diff options
Diffstat (limited to 'test/system/500-networking.bats')
-rw-r--r-- | test/system/500-networking.bats | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index a824ebcd7..0d976a6af 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -65,8 +65,13 @@ load helpers myport=54321 # Container will exit as soon as 'nc' receives input + # We use '-n -v' to give us log messages showing an incoming connection + # and its IP address; the purpose of that is guaranteeing that the + # remote IP is not 127.0.0.1 (podman PR #9052). + # We could get more parseable output by using $NCAT_REMOTE_ADDR, + # but busybox nc doesn't support that. run_podman run -d --userns=keep-id -p 127.0.0.1:$myport:$myport \ - $IMAGE nc -l -p $myport + $IMAGE nc -l -n -v -p $myport cid="$output" # emit random string, and check it @@ -74,7 +79,17 @@ load helpers echo "$teststring" | nc 127.0.0.1 $myport run_podman logs $cid - is "$output" "$teststring" "test string received on container" + # Sigh. We can't check line-by-line, because 'nc' output order is + # unreliable. We usually get the 'connect to' line before the random + # string, but sometimes we get it after. So, just do substring checks. + is "$output" ".*listening on \[::\]:$myport .*" "nc -v shows right port" + + # This is the truly important check: make sure the remote IP is + # in the 10.X range, not 127.X. + is "$output" \ + ".*connect to \[::ffff:10\..*\]:$myport from \[::ffff:10\..*\]:.*" \ + "nc -v shows remote IP address in 10.X space (not 127.0.0.1)" + is "$output" ".*${teststring}.*" "test string received on container" # Clean up run_podman rm $cid @@ -83,6 +98,7 @@ load helpers # "network create" now works rootless, with the help of a special container @test "podman network create" { skip_if_remote "FIXME: pending #7808" + myport=54322 local mynetname=testnet-$(random_string 10) local mysubnet=$(random_rfc1918_subnet) @@ -100,6 +116,27 @@ load helpers is "$output" ".* inet ${mysubnet}\.2/24 brd ${mysubnet}\.255 " \ "sdfsdf" + run_podman run --rm -d --network $mynetname -p 127.0.0.1:$myport:$myport \ + $IMAGE nc -l -n -v -p $myport + cid="$output" + + # emit random string, and check it + teststring=$(random_string 30) + echo "$teststring" | nc 127.0.0.1 $myport + + run_podman logs $cid + # Sigh. We can't check line-by-line, because 'nc' output order is + # unreliable. We usually get the 'connect to' line before the random + # string, but sometimes we get it after. So, just do substring checks. + is "$output" ".*listening on \[::\]:$myport .*" "nc -v shows right port" + + # This is the truly important check: make sure the remote IP is + # in the 172.X range, not 127.X. + is "$output" \ + ".*connect to \[::ffff:172\..*\]:$myport from \[::ffff:172\..*\]:.*" \ + "nc -v shows remote IP address in 172.X space (not 127.0.0.1)" + is "$output" ".*${teststring}.*" "test string received on container" + # Cannot create network with the same name run_podman 125 network create $mynetname is "$output" "Error: the network name $mynetname is already used" \ |