personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2026-04-01 07:05:17 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Nits and fix tests

Browse Source
This commit is contained in:
Nate Brown
2026-02-27 18:09:52 -06:00
parent 037459ef73
commit d21baede1f
4 changed files with 6 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
inside.go
View File

@@ -235,7 +235,7 @@ func (f *Interface) sendMessageNow(t header.MessageType, st header.MessageSubTyp
} }
// check if packet is in outbound fw rules // check if packet is in outbound fw rules
dropReason := f.firewall.Drop(*fp, nil, false, hostinfo, f.pki.GetCAPool(), nil) dropReason := f.firewall.Drop(*fp, p, false, hostinfo, f.pki.GetCAPool(), nil)
if dropReason != nil { if dropReason != nil {
if f.l.Level >= logrus.DebugLevel { if f.l.Level >= logrus.DebugLevel {
f.l.WithField("fwPacket", fp). f.l.WithField("fwPacket", fp).

1
interface.go
View File

@@ -56,7 +56,6 @@ type Interface struct {
inside overlay.Device inside overlay.Device
pki *PKI pki *PKI
firewall *Firewall firewall *Firewall
snatAddr netip.Addr
connectionManager *connectionManager connectionManager *connectionManager
handshakeManager *HandshakeManager handshakeManager *HandshakeManager
serveDns bool serveDns bool

7
overlay/tun_linux.go
View File

@@ -436,7 +436,7 @@ func (t *tun) Activate() error {
return fmt.Errorf("failed to set default route MTU for %s: %w", t.vpnNetworks[i], err) return fmt.Errorf("failed to set default route MTU for %s: %w", t.vpnNetworks[i], err)
} }
} }
//TODO snat and be snatted
if t.unsafeIPv4Origin.IsValid() { if t.unsafeIPv4Origin.IsValid() {
if err = t.setDefaultRoute(t.unsafeIPv4Origin); err != nil { if err = t.setDefaultRoute(t.unsafeIPv4Origin); err != nil {
return fmt.Errorf("failed to set default route MTU for %s: %w", t.unsafeIPv4Origin, err) return fmt.Errorf("failed to set default route MTU for %s: %w", t.unsafeIPv4Origin, err)
@@ -475,10 +475,7 @@ func (t *tun) setSnatRoute() error {
nr := netlink.Route{ nr := netlink.Route{
LinkIndex: t.deviceIndex, LinkIndex: t.deviceIndex,
Dst: dr, Dst: dr,
//todo do we need these other options? Scope: unix.RT_SCOPE_LINK,
//MTU: t.DefaultMTU,
//AdvMSS: t.advMSS(Route{}),
Scope: unix.RT_SCOPE_LINK,
//Protocol: unix.RTPROT_KERNEL, //Protocol: unix.RTPROT_KERNEL,
Table: unix.RT_TABLE_MAIN, Table: unix.RT_TABLE_MAIN,
Type: unix.RTN_UNICAST, Type: unix.RTN_UNICAST,

6
snat_test.go
View File

@@ -422,7 +422,7 @@ func TestFirewall_FindUsableSNATPort(t *testing.T) {
RemotePort: 12345, RemotePort: 12345,
Protocol: firewall.ProtoUDP, Protocol: firewall.ProtoUDP,
} }
cn := &conn{} cn := &conn{snat: &snatInfo{}}
err := fw.findUsableSNATPort(&fp, cn) err := fw.findUsableSNATPort(&fp, cn)
require.NoError(t, err) require.NoError(t, err)
// Port should have been assigned // Port should have been assigned
@@ -448,7 +448,7 @@ func TestFirewall_FindUsableSNATPort(t *testing.T) {
fw.Conntrack.Conns[fp] = &conn{} fw.Conntrack.Conns[fp] = &conn{}
fw.Conntrack.Unlock() fw.Conntrack.Unlock()
cn := &conn{} cn := &conn{snat: &snatInfo{}}
err := fw.findUsableSNATPort(&fp, cn) err := fw.findUsableSNATPort(&fp, cn)
require.NoError(t, err) require.NoError(t, err)
assert.NotEqual(t, uint16(12345), fp.RemotePort, "should pick a different port") assert.NotEqual(t, uint16(12345), fp.RemotePort, "should pick a different port")
@@ -479,7 +479,7 @@ func TestFirewall_FindUsableSNATPort(t *testing.T) {
// Try to find a port starting from 0x8000 // Try to find a port starting from 0x8000
fp := baseFP fp := baseFP
fp.RemotePort = 0x8000 fp.RemotePort = 0x8000
cn := &conn{} cn := &conn{snat: &snatInfo{}}
err := fw.findUsableSNATPort(&fp, cn) err := fw.findUsableSNATPort(&fp, cn)
assert.ErrorIs(t, err, ErrCannotSNAT) assert.ErrorIs(t, err, ErrCannotSNAT)
}) })