tun tester more useful

firewall_test.go

@@ -1047,53 +1047,53 @@ func TestNewFirewallFromConfig(t *testing.T) {
 
 	conf := config.NewC(l)
 	conf.Settings["firewall"] = map[string]any{"outbound": "asdf"}
-	_, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{})
+	_, err = NewFirewallFromConfig(l, cs, conf)
 	require.EqualError(t, err, "firewall.outbound failed to parse, should be an array of rules")
 
 	// Test both port and code
 	conf = config.NewC(l)
 	conf.Settings["firewall"] = map[string]any{"outbound": []any{map[string]any{"port": "1", "code": "2"}}}
-	_, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{})
+	_, err = NewFirewallFromConfig(l, cs, conf)
 	require.EqualError(t, err, "firewall.outbound rule #0; only one of port or code should be provided")
 
 	// Test missing host, group, cidr, ca_name and ca_sha
 	conf = config.NewC(l)
 	conf.Settings["firewall"] = map[string]any{"outbound": []any{map[string]any{}}}
-	_, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{})
+	_, err = NewFirewallFromConfig(l, cs, conf)
 	require.EqualError(t, err, "firewall.outbound rule #0; at least one of host, group, cidr, local_cidr, ca_name, or ca_sha must be provided")
 
 	// Test code/port error
 	conf = config.NewC(l)
 	conf.Settings["firewall"] = map[string]any{"outbound": []any{map[string]any{"code": "a", "host": "testh", "proto": "any"}}}
-	_, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{})
+	_, err = NewFirewallFromConfig(l, cs, conf)
 	require.EqualError(t, err, "firewall.outbound rule #0; code was not a number; `a`")
 
 	conf.Settings["firewall"] = map[string]any{"outbound": []any{map[string]any{"port": "a", "host": "testh", "proto": "any"}}}
-	_, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{})
+	_, err = NewFirewallFromConfig(l, cs, conf)
 	require.EqualError(t, err, "firewall.outbound rule #0; port was not a number; `a`")
 
 	// Test proto error
 	conf = config.NewC(l)
 	conf.Settings["firewall"] = map[string]any{"outbound": []any{map[string]any{"code": "1", "host": "testh"}}}
-	_, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{})
+	_, err = NewFirewallFromConfig(l, cs, conf)
 	require.EqualError(t, err, "firewall.outbound rule #0; proto was not understood; ``")
 
 	// Test cidr parse error
 	conf = config.NewC(l)
 	conf.Settings["firewall"] = map[string]any{"outbound": []any{map[string]any{"code": "1", "cidr": "testh", "proto": "any"}}}
-	_, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{})
+	_, err = NewFirewallFromConfig(l, cs, conf)
 	require.EqualError(t, err, "firewall.outbound rule #0; cidr did not parse; netip.ParsePrefix(\"testh\"): no '/'")
 
 	// Test local_cidr parse error
 	conf = config.NewC(l)
 	conf.Settings["firewall"] = map[string]any{"outbound": []any{map[string]any{"code": "1", "local_cidr": "testh", "proto": "any"}}}
-	_, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{})
+	_, err = NewFirewallFromConfig(l, cs, conf)
 	require.EqualError(t, err, "firewall.outbound rule #0; local_cidr did not parse; netip.ParsePrefix(\"testh\"): no '/'")
 
 	// Test both group and groups
 	conf = config.NewC(l)
 	conf.Settings["firewall"] = map[string]any{"inbound": []any{map[string]any{"port": "1", "proto": "any", "group": "a", "groups": []string{"b", "c"}}}}
-	_, err = NewFirewallFromConfig(l, cs, conf, netip.Addr{})
+	_, err = NewFirewallFromConfig(l, cs, conf)
 	require.EqualError(t, err, "firewall.inbound rule #0; only one of group or groups should be defined, both provided")
 }
 

overlay/tun_linux.go

@@ -449,12 +449,13 @@ func (t *tun) Activate() error {
 	}
 
 	//todo hmmmmmm
-	if len(t.unsafeNetworks) != 0 {
+	//pretty sure this is avoidable
-		err = os.WriteFile(fmt.Sprintf("/proc/sys/net/ipv4/conf/%s/accept_local", t.Device), []byte("1"), os.FileMode(0o644))
+	//if len(t.unsafeNetworks) != 0 {
-		if err != nil {
+	//	err = os.WriteFile(fmt.Sprintf("/proc/sys/net/ipv4/conf/%s/accept_local", t.Device), []byte("1"), os.FileMode(0o644))
-			return err
+	//	if err != nil {
-		}
+	//		return err
-	}
+	//	}
+	//}
 
 	return nil
 }

overlay/tun_tester.go

@@ -20,6 +20,7 @@ type TestTun struct {
 	Device         string
 	vpnNetworks    []netip.Prefix
 	unsafeNetworks []netip.Prefix
+	snatAddr       netip.Prefix
 	Routes         []Route
 	routeTree      *bart.Table[routing.Gateways]
 	l              *logrus.Logger
@@ -39,7 +40,7 @@ func newTun(c *config.C, l *logrus.Logger, vpnNetworks []netip.Prefix, unsafeNet
 		return nil, err
 	}
 
-	return &TestTun{
+	tt := &TestTun{
 		Device:         c.GetString("tun.dev", ""),
 		vpnNetworks:    vpnNetworks,
 		unsafeNetworks: unsafeNetworks,
@@ -48,7 +49,9 @@ func newTun(c *config.C, l *logrus.Logger, vpnNetworks []netip.Prefix, unsafeNet
 		l:              l,
 		rxPackets:      make(chan []byte, 10),
 		TxPackets:      make(chan []byte, 10),
-	}, nil
+	}
+	tt.snatAddr = prepareSnatAddr(tt, l, c, routes)
+	return tt, nil
 }
 
 func newTunFromFd(_ *config.C, _ *logrus.Logger, _ int, _ []netip.Prefix, _ []netip.Prefix) (*TestTun, error) {
@@ -142,10 +145,10 @@ func (t *TestTun) NewMultiQueueReader() (io.ReadWriteCloser, error) {
 	return nil, fmt.Errorf("TODO: multiqueue not implemented")
 }
 
-func (t *tun) UnsafeNetworks() []netip.Prefix {
+func (t *TestTun) UnsafeNetworks() []netip.Prefix {
-	return t.UnsafeNetworks()
+	return t.unsafeNetworks
 }
 
-func (t *tun) SNATAddress() netip.Prefix {
+func (t *TestTun) SNATAddress() netip.Prefix {
-	return netip.Prefix{}
+	return t.snatAddr
 }

test/tun.go

@@ -10,14 +10,12 @@ import (
 
 type NoopTun struct{}
 
-func (NoopTun) Routes() []Route {
+func (NoopTun) UnsafeNetworks() []netip.Prefix {
-	//TODO implement me
+	return nil
-	panic("implement me")
 }
 
-func (NoopTun) UnsafeNetworks() []netip.Prefix {
+func (NoopTun) SNATAddress() netip.Prefix {
-	//TODO implement me
+	return netip.Prefix{}
-	panic("implement me")
 }
 
 func (NoopTun) RoutesFor(addr netip.Addr) routing.Gateways {