration) bool { 102 if a == b { 103 return true 104 } 105 if a == nil || b == nil { 106 return false 107 } 108 return bytes.Equal(a.MacAddress, b.MacAddress) 109 } 110 111 func compareContainerConfig(a, b *containerConfiguration) bool { 112 if a == b { 113 return true 114 } 115 if a == nil || b == nil { 116 return false 117 } 118 if len(a.ParentEndpoints) != len(b.ParentEndpoints) || 119 len(a.ChildEndpoints) != len(b.ChildEndpoints) { 120 return false 121 } 122 for i := 0; i < len(a.ParentEndpoints); i++ { 123 if a.ParentEndpoints[i] != b.ParentEndpoints[i] { 124 return false 125 } 126 } 127 for i := 0; i < len(a.ChildEndpoints); i++ { 128 if a.ChildEndpoints[i] != b.ChildEndpoints[i] { 129 return false 130 } 131 } 132 return true 133 } 134 135 func compareConnConfig(a, b *connectivityConfiguration) bool { 136 if a == b { 137 return true 138 } 139 if a == nil || b == nil { 140 return false 141 } 142 if len(a.ExposedPorts) != len(b.ExposedPorts) || 143 len(a.PortBindings) != len(b.PortBindings) { 144 return false 145 } 146 for i := 0; i < len(a.ExposedPorts); i++ { 147 if !a.ExposedPorts[i].Equal(&b.ExposedPorts[i]) { 148 return false 149 } 150 } 151 for i := 0; i < len(a.PortBindings); i++ { 152 if !comparePortBinding(&a.PortBindings[i], &b.PortBindings[i]) { 153 return false 154 } 155 } 156 return true 157 } 158 159 // comparePortBinding returns whether the given PortBindings are equal. 160 func comparePortBinding(p *types.PortBinding, o *types.PortBinding) bool { 161 if p == o { 162 return true 163 } 164 165 if o == nil { 166 return false 167 } 168 169 if p.Proto != o.Proto || p.Port != o.Port || 170 p.HostPort != o.HostPort || p.HostPortEnd != o.HostPortEnd { 171 return false 172 } 173 174 if p.IP != nil { 175 if !p.IP.Equal(o.IP) { 176 return false 177 } 178 } else { 179 if o.IP != nil { 180 return false 181 } 182 } 183 184 if p.HostIP != nil { 185 if !p.HostIP.Equal(o.HostIP) { 186 return false 187 } 188 } else { 189 if o.HostIP != nil { 190 return false 191 } 192 } 193 194 return true 195 } 196 197 func compareBindings(a, b []types.PortBinding) bool { 198 if len(a) != len(b) { 199 return false 200 } 201 for i := 0; i < len(a); i++ { 202 if !comparePortBinding(&a[i], &b[i]) { 203 return false 204 } 205 } 206 return true 207 } 208 209 func getIPv4Data(t *testing.T) []driverapi.IPAMData { 210 ipd := driverapi.IPAMData{AddressSpace: "full"} 211 nw, err := netutils.FindAvailableNetwork(ipamutils.GetLocalScopeDefaultNetworks()) 212 if err != nil { 213 t.Fatal(err) 214 } 215 ipd.Pool = nw 216 // Set network gateway to X.X.X.1 217 ipd.Gateway = types.GetIPNetCopy(nw) 218 ipd.Gateway.IP[len(ipd.Gateway.IP)-1] = 1 219 return []driverapi.IPAMData{ipd} 220 } 221 222 func getIPv6Data(t *testing.T) []driverapi.IPAMData { 223 ipd := driverapi.IPAMData{AddressSpace: "full"} 224 // There's no default IPv6 address pool, so use an arbitrary unique-local prefix. 225 addr, nw, _ := net.ParseCIDR("fdcd:d1b1:99d2:abcd::1/64") 226 ipd.Pool = nw 227 ipd.Gateway = &net.IPNet{IP: addr, Mask: nw.Mask} 228 return []driverapi.IPAMData{ipd} 229 } 230 231 func TestCreateFullOptions(t *testing.T) { 232 defer netnsutils.SetupTestOSContext(t)() 233 d := newDriver() 234 235 config := &configuration{ 236 EnableIPForwarding: true, 237 EnableIPTables: true, 238 } 239 240 // Test this scenario: Default gw address does not belong to 241 // container network and it's greater than bridge address 242 cnw, _ := types.ParseCIDR("172.16.122.0/24") 243 bnw, _ := types.ParseCIDR("172.16.0.0/24") 244 br, _ := types.ParseCIDR("172.16.0.1/16") 245 defgw, _ := types.ParseCIDR("172.16.0.100/16") 246 247 genericOption := make(map[string]interface{}) 248 genericOption[netlabel.GenericData] = config 249 250 if err := d.configure(genericOption); err != nil { 251 t.Fatalf("Failed to setup driver config: %v", err) 252 } 253 254 netOption := make(map[string]interface{}) 255 netOption[netlabel.EnableIPv6] = true 256 netOption[netlabel.GenericData] = &networkConfiguration{ 257 BridgeName: DefaultBridgeName, 258 } 259 260 ipdList := []driverapi.IPAMData{ 261 { 262 Pool: bnw, 263 Gateway: br, 264 AuxAddresses: map[string]*net.IPNet{DefaultGatewayV4AuxKey: defgw}, 265 }, 266 } 267 err := d.CreateNetwork("dummy", netOption, nil, ipdList, getIPv6Data(t)) 268 if err != nil { 269 t.Fatalf("Failed to create bridge: %v", err) 270 } 271 272 // Verify the IP address allocated for the endpoint belongs to the container network 273 epOptions := make(map[string]interface{}) 274 te := newTestEndpoint(cnw, 10) 275 err = d.CreateEndpoint("dummy", "ep1", te.Interface(), epOptions) 276 if err != nil { 277 t.Fatalf("Failed to create an endpoint : %s", err.Error()) 278 } 279 280 if !cnw.Contains(te.Interface().Address().IP) { 281 t.Fatalf("endpoint got assigned address outside of container network(%s): %s", cnw.String(), te.Interface().Address()) 282 } 283 } 284 285 func TestCreateNoConfig(t *testing.T) { 286 defer netnsutils.SetupTestOSContext(t)() 287 d := newDriver() 288 289 netconfig := &networkConfiguration{BridgeName: DefaultBridgeName} 290 genericOption := make(map[string]interface{}) 291 genericOption[netlabel.GenericData] = netconfig 292 293 if err := d.CreateNetwork("dummy", genericOption, nil, getIPv4Data(t), nil); err != nil { 294 t.Fatalf("Failed to create bridge: %v", err) 295 } 296 } 297 298 func TestCreateFullOptionsLabels(t *testing.T) { 299 defer netnsutils.SetupTestOSContext(t)() 300 d := newDriver() 301 302 config := &configuration{ 303 EnableIPForwarding: true, 304 } 305 genericOption := make(map[string]interface{}) 306 genericOption[netlabel.GenericData] = config 307 308 if err := d.configure(genericOption); err != nil { 309 t.Fatalf("Failed to setup driver config: %v", err) 310 } 311 312 bndIPs := "127.0.0.1" 313 testHostIPv4 := "1.2.3.4" 314 nwV6s := "2001:db8:2600:2700:2800::/80" 315 gwV6s := "2001:db8:2600:2700:2800::25/80" 316 nwV6, _ := types.ParseCIDR(nwV6s) 317 gwV6, _ := types.ParseCIDR(gwV6s) 318 319 labels := map[string]string{ 320 BridgeName: DefaultBridgeName, 321 DefaultBridge: "true", 322 EnableICC: "true", 323 EnableIPMasquerade: "true", 324 DefaultBindingIP: bndIPs, 325 netlabel.HostIPv4: testHostIPv4, 326 } 327 328 netOption := make(map[string]interface{}) 329 netOption[netlabel.EnableIPv6] = true 330 netOption[netlabel.GenericData] = labels 331 332 ipdList := getIPv4Data(t) 333 ipd6List := []driverapi.IPAMData{ 334 { 335 Pool: nwV6, 336 AuxAddresses: map[string]*net.IPNet{ 337 DefaultGatewayV6AuxKey: gwV6, 338 }, 339 }, 340 } 341 342 err := d.CreateNetwork("dummy", netOption, nil, ipdList, ipd6List) 343 if err != nil { 344 t.Fatalf("Failed to create bridge: %v", err) 345 } 346 347 nw, ok := d.networks["dummy"] 348 if !ok { 349 t.Fatal("Cannot find dummy network in bridge driver") 350 } 351 352 if nw.config.BridgeName != DefaultBridgeName { 353 t.Fatal("incongruent name in bridge network") 354 } 355 356 if !nw.config.EnableIPv6 { 357 t.Fatal("incongruent EnableIPv6 in bridge network") 358 } 359 360 if !nw.config.EnableICC { 361 t.Fatal("incongruent EnableICC in bridge network") 362 } 363 364 if !nw.config.EnableIPMasquerade { 365 t.Fatal("incongruent EnableIPMasquerade in bridge network") 366 } 367 368 bndIP := net.ParseIP(bndIPs) 369 if !bndIP.Equal(nw.config.DefaultBindingIP) { 370 t.Fatalf("Unexpected: %v", nw.config.DefaultBindingIP) 371 } 372 373 hostIP := net.ParseIP(testHostIPv4) 374 if !hostIP.Equal(nw.config.HostIPv4) { 375 t.Fatalf("Unexpected: %v", nw.config.HostIPv4) 376 } 377 378 if !types.CompareIPNet(nw.config.AddressIPv6, nwV6) { 379 t.Fatalf("Unexpected: %v", nw.config.AddressIPv6) 380 } 381 382 if !gwV6.IP.Equal(nw.config.DefaultGatewayIPv6) { 383 t.Fatalf("Unexpected: %v", nw.config.DefaultGatewayIPv6) 384 } 385 386 // In short here we are testing --fixed-cidr-v6 daemon option 387 // plus --mac-address run option 388 mac, _ := net.ParseMAC("aa:bb:cc:dd:ee:ff") 389 epOptions := map[string]interface{}{netlabel.MacAddress: mac} 390 te := newTestEndpoint(ipdList[0].Pool, 20) 391 err = d.CreateEndpoint("dummy", "ep1", te.Interface(), epOptions) 392 if err != nil { 393 t.Fatal(err) 394 } 395 396 if !nwV6.Contains(te.Interface().AddressIPv6().IP) { 397 t.Fatalf("endpoint got assigned address outside of container network(%s): %s", nwV6.String(), te.Interface().AddressIPv6()) 398 } 399 if te.Interface().AddressIPv6().IP.String() != "2001:db8:2600:2700:2800:aabb:ccdd:eeff" { 400 t.Fatalf("Unexpected endpoint IPv6 address: %v", te.Interface().AddressIPv6().IP) 401 } 402 } 403 404 func TestCreate(t *testing.T) { 405 defer netnsutils.SetupTestOSContext(t)() 406 407 d := newDriver() 408 409 if err := d.configure(nil); err != nil { 410 t.Fatalf("Failed to setup driver config: %v", err) 411 } 412 413 netconfig := &networkConfiguration{BridgeName: DefaultBridgeName} 414 genericOption := make(map[string]interface{}) 415 genericOption[netlabel.GenericData] = netconfig 416 417 if err := d.CreateNetwork("dummy", genericOption, nil, getIPv4Data(t), nil); err != nil { 418 t.Fatalf("Failed to create bridge: %v", err) 419 } 420 421 err := d.CreateNetwork("dummy", genericOption, nil, getIPv4Data(t), nil) 422 if err == nil { 423 t.Fatal("Expected bridge driver to refuse creation of second network with default name") 424 } 425 if _, ok := err.(types.ForbiddenError); !ok { 426 t.Fatal("Creation of second network with default name failed with unexpected error type") 427 } 428 } 429 430 func TestCreateFail(t *testing.T) { 431 defer netnsutils.SetupTestOSContext(t)() 432 433 d := newDriver() 434 435 if err := d.configure(nil); err != nil { 436 t.Fatalf("Failed to setup driver config: %v", err) 437 } 438 439 netconfig := &networkConfiguration{BridgeName: "dummy0", DefaultBridge: true} 440 genericOption := make(map[string]interface{}) 441 genericOption[netlabel.GenericData] = netconfig 442 443 if err := d.CreateNetwork("dummy", genericOption, nil, getIPv4Data(t), nil); err == nil { 444 t.Fatal("Bridge creation was expected to fail") 445 } 446 } 447 448 func TestCreateMultipleNetworks(t *testing.T) { 449 defer netnsutils.SetupTestOSContext(t)() 450 451 d := newDriver() 452 453 config := &configuration{ 454 EnableIPTables: true, 455 } 456 genericOption := make(map[string]interface{}) 457 genericOption[netlabel.GenericData] = config 458 459 if err := d.configure(genericOption); err != nil { 460 t.Fatalf("Failed to setup driver config: %v", err) 461 } 462 463 config1 := &networkConfiguration{BridgeName: "net_test_1"} 464 genericOption = make(map[string]interface{}) 465 genericOption[netlabel.GenericData] = config1 466 if err := d.CreateNetwork("1", genericOption, nil, getIPv4Data(t), nil); err != nil { 467 t.Fatalf("Failed to create bridge: %v", err) 468 } 469 470 verifyV4INCEntries(d.networks, t) 471 472 config2 := &networkConfiguration{BridgeName: "net_test_2"} 473 genericOption[netlabel.GenericData] = config2 474 if err := d.CreateNetwork("2", genericOption, nil, getIPv4Data(t), nil); err != nil { 475 t.Fatalf("Failed to create bridge: %v", err) 476 } 477 478 verifyV4INCEntries(d.networks, t) 479 480 config3 := &networkConfiguration{BridgeName: "net_test_3"} 481 genericOption[netlabel.GenericData] = config3 482 if err := d.CreateNetwork("3", genericOption, nil, getIPv4Data(t), nil); err != nil { 483 t.Fatalf("Failed to create bridge: %v", err) 484 } 485 486 verifyV4INCEntries(d.networks, t) 487 488 config4 := &networkConfiguration{BridgeName: "net_test_4"} 489 genericOption[netlabel.GenericData] = config4 490 if err := d.CreateNetwork("4", genericOption, nil, getIPv4Data(t), nil); err != nil { 491 t.Fatalf("Failed to create bridge: %v", err) 492 } 493 494 verifyV4INCEntries(d.networks, t) 495 496 if err := d.DeleteNetwork("1"); err != nil { 497 t.Log(err) 498 } 499 verifyV4INCEntries(d.networks, t) 500 501 if err := d.DeleteNetwork("2"); err != nil { 502 t.Log(err) 503 } 504 verifyV4INCEntries(d.networks, t) 505 506 if err := d.DeleteNetwork("3"); err != nil { 507 t.Log(err) 508 } 509 verifyV4INCEntries(d.networks, t) 510 511 if err := d.DeleteNetwork("4"); err != nil { 512 t.Log(err) 513 } 514 verifyV4INCEntries(d.networks, t) 515 } 516 517 // Verify the network isolation rules are installed for each network 518 func verifyV4INCEntries(networks map[string]*bridgeNetwork, t *testing.T) { 519 iptable := iptables.GetIptable(iptables.IPv4) 520 out1, err := iptable.Raw("-S", IsolationChain1) 521 if err != nil { 522 t.Fatal(err) 523 } 524 out2, err := iptable.Raw("-S", IsolationChain2) 525 if err != nil { 526 t.Fatal(err) 527 } 528 529 for _, n := range networks { 530 re := regexp.MustCompile(fmt.Sprintf("-i %s ! -o %s -j %s", n.config.BridgeName, n.config.BridgeName, IsolationChain2)) 531 matches := re.FindAllString(string(out1[:]), -1) 532 if len(matches) != 1 { 533 t.Fatalf("Cannot find expected inter-network isolation rules in IP Tables for network %s:\n%s.", n.id, string(out1[:])) 534 } 535 re = regexp.MustCompile(fmt.Sprintf("-o %s -j DROP", n.config.BridgeName)) 536 matches = re.FindAllString(string(out2[:]), -1) 537 if len(matches) != 1 { 538 t.Fatalf("Cannot find expected inter-network isolation rules in IP Tables for network %s:\n%s.", n.id, string(out2[:])) 539 } 540 } 541 } 542 543 type testInterface struct { 544 mac net.HardwareAddr 545 addr *net.IPNet 546 addrv6 *net.IPNet 547 srcName string 548 dstName string 549 } 550 551 type testEndpoint struct { 552 iface *testInterface 553 gw net.IP 554 gw6 net.IP 555 routes []types.StaticRoute 556 } 557 558 func newTestEndpoint(nw *net.IPNet, ordinal byte) *testEndpoint { 559 addr := types.GetIPNetCopy(nw) 560 addr.IP[len(addr.IP)-1] = ordinal 561 return &testEndpoint{iface: &testInterface{addr: addr}} 562 } 563 564 func (te *testEndpoint) Interface() *testInterface { 565 return te.iface 566 } 567 568 func (i *testInterface) MacAddress() net.HardwareAddr { 569 return i.mac 570 } 571 572 func (i *testInterface) Address() *net.IPNet { 573 return i.addr 574 } 575 576 func (i *testInterface) AddressIPv6() *net.IPNet { 577 return i.addrv6 578 } 579 580 func (i *testInterface) SetMacAddress(mac net.HardwareAddr) error { 581 if i.mac != nil { 582 return types.ForbiddenErrorf("endpoint interface MAC address present (%s). Cannot be modified with %s.", i.mac, mac) 583 } 584 if mac == nil { 585 return types.InvalidParameterErrorf("tried to set nil MAC address to endpoint interface") 586 } 587 i.mac = types.GetMacCopy(mac) 588 return nil 589 } 590 591 func (i *testInterface) SetIPAddress(address *net.IPNet) error { 592 if address.IP == nil { 593 return types.InvalidParameterErrorf("tried to set nil IP address to endpoint interface") 594 } 595 if address.IP.To4() == nil { 596 return setAddress(&i.addrv6, address) 597 } 598 return setAddress(&i.addr, address) 599 } 600 601 func setAddress(ifaceAddr **net.IPNet, address *net.IPNet) error { 602 if *ifaceAddr != nil { 603 return types.ForbiddenErrorf("endpoint interface IP present (%s). Cannot be modified with (%s).", *ifaceAddr, address) 604 } 605 *ifaceAddr = types.GetIPNetCopy(address) 606 return nil 607 } 608 609 func (i *testInterface) SetNames(srcName string, dstName string) error { 610 i.srcName = srcName 611 i.dstName = dstName 612 return nil 613 } 614 615 func (te *testEndpoint) InterfaceName() driverapi.InterfaceNameInfo { 616 if te.iface != nil { 617 return te.iface 618 } 619 620 return nil 621 } 622 623 func (te *testEndpoint) SetGateway(gw net.IP) error { 624 te.gw = gw 625 return nil 626 } 627 628 func (te *testEndpoint) SetGatewayIPv6(gw6 net.IP) error { 629 te.gw6 = gw6 630 return nil 631 } 632 633 func (te *testEndpoint) AddStaticRoute(destination *net.IPNet, routeType int, nextHop net.IP) error { 634 te.routes = append(te.routes, types.StaticRoute{Destination: destination, RouteType: routeType, NextHop: nextHop}) 635 return nil 636 } 637 638 func (te *testEndpoint) AddTableEntry(tableName string, key string, value []byte) error { 639 return nil 640 } 641 642 func (te *testEndpoint) DisableGatewayService() {} 643 644 func TestQueryEndpointInfo(t *testing.T) { 645 testQueryEndpointInfo(t, true) 646 } 647 648 func TestQueryEndpointInfoHairpin(t *testing.T) { 649 testQueryEndpointInfo(t, false) 650 } 651 652 func testQueryEndpointInfo(t *testing.T, ulPxyEnabled bool) { 653 defer netnsutils.SetupTestOSContext(t)() 654 d := newDriver() 655 d.portAllocator = portallocator.NewInstance() 656 657 var proxyBinary string 658 var err error 659 if ulPxyEnabled { 660 proxyBinary, err = exec.LookPath("docker-proxy") 661 if err != nil { 662 t.Fatalf("failed to lookup userland-proxy binary: %v", err) 663 } 664 } 665 config := &configuration{ 666 EnableIPTables: true, 667 EnableUserlandProxy: ulPxyEnabled, 668 UserlandProxyPath: proxyBinary, 669 } 670 genericOption := make(map[string]interface{}) 671 genericOption[netlabel.GenericData] = config 672 673 if err := d.configure(genericOption); err != nil { 674 t.Fatalf("Failed to setup driver config: %v", err) 675 } 676 677 netconfig := &networkConfiguration{ 678 BridgeName: DefaultBridgeName, 679 EnableICC: false, 680 } 681 genericOption = make(map[string]interface{}) 682 genericOption[netlabel.GenericData] = netconfig 683 684 ipdList := getIPv4Data(t) 685 err = d.CreateNetwork("net1", genericOption, nil, ipdList, nil) 686 if err != nil { 687 t.Fatalf("Failed to create bridge: %v", err) 688 } 689 690 sbOptions := make(map[string]interface{}) 691 sbOptions[netlabel.PortMap] = getPortMapping() 692 693 te := newTestEndpoint(ipdList[0].Pool, 11) 694 err = d.CreateEndpoint("net1", "ep1", te.Interface(), nil) 695 if err != nil { 696 t.Fatalf("Failed to create an endpoint : %s", err.Error()) 697 } 698 699 err = d.Join("net1", "ep1", "sbox", te, sbOptions) 700 if err != nil { 701 t.Fatalf("Failed to join the endpoint: %v", err) 702 } 703 704 err = d.ProgramExternalConnectivity("net1", "ep1", sbOptions) 705 if err != nil { 706 t.Fatalf("Failed to program external connectivity: %v", err) 707 } 708 709 network, ok := d.networks["net1"] 710 if !ok { 711 t.Fatalf("Cannot find network %s inside driver", "net1") 712 } 713 ep := network.endpoints["ep1"] 714 data, err := d.EndpointOperInfo(network.id, ep.id) 715 if err != nil { 716 t.Fatalf("Failed to ask for endpoint operational data: %v", err) 717 } 718 pmd, ok := data[netlabel.PortMap] 719 if !ok { 720 t.Fatal("Endpoint operational data does not contain port mapping data") 721 } 722 pm, ok := pmd.([]types.PortBinding) 723 if !ok { 724 t.Fatal("Unexpected format for port mapping in endpoint operational data") 725 } 726 if len(ep.portMapping) != len(pm) { 727 t.Fatal("Incomplete data for port mapping in endpoint operational data") 728 } 729 for i, pb := range ep.portMapping { 730 if !comparePortBinding(&pb, &pm[i]) { 731 t.Fatal("Unexpected data for port mapping in endpoint operational data") 732 } 733 } 734 735 err = d.RevokeExternalConnectivity("net1", "ep1") 736 if err != nil { 737 t.Fatal(err) 738 } 739 740 // release host mapped ports 741 err = d.Leave("net1", "ep1") 742 if err != nil { 743 t.Fatal(err) 744 } 745 } 746 747 func getExposedPorts() []types.TransportPort { 748 return []types.TransportPort{ 749 {Proto: types.TCP, Port: uint16(5000)}, 750 {Proto: types.UDP, Port: uint16(400)}, 751 {Proto: types.TCP, Port: uint16(600)}, 752 } 753 } 754 755 func getPortMapping() []types.PortBinding { 756 return []types.PortBinding{ 757 {Proto: types.TCP, Port: uint16(230), HostPort: uint16(23000)}, 758 {Proto: types.UDP, Port: uint16(200), HostPort: uint16(22000)}, 759 {Proto: types.TCP, Port: uint16(120), HostPort: uint16(12000)}, 760 } 761 } 762 763 func TestLinkContainers(t *testing.T) { 764 defer netnsutils.SetupTestOSContext(t)() 765 766 d := newDriver() 767 iptable := iptables.GetIptable(iptables.IPv4) 768 769 config := &configuration{ 770 EnableIPTables: true, 771 } 772 genericOption := make(map[string]interface{}) 773 genericOption[netlabel.GenericData] = config 774 775 if err := d.configure(genericOption); err != nil { 776 t.Fatalf("Failed to setup driver config: %v", err) 777 } 778 779 netconfig := &networkConfiguration{ 780 BridgeName: DefaultBridgeName, 781 EnableICC: false, 782 } 783 genericOption = make(map[string]interface{}) 784 genericOption[netlabel.GenericData] = netconfig 785 786 ipdList := getIPv4Data(t) 787 err := d.CreateNetwork("net1", genericOption, nil, ipdList, nil) 788 if err != nil { 789 t.Fatalf("Failed to create bridge: %v", err) 790 } 791 792 te1 := newTestEndpoint(ipdList[0].Pool, 11) 793 err = d.CreateEndpoint("net1", "ep1", te1.Interface(), nil) 794 if err != nil { 795 t.Fatalf("Failed to create an endpoint : %s", err.Error()) 796 } 797 798 exposedPorts := getExposedPorts() 799 sbOptions := make(map[string]interface{}) 800 sbOptions[netlabel.ExposedPorts] = exposedPorts 801 802 err = d.Join("net1", "ep1", "sbox", te1, sbOptions) 803 if err != nil { 804 t.Fatalf("Failed to join the endpoint: %v", err) 805 } 806 807 err = d.ProgramExternalConnectivity("net1", "ep1", sbOptions) 808 if err != nil { 809 t.Fatalf("Failed to program external connectivity: %v", err) 810 } 811 812 addr1 := te1.iface.addr 813 if addr1.IP.To4() == nil { 814 t.Fatal("No Ipv4 address assigned to the endpoint: ep1") 815 } 816 817 te2 := newTestEndpoint(ipdList[0].Pool, 22) 818 err = d.CreateEndpoint("net1", "ep2", te2.Interface(), nil) 819 if err != nil { 820 t.Fatalf("Failed to create an endpoint : %s", err.Error()) 821 } 822 823 addr2 := te2.iface.addr 824 if addr2.IP.To4() == nil { 825 t.Fatal("No Ipv4 address assigned to the endpoint: ep2") 826 } 827 828 sbOptions = make(map[string]interface{}) 829 sbOptions[netlabel.GenericData] = options.Generic{ 830 "ChildEndpoints": []string{"ep1"}, 831 } 832 833 err = d.Join("net1", "ep2", "", te2, sbOptions) 834 if err != nil { 835 t.Fatal("Failed to link ep1 and ep2") 836 } 837 838 err = d.ProgramExternalConnectivity("net1", "ep2", sbOptions) 839 if err != nil { 840 t.Fatalf("Failed to program external connectivity: %v", err) 841 } 842 843 out, _ := iptable.Raw("-L", DockerChain) 844 for _, pm := range exposedPorts { 845 regex := fmt.Sprintf("%s dpt:%d", pm.Proto.String(), pm.Port) 846 re := regexp.MustCompile(regex) 847 matches := re.FindAllString(string(out[:]), -1) 848 if len(matches) != 1 { 849 t.Fatalf("IP Tables programming failed %s", string(out[:])) 850 } 851 852 regex = fmt.Sprintf("%s spt:%d", pm.Proto.String(), pm.Port) 853 matched, _ := regexp.MatchString(regex, string(out[:])) 854 if !matched { 855 t.Fatalf("IP Tables programming failed %s", string(out[:])) 856 } 857 } 858 859 err = d.RevokeExternalConnectivity("net1", "ep2") 860 if err != nil { 861 t.Fatalf("Failed to revoke external connectivity: %v", err) 862 } 863 864 err = d.Leave("net1", "ep2") 865 if err != nil { 866 t.Fatal("Failed to unlink ep1 and ep2") 867 } 868 869 out, _ = iptable.Raw("-L", DockerChain) 870 for _, pm := range exposedPorts { 871 regex := fmt.Sprintf("%s dpt:%d", pm.Proto.String(), pm.Port) 872 re := regexp.MustCompile(regex) 873 matches := re.FindAllString(string(out[:]), -1) 874 if len(matches) != 0 { 875 t.Fatalf("Leave should have deleted relevant IPTables rules %s", string(out[:])) 876 } 877 878 regex = fmt.Sprintf("%s spt:%d", pm.Proto.String(), pm.Port) 879 matched, _ := regexp.MatchString(regex, string(out[:])) 880 if matched { 881 t.Fatalf("Leave should have deleted relevant IPTables rules %s", string(out[:])) 882 } 883 } 884 885 // Error condition test with an invalid endpoint-id "ep4" 886 sbOptions = make(map[string]interface{}) 887 sbOptions[netlabel.GenericData] = options.Generic{ 888 "ChildEndpoints": []string{"ep1", "ep4"}, 889 } 890 891 err = d.Join("net1", "ep2", "", te2, sbOptions) 892 if err != nil { 893 t.Fatal(err) 894 } 895 err = d.ProgramExternalConnectivity("net1", "ep2", sbOptions) 896 if err != nil { 897 out, _ = iptable.Raw("-L", DockerChain) 898 for _, pm := range exposedPorts { 899 regex := fmt.Sprintf("%s dpt:%d", pm.Proto.String(), pm.Port) 900 re := regexp.MustCompile(regex) 901 matches := re.FindAllString(string(out[:]), -1) 902 if len(matches) != 0 { 903 t.Fatalf("Error handling should rollback relevant IPTables rules %s", string(out[:])) 904 } 905 906 regex = fmt.Sprintf("%s spt:%d", pm.Proto.String(), pm.Port) 907 matched, _ := regexp.MatchString(regex, string(out[:])) 908 if matched { 909 t.Fatalf("Error handling should rollback relevant IPTables rules %s", string(out[:])) 910 } 911 } 912 } else { 913 t.Fatal("Expected Join to fail given link conditions are not satisfied") 914 } 915 } 916 917 func TestValidateConfig(t *testing.T) { 918 defer netnsutils.SetupTestOSContext(t)() 919 920 // Test mtu 921 c := networkConfiguration{Mtu: -2} 922 err := c.Validate() 923 if err == nil { 924 t.Fatal("Failed to detect invalid MTU number") 925 } 926 927 c.Mtu = 9000 928 err = c.Validate() 929 if err != nil { 930 t.Fatal("unexpected validation error on MTU number") 931 } 932 933 // Bridge network 934 _, network, _ := net.ParseCIDR("172.28.0.0/16") 935 c = networkConfiguration{ 936 AddressIPv4: network, 937 } 938 939 err = c.Validate() 940 if err != nil { 941 t.Fatal(err) 942 } 943 944 // Test v4 gw 945 c.DefaultGatewayIPv4 = net.ParseIP("172.27.30.234") 946 err = c.Validate() 947 if err == nil { 948 t.Fatal("Failed to detect invalid default gateway") 949 } 950 951 c.DefaultGatewayIPv4 = net.ParseIP("172.28.30.234") 952 err = c.Validate() 953 if err != nil { 954 t.Fatal("Unexpected validation error on default gateway") 955 } 956 957 // Test v6 gw 958 _, v6nw, _ := net.ParseCIDR("2001:db8:ae:b004::/64") 959 c = networkConfiguration{ 960 EnableIPv6: true, 961 AddressIPv6: v6nw, 962 DefaultGatewayIPv6: net.ParseIP("2001:db8:ac:b004::bad:a55"), 963 } 964 err = c.Validate() 965 if err == nil { 966 t.Fatal("Failed to detect invalid v6 default gateway") 967 } 968 969 c.DefaultGatewayIPv6 = net.ParseIP("2001:db8:ae:b004::bad:a55") 970 err = c.Validate() 971 if err != nil { 972 t.Fatal("Unexpected validation error on v6 default gateway") 973 } 974 975 c.AddressIPv6 = nil 976 err = c.Validate() 977 if err == nil { 978 t.Fatal("Failed to detect invalid v6 default gateway") 979 } 980 981 c.AddressIPv6 = nil 982 err = c.Validate() 983 if err == nil { 984 t.Fatal("Failed to detect invalid v6 default gateway") 985 } 986 } 987 988 func TestValidateFixedCIDRV6(t *testing.T) { 989 tests := []struct { 990 doc, input, expectedErr string 991 }{ 992 { 993 doc: "valid", 994 input: "2001:db8::/32", 995 }, 996 { 997 // fixed-cidr-v6 doesn't have to be specified. 998 doc: "empty", 999 }, 1000 { 1001 // Using the LL subnet prefix is ok. 1002 doc: "Link-Local subnet prefix", 1003 input: "fe80::/64", 1004 }, 1005 { 1006 // Using a nonstandard LL prefix that doesn't overlap with the standard LL prefix 1007 // is ok. 1008 doc: "non-overlapping link-local prefix", 1009 input: "fe80:1234::/80", 1010 }, 1011 { 1012 // Overlapping with the standard LL prefix isn't allowed. 1013 doc: "overlapping link-local prefix fe80::/63", 1014 input: "fe80::/63", 1015 expectedErr: "clash with the Link-Local prefix 'fe80::/64'", 1016 }, 1017 { 1018 // Overlapping with the standard LL prefix isn't allowed. 1019 doc: "overlapping link-local subnet fe80::/65", 1020 input: "fe80::/65", 1021 expectedErr: "clash with the Link-Local prefix 'fe80::/64'", 1022 }, 1023 { 1024 // The address has to be valid IPv6 subnet. 1025 doc: "invalid IPv6 subnet", 1026 input: "2000:db8::", 1027 expectedErr: "invalid CIDR address: 2000:db8::", 1028 }, 1029 { 1030 doc: "non-IPv6 subnet", 1031 input: "10.3.4.5/24", 1032 expectedErr: "fixed-cidr-v6 is not an IPv6 subnet", 1033 }, 1034 { 1035 doc: "IPv4-mapped subnet 1", 1036 input: "::ffff:10.2.4.0/24", 1037 expectedErr: "fixed-cidr-v6 is not an IPv6 subnet", 1038 }, 1039 { 1040 doc: "IPv4-mapped subnet 2", 1041 input: "::ffff:a01:203/24", 1042 expectedErr: "fixed-cidr-v6 is not an IPv6 subnet", 1043 }, 1044 { 1045 doc: "invalid subnet", 1046 input: "nonsense", 1047 expectedErr: "invalid CIDR address: nonsense", 1048 }, 1049 } 1050 for _, tc := range tests { 1051 tc := tc 1052 t.Run(tc.doc, func(t *testing.T) { 1053 err := ValidateFixedCIDRV6(tc.input) 1054 if tc.expectedErr == "" { 1055 assert.Check(t, err) 1056 } else { 1057 assert.Check(t, is.Error(err, tc.expectedErr)) 1058 } 1059 }) 1060 } 1061 } 1062 1063 func TestSetDefaultGw(t *testing.T) { 1064 defer netnsutils.SetupTestOSContext(t)() 1065 1066 d := newDriver() 1067 1068 if err := d.configure(nil); err != nil { 1069 t.Fatalf("Failed to setup driver config: %v", err) 1070 } 1071 1072 _, subnetv6, _ := net.ParseCIDR("2001:db8:ea9:9abc:b0c4::/80") 1073 1074 ipdList := getIPv4Data(t) 1075 gw4 := types.GetIPCopy(ipdList[0].Pool.IP).To4() 1076 gw4[3] = 254 1077 gw6 := net.ParseIP("2001:db8:ea9:9abc:b0c4::254") 1078 1079 config := &networkConfiguration{ 1080 BridgeName: DefaultBridgeName, 1081 AddressIPv6: subnetv6, 1082 DefaultGatewayIPv4: gw4, 1083 DefaultGatewayIPv6: gw6, 1084 } 1085 1086 genericOption := make(map[string]interface{}) 1087 genericOption[netlabel.EnableIPv6] = true 1088 genericOption[netlabel.GenericData] = config 1089 1090 err := d.CreateNetwork("dummy", genericOption, nil, ipdList, nil) 1091 if err != nil { 1092 t.Fatalf("Failed to create bridge: %v", err) 1093 } 1094 1095 te := newTestEndpoint(ipdList[0].Pool, 10) 1096 err = d.CreateEndpoint("dummy", "ep", te.Interface(), nil) 1097 if err != nil { 1098 t.Fatalf("Failed to create endpoint: %v", err) 1099 } 1100 1101 err = d.Join("dummy", "ep", "sbox", te, nil) 1102 if err != nil { 1103 t.Fatalf("Failed to join endpoint: %v", err) 1104 } 1105 1106 if !gw4.Equal(te.gw) { 1107 t.Fatalf("Failed to configure default gateway. Expected %v. Found %v", gw4, te.gw) 1108 } 1109 1110 if !gw6.Equal(te.gw6) { 1111 t.Fatalf("Failed to configure default gateway. Expected %v. Found %v", gw6, te.gw6) 1112 } 1113 } 1114 1115 func TestCleanupIptableRules(t *testing.T) { 1116 defer netnsutils.SetupTestOSContext(t)() 1117 bridgeChain := []iptables.ChainInfo{ 1118 {Name: DockerChain, Table: iptables.Nat}, 1119 {Name: DockerChain, Table: iptables.Filter}, 1120 {Name: IsolationChain1, Table: iptables.Filter}, 1121 } 1122 1123 ipVersions := []iptables.IPVersion{iptables.IPv4, iptables.IPv6} 1124 1125 for _, version := range ipVersions { 1126 if _, _, _, _, err := setupIPChains(configuration{EnableIPTables: true}, version); err != nil { 1127 t.Fatalf("Error setting up ip chains for %s: %v", version, err) 1128 } 1129 1130 iptable := iptables.GetIptable(version) 1131 for _, chainInfo := range bridgeChain { 1132 if !iptable.ExistChain(chainInfo.Name, chainInfo.Table) { 1133 t.Fatalf("iptables version %s chain %s of %s table should have been created", version, chainInfo.Name, chainInfo.Table) 1134 } 1135 } 1136 removeIPChains(version) 1137 for _, chainInfo := range bridgeChain { 1138 if iptable.ExistChain(chainInfo.Name, chainInfo.Table) { 1139 t.Fatalf("iptables version %s chain %s of %s table should have been deleted", version, chainInfo.Name, chainInfo.Table) 1140 } 1141 } 1142 } 1143 } 1144 1145 func TestCreateWithExistingBridge(t *testing.T) { 1146 defer netnsutils.SetupTestOSContext(t)() 1147 d := newDriver() 1148 1149 if err := d.configure(nil); err != nil { 1150 t.Fatalf("Failed to setup driver config: %v", err) 1151 } 1152 1153 brName := "br111" 1154 br := &netlink.Bridge{ 1155 LinkAttrs: netlink.LinkAttrs{ 1156 Name: brName, 1157 }, 1158 } 1159 if err := netlink.LinkAdd(br); err != nil { 1160 t.Fatalf("Failed to create bridge interface: %v", err) 1161 } 1162 defer netlink.LinkDel(br) 1163 if err := netlink.LinkSetUp(br); err != nil { 1164 t.Fatalf("Failed to set bridge interface up: %v", err) 1165 } 1166 1167 ip := net.IP{192, 168, 122, 1} 1168 addr := &netlink.Addr{IPNet: &net.IPNet{ 1169 IP: ip, 1170 Mask: net.IPv4Mask(255, 255, 255, 0), 1171 }} 1172 if err := netlink.AddrAdd(br, addr); err != nil { 1173 t.Fatalf("Failed to add IP address to bridge: %v", err) 1174 } 1175 1176 netconfig := &networkConfiguration{BridgeName: brName} 1177 genericOption := make(map[string]interface{}) 1178 genericOption[netlabel.GenericData] = netconfig 1179 1180 ipv4Data := []driverapi.IPAMData{{ 1181 AddressSpace: "full", 1182 Pool: types.GetIPNetCopy(addr.IPNet), 1183 Gateway: types.GetIPNetCopy(addr.IPNet), 1184 }} 1185 // Set network gateway to X.X.X.1 1186 ipv4Data[0].Gateway.IP[len(ipv4Data[0].Gateway.IP)-1] = 1 1187 1188 if err := d.CreateNetwork(brName, genericOption, nil, ipv4Data, nil); err != nil { 1189 t.Fatalf("Failed to create bridge network: %v", err) 1190 } 1191 1192 nw, err := d.getNetwork(brName) 1193 if err != nil { 1194 t.Fatalf("Failed to getNetwork(%s): %v", brName, err) 1195 } 1196 1197 addrs4, err := nw.bridge.addresses(netlink.FAMILY_V4) 1198 if err != nil { 1199 t.Fatalf("Failed to get the bridge network's address: %v", err) 1200 } 1201 1202 if !addrs4[0].IP.Equal(ip) { 1203 t.Fatal("Creating bridge network with existing bridge interface unexpectedly modified the IP address of the bridge") 1204 } 1205 1206 if err := d.DeleteNetwork(brName); err != nil { 1207 t.Fatalf("Failed to delete network %s: %v", brName, err) 1208 } 1209 1210 if _, err := netlink.LinkByName(brName); err != nil { 1211 t.Fatal("Deleting bridge network that using existing bridge interface unexpectedly deleted the bridge interface") 1212 } 1213 } 1214 1215 func TestCreateParallel(t *testing.T) { 1216 c := netnsutils.SetupTestOSContextEx(t) 1217 defer c.Cleanup(t) 1218 1219 d := newDriver() 1220 d.portAllocator = portallocator.NewInstance() 1221 1222 if err := d.configure(nil); err != nil { 1223 t.Fatalf("Failed to setup driver config: %v", err) 1224 } 1225 1226 ipV4Data := getIPv4Data(t) 1227 1228 ch := make(chan error, 100) 1229 for i := 0; i < 100; i++ { 1230 name := "net" + strconv.Itoa(i) 1231 c.Go(t, func() { 1232 config := &networkConfiguration{BridgeName: name} 1233 genericOption := make(map[string]interface{}) 1234 genericOption[netlabel.GenericData] = config 1235 if err := d.CreateNetwork(name, genericOption, nil, ipV4Data, nil); err != nil { 1236 ch <- fmt.Errorf("failed to create %s", name) 1237 return 1238 } 1239 if err := d.CreateNetwork(name, genericOption, nil, ipV4Data, nil); err == nil { 1240 ch <- fmt.Errorf("failed was able to create overlap %s", name) 1241 return 1242 } 1243 ch <- nil 1244 }) 1245 } 1246 // wait for the go routines 1247 var success int 1248 for i := 0; i < 100; i++ { 1249 val := <-ch 1250 if val == nil { 1251 success++ 1252 } 1253 } 1254 if success != 1 { 1255 t.Fatalf("Success should be 1 instead: %d", success) 1256 } 1257 }