wgengine/filter: fix, test NewAllowAllForTest

I probably broke it when SCTP support was added but nothing apparently ever used NewAllowAllForTest so it wasn't noticed when it broke. Change-Id: Ib5a405be233d53cb7fcc61d493ae7aa2d1d590a2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-25 13:19:17 -08:00 · 2021-11-25 13:19:17 -08:00 · ff9727c9ff
parent f8cef1ba08
commit ff9727c9ff
2 changed files with 14 additions and 2 deletions
--- a/wgengine/filter/filter.go
+++ b/wgengine/filter/filter.go
@ -103,7 +103,8 @@ func NewAllowAllForTest(logf logger.Logf) *Filter {
 	any6 := netaddr.IPPrefixFrom(netaddr.IPFrom16([16]byte{}), 0)
 	ms := []Match{
 		{
-			Srcs: []netaddr.IPPrefix{any4},
+			IPProto: []ipproto.Proto{ipproto.TCP, ipproto.UDP, ipproto.ICMPv4},
+			Srcs:    []netaddr.IPPrefix{any4},
 			Dsts: []NetPortRange{
 				{
 					Net: any4,
@ -115,7 +116,8 @@ func NewAllowAllForTest(logf logger.Logf) *Filter {
 			},
 		},
 		{
-			Srcs: []netaddr.IPPrefix{any6},
+			IPProto: []ipproto.Proto{ipproto.TCP, ipproto.UDP, ipproto.ICMPv6},
+			Srcs:    []netaddr.IPPrefix{any6},
 			Dsts: []NetPortRange{
 				{
 					Net: any6,
--- a/wgengine/filter/filter_test.go
+++ b/wgengine/filter/filter_test.go
@ -815,3 +815,13 @@ func TestMatchesFromFilterRules(t *testing.T) {
 		})
 	}
 }
+
+func TestNewAllowAllForTest(t *testing.T) {
+	f := NewAllowAllForTest(logger.Discard)
+	src := netaddr.MustParseIP("100.100.2.3")
+	dst := netaddr.MustParseIP("100.100.1.2")
+	res := f.CheckTCP(src, dst, 80)
+	if res.IsDrop() {
+		t.Fatalf("unexpected drop verdict: %v", res)
+	}
+}