func (cmd *GuardianCommand) wireNetworker(log lager.Logger, propManager kawasaki.ConfigStore, portPool *ports.PortPool) (gardener.Networker, gardener.Starter, error) { externalIP, err := defaultExternalIP(cmd.Network.ExternalIP) if err != nil { return nil, nil, err } dnsServers := make([]net.IP, len(cmd.Network.DNSServers)) for i, ip := range cmd.Network.DNSServers { dnsServers[i] = ip.IP() } if cmd.Network.Plugin.Path() != "" { resolvConfigurer := &kawasaki.ResolvConfigurer{ HostsFileCompiler: &dns.HostsFileCompiler{}, ResolvFileCompiler: &dns.ResolvFileCompiler{}, FileWriter: &dns.RootfsWriter{}, IDMapReader: &kawasaki.RootIdMapReader{}, } externalNetworker := netplugin.New( linux_command_runner.New(), propManager, externalIP, dnsServers, resolvConfigurer, cmd.Network.Plugin.Path(), cmd.Network.PluginExtraArgs, ) return externalNetworker, externalNetworker, nil } var denyNetworksList []string for _, network := range cmd.Network.DenyNetworks { denyNetworksList = append(denyNetworksList, network.String()) } interfacePrefix := fmt.Sprintf("w%s", cmd.Server.Tag) chainPrefix := fmt.Sprintf("w-%s-", cmd.Server.Tag) idGenerator := kawasaki.NewSequentialIDGenerator(time.Now().UnixNano()) iptRunner := &logging.Runner{CommandRunner: linux_command_runner.New(), Logger: log.Session("iptables-runner")} locksmith := &locksmithpkg.FileSystem{} ipTables := iptables.New(cmd.Bin.IPTables.Path(), cmd.Bin.IPTablesRestore.Path(), iptRunner, locksmith, chainPrefix) ipTablesStarter := iptables.NewStarter(ipTables, cmd.Network.AllowHostAccess, interfacePrefix, denyNetworksList, cmd.Containers.DestroyContainersOnStartup) ruleTranslator := iptables.NewRuleTranslator() networker := kawasaki.New( kawasaki.SpecParserFunc(kawasaki.ParseSpec), subnets.NewPool(cmd.Network.Pool.CIDR()), kawasaki.NewConfigCreator(idGenerator, interfacePrefix, chainPrefix, externalIP, dnsServers, cmd.Network.Mtu), propManager, factory.NewDefaultConfigurer(ipTables), portPool, iptables.NewPortForwarder(ipTables), iptables.NewFirewallOpener(ruleTranslator, ipTables), ) return networker, ipTablesStarter, nil }
denyNetworks []string destroyContainersOnStartup bool starter *iptables.Starter ) BeforeEach(func() { fakeRunner = fake_command_runner.New() destroyContainersOnStartup = false }) JustBeforeEach(func() { fakeLocksmith := NewFakeLocksmith() starter = iptables.NewStarter( iptables.New("/sbin/iptables", "/sbin/iptables-restore", fakeRunner, fakeLocksmith, "prefix-"), true, "the-nic-prefix", denyNetworks, destroyContainersOnStartup, ) }) itSetsUpGlobalChains := func() { Expect(fakeRunner).To(HaveExecutedSerially(fake_command_runner.CommandSpec{ Path: "bash", Args: []string{"-c", iptables.SetupScript}, Env: []string{ fmt.Sprintf("PATH=%s", os.Getenv("PATH")), "ACTION=setup", "GARDEN_IPTABLES_BIN=/sbin/iptables", "GARDEN_IPTABLES_FILTER_INPUT_CHAIN=prefix-input",