nebula/connection_manager_test.go

151 lines
4.7 KiB
Go
Raw Normal View History

2019-11-19 18:00:20 +01:00
package nebula
import (
"net"
"testing"
"time"
"github.com/flynn/noise"
"github.com/slackhq/nebula/cert"
"github.com/stretchr/testify/assert"
2019-11-19 18:00:20 +01:00
)
2019-12-12 17:34:17 +01:00
var vpnIP uint32
2019-11-19 18:00:20 +01:00
func Test_NewConnectionManagerTest(t *testing.T) {
2021-03-26 15:46:30 +01:00
l := NewTestLogger()
2019-11-19 18:00:20 +01:00
//_, tuncidr, _ := net.ParseCIDR("1.1.1.1/24")
_, vpncidr, _ := net.ParseCIDR("172.1.1.1/24")
_, localrange, _ := net.ParseCIDR("10.1.1.1/24")
2019-12-12 17:34:17 +01:00
vpnIP = ip2int(net.ParseIP("172.1.1.2"))
2019-11-19 18:00:20 +01:00
preferredRanges := []*net.IPNet{localrange}
// Very incomplete mock objects
2021-03-26 15:46:30 +01:00
hostMap := NewHostMap(l, "test", vpncidr, preferredRanges)
2019-11-19 18:00:20 +01:00
cs := &CertState{
rawCertificate: []byte{},
privateKey: []byte{},
certificate: &cert.NebulaCertificate{},
rawCertificateNoKey: []byte{},
}
2021-04-01 17:23:31 +02:00
lh := NewLightHouse(l, false, &net.IPNet{IP: net.IP{0, 0, 0, 0}, Mask: net.IPMask{0, 0, 0, 0}}, []uint32{}, 1000, 0, &udpConn{}, false, 1, false)
2019-11-19 18:00:20 +01:00
ifce := &Interface{
hostMap: hostMap,
inside: &Tun{},
outside: &udpConn{},
certState: cs,
firewall: &Firewall{},
lightHouse: lh,
2021-03-26 15:46:30 +01:00
handshakeManager: NewHandshakeManager(l, vpncidr, preferredRanges, hostMap, lh, &udpConn{}, defaultHandshakeConfig),
l: l,
2019-11-19 18:00:20 +01:00
}
now := time.Now()
// Create manager
2021-03-26 15:46:30 +01:00
nc := newConnectionManager(l, ifce, 5, 10)
p := []byte("")
nb := make([]byte, 12, 12)
out := make([]byte, mtu)
nc.HandleMonitorTick(now, p, nb, out)
2019-11-19 18:00:20 +01:00
// Add an ip we have established a connection w/ to hostmap
hostinfo := nc.hostMap.AddVpnIP(vpnIP)
hostinfo.ConnectionState = &ConnectionState{
certState: cs,
H: &noise.HandshakeState{},
2019-11-19 18:00:20 +01:00
}
// We saw traffic out to vpnIP
nc.Out(vpnIP)
assert.NotContains(t, nc.pendingDeletion, vpnIP)
assert.Contains(t, nc.hostMap.Hosts, vpnIP)
// Move ahead 5s. Nothing should happen
next_tick := now.Add(5 * time.Second)
nc.HandleMonitorTick(next_tick, p, nb, out)
2019-11-19 18:00:20 +01:00
nc.HandleDeletionTick(next_tick)
// Move ahead 6s. We haven't heard back
next_tick = now.Add(6 * time.Second)
nc.HandleMonitorTick(next_tick, p, nb, out)
2019-11-19 18:00:20 +01:00
nc.HandleDeletionTick(next_tick)
// This host should now be up for deletion
assert.Contains(t, nc.pendingDeletion, vpnIP)
assert.Contains(t, nc.hostMap.Hosts, vpnIP)
// Move ahead some more
next_tick = now.Add(45 * time.Second)
nc.HandleMonitorTick(next_tick, p, nb, out)
2019-11-19 18:00:20 +01:00
nc.HandleDeletionTick(next_tick)
// The host should be evicted
assert.NotContains(t, nc.pendingDeletion, vpnIP)
assert.NotContains(t, nc.hostMap.Hosts, vpnIP)
}
func Test_NewConnectionManagerTest2(t *testing.T) {
2021-03-26 15:46:30 +01:00
l := NewTestLogger()
2019-11-19 18:00:20 +01:00
//_, tuncidr, _ := net.ParseCIDR("1.1.1.1/24")
_, vpncidr, _ := net.ParseCIDR("172.1.1.1/24")
_, localrange, _ := net.ParseCIDR("10.1.1.1/24")
preferredRanges := []*net.IPNet{localrange}
// Very incomplete mock objects
2021-03-26 15:46:30 +01:00
hostMap := NewHostMap(l, "test", vpncidr, preferredRanges)
2019-11-19 18:00:20 +01:00
cs := &CertState{
rawCertificate: []byte{},
privateKey: []byte{},
certificate: &cert.NebulaCertificate{},
rawCertificateNoKey: []byte{},
}
2021-04-01 17:23:31 +02:00
lh := NewLightHouse(l, false, &net.IPNet{IP: net.IP{0, 0, 0, 0}, Mask: net.IPMask{0, 0, 0, 0}}, []uint32{}, 1000, 0, &udpConn{}, false, 1, false)
2019-11-19 18:00:20 +01:00
ifce := &Interface{
hostMap: hostMap,
inside: &Tun{},
outside: &udpConn{},
certState: cs,
firewall: &Firewall{},
lightHouse: lh,
2021-03-26 15:46:30 +01:00
handshakeManager: NewHandshakeManager(l, vpncidr, preferredRanges, hostMap, lh, &udpConn{}, defaultHandshakeConfig),
l: l,
2019-11-19 18:00:20 +01:00
}
now := time.Now()
// Create manager
2021-03-26 15:46:30 +01:00
nc := newConnectionManager(l, ifce, 5, 10)
p := []byte("")
nb := make([]byte, 12, 12)
out := make([]byte, mtu)
nc.HandleMonitorTick(now, p, nb, out)
2019-11-19 18:00:20 +01:00
// Add an ip we have established a connection w/ to hostmap
hostinfo := nc.hostMap.AddVpnIP(vpnIP)
hostinfo.ConnectionState = &ConnectionState{
certState: cs,
H: &noise.HandshakeState{},
2019-11-19 18:00:20 +01:00
}
// We saw traffic out to vpnIP
nc.Out(vpnIP)
assert.NotContains(t, nc.pendingDeletion, vpnIP)
assert.Contains(t, nc.hostMap.Hosts, vpnIP)
// Move ahead 5s. Nothing should happen
next_tick := now.Add(5 * time.Second)
nc.HandleMonitorTick(next_tick, p, nb, out)
2019-11-19 18:00:20 +01:00
nc.HandleDeletionTick(next_tick)
// Move ahead 6s. We haven't heard back
next_tick = now.Add(6 * time.Second)
nc.HandleMonitorTick(next_tick, p, nb, out)
2019-11-19 18:00:20 +01:00
nc.HandleDeletionTick(next_tick)
// This host should now be up for deletion
assert.Contains(t, nc.pendingDeletion, vpnIP)
assert.Contains(t, nc.hostMap.Hosts, vpnIP)
// We heard back this time
nc.In(vpnIP)
// Move ahead some more
next_tick = now.Add(45 * time.Second)
nc.HandleMonitorTick(next_tick, p, nb, out)
2019-11-19 18:00:20 +01:00
nc.HandleDeletionTick(next_tick)
// The host should be evicted
assert.NotContains(t, nc.pendingDeletion, vpnIP)
assert.Contains(t, nc.hostMap.Hosts, vpnIP)
}