),
				)
				_, _, err := container.NetIn(1234, 3456)
				Expect(err).To(HaveOccurred())
			})
		})
	})

	Describe("NetOut", func() {
		var err error
		JustBeforeEach(func() {
			err = container.NetOut(garden.NetOutRule{
				Protocol: garden.ProtocolTCP,
				Networks: []garden.IPRange{
					{
						Start: net.ParseIP("0.0.0.0"),
						End:   net.ParseIP("255.255.255.255"),
					},
				},
			})
		})

		Describe("succeeds", func() {
			BeforeEach(func() {
				server.AppendHandlers(
					ghttp.CombineHandlers(
						ghttp.VerifyRequest("POST", "/api/containers/containerhandle/net/out"),
						ghttp.RespondWith(200, ""),
						func(w http.ResponseWriter, req *http.Request) {
							body, err := ioutil.ReadAll(req.Body)
							req.Body.Close()
예제 #2
0
				fakeConnection.NetInReturns(0, 0, disaster)
			})

			It("returns the error", func() {
				_, _, err := container.NetIn(123, 456)
				Ω(err).Should(Equal(disaster))
			})
		})
	})

	Describe("NetOut", func() {
		It("sends NetOut requests over the connection", func() {
			Ω(container.NetOut(garden.NetOutRule{
				Networks: []garden.IPRange{garden.IPRangeFromIP(net.ParseIP("1.2.3.4"))},
				Ports: []garden.PortRange{
					{Start: 12, End: 24},
				},
				Log: true,
			})).Should(Succeed())

			h, rule := fakeConnection.NetOutArgsForCall(0)
			Ω(h).Should(Equal("some-handle"))

			Ω(rule.Networks).Should(HaveLen(1))
			Ω(rule.Networks[0]).Should(Equal(garden.IPRange{Start: net.ParseIP("1.2.3.4"), End: net.ParseIP("1.2.3.4")}))

			Ω(rule.Ports).Should(HaveLen(1))
			Ω(rule.Ports[0]).Should(Equal(garden.PortRange{Start: 12, End: 24}))

			Ω(rule.Log).Should(Equal(true))
		})
예제 #3
0
			//The target address is the ip addr of www.example.com in these tests
			BeforeEach(func() {
				denyRange = "0.0.0.0/0"
				allowRange = "9.9.9.9/30"
				containerNetwork = fmt.Sprintf("10.1%d.0.0/24", GinkgoParallelNode())
			})

			It("disallows TCP connections", func() {
				ByRejectingTCP()
			})

			Context("when a rule that allows all traffic to the target is added", func() {
				JustBeforeEach(func() {
					err := container.NetOut(garden.NetOutRule{
						Networks: []garden.IPRange{
							garden.IPRangeFromIP(externalIP),
						},
					})
					Expect(err).ToNot(HaveOccurred())
				})

				It("allows TCP traffic to the target", func() {
					ByAllowingTCP()
				})
			})
		})

		Context("when the target address is inside ALLOW_NETWORKS", func() {
			BeforeEach(func() {
				denyRange = "0.0.0.0/0"
				allowRange = "0.0.0.0/0"
예제 #4
0
				{
					Start: parsedIP,
					End:   parsedIP,
				},
			}
		}

		if port > 0 {
			rule.Ports = []garden.PortRange{
				{
					Start: port,
					End:   port,
				},
			}
		}
		Expect(c.NetOut(rule)).To(Succeed())
	}

	Describe("netout", func() {
		Describe("when the All protocol is used", func() {
			It("allow both tcp and udp connections", func() {

				helpers.AssertEventuallyProcessExitsWith(1, func() (garden.Process, error) {
					return testConnection("tcp", googleIPAddress, tcpPort)
				})
				openPort(garden.ProtocolAll, tcpPort, "")
				helpers.AssertEventuallyProcessExitsWith(0, func() (garden.Process, error) {
					return testConnection("tcp", googleIPAddress, tcpPort)
				})

				helpers.AssertEventuallyProcessExitsWith(1, func() (garden.Process, error) {
예제 #5
0
			Context("when mapping the port fails", func() {
				BeforeEach(func() {
					fakeContainer.NetInReturns(0, 0, errors.New("oh no!"))
				})

				It("fails", func() {
					_, _, err := container.NetIn(123, 456)
					Ω(err).Should(HaveOccurred())
				})
			})
		})

		Describe("net out", func() {
			Context("when a zero-value NetOutRule is supplied", func() {
				It("permits all TCP traffic to everywhere, with logging not enabled", func() {
					Ω(container.NetOut(garden.NetOutRule{})).Should(Succeed())
					rule := fakeContainer.NetOutArgsForCall(0)

					Ω(rule.Protocol).Should(Equal(garden.ProtocolAll))
					Ω(rule.Networks).Should(BeNil())
					Ω(rule.Ports).Should(BeNil())
					Ω(rule.ICMPs).Should(BeNil())
					Ω(rule.Log).Should(Equal(false))
				})
			})

			Context("when protocol is specified", func() {
				Context("as TCP", func() {
					It("permits TCP traffic", func() {
						Ω(container.NetOut(garden.NetOutRule{
							Protocol: garden.ProtocolTCP,
예제 #6
0
						)
						status, err := process.Wait()
						Expect(err).ToNot(HaveOccurred())
						Expect(status).ToNot(Equal(0))
					})
				}
			})

			It("preserves NetOut rules", func() {
				// Initially prevented from accessing (sanity check)
				ByDenyingTCPTo(externalIP)

				// Allow access
				Expect(container.NetOut(garden.NetOutRule{
					Protocol: garden.ProtocolTCP,
					Networks: []garden.IPRange{
						garden.IPRangeFromIP(externalIP),
					},
				})).To(Succeed())

				// Check it worked (sanity check)
				ByAllowingTCPTo(externalIP)

				restartGarden(gardenArgs...)
				ByAllowingTCPTo(externalIP)
			})
		})

	})

	Describe("a container's mapped port", func() {
		It("does not get reused", func() {