Beispiel #1
0
func TestServiceToSnatRule(t *testing.T) {
	if os.Getenv("TRAVIS") == "true" {
		t.Skip("Skipping test because travis-ci do not allow iptables")
	}

	// create iptablesMngr from mocked config
	iptablesMngr, err := New(defaultConfig())
	assert.Nil(t, err)

	// mock service
	s1 := types.Service{
		Name:     "test",
		Address:  "10.0.1.1",
		Port:     80,
		Mode:     "nat",
		Protocol: "tcp",
	}

	// get current lo interface
	toSource, err := net.GetIpByInterface("lo")
	assert.Nil(t, err)

	// convert service to rule
	rule, err := iptablesMngr.serviceToSnatRule(s1)
	assert.Nil(t, err)

	// compare to spected rule
	assert.Equal(t, *rule, SnatRule{
		vaddr:    "10.0.1.1",
		vport:    "80",
		toSource: toSource,
	})
}
Beispiel #2
0
func TestRemoveRule(t *testing.T) {
	if os.Getenv("TRAVIS") == "true" {
		t.Skip("Skipping test because travis-ci do not allow iptables")
	}

	// crete iptablesMngr from mocked config
	iptablesMngr, err := New(defaultConfig())
	assert.Nil(t, err)

	// ensure the FUSIS chain is empty, flushed
	err = exec.Command(iptablesMngr.path, "--wait", "-t", "nat", "-F", "FUSIS").Run()
	assert.Nil(t, err)

	// get current lo interface
	toSource, err := net.GetIpByInterface("lo")
	assert.Nil(t, err)

	// mock rule
	rule := SnatRule{
		vaddr:    "10.0.1.1",
		vport:    "80",
		toSource: toSource,
	}

	// add rule
	err = exec.Command(iptablesMngr.path, "--wait", "-t", "nat", "-A", "FUSIS", "-m", "ipvs", "--vaddr", "10.0.1.1/32", "--vport", "80", "-j", "SNAT", "--to-source", toSource).Run()
	assert.Nil(t, err)

	// call iptables to remove rule
	iptablesMngr.removeRule(rule)

	// check using iptables
	err = exec.Command(iptablesMngr.path, "--wait", "-t", "nat", "-C", "FUSIS", "-m", "ipvs", "--vaddr", "10.0.1.1/32", "--vport", "80", "-j", "SNAT", "--to-source", toSource).Run()
	assert.NotNil(t, err)
}
Beispiel #3
0
func (i IptablesMngr) serviceToSnatRule(svc types.Service) (*SnatRule, error) {
	privateIp, err := net.GetIpByInterface(i.config.Interfaces.Outbound)
	if err != nil {
		return nil, err
	}

	rule := &SnatRule{
		vaddr:    svc.Address,
		vport:    strconv.Itoa(int(svc.Port)),
		toSource: privateIp,
	}

	return rule, nil
}
Beispiel #4
0
func (c *AgentConfig) GetIpByInterface() (string, error) {
	return net.GetIpByInterface(c.Interface)
}
Beispiel #5
0
func (c *BalancerConfig) GetIpByInterface() (string, error) {
	return net.GetIpByInterface(c.Interfaces.Inbound)
}
Beispiel #6
0
/** TestIptablesSync checks if iptable rules are beeing synced with stored state */
func TestIptablesSync(t *testing.T) {
	if os.Getenv("TRAVIS") == "true" {
		t.Skip("Skipping test because travis-ci do not allow iptables")
	}

	// create iptablesMngr based on mocked config
	iptablesMngr, err := New(defaultConfig())
	assert.Nil(t, err)

	// ensure the FUSIS chain is empty, flushed
	err = exec.Command(iptablesMngr.path, "--wait", "-t", "nat", "-F", "FUSIS").Run()
	assert.Nil(t, err)

	s1 := types.Service{
		Name:     "test",
		Address:  "10.0.1.1",
		Port:     80,
		Mode:     "nat",
		Protocol: "tcp",
	}

	s2 := types.Service{
		Name:     "test2",
		Address:  "10.0.1.2",
		Port:     80,
		Protocol: "tcp",
		Mode:     "nat",
	}

	state := &mocks.State{}
	state.On("GetServices").Return([]types.Service{s1, s2})

	toSource, err := net.GetIpByInterface("lo")
	assert.Nil(t, err)

	rule2 := SnatRule{
		vaddr:    "10.0.1.2",
		vport:    "80",
		toSource: toSource,
	}
	rule3 := SnatRule{
		vaddr:    "10.0.1.3",
		vport:    "80",
		toSource: toSource,
	}

	err = iptablesMngr.addRule(rule2)
	assert.Nil(t, err)
	err = iptablesMngr.addRule(rule3)
	assert.Nil(t, err)

	err = iptablesMngr.Sync(state)
	assert.Nil(t, err)

	rules, err := iptablesMngr.getKernelRulesSet()
	assert.Nil(t, err)

	rule1, err := iptablesMngr.serviceToSnatRule(s1)
	assert.Nil(t, err)

	assert.Equal(t, rules.Contains(rule2, *rule1), true)
}