Merge pull request #109844 from danwinship/iptables-tests-new

improve parsing in iptables unit tests

pkg/proxy/ipvs/proxier_test.go

@@ -1664,11 +1664,25 @@ func TestMasqueradeRule(t *testing.T) {
 		makeServiceMap(fp)
 		fp.syncProxyRules()
 
-		postRoutingRules := ipt.GetRules(string(kubePostroutingChain))
-		if !hasJump(postRoutingRules, "MASQUERADE", "") {
+		buf := bytes.NewBuffer(nil)
+		_ = ipt.SaveInto(utiliptables.TableNAT, buf)
+		natRules := strings.Split(string(buf.Bytes()), "\n")
+		var hasMasqueradeJump, hasMasqRandomFully bool
+		for _, line := range natRules {
+			rule, _ := iptablestest.ParseRule(line, false)
+			if rule != nil && rule.Chain == kubePostroutingChain && rule.Jump != nil && rule.Jump.Value == "MASQUERADE" {
+				hasMasqueradeJump = true
+				if rule.RandomFully != nil {
+					hasMasqRandomFully = true
+				}
+				break
+			}
+		}
+
+		if !hasMasqueradeJump {
 			t.Errorf("Failed to find -j MASQUERADE in %s chain", kubePostroutingChain)
 		}
-		if hasMasqRandomFully(postRoutingRules) != testcase {
+		if hasMasqRandomFully != testcase {
 			probs := map[bool]string{false: "found", true: "did not find"}
 			t.Errorf("%s --random-fully in -j MASQUERADE rule in %s chain for HasRandomFully()=%v", probs[testcase], kubePostroutingChain, testcase)
 		}
@@ -3817,42 +3831,41 @@ func buildFakeProxier() (*iptablestest.FakeIPTables, *Proxier) {
 	return ipt, NewFakeProxier(ipt, ipvs, ipset, nil, nil, v1.IPv4Protocol)
 }
 
-func hasJump(rules []iptablestest.Rule, destChain, ipSet string) bool {
-	for _, r := range rules {
-		if r[iptablestest.Jump] == destChain {
-			if ipSet == "" {
-				return true
-			}
-			if strings.Contains(r[iptablestest.MatchSet], ipSet) {
-				return true
-			}
-		}
-	}
-	return false
-}
+func getRules(ipt *iptablestest.FakeIPTables, chain utiliptables.Chain) []*iptablestest.Rule {
+	var rules []*iptablestest.Rule
 
-func hasMasqRandomFully(rules []iptablestest.Rule) bool {
-	for _, r := range rules {
-		if r[iptablestest.Masquerade] == "--random-fully" {
-			return true
+	buf := bytes.NewBuffer(nil)
+	_ = ipt.SaveInto(utiliptables.TableNAT, buf)
+	_ = ipt.SaveInto(utiliptables.TableFilter, buf)
+	lines := strings.Split(string(buf.Bytes()), "\n")
+	for _, l := range lines {
+		if !strings.HasPrefix(l, "-A ") {
+			continue
+		}
+		rule, _ := iptablestest.ParseRule(l, false)
+		if rule != nil && rule.Chain == chain {
+			rules = append(rules, rule)
 		}
 	}
-	return false
+	return rules
 }
 
 // checkIptables to check expected iptables chain and rules. The got rules must have same number and order as the
 // expected rules.
 func checkIptables(t *testing.T, ipt *iptablestest.FakeIPTables, epIpt netlinktest.ExpectedIptablesChain) {
 	for epChain, epRules := range epIpt {
-		rules := ipt.GetRules(epChain)
+		rules := getRules(ipt, utiliptables.Chain(epChain))
 		if len(rules) != len(epRules) {
 			t.Errorf("Expected %d iptables rule in chain %s, got %d", len(epRules), epChain, len(rules))
 			continue
 		}
 		for i, epRule := range epRules {
 			rule := rules[i]
-			if rule[iptablestest.Jump] != epRule.JumpChain || !strings.Contains(rule[iptablestest.MatchSet], epRule.MatchSet) {
-				t.Errorf("Expected MatchSet=%s JumpChain=%s, got MatchSet=%s JumpChain=%s", epRule.MatchSet, epRule.JumpChain, rule[iptablestest.MatchSet], rule[iptablestest.Jump])
+			if rule.Jump == nil || rule.Jump.Value != epRule.JumpChain {
+				t.Errorf("Expected MatchSet=%s JumpChain=%s, got %s", epRule.MatchSet, epRule.JumpChain, rule.Raw)
+			}
+			if (epRule.MatchSet == "" && rule.MatchSet != nil) || (epRule.MatchSet != "" && (rule.MatchSet == nil || rule.MatchSet.Value != epRule.MatchSet)) {
+				t.Errorf("Expected MatchSet=%s JumpChain=%s, got %s", epRule.MatchSet, epRule.JumpChain, rule.Raw)
 			}
 		}
 	}