gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/test/iptables/iptables.go (about) 1 // Copyright 2019 The gVisor Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Package iptables contains a set of iptables tests implemented as TestCases 16 package iptables 17 18 import ( 19 "context" 20 "fmt" 21 "net" 22 "time" 23 ) 24 25 // IPExchangePort is the port the container listens on to receive the IP 26 // address of the local process. 27 const IPExchangePort = 2349 28 29 // TerminalStatement is the last statement in the test runner. 30 const TerminalStatement = "Finished!" 31 32 // TestTimeout is the timeout used for all tests. 33 const TestTimeout = 10 * time.Second 34 35 // NegativeTimeout is the time tests should wait to establish the negative 36 // case, i.e. that connections are not made. 37 const NegativeTimeout = 2 * time.Second 38 39 // A TestCase contains one action to run in the container and one to run 40 // locally. The actions run concurrently and each must succeed for the test 41 // pass. 42 type TestCase interface { 43 // Name returns the name of the test. 44 Name() string 45 46 // ContainerAction runs inside the container. It receives the IP of the 47 // local process. 48 ContainerAction(ctx context.Context, ip net.IP, ipv6 bool) error 49 50 // LocalAction runs locally. It receives the IP of the container. 51 LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error 52 53 // ContainerSufficient indicates whether ContainerAction's return value 54 // alone indicates whether the test succeeded. 55 ContainerSufficient() bool 56 57 // LocalSufficient indicates whether LocalAction's return value alone 58 // indicates whether the test succeeded. 59 LocalSufficient() bool 60 } 61 62 // baseCase provides defaults for ContainerSufficient and LocalSufficient when 63 // both actions are required to finish. 64 type baseCase struct{} 65 66 // ContainerSufficient implements TestCase.ContainerSufficient. 67 func (*baseCase) ContainerSufficient() bool { 68 return false 69 } 70 71 // LocalSufficient implements TestCase.LocalSufficient. 72 func (*baseCase) LocalSufficient() bool { 73 return false 74 } 75 76 // localCase provides defaults for ContainerSufficient and LocalSufficient when 77 // only the local action is required to finish. 78 type localCase struct{} 79 80 // ContainerSufficient implements TestCase.ContainerSufficient. 81 func (*localCase) ContainerSufficient() bool { 82 return false 83 } 84 85 // LocalSufficient implements TestCase.LocalSufficient. 86 func (*localCase) LocalSufficient() bool { 87 return true 88 } 89 90 // containerCase provides defaults for ContainerSufficient and LocalSufficient 91 // when only the container action is required to finish. 92 type containerCase struct{} 93 94 // ContainerSufficient implements TestCase.ContainerSufficient. 95 func (*containerCase) ContainerSufficient() bool { 96 return true 97 } 98 99 // LocalSufficient implements TestCase.LocalSufficient. 100 func (*containerCase) LocalSufficient() bool { 101 return false 102 } 103 104 // Tests maps test names to TestCase. 105 // 106 // New TestCases are added by calling RegisterTestCase in an init function. 107 var Tests = map[string]TestCase{} 108 109 // RegisterTestCase registers tc so it can be run. 110 func RegisterTestCase(tc TestCase) { 111 if _, ok := Tests[tc.Name()]; ok { 112 panic(fmt.Sprintf("TestCase %s already registered.", tc.Name())) 113 } 114 Tests[tc.Name()] = tc 115 }