func (cmd *GuardianCommand) wireNetworker(log lager.Logger, propManager kawasaki.ConfigStore, portPool *ports.PortPool) (gardener.Networker, gardener.Starter, error) { externalIP, err := defaultExternalIP(cmd.Network.ExternalIP) if err != nil { return nil, nil, err } dnsServers := make([]net.IP, len(cmd.Network.DNSServers)) for i, ip := range cmd.Network.DNSServers { dnsServers[i] = ip.IP() } if cmd.Network.Plugin.Path() != "" { resolvConfigurer := &kawasaki.ResolvConfigurer{ HostsFileCompiler: &dns.HostsFileCompiler{}, ResolvFileCompiler: &dns.ResolvFileCompiler{}, FileWriter: &dns.RootfsWriter{}, IDMapReader: &kawasaki.RootIdMapReader{}, } externalNetworker := netplugin.New( linux_command_runner.New(), propManager, externalIP, dnsServers, resolvConfigurer, cmd.Network.Plugin.Path(), cmd.Network.PluginExtraArgs, ) return externalNetworker, externalNetworker, nil } var denyNetworksList []string for _, network := range cmd.Network.DenyNetworks { denyNetworksList = append(denyNetworksList, network.String()) } interfacePrefix := fmt.Sprintf("w%s", cmd.Server.Tag) chainPrefix := fmt.Sprintf("w-%s-", cmd.Server.Tag) idGenerator := kawasaki.NewSequentialIDGenerator(time.Now().UnixNano()) iptRunner := &logging.Runner{CommandRunner: linux_command_runner.New(), Logger: log.Session("iptables-runner")} locksmith := &locksmithpkg.FileSystem{} ipTables := iptables.New(cmd.Bin.IPTables.Path(), cmd.Bin.IPTablesRestore.Path(), iptRunner, locksmith, chainPrefix) ipTablesStarter := iptables.NewStarter(ipTables, cmd.Network.AllowHostAccess, interfacePrefix, denyNetworksList, cmd.Containers.DestroyContainersOnStartup) ruleTranslator := iptables.NewRuleTranslator() networker := kawasaki.New( kawasaki.SpecParserFunc(kawasaki.ParseSpec), subnets.NewPool(cmd.Network.Pool.CIDR()), kawasaki.NewConfigCreator(idGenerator, interfacePrefix, chainPrefix, externalIP, dnsServers, cmd.Network.Mtu), propManager, factory.NewDefaultConfigurer(ipTables), portPool, iptables.NewPortForwarder(ipTables), iptables.NewFirewallOpener(ruleTranslator, ipTables), ) return networker, ipTablesStarter, nil }
. "github.com/onsi/ginkgo" . "github.com/onsi/gomega" ) var _ = Describe("PortForwarder", func() { var ( fakeRunner *fake_command_runner.FakeCommandRunner forwarder *iptables.PortForwarder ) BeforeEach(func() { fakeRunner = fake_command_runner.New() fakeLocksmith := NewFakeLocksmith() forwarder = iptables.NewPortForwarder( iptables.New("/sbin/iptables", "/sbin/iptables-restore", fakeRunner, fakeLocksmith, "prefix-"), ) }) It("adds a NAT rule to forward the port", func() { Expect(forwarder.Forward(kawasaki.PortForwarderSpec{ InstanceID: "some-instance", ExternalIP: net.ParseIP("5.6.7.8"), ContainerIP: net.ParseIP("1.2.3.4"), FromPort: 22, ToPort: 33, })).To(Succeed()) Expect(fakeRunner).To(HaveExecutedSerially( fake_command_runner.CommandSpec{ Path: "/sbin/iptables",
BeforeEach(func() { netnsName = fmt.Sprintf("ginkgo-netns-%d", GinkgoParallelNode()) makeNamespace(netnsName) fakeRunner := fake_command_runner.New() fakeRunner.WhenRunning(fake_command_runner.CommandSpec{}, func(cmd *exec.Cmd) error { return wrapCmdInNs(netnsName, cmd).Run() }, ) fakeLocksmith = NewFakeLocksmith() prefix = fmt.Sprintf("g-%d", GinkgoParallelNode()) iptablesController = iptables.New("/sbin/iptables", "/sbin/iptables-restore", fakeRunner, fakeLocksmith, prefix) }) AfterEach(func() { deleteNamespace(netnsName) }) Describe("CreateChain", func() { It("creates the chain", func() { Expect(iptablesController.CreateChain("filter", "test-chain")).To(Succeed()) sess, err := gexec.Start(wrapCmdInNs(netnsName, exec.Command("iptables", "-L", "test-chain")), GinkgoWriter, GinkgoWriter) Expect(err).NotTo(HaveOccurred()) Eventually(sess).Should(gexec.Exit(0)) })