const testHostname … const testNodeIP … const testNodeIPAlt … const testExternalIP … const testNodeIPv6 … const testNodeIPv6Alt … const testExternalClient … const testExternalClientBlocked … var testNodeIPs … func NewFakeProxier(ipt utiliptables.Interface) *Proxier { … } // parseIPTablesData takes iptables-save output and returns a map of table name to array of lines. func parseIPTablesData(ruleData string) (map[string][]string, error) { … } func TestParseIPTablesData(t *testing.T) { … } func countRules(logger klog.Logger, tableName utiliptables.Table, ruleData string) int { … } func countRulesFromMetric(logger klog.Logger, tableName utiliptables.Table) int { … } func countRulesFromLastSyncMetric(logger klog.Logger, tableName utiliptables.Table) int { … } // findAllMatches takes an array of lines and a pattern with one parenthesized group, and // returns a sorted array of all of the unique matches of the parenthesized group. func findAllMatches(lines []string, pattern string) []string { … } // checkIPTablesRuleJumps checks that every `-j` in the given rules jumps to a chain // that we created and added rules to func checkIPTablesRuleJumps(ruleData string) error { … } func TestCheckIPTablesRuleJumps(t *testing.T) { … } // orderByCommentServiceName is a helper function that orders two IPTables rules // based on the service name in their comment. (If either rule has no comment then the // return value is undefined.) func orderByCommentServiceName(rule1, rule2 *iptablestest.Rule) bool { … } // sortIPTablesRules sorts `iptables-restore` output so as to not depend on the order that // Services get processed in, while preserving the relative ordering of related rules. func sortIPTablesRules(ruleData string) (string, error) { … } func TestSortIPTablesRules(t *testing.T) { … } // getLine returns the line number of the caller, if possible. This is useful in // tests with a large number of cases - when something goes wrong you can find // which case more easily. func getLine() int { … } // assertIPTablesRulesEqual asserts that the generated rules in result match the rules in // expected, ignoring irrelevant ordering differences. By default this also checks the // rules for consistency (eg, no jumps to chains that aren't defined), but that can be // disabled by passing false for checkConsistency if you are passing a partial set of rules. func assertIPTablesRulesEqual(t *testing.T, line int, checkConsistency bool, expected, result string) { … } // assertIPTablesChainEqual asserts that the indicated chain in the indicated table in // result contains exactly the rules in expected (in that order). func assertIPTablesChainEqual(t *testing.T, line int, table utiliptables.Table, chain utiliptables.Chain, expected, result string) { … } // addressMatches helps test whether an iptables rule such as "! -s 192.168.0.0/16" matches // ipStr. address.Value is either an IP address ("1.2.3.4") or a CIDR string // ("1.2.3.0/24"). func addressMatches(t *testing.T, address *iptablestest.IPTablesValue, ipStr string) bool { … } type iptablesTracer … // newIPTablesTracer creates an iptablesTracer. nodeIPs are the IPs to treat as local // node IPs (for determining whether rules with "--src-type LOCAL" or "--dst-type LOCAL" // match). func newIPTablesTracer(t *testing.T, ipt *iptablestest.FakeIPTables, nodeIPs []string) *iptablesTracer { … } // ruleMatches checks if the given iptables rule matches (at least probabilistically) a // packet with the given sourceIP, destIP, and destPort. func (tracer *iptablesTracer) ruleMatches(rule *iptablestest.Rule, sourceIP, protocol, destIP, destPort string) bool { … } // runChain runs the given packet through the rules in the given table and chain, updating // tracer's internal state accordingly. It returns true if it hits a terminal action. func (tracer *iptablesTracer) runChain(table utiliptables.Table, chain utiliptables.Chain, sourceIP, protocol, destIP, destPort string) bool { … } // tracePacket determines what would happen to a packet with the given sourceIP, protocol, // destIP, and destPort, given the indicated iptables ruleData. nodeIP is the local node // IP (for rules matching "LOCAL"). (The protocol value should be lowercase as in iptables // rules, not uppercase as in corev1.) // // The return values are: an array of matched rules (for debugging), the final packet // destinations (a comma-separated list of IPs, or one of the special targets "ACCEPT", // "DROP", or "REJECT"), and whether the packet would be masqueraded. func tracePacket(t *testing.T, ipt *iptablestest.FakeIPTables, sourceIP, protocol, destIP, destPort string, nodeIPs []string) ([]string, string, bool) { … } type packetFlowTest … func runPacketFlowTests(t *testing.T, line int, ipt *iptablestest.FakeIPTables, nodeIPs []string, testCases []packetFlowTest) { … } // This tests tracePacket against static data, just to make sure we match things in the // way we expect to. func TestTracePacket(t *testing.T) { … } // TestOverallIPTablesRules creates a variety of services and verifies that the generated // rules are exactly as expected. func TestOverallIPTablesRules(t *testing.T) { … } // TestNoEndpointsReject tests that a service with no endpoints rejects connections to // its ClusterIP, ExternalIPs, NodePort, and LoadBalancer IP. func TestNoEndpointsReject(t *testing.T) { … } // TestClusterIPGeneral tests various basic features of a ClusterIP service func TestClusterIPGeneral(t *testing.T) { … } func TestLoadBalancer(t *testing.T) { … } // TestNodePorts tests NodePort services under various combinations of the // --nodeport-addresses and --localhost-nodeports flags. func TestNodePorts(t *testing.T) { … } func TestHealthCheckNodePort(t *testing.T) { … } func TestDropInvalidRule(t *testing.T) { … } func TestMasqueradeRule(t *testing.T) { … } // TestExternalTrafficPolicyLocal tests that traffic to externally-facing IPs does not get // masqueraded when using Local traffic policy. For traffic from external sources, that // means it can also only be routed to local endpoints, but for traffic from internal // sources, it gets routed to all endpoints. func TestExternalTrafficPolicyLocal(t *testing.T) { … } // TestExternalTrafficPolicyCluster tests that traffic to an externally-facing IP gets // masqueraded when using Cluster traffic policy. func TestExternalTrafficPolicyCluster(t *testing.T) { … } func TestComputeProbability(t *testing.T) { … } func makeTestService(namespace, name string, svcFunc func(*v1.Service)) *v1.Service { … } func addTestPort(array []v1.ServicePort, name string, protocol v1.Protocol, port, nodeport int32, targetPort int) []v1.ServicePort { … } func TestBuildServiceMapAddRemove(t *testing.T) { … } func TestBuildServiceMapServiceHeadless(t *testing.T) { … } func TestBuildServiceMapServiceTypeExternalName(t *testing.T) { … } func TestBuildServiceMapServiceUpdate(t *testing.T) { … } func populateEndpointSlices(proxier *Proxier, allEndpointSlices ...*discovery.EndpointSlice) { … } func makeTestEndpointSlice(namespace, name string, sliceNum int, epsFunc func(*discovery.EndpointSlice)) *discovery.EndpointSlice { … } func makeNSN(namespace, name string) types.NamespacedName { … } func makeServicePortName(ns, name, port string, protocol v1.Protocol) proxy.ServicePortName { … } func makeServiceMap(proxier *Proxier, allServices ...*v1.Service) { … } type endpointExpectation … func checkEndpointExpectations(t *testing.T, tci int, newMap proxy.EndpointsMap, expected map[proxy.ServicePortName][]endpointExpectation) { … } func TestUpdateEndpointsMap(t *testing.T) { … } // TestHealthCheckNodePortWhenTerminating tests that health check node ports are not enabled when all local endpoints are terminating func TestHealthCheckNodePortWhenTerminating(t *testing.T) { … } func TestProxierMetricsIPTablesTotalRules(t *testing.T) { … } // This test ensures that the iptables proxier supports translating Endpoints to // iptables output when internalTrafficPolicy is specified func TestInternalTrafficPolicy(t *testing.T) { … } // TestTerminatingEndpointsTrafficPolicyLocal tests that when there are local ready and // ready + terminating endpoints, only the ready endpoints are used. func TestTerminatingEndpointsTrafficPolicyLocal(t *testing.T) { … } // TestTerminatingEndpointsTrafficPolicyCluster tests that when there are cluster-wide // ready and ready + terminating endpoints, only the ready endpoints are used. func TestTerminatingEndpointsTrafficPolicyCluster(t *testing.T) { … } func TestInternalExternalMasquerade(t *testing.T) { … } func countEndpointsAndComments(iptablesData string, matchEndpoint string) (string, int, int) { … } func TestSyncProxyRulesLargeClusterMode(t *testing.T) { … } // Test calling syncProxyRules() multiple times with various changes func TestSyncProxyRulesRepeated(t *testing.T) { … } func TestNoEndpointsMetric(t *testing.T) { … } func TestLoadBalancerIngressRouteTypeProxy(t *testing.T) { … } // TestBadIPs tests that "bad" IPs and CIDRs in Services/Endpoints are rewritten to // be "good" in the input provided to iptables-restore func TestBadIPs(t *testing.T) { … }
Codebase Browser
kubernetes