From 92ee45ed137d8f5fd46f14529bde4888ed37c497 Mon Sep 17 00:00:00 2001 From: JackDoan Date: Tue, 17 Feb 2026 15:16:36 -0600 Subject: [PATCH] tun tester more useful --- firewall_test.go | 18 +++++++++--------- overlay/tun_linux.go | 13 +++++++------ overlay/tun_tester.go | 15 +++++++++------ test/tun.go | 10 ++++------ 4 files changed, 29 insertions(+), 27 deletions(-) diff --git a/firewall_test.go b/firewall_test.go index 282929f2..c42cad65 100644 --- a/firewall_test.go +++ b/firewall_test.go @@ -1047,53 +1047,53 @@ func TestNewFirewallFromConfig(t *testing.T) { conf := config.NewC(l) conf.Settings["firewall"] = map[string]any{"outbound": "asdf"} - _, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{}) + _, err = NewFirewallFromConfig(l, cs, conf) require.EqualError(t, err, "firewall.outbound failed to parse, should be an array of rules") // Test both port and code conf = config.NewC(l) conf.Settings["firewall"] = map[string]any{"outbound": []any{map[string]any{"port": "1", "code": "2"}}} - _, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{}) + _, err = NewFirewallFromConfig(l, cs, conf) require.EqualError(t, err, "firewall.outbound rule #0; only one of port or code should be provided") // Test missing host, group, cidr, ca_name and ca_sha conf = config.NewC(l) conf.Settings["firewall"] = map[string]any{"outbound": []any{map[string]any{}}} - _, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{}) + _, err = NewFirewallFromConfig(l, cs, conf) require.EqualError(t, err, "firewall.outbound rule #0; at least one of host, group, cidr, local_cidr, ca_name, or ca_sha must be provided") // Test code/port error conf = config.NewC(l) conf.Settings["firewall"] = map[string]any{"outbound": []any{map[string]any{"code": "a", "host": "testh", "proto": "any"}}} - _, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{}) + _, err = NewFirewallFromConfig(l, cs, conf) require.EqualError(t, err, "firewall.outbound rule #0; code was not a number; `a`") conf.Settings["firewall"] = map[string]any{"outbound": []any{map[string]any{"port": "a", "host": "testh", "proto": "any"}}} - _, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{}) + _, err = NewFirewallFromConfig(l, cs, conf) require.EqualError(t, err, "firewall.outbound rule #0; port was not a number; `a`") // Test proto error conf = config.NewC(l) conf.Settings["firewall"] = map[string]any{"outbound": []any{map[string]any{"code": "1", "host": "testh"}}} - _, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{}) + _, err = NewFirewallFromConfig(l, cs, conf) require.EqualError(t, err, "firewall.outbound rule #0; proto was not understood; ``") // Test cidr parse error conf = config.NewC(l) conf.Settings["firewall"] = map[string]any{"outbound": []any{map[string]any{"code": "1", "cidr": "testh", "proto": "any"}}} - _, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{}) + _, err = NewFirewallFromConfig(l, cs, conf) require.EqualError(t, err, "firewall.outbound rule #0; cidr did not parse; netip.ParsePrefix(\"testh\"): no '/'") // Test local_cidr parse error conf = config.NewC(l) conf.Settings["firewall"] = map[string]any{"outbound": []any{map[string]any{"code": "1", "local_cidr": "testh", "proto": "any"}}} - _, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{}) + _, err = NewFirewallFromConfig(l, cs, conf) require.EqualError(t, err, "firewall.outbound rule #0; local_cidr did not parse; netip.ParsePrefix(\"testh\"): no '/'") // Test both group and groups conf = config.NewC(l) conf.Settings["firewall"] = map[string]any{"inbound": []any{map[string]any{"port": "1", "proto": "any", "group": "a", "groups": []string{"b", "c"}}}} - _, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{}) + _, err = NewFirewallFromConfig(l, cs, conf) require.EqualError(t, err, "firewall.inbound rule #0; only one of group or groups should be defined, both provided") } diff --git a/overlay/tun_linux.go b/overlay/tun_linux.go index 0382c3e2..0569fcd8 100644 --- a/overlay/tun_linux.go +++ b/overlay/tun_linux.go @@ -449,12 +449,13 @@ func (t *tun) Activate() error { } //todo hmmmmmm - if len(t.unsafeNetworks) != 0 { - err = os.WriteFile(fmt.Sprintf("/proc/sys/net/ipv4/conf/%s/accept_local", t.Device), []byte("1"), os.FileMode(0o644)) - if err != nil { - return err - } - } + //pretty sure this is avoidable + //if len(t.unsafeNetworks) != 0 { + // err = os.WriteFile(fmt.Sprintf("/proc/sys/net/ipv4/conf/%s/accept_local", t.Device), []byte("1"), os.FileMode(0o644)) + // if err != nil { + // return err + // } + //} return nil } diff --git a/overlay/tun_tester.go b/overlay/tun_tester.go index 3e876cb5..cb96c195 100644 --- a/overlay/tun_tester.go +++ b/overlay/tun_tester.go @@ -20,6 +20,7 @@ type TestTun struct { Device string vpnNetworks []netip.Prefix unsafeNetworks []netip.Prefix + snatAddr netip.Prefix Routes []Route routeTree *bart.Table[routing.Gateways] l *logrus.Logger @@ -39,7 +40,7 @@ func newTun(c *config.C, l *logrus.Logger, vpnNetworks []netip.Prefix, unsafeNet return nil, err } - return &TestTun{ + tt := &TestTun{ Device: c.GetString("tun.dev", ""), vpnNetworks: vpnNetworks, unsafeNetworks: unsafeNetworks, @@ -48,7 +49,9 @@ func newTun(c *config.C, l *logrus.Logger, vpnNetworks []netip.Prefix, unsafeNet l: l, rxPackets: make(chan []byte, 10), TxPackets: make(chan []byte, 10), - }, nil + } + tt.snatAddr = prepareSnatAddr(tt, l, c, routes) + return tt, nil } func newTunFromFd(_ *config.C, _ *logrus.Logger, _ int, _ []netip.Prefix, _ []netip.Prefix) (*TestTun, error) { @@ -142,10 +145,10 @@ func (t *TestTun) NewMultiQueueReader() (io.ReadWriteCloser, error) { return nil, fmt.Errorf("TODO: multiqueue not implemented") } -func (t *tun) UnsafeNetworks() []netip.Prefix { - return t.UnsafeNetworks() +func (t *TestTun) UnsafeNetworks() []netip.Prefix { + return t.unsafeNetworks } -func (t *tun) SNATAddress() netip.Prefix { - return netip.Prefix{} +func (t *TestTun) SNATAddress() netip.Prefix { + return t.snatAddr } diff --git a/test/tun.go b/test/tun.go index 182ee88d..37728f6c 100644 --- a/test/tun.go +++ b/test/tun.go @@ -10,14 +10,12 @@ import ( type NoopTun struct{} -func (NoopTun) Routes() []Route { - //TODO implement me - panic("implement me") +func (NoopTun) UnsafeNetworks() []netip.Prefix { + return nil } -func (NoopTun) UnsafeNetworks() []netip.Prefix { - //TODO implement me - panic("implement me") +func (NoopTun) SNATAddress() netip.Prefix { + return netip.Prefix{} } func (NoopTun) RoutesFor(addr netip.Addr) routing.Gateways {