(t *testing.T)
| 68 | } |
| 69 | |
| 70 | func TestHostIPv4BridgeLabel(t *testing.T) { |
| 71 | skip.If(t, testEnv.IsRemoteDaemon) |
| 72 | skip.If(t, testEnv.IsRootless, "rootless mode has different view of network") |
| 73 | ctx := testutil.StartSpan(baseContext, t) |
| 74 | |
| 75 | d := daemon.New(t) |
| 76 | d.Start(t) |
| 77 | defer d.Stop(t) |
| 78 | c := d.NewClientT(t) |
| 79 | defer c.Close() |
| 80 | |
| 81 | ipv4SNATAddr := "172.0.0.172" |
| 82 | // Create a bridge network with --opt com.docker.network.host_ipv4=172.0.0.172 |
| 83 | bridgeName := "hostIPv4Bridge" |
| 84 | network.CreateNoError(ctx, t, c, bridgeName, |
| 85 | network.WithDriver("bridge"), |
| 86 | network.WithOption("com.docker.network.host_ipv4", ipv4SNATAddr), |
| 87 | network.WithOption("com.docker.network.bridge.name", bridgeName), |
| 88 | ) |
| 89 | defer network.RemoveNoError(ctx, t, c, bridgeName) |
| 90 | res, err := c.NetworkInspect(ctx, bridgeName, client.NetworkInspectOptions{Verbose: true}) |
| 91 | assert.NilError(t, err) |
| 92 | assert.Assert(t, len(res.Network.IPAM.Config) > 0) |
| 93 | // Make sure the SNAT rule exists |
| 94 | if strings.HasPrefix(testEnv.FirewallBackendDriver(), "nftables") { |
| 95 | chain := testutil.RunCommand(ctx, "nft", "--stateless", "list", "chain", "ip", "docker-bridges", "nat-postrouting-out__hostIPv4Bridge").Combined() |
| 96 | exp := fmt.Sprintf(`oifname != "hostIPv4Bridge" ip saddr %s counter snat to %s comment "SNAT"`, |
| 97 | res.Network.IPAM.Config[0].Subnet, ipv4SNATAddr) |
| 98 | assert.Check(t, is.Contains(chain, exp)) |
| 99 | } else { |
| 100 | testutil.RunCommand(ctx, "iptables", "-t", "nat", "-C", "POSTROUTING", "-s", res.Network.IPAM.Config[0].Subnet.String(), "!", "-o", bridgeName, "-j", "SNAT", "--to-source", ipv4SNATAddr).Assert(t, icmd.Success) |
| 101 | } |
| 102 | } |
| 103 | |
| 104 | func TestDefaultNetworkOpts(t *testing.T) { |
| 105 | skip.If(t, testEnv.IsRemoteDaemon) |
nothing calls this directly
no test coverage detected
searching dependent graphs…