handshakes_test.go 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507
  1. //go:build e2e_testing
  2. // +build e2e_testing
  3. package e2e
  4. import (
  5. "net"
  6. "testing"
  7. "time"
  8. "github.com/sirupsen/logrus"
  9. "github.com/slackhq/nebula"
  10. "github.com/slackhq/nebula/e2e/router"
  11. "github.com/slackhq/nebula/header"
  12. "github.com/slackhq/nebula/iputil"
  13. "github.com/slackhq/nebula/udp"
  14. "github.com/stretchr/testify/assert"
  15. )
  16. func BenchmarkHotPath(b *testing.B) {
  17. ca, _, caKey, _ := newTestCaCert(time.Now(), time.Now().Add(10*time.Minute), []*net.IPNet{}, []*net.IPNet{}, []string{})
  18. myControl, _, _ := newSimpleServer(ca, caKey, "me", net.IP{10, 0, 0, 1}, nil)
  19. theirControl, theirVpnIpNet, theirUdpAddr := newSimpleServer(ca, caKey, "them", net.IP{10, 0, 0, 2}, nil)
  20. // Put their info in our lighthouse
  21. myControl.InjectLightHouseAddr(theirVpnIpNet.IP, theirUdpAddr)
  22. // Start the servers
  23. myControl.Start()
  24. theirControl.Start()
  25. r := router.NewR(b, myControl, theirControl)
  26. r.CancelFlowLogs()
  27. for n := 0; n < b.N; n++ {
  28. myControl.InjectTunUDPPacket(theirVpnIpNet.IP, 80, 80, []byte("Hi from me"))
  29. _ = r.RouteForAllUntilTxTun(theirControl)
  30. }
  31. myControl.Stop()
  32. theirControl.Stop()
  33. }
  34. func TestGoodHandshake(t *testing.T) {
  35. ca, _, caKey, _ := newTestCaCert(time.Now(), time.Now().Add(10*time.Minute), []*net.IPNet{}, []*net.IPNet{}, []string{})
  36. myControl, myVpnIpNet, myUdpAddr := newSimpleServer(ca, caKey, "me", net.IP{10, 0, 0, 1}, nil)
  37. theirControl, theirVpnIpNet, theirUdpAddr := newSimpleServer(ca, caKey, "them", net.IP{10, 0, 0, 2}, nil)
  38. // Put their info in our lighthouse
  39. myControl.InjectLightHouseAddr(theirVpnIpNet.IP, theirUdpAddr)
  40. // Start the servers
  41. myControl.Start()
  42. theirControl.Start()
  43. t.Log("Send a udp packet through to begin standing up the tunnel, this should come out the other side")
  44. myControl.InjectTunUDPPacket(theirVpnIpNet.IP, 80, 80, []byte("Hi from me"))
  45. t.Log("Have them consume my stage 0 packet. They have a tunnel now")
  46. theirControl.InjectUDPPacket(myControl.GetFromUDP(true))
  47. t.Log("Get their stage 1 packet so that we can play with it")
  48. stage1Packet := theirControl.GetFromUDP(true)
  49. t.Log("I consume a garbage packet with a proper nebula header for our tunnel")
  50. // this should log a statement and get ignored, allowing the real handshake packet to complete the tunnel
  51. badPacket := stage1Packet.Copy()
  52. badPacket.Data = badPacket.Data[:len(badPacket.Data)-header.Len]
  53. myControl.InjectUDPPacket(badPacket)
  54. t.Log("Have me consume their real stage 1 packet. I have a tunnel now")
  55. myControl.InjectUDPPacket(stage1Packet)
  56. t.Log("Wait until we see my cached packet come through")
  57. myControl.WaitForType(1, 0, theirControl)
  58. t.Log("Make sure our host infos are correct")
  59. assertHostInfoPair(t, myUdpAddr, theirUdpAddr, myVpnIpNet.IP, theirVpnIpNet.IP, myControl, theirControl)
  60. t.Log("Get that cached packet and make sure it looks right")
  61. myCachedPacket := theirControl.GetFromTun(true)
  62. assertUdpPacket(t, []byte("Hi from me"), myCachedPacket, myVpnIpNet.IP, theirVpnIpNet.IP, 80, 80)
  63. t.Log("Do a bidirectional tunnel test")
  64. r := router.NewR(t, myControl, theirControl)
  65. defer r.RenderFlow()
  66. assertTunnel(t, myVpnIpNet.IP, theirVpnIpNet.IP, myControl, theirControl, r)
  67. r.RenderHostmaps("Final hostmaps", myControl, theirControl)
  68. myControl.Stop()
  69. theirControl.Stop()
  70. //TODO: assert hostmaps
  71. }
  72. func TestWrongResponderHandshake(t *testing.T) {
  73. ca, _, caKey, _ := newTestCaCert(time.Now(), time.Now().Add(10*time.Minute), []*net.IPNet{}, []*net.IPNet{}, []string{})
  74. // The IPs here are chosen on purpose:
  75. // The current remote handling will sort by preference, public, and then lexically.
  76. // So we need them to have a higher address than evil (we could apply a preference though)
  77. myControl, myVpnIpNet, myUdpAddr := newSimpleServer(ca, caKey, "me", net.IP{10, 0, 0, 100}, nil)
  78. theirControl, theirVpnIpNet, theirUdpAddr := newSimpleServer(ca, caKey, "them", net.IP{10, 0, 0, 99}, nil)
  79. evilControl, evilVpnIp, evilUdpAddr := newSimpleServer(ca, caKey, "evil", net.IP{10, 0, 0, 2}, nil)
  80. // Add their real udp addr, which should be tried after evil.
  81. myControl.InjectLightHouseAddr(theirVpnIpNet.IP, theirUdpAddr)
  82. // Put the evil udp addr in for their vpn Ip, this is a case of being lied to by the lighthouse.
  83. myControl.InjectLightHouseAddr(theirVpnIpNet.IP, evilUdpAddr)
  84. // Build a router so we don't have to reason who gets which packet
  85. r := router.NewR(t, myControl, theirControl, evilControl)
  86. defer r.RenderFlow()
  87. // Start the servers
  88. myControl.Start()
  89. theirControl.Start()
  90. evilControl.Start()
  91. t.Log("Start the handshake process, we will route until we see our cached packet get sent to them")
  92. myControl.InjectTunUDPPacket(theirVpnIpNet.IP, 80, 80, []byte("Hi from me"))
  93. r.RouteForAllExitFunc(func(p *udp.Packet, c *nebula.Control) router.ExitType {
  94. h := &header.H{}
  95. err := h.Parse(p.Data)
  96. if err != nil {
  97. panic(err)
  98. }
  99. if p.ToIp.Equal(theirUdpAddr.IP) && p.ToPort == uint16(theirUdpAddr.Port) && h.Type == 1 {
  100. return router.RouteAndExit
  101. }
  102. return router.KeepRouting
  103. })
  104. //TODO: Assert pending hostmap - I should have a correct hostinfo for them now
  105. t.Log("My cached packet should be received by them")
  106. myCachedPacket := theirControl.GetFromTun(true)
  107. assertUdpPacket(t, []byte("Hi from me"), myCachedPacket, myVpnIpNet.IP, theirVpnIpNet.IP, 80, 80)
  108. t.Log("Test the tunnel with them")
  109. assertHostInfoPair(t, myUdpAddr, theirUdpAddr, myVpnIpNet.IP, theirVpnIpNet.IP, myControl, theirControl)
  110. assertTunnel(t, myVpnIpNet.IP, theirVpnIpNet.IP, myControl, theirControl, r)
  111. t.Log("Flush all packets from all controllers")
  112. r.FlushAll()
  113. t.Log("Ensure ensure I don't have any hostinfo artifacts from evil")
  114. assert.Nil(t, myControl.GetHostInfoByVpnIp(iputil.Ip2VpnIp(evilVpnIp.IP), true), "My pending hostmap should not contain evil")
  115. assert.Nil(t, myControl.GetHostInfoByVpnIp(iputil.Ip2VpnIp(evilVpnIp.IP), false), "My main hostmap should not contain evil")
  116. //NOTE: if evil lost the handshake race it may still have a tunnel since me would reject the handshake since the tunnel is complete
  117. //TODO: assert hostmaps for everyone
  118. r.RenderHostmaps("Final hostmaps", myControl, theirControl, evilControl)
  119. t.Log("Success!")
  120. myControl.Stop()
  121. theirControl.Stop()
  122. }
  123. func TestStage1Race(t *testing.T) {
  124. // This tests ensures that two hosts handshaking with each other at the same time will allow traffic to flow
  125. // But will eventually collapse down to a single tunnel
  126. ca, _, caKey, _ := newTestCaCert(time.Now(), time.Now().Add(10*time.Minute), []*net.IPNet{}, []*net.IPNet{}, []string{})
  127. myControl, myVpnIpNet, myUdpAddr := newSimpleServer(ca, caKey, "me ", net.IP{10, 0, 0, 1}, nil)
  128. theirControl, theirVpnIpNet, theirUdpAddr := newSimpleServer(ca, caKey, "them", net.IP{10, 0, 0, 2}, nil)
  129. // Put their info in our lighthouse and vice versa
  130. myControl.InjectLightHouseAddr(theirVpnIpNet.IP, theirUdpAddr)
  131. theirControl.InjectLightHouseAddr(myVpnIpNet.IP, myUdpAddr)
  132. // Build a router so we don't have to reason who gets which packet
  133. r := router.NewR(t, myControl, theirControl)
  134. defer r.RenderFlow()
  135. // Start the servers
  136. myControl.Start()
  137. theirControl.Start()
  138. t.Log("Trigger a handshake to start on both me and them")
  139. myControl.InjectTunUDPPacket(theirVpnIpNet.IP, 80, 80, []byte("Hi from me"))
  140. theirControl.InjectTunUDPPacket(myVpnIpNet.IP, 80, 80, []byte("Hi from them"))
  141. t.Log("Get both stage 1 handshake packets")
  142. myHsForThem := myControl.GetFromUDP(true)
  143. theirHsForMe := theirControl.GetFromUDP(true)
  144. r.Log("Now inject both stage 1 handshake packets")
  145. r.InjectUDPPacket(theirControl, myControl, theirHsForMe)
  146. r.InjectUDPPacket(myControl, theirControl, myHsForThem)
  147. r.Log("Route until they receive a message packet")
  148. myCachedPacket := r.RouteForAllUntilTxTun(theirControl)
  149. assertUdpPacket(t, []byte("Hi from me"), myCachedPacket, myVpnIpNet.IP, theirVpnIpNet.IP, 80, 80)
  150. r.Log("Their cached packet should be received by me")
  151. theirCachedPacket := r.RouteForAllUntilTxTun(myControl)
  152. assertUdpPacket(t, []byte("Hi from them"), theirCachedPacket, theirVpnIpNet.IP, myVpnIpNet.IP, 80, 80)
  153. r.Log("Do a bidirectional tunnel test")
  154. assertTunnel(t, myVpnIpNet.IP, theirVpnIpNet.IP, myControl, theirControl, r)
  155. myHostmapHosts := myControl.ListHostmapHosts(false)
  156. myHostmapIndexes := myControl.ListHostmapIndexes(false)
  157. theirHostmapHosts := theirControl.ListHostmapHosts(false)
  158. theirHostmapIndexes := theirControl.ListHostmapIndexes(false)
  159. // We should have two tunnels on both sides
  160. assert.Len(t, myHostmapHosts, 1)
  161. assert.Len(t, theirHostmapHosts, 1)
  162. assert.Len(t, myHostmapIndexes, 2)
  163. assert.Len(t, theirHostmapIndexes, 2)
  164. r.RenderHostmaps("Starting hostmaps", myControl, theirControl)
  165. r.Log("Spin until connection manager tears down a tunnel")
  166. for len(myControl.GetHostmap().Indexes)+len(theirControl.GetHostmap().Indexes) > 2 {
  167. assertTunnel(t, myVpnIpNet.IP, theirVpnIpNet.IP, myControl, theirControl, r)
  168. t.Log("Connection manager hasn't ticked yet")
  169. time.Sleep(time.Second)
  170. }
  171. myFinalHostmapHosts := myControl.ListHostmapHosts(false)
  172. myFinalHostmapIndexes := myControl.ListHostmapIndexes(false)
  173. theirFinalHostmapHosts := theirControl.ListHostmapHosts(false)
  174. theirFinalHostmapIndexes := theirControl.ListHostmapIndexes(false)
  175. // We should only have a single tunnel now on both sides
  176. assert.Len(t, myFinalHostmapHosts, 1)
  177. assert.Len(t, theirFinalHostmapHosts, 1)
  178. assert.Len(t, myFinalHostmapIndexes, 1)
  179. assert.Len(t, theirFinalHostmapIndexes, 1)
  180. r.RenderHostmaps("Final hostmaps", myControl, theirControl)
  181. myControl.Stop()
  182. theirControl.Stop()
  183. }
  184. func TestUncleanShutdownRaceLoser(t *testing.T) {
  185. ca, _, caKey, _ := newTestCaCert(time.Now(), time.Now().Add(10*time.Minute), []*net.IPNet{}, []*net.IPNet{}, []string{})
  186. myControl, myVpnIpNet, myUdpAddr := newSimpleServer(ca, caKey, "me ", net.IP{10, 0, 0, 1}, nil)
  187. theirControl, theirVpnIpNet, theirUdpAddr := newSimpleServer(ca, caKey, "them", net.IP{10, 0, 0, 2}, nil)
  188. // Teach my how to get to the relay and that their can be reached via the relay
  189. myControl.InjectLightHouseAddr(theirVpnIpNet.IP, theirUdpAddr)
  190. theirControl.InjectLightHouseAddr(myVpnIpNet.IP, myUdpAddr)
  191. // Build a router so we don't have to reason who gets which packet
  192. r := router.NewR(t, myControl, theirControl)
  193. defer r.RenderFlow()
  194. // Start the servers
  195. myControl.Start()
  196. theirControl.Start()
  197. r.Log("Trigger a handshake from me to them")
  198. myControl.InjectTunUDPPacket(theirVpnIpNet.IP, 80, 80, []byte("Hi from me"))
  199. p := r.RouteForAllUntilTxTun(theirControl)
  200. assertUdpPacket(t, []byte("Hi from me"), p, myVpnIpNet.IP, theirVpnIpNet.IP, 80, 80)
  201. r.Log("Nuke my hostmap")
  202. myHostmap := myControl.GetHostmap()
  203. myHostmap.Hosts = map[iputil.VpnIp]*nebula.HostInfo{}
  204. myHostmap.Indexes = map[uint32]*nebula.HostInfo{}
  205. myHostmap.RemoteIndexes = map[uint32]*nebula.HostInfo{}
  206. myControl.InjectTunUDPPacket(theirVpnIpNet.IP, 80, 80, []byte("Hi from me again"))
  207. p = r.RouteForAllUntilTxTun(theirControl)
  208. assertUdpPacket(t, []byte("Hi from me again"), p, myVpnIpNet.IP, theirVpnIpNet.IP, 80, 80)
  209. r.Log("Assert the tunnel works")
  210. assertTunnel(t, myVpnIpNet.IP, theirVpnIpNet.IP, myControl, theirControl, r)
  211. r.Log("Wait for the dead index to go away")
  212. start := len(theirControl.GetHostmap().Indexes)
  213. for {
  214. assertTunnel(t, myVpnIpNet.IP, theirVpnIpNet.IP, myControl, theirControl, r)
  215. if len(theirControl.GetHostmap().Indexes) < start {
  216. break
  217. }
  218. time.Sleep(time.Second)
  219. }
  220. r.RenderHostmaps("Final hostmaps", myControl, theirControl)
  221. }
  222. func TestUncleanShutdownRaceWinner(t *testing.T) {
  223. ca, _, caKey, _ := newTestCaCert(time.Now(), time.Now().Add(10*time.Minute), []*net.IPNet{}, []*net.IPNet{}, []string{})
  224. myControl, myVpnIpNet, myUdpAddr := newSimpleServer(ca, caKey, "me ", net.IP{10, 0, 0, 1}, nil)
  225. theirControl, theirVpnIpNet, theirUdpAddr := newSimpleServer(ca, caKey, "them", net.IP{10, 0, 0, 2}, nil)
  226. // Teach my how to get to the relay and that their can be reached via the relay
  227. myControl.InjectLightHouseAddr(theirVpnIpNet.IP, theirUdpAddr)
  228. theirControl.InjectLightHouseAddr(myVpnIpNet.IP, myUdpAddr)
  229. // Build a router so we don't have to reason who gets which packet
  230. r := router.NewR(t, myControl, theirControl)
  231. defer r.RenderFlow()
  232. // Start the servers
  233. myControl.Start()
  234. theirControl.Start()
  235. r.Log("Trigger a handshake from me to them")
  236. myControl.InjectTunUDPPacket(theirVpnIpNet.IP, 80, 80, []byte("Hi from me"))
  237. p := r.RouteForAllUntilTxTun(theirControl)
  238. assertUdpPacket(t, []byte("Hi from me"), p, myVpnIpNet.IP, theirVpnIpNet.IP, 80, 80)
  239. r.RenderHostmaps("Final hostmaps", myControl, theirControl)
  240. r.Log("Nuke my hostmap")
  241. theirHostmap := theirControl.GetHostmap()
  242. theirHostmap.Hosts = map[iputil.VpnIp]*nebula.HostInfo{}
  243. theirHostmap.Indexes = map[uint32]*nebula.HostInfo{}
  244. theirHostmap.RemoteIndexes = map[uint32]*nebula.HostInfo{}
  245. theirControl.InjectTunUDPPacket(myVpnIpNet.IP, 80, 80, []byte("Hi from them again"))
  246. p = r.RouteForAllUntilTxTun(myControl)
  247. assertUdpPacket(t, []byte("Hi from them again"), p, theirVpnIpNet.IP, myVpnIpNet.IP, 80, 80)
  248. r.RenderHostmaps("Derp hostmaps", myControl, theirControl)
  249. r.Log("Assert the tunnel works")
  250. assertTunnel(t, myVpnIpNet.IP, theirVpnIpNet.IP, myControl, theirControl, r)
  251. r.Log("Wait for the dead index to go away")
  252. start := len(myControl.GetHostmap().Indexes)
  253. for {
  254. assertTunnel(t, myVpnIpNet.IP, theirVpnIpNet.IP, myControl, theirControl, r)
  255. if len(myControl.GetHostmap().Indexes) < start {
  256. break
  257. }
  258. time.Sleep(time.Second)
  259. }
  260. r.RenderHostmaps("Final hostmaps", myControl, theirControl)
  261. }
  262. func TestRelays(t *testing.T) {
  263. ca, _, caKey, _ := newTestCaCert(time.Now(), time.Now().Add(10*time.Minute), []*net.IPNet{}, []*net.IPNet{}, []string{})
  264. myControl, myVpnIpNet, _ := newSimpleServer(ca, caKey, "me ", net.IP{10, 0, 0, 1}, m{"relay": m{"use_relays": true}})
  265. relayControl, relayVpnIpNet, relayUdpAddr := newSimpleServer(ca, caKey, "relay ", net.IP{10, 0, 0, 128}, m{"relay": m{"am_relay": true}})
  266. theirControl, theirVpnIpNet, theirUdpAddr := newSimpleServer(ca, caKey, "them ", net.IP{10, 0, 0, 2}, m{"relay": m{"use_relays": true}})
  267. // Teach my how to get to the relay and that their can be reached via the relay
  268. myControl.InjectLightHouseAddr(relayVpnIpNet.IP, relayUdpAddr)
  269. myControl.InjectRelays(theirVpnIpNet.IP, []net.IP{relayVpnIpNet.IP})
  270. relayControl.InjectLightHouseAddr(theirVpnIpNet.IP, theirUdpAddr)
  271. // Build a router so we don't have to reason who gets which packet
  272. r := router.NewR(t, myControl, relayControl, theirControl)
  273. defer r.RenderFlow()
  274. // Start the servers
  275. myControl.Start()
  276. relayControl.Start()
  277. theirControl.Start()
  278. t.Log("Trigger a handshake from me to them via the relay")
  279. myControl.InjectTunUDPPacket(theirVpnIpNet.IP, 80, 80, []byte("Hi from me"))
  280. p := r.RouteForAllUntilTxTun(theirControl)
  281. r.Log("Assert the tunnel works")
  282. assertUdpPacket(t, []byte("Hi from me"), p, myVpnIpNet.IP, theirVpnIpNet.IP, 80, 80)
  283. r.RenderHostmaps("Final hostmaps", myControl, relayControl, theirControl)
  284. //TODO: assert we actually used the relay even though it should be impossible for a tunnel to have occurred without it
  285. }
  286. func TestStage1RaceRelays(t *testing.T) {
  287. //NOTE: this is a race between me and relay resulting in a full tunnel from me to them via relay
  288. ca, _, caKey, _ := newTestCaCert(time.Now(), time.Now().Add(10*time.Minute), []*net.IPNet{}, []*net.IPNet{}, []string{})
  289. myControl, myVpnIpNet, myUdpAddr := newSimpleServer(ca, caKey, "me ", net.IP{10, 0, 0, 1}, m{"relay": m{"use_relays": true}})
  290. relayControl, relayVpnIpNet, relayUdpAddr := newSimpleServer(ca, caKey, "relay ", net.IP{10, 0, 0, 128}, m{"relay": m{"am_relay": true}})
  291. theirControl, theirVpnIpNet, theirUdpAddr := newSimpleServer(ca, caKey, "them ", net.IP{10, 0, 0, 2}, m{"relay": m{"use_relays": true}})
  292. // Teach my how to get to the relay and that their can be reached via the relay
  293. myControl.InjectLightHouseAddr(relayVpnIpNet.IP, relayUdpAddr)
  294. theirControl.InjectLightHouseAddr(relayVpnIpNet.IP, relayUdpAddr)
  295. myControl.InjectRelays(theirVpnIpNet.IP, []net.IP{relayVpnIpNet.IP})
  296. theirControl.InjectRelays(myVpnIpNet.IP, []net.IP{relayVpnIpNet.IP})
  297. relayControl.InjectLightHouseAddr(theirVpnIpNet.IP, theirUdpAddr)
  298. relayControl.InjectLightHouseAddr(myVpnIpNet.IP, myUdpAddr)
  299. // Build a router so we don't have to reason who gets which packet
  300. r := router.NewR(t, myControl, relayControl, theirControl)
  301. defer r.RenderFlow()
  302. // Start the servers
  303. myControl.Start()
  304. relayControl.Start()
  305. theirControl.Start()
  306. r.Log("Get a tunnel between me and relay")
  307. assertTunnel(t, myVpnIpNet.IP, relayVpnIpNet.IP, myControl, relayControl, r)
  308. r.Log("Get a tunnel between them and relay")
  309. assertTunnel(t, theirVpnIpNet.IP, relayVpnIpNet.IP, theirControl, relayControl, r)
  310. r.Log("Trigger a handshake from both them and me via relay to them and me")
  311. myControl.InjectTunUDPPacket(theirVpnIpNet.IP, 80, 80, []byte("Hi from me"))
  312. theirControl.InjectTunUDPPacket(myVpnIpNet.IP, 80, 80, []byte("Hi from them"))
  313. r.Log("Wait for a packet from them to me")
  314. p := r.RouteForAllUntilTxTun(myControl)
  315. _ = p
  316. myControl.Stop()
  317. theirControl.Stop()
  318. relayControl.Stop()
  319. //
  320. ////TODO: assert hostmaps
  321. }
  322. func TestStage1RaceRelays2(t *testing.T) {
  323. //NOTE: this is a race between me and relay resulting in a full tunnel from me to them via relay
  324. ca, _, caKey, _ := newTestCaCert(time.Now(), time.Now().Add(10*time.Minute), []*net.IPNet{}, []*net.IPNet{}, []string{})
  325. myControl, myVpnIpNet, myUdpAddr := newSimpleServer(ca, caKey, "me ", net.IP{10, 0, 0, 1}, m{"relay": m{"use_relays": true}})
  326. relayControl, relayVpnIpNet, relayUdpAddr := newSimpleServer(ca, caKey, "relay ", net.IP{10, 0, 0, 128}, m{"relay": m{"am_relay": true}})
  327. theirControl, theirVpnIpNet, theirUdpAddr := newSimpleServer(ca, caKey, "them ", net.IP{10, 0, 0, 2}, m{"relay": m{"use_relays": true}})
  328. l := NewTestLogger()
  329. // Teach my how to get to the relay and that their can be reached via the relay
  330. myControl.InjectLightHouseAddr(relayVpnIpNet.IP, relayUdpAddr)
  331. theirControl.InjectLightHouseAddr(relayVpnIpNet.IP, relayUdpAddr)
  332. myControl.InjectRelays(theirVpnIpNet.IP, []net.IP{relayVpnIpNet.IP})
  333. theirControl.InjectRelays(myVpnIpNet.IP, []net.IP{relayVpnIpNet.IP})
  334. relayControl.InjectLightHouseAddr(theirVpnIpNet.IP, theirUdpAddr)
  335. relayControl.InjectLightHouseAddr(myVpnIpNet.IP, myUdpAddr)
  336. // Build a router so we don't have to reason who gets which packet
  337. r := router.NewR(t, myControl, relayControl, theirControl)
  338. defer r.RenderFlow()
  339. // Start the servers
  340. myControl.Start()
  341. relayControl.Start()
  342. theirControl.Start()
  343. r.Log("Get a tunnel between me and relay")
  344. l.Info("Get a tunnel between me and relay")
  345. assertTunnel(t, myVpnIpNet.IP, relayVpnIpNet.IP, myControl, relayControl, r)
  346. r.Log("Get a tunnel between them and relay")
  347. l.Info("Get a tunnel between them and relay")
  348. assertTunnel(t, theirVpnIpNet.IP, relayVpnIpNet.IP, theirControl, relayControl, r)
  349. r.Log("Trigger a handshake from both them and me via relay to them and me")
  350. l.Info("Trigger a handshake from both them and me via relay to them and me")
  351. myControl.InjectTunUDPPacket(theirVpnIpNet.IP, 80, 80, []byte("Hi from me"))
  352. theirControl.InjectTunUDPPacket(myVpnIpNet.IP, 80, 80, []byte("Hi from them"))
  353. //r.RouteUntilAfterMsgType(myControl, header.Control, header.MessageNone)
  354. //r.RouteUntilAfterMsgType(theirControl, header.Control, header.MessageNone)
  355. r.Log("Wait for a packet from them to me")
  356. l.Info("Wait for a packet from them to me; myControl")
  357. r.RouteForAllUntilTxTun(myControl)
  358. l.Info("Wait for a packet from them to me; theirControl")
  359. r.RouteForAllUntilTxTun(theirControl)
  360. r.Log("Assert the tunnel works")
  361. l.Info("Assert the tunnel works")
  362. assertTunnel(t, theirVpnIpNet.IP, myVpnIpNet.IP, theirControl, myControl, r)
  363. t.Log("Wait until we remove extra tunnels")
  364. l.Info("Wait until we remove extra tunnels")
  365. l.WithFields(
  366. logrus.Fields{
  367. "myControl": len(myControl.GetHostmap().Indexes),
  368. "theirControl": len(theirControl.GetHostmap().Indexes),
  369. "relayControl": len(relayControl.GetHostmap().Indexes),
  370. }).Info("Waiting for hostinfos to be removed...")
  371. hostInfos := len(myControl.GetHostmap().Indexes) + len(theirControl.GetHostmap().Indexes) + len(relayControl.GetHostmap().Indexes)
  372. retries := 60
  373. for hostInfos > 6 && retries > 0 {
  374. hostInfos = len(myControl.GetHostmap().Indexes) + len(theirControl.GetHostmap().Indexes) + len(relayControl.GetHostmap().Indexes)
  375. l.WithFields(
  376. logrus.Fields{
  377. "myControl": len(myControl.GetHostmap().Indexes),
  378. "theirControl": len(theirControl.GetHostmap().Indexes),
  379. "relayControl": len(relayControl.GetHostmap().Indexes),
  380. }).Info("Waiting for hostinfos to be removed...")
  381. assertTunnel(t, myVpnIpNet.IP, theirVpnIpNet.IP, myControl, theirControl, r)
  382. t.Log("Connection manager hasn't ticked yet")
  383. time.Sleep(time.Second)
  384. retries--
  385. }
  386. r.Log("Assert the tunnel works")
  387. l.Info("Assert the tunnel works")
  388. assertTunnel(t, theirVpnIpNet.IP, myVpnIpNet.IP, theirControl, myControl, r)
  389. myControl.Stop()
  390. theirControl.Stop()
  391. relayControl.Stop()
  392. //
  393. ////TODO: assert hostmaps
  394. }
  395. //TODO: add a test with many lies