2023-12-08 10:48:21 +01:00
|
|
|
//go:build !android
|
|
|
|
|
2022-09-05 09:06:35 +02:00
|
|
|
package routemanager
|
|
|
|
|
|
|
|
import (
|
2023-06-12 16:01:06 +02:00
|
|
|
"bytes"
|
2022-09-05 09:06:35 +02:00
|
|
|
"fmt"
|
2022-10-31 11:54:34 +01:00
|
|
|
"net"
|
2022-09-05 09:06:35 +02:00
|
|
|
"net/netip"
|
2023-06-12 16:01:06 +02:00
|
|
|
"os"
|
2024-03-21 16:49:28 +01:00
|
|
|
"os/exec"
|
|
|
|
"runtime"
|
2023-06-12 16:01:06 +02:00
|
|
|
"strings"
|
2022-09-05 09:06:35 +02:00
|
|
|
"testing"
|
2023-06-09 12:35:57 +02:00
|
|
|
|
2023-12-20 23:02:42 +01:00
|
|
|
"github.com/pion/transport/v3/stdnet"
|
2023-06-12 16:01:06 +02:00
|
|
|
log "github.com/sirupsen/logrus"
|
2024-03-21 16:49:28 +01:00
|
|
|
"github.com/stretchr/testify/assert"
|
2023-06-09 12:35:57 +02:00
|
|
|
"github.com/stretchr/testify/require"
|
2024-01-03 16:06:20 +01:00
|
|
|
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
2023-06-09 12:35:57 +02:00
|
|
|
|
|
|
|
"github.com/netbirdio/netbird/iface"
|
2022-09-05 09:06:35 +02:00
|
|
|
)
|
|
|
|
|
2024-03-21 16:49:28 +01:00
|
|
|
func assertWGOutInterface(t *testing.T, prefix netip.Prefix, wgIface *iface.WGIface, invert bool) {
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
if runtime.GOOS == "linux" {
|
|
|
|
outIntf, err := getOutgoingInterfaceLinux(prefix.Addr().String())
|
|
|
|
require.NoError(t, err, "getOutgoingInterfaceLinux should not return error")
|
|
|
|
if invert {
|
|
|
|
require.NotEqual(t, wgIface.Name(), outIntf, "outgoing interface should not be the wireguard interface")
|
|
|
|
} else {
|
|
|
|
require.Equal(t, wgIface.Name(), outIntf, "outgoing interface should be the wireguard interface")
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
prefixGateway, err := getExistingRIBRouteGateway(prefix)
|
|
|
|
require.NoError(t, err, "getExistingRIBRouteGateway should not return err")
|
|
|
|
if invert {
|
|
|
|
assert.NotEqual(t, wgIface.Address().IP.String(), prefixGateway.String(), "route should not point to wireguard interface IP")
|
|
|
|
} else {
|
|
|
|
assert.Equal(t, wgIface.Address().IP.String(), prefixGateway.String(), "route should point to wireguard interface IP")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func getOutgoingInterfaceLinux(destination string) (string, error) {
|
|
|
|
cmd := exec.Command("ip", "route", "get", destination)
|
|
|
|
output, err := cmd.Output()
|
|
|
|
if err != nil {
|
|
|
|
return "", fmt.Errorf("executing ip route get: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return parseOutgoingInterface(string(output)), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func parseOutgoingInterface(routeGetOutput string) string {
|
|
|
|
fields := strings.Fields(routeGetOutput)
|
|
|
|
for i, field := range fields {
|
|
|
|
if field == "dev" && i+1 < len(fields) {
|
|
|
|
return fields[i+1]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2022-09-05 09:06:35 +02:00
|
|
|
func TestAddRemoveRoutes(t *testing.T) {
|
|
|
|
testCases := []struct {
|
|
|
|
name string
|
|
|
|
prefix netip.Prefix
|
|
|
|
shouldRouteToWireguard bool
|
|
|
|
shouldBeRemoved bool
|
|
|
|
}{
|
|
|
|
{
|
2023-11-24 11:31:22 +01:00
|
|
|
name: "Should Add And Remove Route 100.66.120.0/24",
|
2022-09-05 09:06:35 +02:00
|
|
|
prefix: netip.MustParsePrefix("100.66.120.0/24"),
|
|
|
|
shouldRouteToWireguard: true,
|
|
|
|
shouldBeRemoved: true,
|
|
|
|
},
|
|
|
|
{
|
2023-11-24 11:31:22 +01:00
|
|
|
name: "Should Not Add Or Remove Route 127.0.0.1/32",
|
2022-09-05 09:06:35 +02:00
|
|
|
prefix: netip.MustParsePrefix("127.0.0.1/32"),
|
|
|
|
shouldRouteToWireguard: false,
|
|
|
|
shouldBeRemoved: false,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for n, testCase := range testCases {
|
|
|
|
t.Run(testCase.name, func(t *testing.T) {
|
2024-01-03 16:06:20 +01:00
|
|
|
peerPrivateKey, _ := wgtypes.GeneratePrivateKey()
|
2023-04-13 17:00:01 +02:00
|
|
|
newNet, err := stdnet.NewNet()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
2024-01-03 16:06:20 +01:00
|
|
|
wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun53%d", n), "100.65.75.2/24", 33100, peerPrivateKey.String(), iface.DefaultMTU, newNet, nil)
|
2022-09-05 09:06:35 +02:00
|
|
|
require.NoError(t, err, "should create testing WGIface interface")
|
|
|
|
defer wgInterface.Close()
|
|
|
|
|
|
|
|
err = wgInterface.Create()
|
|
|
|
require.NoError(t, err, "should create testing wireguard interface")
|
|
|
|
|
2024-03-21 16:49:28 +01:00
|
|
|
require.NoError(t, setupRouting())
|
|
|
|
t.Cleanup(func() {
|
|
|
|
assert.NoError(t, cleanupRouting())
|
|
|
|
})
|
|
|
|
|
|
|
|
err = addToRouteTableIfNoExists(testCase.prefix, wgInterface.Address().IP.String(), wgInterface.Name())
|
2023-11-24 11:31:22 +01:00
|
|
|
require.NoError(t, err, "addToRouteTableIfNoExists should not return err")
|
2022-09-05 09:06:35 +02:00
|
|
|
|
|
|
|
if testCase.shouldRouteToWireguard {
|
2024-03-21 16:49:28 +01:00
|
|
|
assertWGOutInterface(t, testCase.prefix, wgInterface, false)
|
2022-09-05 09:06:35 +02:00
|
|
|
} else {
|
2024-03-21 16:49:28 +01:00
|
|
|
assertWGOutInterface(t, testCase.prefix, wgInterface, true)
|
2022-09-05 09:06:35 +02:00
|
|
|
}
|
2023-11-24 11:31:22 +01:00
|
|
|
exists, err := existsInRouteTable(testCase.prefix)
|
|
|
|
require.NoError(t, err, "existsInRouteTable should not return err")
|
|
|
|
if exists && testCase.shouldRouteToWireguard {
|
2024-03-21 16:49:28 +01:00
|
|
|
err = removeFromRouteTableIfNonSystem(testCase.prefix, wgInterface.Address().IP.String(), wgInterface.Name())
|
2023-11-24 11:31:22 +01:00
|
|
|
require.NoError(t, err, "removeFromRouteTableIfNonSystem should not return err")
|
2022-09-05 09:06:35 +02:00
|
|
|
|
2024-03-21 16:49:28 +01:00
|
|
|
prefixGateway, err := getExistingRIBRouteGateway(testCase.prefix)
|
2023-11-24 11:31:22 +01:00
|
|
|
require.NoError(t, err, "getExistingRIBRouteGateway should not return err")
|
2022-09-05 09:06:35 +02:00
|
|
|
|
2023-11-24 11:31:22 +01:00
|
|
|
internetGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
|
|
|
|
require.NoError(t, err)
|
2022-09-05 09:06:35 +02:00
|
|
|
|
2023-11-24 11:31:22 +01:00
|
|
|
if testCase.shouldBeRemoved {
|
|
|
|
require.Equal(t, internetGateway, prefixGateway, "route should be pointing to default internet gateway")
|
|
|
|
} else {
|
|
|
|
require.NotEqual(t, internetGateway, prefixGateway, "route should be pointing to a different gateway than the internet gateway")
|
|
|
|
}
|
2022-09-05 09:06:35 +02:00
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2022-10-31 11:54:34 +01:00
|
|
|
|
|
|
|
func TestGetExistingRIBRouteGateway(t *testing.T) {
|
|
|
|
gateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal("shouldn't return error when fetching the gateway: ", err)
|
|
|
|
}
|
|
|
|
if gateway == nil {
|
|
|
|
t.Fatal("should return a gateway")
|
|
|
|
}
|
|
|
|
addresses, err := net.InterfaceAddrs()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal("shouldn't return error when fetching interface addresses: ", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var testingIP string
|
|
|
|
var testingPrefix netip.Prefix
|
|
|
|
for _, address := range addresses {
|
|
|
|
if address.Network() != "ip+net" {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
prefix := netip.MustParsePrefix(address.String())
|
|
|
|
if !prefix.Addr().IsLoopback() && prefix.Addr().Is4() {
|
|
|
|
testingIP = prefix.Addr().String()
|
|
|
|
testingPrefix = prefix.Masked()
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
localIP, err := getExistingRIBRouteGateway(testingPrefix)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal("shouldn't return error: ", err)
|
|
|
|
}
|
|
|
|
if localIP == nil {
|
|
|
|
t.Fatal("should return a gateway for local network")
|
|
|
|
}
|
|
|
|
if localIP.String() == gateway.String() {
|
|
|
|
t.Fatal("local ip should not match with gateway IP")
|
|
|
|
}
|
|
|
|
if localIP.String() != testingIP {
|
|
|
|
t.Fatalf("local ip should match with testing IP: want %s got %s", testingIP, localIP.String())
|
|
|
|
}
|
|
|
|
}
|
2023-06-12 16:01:06 +02:00
|
|
|
|
|
|
|
func TestAddExistAndRemoveRouteNonAndroid(t *testing.T) {
|
|
|
|
defaultGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
|
2023-11-10 16:33:13 +01:00
|
|
|
t.Log("defaultGateway: ", defaultGateway)
|
2023-06-12 16:01:06 +02:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal("shouldn't return error when fetching the gateway: ", err)
|
|
|
|
}
|
|
|
|
testCases := []struct {
|
|
|
|
name string
|
|
|
|
prefix netip.Prefix
|
|
|
|
preExistingPrefix netip.Prefix
|
|
|
|
shouldAddRoute bool
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "Should Add And Remove random Route",
|
|
|
|
prefix: netip.MustParsePrefix("99.99.99.99/32"),
|
|
|
|
shouldAddRoute: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "Should Not Add Route if overlaps with default gateway",
|
|
|
|
prefix: netip.MustParsePrefix(defaultGateway.String() + "/31"),
|
|
|
|
shouldAddRoute: false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "Should Add Route if bigger network exists",
|
|
|
|
prefix: netip.MustParsePrefix("100.100.100.0/24"),
|
|
|
|
preExistingPrefix: netip.MustParsePrefix("100.100.0.0/16"),
|
|
|
|
shouldAddRoute: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "Should Add Route if smaller network exists",
|
|
|
|
prefix: netip.MustParsePrefix("100.100.0.0/16"),
|
|
|
|
preExistingPrefix: netip.MustParsePrefix("100.100.100.0/24"),
|
|
|
|
shouldAddRoute: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "Should Not Add Route if same network exists",
|
|
|
|
prefix: netip.MustParsePrefix("100.100.0.0/16"),
|
|
|
|
preExistingPrefix: netip.MustParsePrefix("100.100.0.0/16"),
|
|
|
|
shouldAddRoute: false,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for n, testCase := range testCases {
|
|
|
|
var buf bytes.Buffer
|
|
|
|
log.SetOutput(&buf)
|
|
|
|
defer func() {
|
|
|
|
log.SetOutput(os.Stderr)
|
|
|
|
}()
|
|
|
|
t.Run(testCase.name, func(t *testing.T) {
|
2024-01-03 16:06:20 +01:00
|
|
|
peerPrivateKey, _ := wgtypes.GeneratePrivateKey()
|
2023-06-12 16:01:06 +02:00
|
|
|
newNet, err := stdnet.NewNet()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
2024-01-03 16:06:20 +01:00
|
|
|
wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun53%d", n), "100.65.75.2/24", 33100, peerPrivateKey.String(), iface.DefaultMTU, newNet, nil)
|
2023-06-12 16:01:06 +02:00
|
|
|
require.NoError(t, err, "should create testing WGIface interface")
|
|
|
|
defer wgInterface.Close()
|
|
|
|
|
|
|
|
err = wgInterface.Create()
|
|
|
|
require.NoError(t, err, "should create testing wireguard interface")
|
|
|
|
|
2024-03-21 16:49:28 +01:00
|
|
|
require.NoError(t, setupRouting())
|
|
|
|
t.Cleanup(func() {
|
|
|
|
assert.NoError(t, cleanupRouting())
|
|
|
|
})
|
|
|
|
|
2023-06-12 16:22:53 +02:00
|
|
|
MockAddr := wgInterface.Address().IP.String()
|
2023-06-12 16:01:06 +02:00
|
|
|
|
|
|
|
// Prepare the environment
|
|
|
|
if testCase.preExistingPrefix.IsValid() {
|
2024-03-21 16:49:28 +01:00
|
|
|
err := addToRouteTableIfNoExists(testCase.preExistingPrefix, MockAddr, wgInterface.Name())
|
2023-06-12 16:01:06 +02:00
|
|
|
require.NoError(t, err, "should not return err when adding pre-existing route")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Add the route
|
2024-03-21 16:49:28 +01:00
|
|
|
err = addToRouteTableIfNoExists(testCase.prefix, MockAddr, wgInterface.Name())
|
2023-06-12 16:01:06 +02:00
|
|
|
require.NoError(t, err, "should not return err when adding route")
|
|
|
|
|
|
|
|
if testCase.shouldAddRoute {
|
|
|
|
// test if route exists after adding
|
|
|
|
ok, err := existsInRouteTable(testCase.prefix)
|
|
|
|
require.NoError(t, err, "should not return err")
|
|
|
|
require.True(t, ok, "route should exist")
|
|
|
|
|
|
|
|
// remove route again if added
|
2024-03-21 16:49:28 +01:00
|
|
|
err = removeFromRouteTableIfNonSystem(testCase.prefix, MockAddr, wgInterface.Name())
|
2023-06-12 16:01:06 +02:00
|
|
|
require.NoError(t, err, "should not return err")
|
|
|
|
}
|
|
|
|
|
|
|
|
// route should either not have been added or should have been removed
|
|
|
|
// In case of already existing route, it should not have been added (but still exist)
|
|
|
|
ok, err := existsInRouteTable(testCase.prefix)
|
2023-11-10 16:33:13 +01:00
|
|
|
t.Log("Buffer string: ", buf.String())
|
2023-06-12 16:01:06 +02:00
|
|
|
require.NoError(t, err, "should not return err")
|
2024-03-21 16:49:28 +01:00
|
|
|
|
|
|
|
// Linux uses a separate routing table, so the route can exist in both tables.
|
|
|
|
// The main routing table takes precedence over the wireguard routing table.
|
|
|
|
if !strings.Contains(buf.String(), "because it already exists") && runtime.GOOS != "linux" {
|
2023-06-12 16:01:06 +02:00
|
|
|
require.False(t, ok, "route should not exist")
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|