2020-07-02 22:19:43 +01:00
|
|
|
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
|
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
|
|
package natlab
|
|
|
|
|
|
|
|
|
|
import (
|
2020-07-10 22:26:04 +01:00
|
|
|
"context"
|
2020-07-02 22:19:43 +01:00
|
|
|
"fmt"
|
2022-07-25 04:08:42 +01:00
|
|
|
"net"
|
|
|
|
|
"net/netip"
|
2020-07-02 22:19:43 +01:00
|
|
|
"testing"
|
2020-07-11 06:16:36 +01:00
|
|
|
"time"
|
2020-07-02 22:19:43 +01:00
|
|
|
|
2020-07-11 06:16:36 +01:00
|
|
|
"tailscale.com/tstest"
|
2020-07-02 22:19:43 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestAllocIPs(t *testing.T) {
|
|
|
|
|
n := NewInternet()
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
saw := map[netip.Addr]bool{}
|
2020-07-02 22:19:43 +01:00
|
|
|
for i := 0; i < 255; i++ {
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
for _, f := range []func(*Interface) netip.Addr{n.allocIPv4, n.allocIPv6} {
|
2020-07-02 22:19:43 +01:00
|
|
|
ip := f(nil)
|
|
|
|
|
if saw[ip] {
|
|
|
|
|
t.Fatalf("got duplicate %v", ip)
|
|
|
|
|
}
|
|
|
|
|
saw[ip] = true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// This should work:
|
|
|
|
|
n.allocIPv6(nil)
|
|
|
|
|
|
|
|
|
|
// But allocating another IPv4 should panic, exhausting the
|
|
|
|
|
// limited /24 range:
|
|
|
|
|
defer func() {
|
|
|
|
|
if e := recover(); fmt.Sprint(e) != "pool exhausted" {
|
|
|
|
|
t.Errorf("unexpected panic: %v", e)
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
n.allocIPv4(nil)
|
|
|
|
|
t.Fatalf("expected panic from IPv4")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestSendPacket(t *testing.T) {
|
|
|
|
|
internet := NewInternet()
|
|
|
|
|
|
2020-07-03 03:42:25 +01:00
|
|
|
foo := &Machine{Name: "foo"}
|
|
|
|
|
bar := &Machine{Name: "bar"}
|
2020-07-02 22:19:43 +01:00
|
|
|
ifFoo := foo.Attach("eth0", internet)
|
|
|
|
|
ifBar := bar.Attach("enp0s1", internet)
|
|
|
|
|
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
fooAddr := netip.AddrPortFrom(ifFoo.V4(), 123)
|
|
|
|
|
barAddr := netip.AddrPortFrom(ifBar.V4(), 456)
|
2020-07-02 22:19:43 +01:00
|
|
|
|
2020-07-10 22:26:04 +01:00
|
|
|
ctx := context.Background()
|
|
|
|
|
fooPC, err := foo.ListenPacket(ctx, "udp4", fooAddr.String())
|
2020-07-02 22:19:43 +01:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
2020-07-10 22:26:04 +01:00
|
|
|
barPC, err := bar.ListenPacket(ctx, "udp4", barAddr.String())
|
2020-07-02 22:19:43 +01:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const msg = "some message"
|
2022-07-25 04:08:42 +01:00
|
|
|
if _, err := fooPC.WriteTo([]byte(msg), net.UDPAddrFromAddrPort(barAddr)); err != nil {
|
2020-07-02 22:19:43 +01:00
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
buf := make([]byte, 1500) // TODO: care about MTUs in the natlab package somewhere
|
|
|
|
|
n, addr, err := barPC.ReadFrom(buf)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
buf = buf[:n]
|
|
|
|
|
if string(buf) != msg {
|
|
|
|
|
t.Errorf("read %q; want %q", buf, msg)
|
|
|
|
|
}
|
|
|
|
|
if addr.String() != fooAddr.String() {
|
|
|
|
|
t.Errorf("addr = %q; want %q", addr, fooAddr)
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-07-03 01:52:58 +01:00
|
|
|
|
2020-07-03 02:47:06 +01:00
|
|
|
func TestMultiNetwork(t *testing.T) {
|
2020-07-03 03:21:51 +01:00
|
|
|
lan := &Network{
|
2020-07-03 02:47:06 +01:00
|
|
|
Name: "lan",
|
2020-07-03 01:52:58 +01:00
|
|
|
Prefix4: mustPrefix("192.168.0.0/24"),
|
|
|
|
|
}
|
2020-07-03 02:47:06 +01:00
|
|
|
internet := NewInternet()
|
2020-07-03 01:52:58 +01:00
|
|
|
|
2020-07-03 03:42:25 +01:00
|
|
|
client := &Machine{Name: "client"}
|
|
|
|
|
nat := &Machine{Name: "nat"}
|
|
|
|
|
server := &Machine{Name: "server"}
|
2020-07-03 02:47:06 +01:00
|
|
|
|
2020-07-03 03:21:51 +01:00
|
|
|
ifClient := client.Attach("eth0", lan)
|
2020-07-03 02:47:06 +01:00
|
|
|
ifNATWAN := nat.Attach("ethwan", internet)
|
2020-07-03 03:21:51 +01:00
|
|
|
ifNATLAN := nat.Attach("ethlan", lan)
|
2020-07-03 02:47:06 +01:00
|
|
|
ifServer := server.Attach("eth0", internet)
|
2020-07-03 01:52:58 +01:00
|
|
|
|
2020-07-10 22:26:04 +01:00
|
|
|
ctx := context.Background()
|
|
|
|
|
clientPC, err := client.ListenPacket(ctx, "udp", ":123")
|
2020-07-03 02:47:06 +01:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
2020-07-10 22:26:04 +01:00
|
|
|
natPC, err := nat.ListenPacket(ctx, "udp", ":456")
|
2020-07-03 01:52:58 +01:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
2020-07-10 22:26:04 +01:00
|
|
|
serverPC, err := server.ListenPacket(ctx, "udp", ":789")
|
2020-07-03 01:52:58 +01:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
clientAddr := netip.AddrPortFrom(ifClient.V4(), 123)
|
|
|
|
|
natLANAddr := netip.AddrPortFrom(ifNATLAN.V4(), 456)
|
|
|
|
|
natWANAddr := netip.AddrPortFrom(ifNATWAN.V4(), 456)
|
|
|
|
|
serverAddr := netip.AddrPortFrom(ifServer.V4(), 789)
|
2020-07-03 02:47:06 +01:00
|
|
|
|
|
|
|
|
const msg1, msg2 = "hello", "world"
|
2022-07-25 04:08:42 +01:00
|
|
|
if _, err := natPC.WriteTo([]byte(msg1), net.UDPAddrFromAddrPort(clientAddr)); err != nil {
|
2020-07-03 02:47:06 +01:00
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
2022-07-25 04:08:42 +01:00
|
|
|
if _, err := natPC.WriteTo([]byte(msg2), net.UDPAddrFromAddrPort(serverAddr)); err != nil {
|
2020-07-03 01:52:58 +01:00
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
buf := make([]byte, 1500)
|
2020-07-03 02:47:06 +01:00
|
|
|
n, addr, err := clientPC.ReadFrom(buf)
|
2020-07-03 01:52:58 +01:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
2020-07-03 02:47:06 +01:00
|
|
|
if string(buf[:n]) != msg1 {
|
|
|
|
|
t.Errorf("read %q; want %q", buf[:n], msg1)
|
2020-07-03 01:52:58 +01:00
|
|
|
}
|
2020-07-03 02:47:06 +01:00
|
|
|
if addr.String() != natLANAddr.String() {
|
|
|
|
|
t.Errorf("addr = %q; want %q", addr, natLANAddr)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
n, addr, err = serverPC.ReadFrom(buf)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
if string(buf[:n]) != msg2 {
|
|
|
|
|
t.Errorf("read %q; want %q", buf[:n], msg2)
|
|
|
|
|
}
|
|
|
|
|
if addr.String() != natWANAddr.String() {
|
|
|
|
|
t.Errorf("addr = %q; want %q", addr, natLANAddr)
|
2020-07-03 01:52:58 +01:00
|
|
|
}
|
|
|
|
|
}
|
2020-07-03 03:50:39 +01:00
|
|
|
|
2020-07-14 22:01:52 +01:00
|
|
|
type trivialNAT struct {
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
clientIP netip.Addr
|
2020-07-14 22:01:52 +01:00
|
|
|
lanIf, wanIf *Interface
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (n *trivialNAT) HandleIn(p *Packet, iface *Interface) *Packet {
|
2022-07-25 04:08:42 +01:00
|
|
|
if iface == n.wanIf && p.Dst.Addr() == n.wanIf.V4() {
|
|
|
|
|
p.Dst = netip.AddrPortFrom(n.clientIP, p.Dst.Port())
|
2020-07-14 22:01:52 +01:00
|
|
|
}
|
|
|
|
|
return p
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (n trivialNAT) HandleOut(p *Packet, iface *Interface) *Packet {
|
|
|
|
|
return p
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (n *trivialNAT) HandleForward(p *Packet, iif, oif *Interface) *Packet {
|
|
|
|
|
// Outbound from LAN -> apply NAT, continue
|
|
|
|
|
if iif == n.lanIf && oif == n.wanIf {
|
2022-07-25 04:08:42 +01:00
|
|
|
if p.Src.Addr() == n.clientIP {
|
|
|
|
|
p.Src = netip.AddrPortFrom(n.wanIf.V4(), p.Src.Port())
|
2020-07-14 22:01:52 +01:00
|
|
|
}
|
|
|
|
|
return p
|
|
|
|
|
}
|
|
|
|
|
// Return traffic to LAN, allow if right dst.
|
2022-07-25 04:08:42 +01:00
|
|
|
if iif == n.wanIf && oif == n.lanIf && p.Dst.Addr() == n.clientIP {
|
2020-07-14 22:01:52 +01:00
|
|
|
return p
|
|
|
|
|
}
|
|
|
|
|
// Else drop.
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-03 03:50:39 +01:00
|
|
|
func TestPacketHandler(t *testing.T) {
|
|
|
|
|
lan := &Network{
|
|
|
|
|
Name: "lan",
|
|
|
|
|
Prefix4: mustPrefix("192.168.0.0/24"),
|
|
|
|
|
Prefix6: mustPrefix("fd00:916::/64"),
|
|
|
|
|
}
|
|
|
|
|
internet := NewInternet()
|
|
|
|
|
|
|
|
|
|
client := &Machine{Name: "client"}
|
|
|
|
|
nat := &Machine{Name: "nat"}
|
|
|
|
|
server := &Machine{Name: "server"}
|
|
|
|
|
|
|
|
|
|
ifClient := client.Attach("eth0", lan)
|
|
|
|
|
ifNATWAN := nat.Attach("wan", internet)
|
2020-07-11 04:01:41 +01:00
|
|
|
ifNATLAN := nat.Attach("lan", lan)
|
2020-07-03 03:50:39 +01:00
|
|
|
ifServer := server.Attach("server", internet)
|
|
|
|
|
|
2020-07-11 04:01:41 +01:00
|
|
|
lan.SetDefaultGateway(ifNATLAN)
|
|
|
|
|
|
2020-07-14 22:01:52 +01:00
|
|
|
nat.PacketHandler = &trivialNAT{
|
|
|
|
|
clientIP: ifClient.V4(),
|
|
|
|
|
lanIf: ifNATLAN,
|
|
|
|
|
wanIf: ifNATWAN,
|
2020-07-03 03:50:39 +01:00
|
|
|
}
|
|
|
|
|
|
2020-07-10 22:26:04 +01:00
|
|
|
ctx := context.Background()
|
|
|
|
|
clientPC, err := client.ListenPacket(ctx, "udp4", ":123")
|
2020-07-03 03:50:39 +01:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
2020-07-10 22:26:04 +01:00
|
|
|
serverPC, err := server.ListenPacket(ctx, "udp4", ":456")
|
2020-07-03 03:50:39 +01:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const msg = "some message"
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
serverAddr := netip.AddrPortFrom(ifServer.V4(), 456)
|
2022-07-25 04:08:42 +01:00
|
|
|
if _, err := clientPC.WriteTo([]byte(msg), net.UDPAddrFromAddrPort(serverAddr)); err != nil {
|
2020-07-03 03:50:39 +01:00
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
buf := make([]byte, 1500) // TODO: care about MTUs in the natlab package somewhere
|
|
|
|
|
n, addr, err := serverPC.ReadFrom(buf)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
buf = buf[:n]
|
|
|
|
|
if string(buf) != msg {
|
|
|
|
|
t.Errorf("read %q; want %q", buf, msg)
|
|
|
|
|
}
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
mappedAddr := netip.AddrPortFrom(ifNATWAN.V4(), 123)
|
2020-07-03 03:50:39 +01:00
|
|
|
if addr.String() != mappedAddr.String() {
|
|
|
|
|
t.Errorf("addr = %q; want %q", addr, mappedAddr)
|
|
|
|
|
}
|
2020-07-11 06:16:36 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestFirewall(t *testing.T) {
|
|
|
|
|
wan := NewInternet()
|
|
|
|
|
lan := &Network{
|
|
|
|
|
Name: "lan",
|
|
|
|
|
Prefix4: mustPrefix("10.0.0.0/8"),
|
|
|
|
|
}
|
|
|
|
|
m := &Machine{Name: "test"}
|
|
|
