libnetwork/iptables: Fix test panic when execute only one test

- use local variables for chains instead of sharing global variables
- make createNewChain a t.Helper

Signed-off-by: Chee Hau Lim <ch33hau@gmail.com>

libnetwork/iptables/iptables_test.go

@@ -13,19 +13,16 @@ import (
 	"golang.org/x/sync/errgroup"
 )
 
-const chainName = "DOCKEREST"
-
-var natChain *ChainInfo
-var filterChain *ChainInfo
-var bridgeName string
-
-func TestNewChain(t *testing.T) {
-	var err error
-
+const (
+	chainName  = "DOCKEREST"
 	bridgeName = "lo"
+)
+
+func createNewChain(t *testing.T) (*IPTable, *ChainInfo, *ChainInfo) {
+	t.Helper()
 	iptable := GetIptable(IPv4)
 
-	natChain, err = iptable.NewChain(chainName, Nat, false)
+	natChain, err := iptable.NewChain(chainName, Nat, false)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -34,7 +31,7 @@ func TestNewChain(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	filterChain, err = iptable.NewChain(chainName, Filter, false)
+	filterChain, err := iptable.NewChain(chainName, Filter, false)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -42,18 +39,23 @@ func TestNewChain(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
+
+	return iptable, natChain, filterChain
+}
+
+func TestNewChain(t *testing.T) {
+	createNewChain(t)
 }
 
 func TestForward(t *testing.T) {
+	iptable, natChain, filterChain := createNewChain(t)
+
 	ip := net.ParseIP("192.168.1.1")
 	port := 1234
 	dstAddr := "172.17.0.1"
 	dstPort := 4321
 	proto := "tcp"
 
-	bridgeName := "lo"
-	iptable := GetIptable(IPv4)
-
 	err := natChain.Forward(Insert, ip, port, proto, dstAddr, dstPort, bridgeName)
 	if err != nil {
 		t.Fatal(err)
@@ -99,16 +101,13 @@ func TestForward(t *testing.T) {
 }
 
 func TestLink(t *testing.T) {
-	var err error
-
-	bridgeName := "lo"
-	iptable := GetIptable(IPv4)
+	iptable, _, filterChain := createNewChain(t)
 	ip1 := net.ParseIP("192.168.1.1")
 	ip2 := net.ParseIP("192.168.1.2")
 	port := 1234
 	proto := "tcp"
 
-	err = filterChain.Link(Append, ip1, ip2, port, proto, bridgeName)
+	err := filterChain.Link(Append, ip1, ip2, port, proto, bridgeName)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -141,10 +140,11 @@ func TestLink(t *testing.T) {
 }
 
 func TestPrerouting(t *testing.T) {
+	iptable, natChain, _ := createNewChain(t)
+
 	args := []string{
 		"-i", "lo",
 		"-d", "192.168.1.1"}
-	iptable := GetIptable(IPv4)
 
 	err := natChain.Prerouting(Insert, args...)
 	if err != nil {
@@ -162,10 +162,11 @@ func TestPrerouting(t *testing.T) {
 }
 
 func TestOutput(t *testing.T) {
+	iptable, natChain, _ := createNewChain(t)
+
 	args := []string{
 		"-o", "lo",
 		"-d", "192.168.1.1"}
-	iptable := GetIptable(IPv4)
 
 	err := natChain.Output(Insert, args...)
 	if err != nil {
@@ -196,6 +197,8 @@ func TestConcurrencyNoWait(t *testing.T) {
 // Note that if iptables does not support the xtable lock on this
 // system, then allowXlock has no effect -- it will always be off.
 func RunConcurrencyTest(t *testing.T, allowXlock bool) {
+	_, natChain, _ := createNewChain(t)
+
 	if !allowXlock && supportsXlock {
 		supportsXlock = false
 		defer func() { supportsXlock = true }()
@@ -219,7 +222,8 @@ func RunConcurrencyTest(t *testing.T, allowXlock bool) {
 }
 
 func TestCleanup(t *testing.T) {
-	var err error
+	iptable, _, filterChain := createNewChain(t)
+
 	var rules []byte
 
 	// Cleanup filter/FORWARD first otherwise output of iptables-save is dirty
@@ -227,14 +231,13 @@ func TestCleanup(t *testing.T) {
 		string(Delete), "FORWARD",
 		"-o", bridgeName,
 		"-j", filterChain.Name}
-	iptable := GetIptable(IPv4)
 
-	if _, err = iptable.Raw(link...); err != nil {
+	if _, err := iptable.Raw(link...); err != nil {
 		t.Fatal(err)
 	}
 	filterChain.Remove()
 
-	err = iptable.RemoveExistingChain(chainName, Nat)
+	err := iptable.RemoveExistingChain(chainName, Nat)
 	if err != nil {
 		t.Fatal(err)
 	}