diff options
author | David Gibson <david@gibson.dropbear.id.au> | 2024-09-25 14:47:46 +1000 |
---|---|---|
committer | David Gibson <david@gibson.dropbear.id.au> | 2024-09-25 14:47:46 +1000 |
commit | 1f2658e0eff022a745580e132909e4a656dd53a3 (patch) | |
tree | c5129957873d3ac308dfac2e0fa994a029067bf3 | |
parent | af4b061f5383938a38910d81a0f637c478fc838f (diff) |
test/system: For pasta port forwarding tests don't bind socat server
The various pasta port forwarding tests run a socat server inside a
container, then connect to it from a socat client on the host. Currently
we have the server bind to the same specific address within the container
as we connect to on the host.
That's not quite what we want. For "tap" tests where the traffic goes over
pasta's L2 link to the container it's fine, though unnecessary. For
"loopback" tests where traffic is forwarded by pasta at the L4 socket
level, however, it's not quite right. In this case the address used is
either 127.0.0.1 or ::. That's correct and as needed for the host side
address we're connecting to. However on the container side, this only
works because of an odd and arguably undesirable behaviour of pasta: we use
the fact that we have an L4 socket within the container to make such
"spliced" L4 connections appear as if they come from loopback within the
container. A container will generally expect it's loopback address to be
only accessible from within the container, and this odd behaviour may be
changed in pasta in future.
In any case, the binding of the container side server is unnecessary, so
simply remove it.
Link: https://github.com/containers/podman/issues/24045
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
-rw-r--r-- | test/system/505-networking-pasta.bats | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/test/system/505-networking-pasta.bats b/test/system/505-networking-pasta.bats index aa1691a4e..9a0053378 100644 --- a/test/system/505-networking-pasta.bats +++ b/test/system/505-networking-pasta.bats @@ -169,10 +169,6 @@ function pasta_test_do() { # socat options for first <address> in server ("LISTEN" address types), local bind="${proto_upper}${ip_ver}-LISTEN:\${port}" - # For IPv6 via tap, we can pick either link-local or global unicast - if [ ${ip_ver} -eq 4 ] || [ ${iftype} = "loopback" ]; then - bind="${bind},bind=[${addr}]" - fi if [ "${proto}" = "udp" ]; then bind="${bind},null-eof" fi |