fakeConnection.NetInReturns(0, 0, disaster) }) It("returns the error", func() { _, _, err := container.NetIn(123, 456) Ω(err).Should(Equal(disaster)) }) }) }) Describe("NetOut", func() { It("sends NetOut requests over the connection", func() { Ω(container.NetOut(garden.NetOutRule{ Networks: []garden.IPRange{garden.IPRangeFromIP(net.ParseIP("1.2.3.4"))}, Ports: []garden.PortRange{ {Start: 12, End: 24}, }, Log: true, })).Should(Succeed()) h, rule := fakeConnection.NetOutArgsForCall(0) Ω(h).Should(Equal("some-handle")) Ω(rule.Networks).Should(HaveLen(1)) Ω(rule.Networks[0]).Should(Equal(garden.IPRange{Start: net.ParseIP("1.2.3.4"), End: net.ParseIP("1.2.3.4")})) Ω(rule.Ports).Should(HaveLen(1)) Ω(rule.Ports[0]).Should(Equal(garden.PortRange{Start: 12, End: 24})) Ω(rule.Log).Should(Equal(true)) })
restartArgs = []string{} gracefulShutdown = true }) JustBeforeEach(func() { var err error container, err = client.Create(containerSpec) Expect(err).NotTo(HaveOccurred()) hostNetInPort, _, err = container.NetIn(hostNetInPort, 8080) Expect(err).NotTo(HaveOccurred()) container.NetOut(garden.NetOutRule{ Networks: []garden.IPRange{ garden.IPRangeFromIP(net.ParseIP("8.8.8.8")), }, }) info, err := container.Info() Expect(err).NotTo(HaveOccurred()) externalIP = info.ExternalIP interfacePrefix = info.Properties["kawasaki.iptable-prefix"] out := gbytes.NewBuffer() existingProc, err = container.Run( garden.ProcessSpec{ Path: "/bin/sh", Args: []string{"-c", "while true; do echo hello; sleep 1; done;"}, }, garden.ProcessIO{
Networks: []garden.IPRange{garden.IPRangeFromIP(net.ParseIP("8.8.8.8"))}, Ports: []garden.PortRange{garden.PortRangeFromPort(53)}, } }) Context("when an IP within the denied network range is permitted", func() { BeforeEach(func() { args = append(args, "--deny-network", "0.0.0.0/0") }) JustBeforeEach(func() { Expect(checkConnection(container, "8.8.8.8", 53)).To(MatchError("Request failed. Process exited with code 1")) }) It("should access internet", func() { Expect(container.NetOut(rule)).To(Succeed()) Expect(checkConnection(container, "8.8.8.8", 53)).To(Succeed()) }) Context("when the dropped packets should get logged", func() { BeforeEach(func() { rule.Log = true }) It("should access internet", func() { Expect(container.NetOut(rule)).To(Succeed()) Expect(checkConnection(container, "8.8.8.8", 53)).To(Succeed()) }) }) }) })