mirror of
https://github.com/netbirdio/netbird.git
synced 2025-07-22 00:38:17 +02:00
631 lines
18 KiB
Go
631 lines
18 KiB
Go
//go:build !android && !ios
|
|
|
|
package systemops
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"net"
|
|
"net/netip"
|
|
"os/exec"
|
|
"runtime"
|
|
"strconv"
|
|
"strings"
|
|
"syscall"
|
|
"testing"
|
|
|
|
"github.com/pion/transport/v3/stdnet"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
|
|
|
"github.com/netbirdio/netbird/client/iface"
|
|
"github.com/netbirdio/netbird/client/internal/routemanager/vars"
|
|
)
|
|
|
|
type dialer interface {
|
|
Dial(network, address string) (net.Conn, error)
|
|
DialContext(ctx context.Context, network, address string) (net.Conn, error)
|
|
}
|
|
|
|
func TestAddVPNRoute(t *testing.T) {
|
|
testCases := []struct {
|
|
name string
|
|
prefix netip.Prefix
|
|
expectError bool
|
|
}{
|
|
{
|
|
name: "IPv4 - Private network route",
|
|
prefix: netip.MustParsePrefix("10.10.100.0/24"),
|
|
},
|
|
{
|
|
name: "IPv4 Single host",
|
|
prefix: netip.MustParsePrefix("10.111.111.111/32"),
|
|
},
|
|
{
|
|
name: "IPv4 RFC3927 test range",
|
|
prefix: netip.MustParsePrefix("198.51.100.0/24"),
|
|
},
|
|
{
|
|
name: "IPv4 Default route",
|
|
prefix: netip.MustParsePrefix("0.0.0.0/0"),
|
|
},
|
|
|
|
{
|
|
name: "IPv6 Subnet",
|
|
prefix: netip.MustParsePrefix("fdb1:848a:7e16::/48"),
|
|
},
|
|
{
|
|
name: "IPv6 Single host",
|
|
prefix: netip.MustParsePrefix("fdb1:848a:7e16:a::b/128"),
|
|
},
|
|
{
|
|
name: "IPv6 Default route",
|
|
prefix: netip.MustParsePrefix("::/0"),
|
|
},
|
|
|
|
// IPv4 addresses that should be rejected (matches validateRoute logic)
|
|
{
|
|
name: "IPv4 Loopback",
|
|
prefix: netip.MustParsePrefix("127.0.0.1/32"),
|
|
expectError: true,
|
|
},
|
|
{
|
|
name: "IPv4 Link-local unicast",
|
|
prefix: netip.MustParsePrefix("169.254.1.1/32"),
|
|
expectError: true,
|
|
},
|
|
{
|
|
name: "IPv4 Link-local multicast",
|
|
prefix: netip.MustParsePrefix("224.0.0.251/32"),
|
|
expectError: true,
|
|
},
|
|
{
|
|
name: "IPv4 Multicast",
|
|
prefix: netip.MustParsePrefix("239.255.255.250/32"),
|
|
expectError: true,
|
|
},
|
|
{
|
|
name: "IPv4 Unspecified with prefix",
|
|
prefix: netip.MustParsePrefix("0.0.0.0/32"),
|
|
expectError: true,
|
|
},
|
|
|
|
// IPv6 addresses that should be rejected (matches validateRoute logic)
|
|
{
|
|
name: "IPv6 Loopback",
|
|
prefix: netip.MustParsePrefix("::1/128"),
|
|
expectError: true,
|
|
},
|
|
{
|
|
name: "IPv6 Link-local unicast",
|
|
prefix: netip.MustParsePrefix("fe80::1/128"),
|
|
expectError: true,
|
|
},
|
|
{
|
|
name: "IPv6 Link-local multicast",
|
|
prefix: netip.MustParsePrefix("ff02::1/128"),
|
|
expectError: true,
|
|
},
|
|
{
|
|
name: "IPv6 Interface-local multicast",
|
|
prefix: netip.MustParsePrefix("ff01::1/128"),
|
|
expectError: true,
|
|
},
|
|
{
|
|
name: "IPv6 Multicast",
|
|
prefix: netip.MustParsePrefix("ff00::1/128"),
|
|
expectError: true,
|
|
},
|
|
{
|
|
name: "IPv6 Unspecified with prefix",
|
|
prefix: netip.MustParsePrefix("::/128"),
|
|
expectError: true,
|
|
},
|
|
|
|
{
|
|
name: "IPv4 WireGuard interface network overlap",
|
|
prefix: netip.MustParsePrefix("100.65.75.0/24"),
|
|
expectError: true,
|
|
},
|
|
{
|
|
name: "IPv4 WireGuard interface network subnet",
|
|
prefix: netip.MustParsePrefix("100.65.75.0/32"),
|
|
expectError: true,
|
|
},
|
|
}
|
|
|
|
for n, testCase := range testCases {
|
|
t.Run(testCase.name, func(t *testing.T) {
|
|
t.Setenv("NB_DISABLE_ROUTE_CACHE", "true")
|
|
|
|
wgInterface := createWGInterface(t, fmt.Sprintf("utun53%d", n), "100.65.75.2/24", 33100+n)
|
|
|
|
r := NewSysOps(wgInterface, nil)
|
|
_, _, err := r.SetupRouting(nil, nil)
|
|
require.NoError(t, err)
|
|
t.Cleanup(func() {
|
|
assert.NoError(t, r.CleanupRouting(nil))
|
|
})
|
|
|
|
intf, err := net.InterfaceByName(wgInterface.Name())
|
|
require.NoError(t, err)
|
|
|
|
// add the route
|
|
err = r.AddVPNRoute(testCase.prefix, intf)
|
|
if testCase.expectError {
|
|
assert.ErrorIs(t, err, vars.ErrRouteNotAllowed)
|
|
return
|
|
}
|
|
|
|
// validate it's pointing to the WireGuard interface
|
|
require.NoError(t, err)
|
|
|
|
nextHop := getNextHop(t, testCase.prefix.Addr())
|
|
assert.Equal(t, wgInterface.Name(), nextHop.Intf.Name, "next hop interface should be WireGuard interface")
|
|
|
|
// remove route again
|
|
err = r.RemoveVPNRoute(testCase.prefix, intf)
|
|
require.NoError(t, err)
|
|
|
|
// validate it's gone
|
|
nextHop, err = GetNextHop(testCase.prefix.Addr())
|
|
require.True(t,
|
|
errors.Is(err, vars.ErrRouteNotFound) || err == nil && nextHop.Intf != nil && nextHop.Intf.Name != wgInterface.Name(),
|
|
"err: %v, next hop: %v", err, nextHop)
|
|
})
|
|
}
|
|
}
|
|
|
|
func getNextHop(t *testing.T, addr netip.Addr) Nexthop {
|
|
t.Helper()
|
|
|
|
if runtime.GOOS == "windows" || runtime.GOOS == "linux" {
|
|
nextHop, err := GetNextHop(addr)
|
|
|
|
if runtime.GOOS == "windows" && errors.Is(err, vars.ErrRouteNotFound) && addr.Is6() {
|
|
// TODO: Fix this test. It doesn't return the route when running in a windows github runner, but it is
|
|
// present in the route table.
|
|
t.Skip("Skipping windows test")
|
|
}
|
|
|
|
require.NoError(t, err)
|
|
require.NotNil(t, nextHop.Intf, "next hop interface should not be nil for %s", addr)
|
|
|
|
return nextHop
|
|
}
|
|
// GetNextHop for bsd is buggy and returns the wrong interface for the default route.
|
|
|
|
if addr.IsUnspecified() {
|
|
// On macOS, querying 0.0.0.0 returns the wrong interface
|
|
if addr.Is4() {
|
|
addr = netip.MustParseAddr("1.2.3.4")
|
|
} else {
|
|
addr = netip.MustParseAddr("2001:db8::1")
|
|
}
|
|
}
|
|
|
|
cmd := exec.Command("route", "-n", "get", addr.String())
|
|
if addr.Is6() {
|
|
cmd = exec.Command("route", "-n", "get", "-inet6", addr.String())
|
|
}
|
|
|
|
output, err := cmd.CombinedOutput()
|
|
t.Logf("route output: %s", output)
|
|
require.NoError(t, err, "%s failed")
|
|
|
|
lines := strings.Split(string(output), "\n")
|
|
var intf string
|
|
var gateway string
|
|
|
|
for _, line := range lines {
|
|
line = strings.TrimSpace(line)
|
|
if strings.HasPrefix(line, "interface:") {
|
|
intf = strings.TrimSpace(strings.TrimPrefix(line, "interface:"))
|
|
} else if strings.HasPrefix(line, "gateway:") {
|
|
gateway = strings.TrimSpace(strings.TrimPrefix(line, "gateway:"))
|
|
}
|
|
}
|
|
|
|
require.NotEmpty(t, intf, "interface should be found in route output")
|
|
|
|
iface, err := net.InterfaceByName(intf)
|
|
require.NoError(t, err, "interface %s should exist", intf)
|
|
|
|
nexthop := Nexthop{Intf: iface}
|
|
|
|
if gateway != "" && gateway != "link#"+strconv.Itoa(iface.Index) {
|
|
addr, err := netip.ParseAddr(gateway)
|
|
if err == nil {
|
|
nexthop.IP = addr
|
|
}
|
|
}
|
|
|
|
return nexthop
|
|
}
|
|
|
|
func TestAddRouteToNonVPNIntf(t *testing.T) {
|
|
testCases := []struct {
|
|
name string
|
|
prefix netip.Prefix
|
|
expectError bool
|
|
errorType error
|
|
}{
|
|
{
|
|
name: "IPv4 RFC3927 test range",
|
|
prefix: netip.MustParsePrefix("198.51.100.0/24"),
|
|
},
|
|
{
|
|
name: "IPv4 Single host",
|
|
prefix: netip.MustParsePrefix("8.8.8.8/32"),
|
|
},
|
|
{
|
|
name: "IPv6 External network route",
|
|
prefix: netip.MustParsePrefix("2001:db8:1000::/48"),
|
|
},
|
|
{
|
|
name: "IPv6 Single host",
|
|
prefix: netip.MustParsePrefix("2001:db8::1/128"),
|
|
},
|
|
{
|
|
name: "IPv6 Subnet",
|
|
prefix: netip.MustParsePrefix("2a05:d014:1f8d::/48"),
|
|
},
|
|
{
|
|
name: "IPv6 Single host",
|
|
prefix: netip.MustParsePrefix("2a05:d014:1f8d:7302:ebca:ec15:b24d:d07e/128"),
|
|
},
|
|
|
|
// Addresses that should be rejected
|
|
{
|
|
name: "IPv4 Loopback",
|
|
prefix: netip.MustParsePrefix("127.0.0.1/32"),
|
|
expectError: true,
|
|
errorType: vars.ErrRouteNotAllowed,
|
|
},
|
|
{
|
|
name: "IPv4 Link-local unicast",
|
|
prefix: netip.MustParsePrefix("169.254.1.1/32"),
|
|
expectError: true,
|
|
errorType: vars.ErrRouteNotAllowed,
|
|
},
|
|
{
|
|
name: "IPv4 Multicast",
|
|
prefix: netip.MustParsePrefix("239.255.255.250/32"),
|
|
expectError: true,
|
|
errorType: vars.ErrRouteNotAllowed,
|
|
},
|
|
{
|
|
name: "IPv4 Unspecified",
|
|
prefix: netip.MustParsePrefix("0.0.0.0/0"),
|
|
expectError: true,
|
|
errorType: vars.ErrRouteNotAllowed,
|
|
},
|
|
{
|
|
name: "IPv6 Loopback",
|
|
prefix: netip.MustParsePrefix("::1/128"),
|
|
expectError: true,
|
|
errorType: vars.ErrRouteNotAllowed,
|
|
},
|
|
{
|
|
name: "IPv6 Link-local unicast",
|
|
prefix: netip.MustParsePrefix("fe80::1/128"),
|
|
expectError: true,
|
|
errorType: vars.ErrRouteNotAllowed,
|
|
},
|
|
{
|
|
name: "IPv6 Multicast",
|
|
prefix: netip.MustParsePrefix("ff00::1/128"),
|
|
expectError: true,
|
|
errorType: vars.ErrRouteNotAllowed,
|
|
},
|
|
{
|
|
name: "IPv6 Unspecified",
|
|
prefix: netip.MustParsePrefix("::/0"),
|
|
expectError: true,
|
|
errorType: vars.ErrRouteNotAllowed,
|
|
},
|
|
{
|
|
name: "IPv4 WireGuard interface network overlap",
|
|
prefix: netip.MustParsePrefix("100.65.75.0/24"),
|
|
expectError: true,
|
|
errorType: vars.ErrRouteNotAllowed,
|
|
},
|
|
}
|
|
|
|
for n, testCase := range testCases {
|
|
t.Run(testCase.name, func(t *testing.T) {
|
|
t.Setenv("NB_DISABLE_ROUTE_CACHE", "true")
|
|
|
|
wgInterface := createWGInterface(t, fmt.Sprintf("utun54%d", n), "100.65.75.2/24", 33200+n)
|
|
|
|
r := NewSysOps(wgInterface, nil)
|
|
_, _, err := r.SetupRouting(nil, nil)
|
|
require.NoError(t, err)
|
|
t.Cleanup(func() {
|
|
assert.NoError(t, r.CleanupRouting(nil))
|
|
})
|
|
|
|
initialNextHopV4, err := GetNextHop(netip.IPv4Unspecified())
|
|
require.NoError(t, err, "Should be able to get IPv4 default route")
|
|
t.Logf("Initial IPv4 next hop: %s", initialNextHopV4)
|
|
|
|
initialNextHopV6, err := GetNextHop(netip.IPv6Unspecified())
|
|
if testCase.prefix.Addr().Is6() &&
|
|
(errors.Is(err, vars.ErrRouteNotFound) || initialNextHopV6.Intf != nil && strings.HasPrefix(initialNextHopV6.Intf.Name, "utun")) {
|
|
t.Skip("Skipping test as no ipv6 default route is available")
|
|
}
|
|
if err != nil && !errors.Is(err, vars.ErrRouteNotFound) {
|
|
t.Fatalf("Failed to get IPv6 default route: %v", err)
|
|
}
|
|
|
|
var initialNextHop Nexthop
|
|
if testCase.prefix.Addr().Is6() {
|
|
initialNextHop = initialNextHopV6
|
|
} else {
|
|
initialNextHop = initialNextHopV4
|
|
}
|
|
|
|
nexthop, err := r.addRouteToNonVPNIntf(testCase.prefix, wgInterface, initialNextHop)
|
|
|
|
if testCase.expectError {
|
|
require.ErrorIs(t, err, vars.ErrRouteNotAllowed)
|
|
return
|
|
}
|
|
require.NoError(t, err)
|
|
t.Logf("Next hop for %s: %s", testCase.prefix, nexthop)
|
|
|
|
// Verify the route was added and points to non-VPN interface
|
|
currentNextHop, err := GetNextHop(testCase.prefix.Addr())
|
|
require.NoError(t, err)
|
|
assert.NotEqual(t, wgInterface.Name(), currentNextHop.Intf.Name, "Route should not point to VPN interface")
|
|
|
|
err = r.removeFromRouteTable(testCase.prefix, nexthop)
|
|
assert.NoError(t, err)
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestGetNextHop(t *testing.T) {
|
|
defaultNh, err := GetNextHop(netip.MustParseAddr("0.0.0.0"))
|
|
if err != nil {
|
|
t.Fatal("shouldn't return error when fetching the gateway: ", err)
|
|
}
|
|
if !defaultNh.IP.IsValid() {
|
|
t.Fatal("should return a gateway")
|
|
}
|
|
addresses, err := net.InterfaceAddrs()
|
|
if err != nil {
|
|
t.Fatal("shouldn't return error when fetching interface addresses: ", err)
|
|
}
|
|
|
|
var testingPrefix netip.Prefix
|
|
for _, address := range addresses {
|
|
if address.Network() != "ip+net" {
|
|
continue
|
|
}
|
|
prefix := netip.MustParsePrefix(address.String())
|
|
if !prefix.Addr().IsLoopback() && prefix.Addr().Is4() {
|
|
testingPrefix = prefix.Masked()
|
|
break
|
|
}
|
|
}
|
|
|
|
nh, err := GetNextHop(testingPrefix.Addr())
|
|
if err != nil {
|
|
t.Fatal("shouldn't return error: ", err)
|
|
}
|
|
if nh.Intf == nil {
|
|
t.Fatal("should return a gateway for local network")
|
|
}
|
|
if nh.IP.String() == defaultNh.IP.String() {
|
|
t.Fatal("next hop IP should not match with default gateway IP")
|
|
}
|
|
if nh.Intf.Name != defaultNh.Intf.Name {
|
|
t.Fatalf("next hop interface name should match with default gateway interface name, got: %s, want: %s", nh.Intf.Name, defaultNh.Intf.Name)
|
|
}
|
|
}
|
|
|
|
func createWGInterface(t *testing.T, interfaceName, ipAddressCIDR string, listenPort int) *iface.WGIface {
|
|
t.Helper()
|
|
|
|
peerPrivateKey, err := wgtypes.GeneratePrivateKey()
|
|
require.NoError(t, err)
|
|
|
|
newNet, err := stdnet.NewNet()
|
|
require.NoError(t, err)
|
|
|
|
opts := iface.WGIFaceOpts{
|
|
IFaceName: interfaceName,
|
|
Address: ipAddressCIDR,
|
|
WGPrivKey: peerPrivateKey.String(),
|
|
WGPort: listenPort,
|
|
MTU: iface.DefaultMTU,
|
|
TransportNet: newNet,
|
|
}
|
|
wgInterface, err := iface.NewWGIFace(opts)
|
|
require.NoError(t, err, "should create testing WireGuard interface")
|
|
|
|
err = wgInterface.Create()
|
|
require.NoError(t, err, "should create testing WireGuard interface")
|
|
|
|
t.Cleanup(func() {
|
|
wgInterface.Close()
|
|
})
|
|
|
|
return wgInterface
|
|
}
|
|
|
|
func setupRouteAndCleanup(t *testing.T, r *SysOps, prefix netip.Prefix, intf *net.Interface) {
|
|
t.Helper()
|
|
|
|
if err := r.AddVPNRoute(prefix, intf); err != nil {
|
|
if !errors.Is(err, syscall.EEXIST) && !errors.Is(err, vars.ErrRouteNotAllowed) {
|
|
t.Fatalf("addVPNRoute should not return err: %v", err)
|
|
}
|
|
t.Logf("addVPNRoute %v returned: %v", prefix, err)
|
|
}
|
|
t.Cleanup(func() {
|
|
if err := r.RemoveVPNRoute(prefix, intf); err != nil && !errors.Is(err, vars.ErrRouteNotAllowed) {
|
|
t.Fatalf("removeVPNRoute should not return err: %v", err)
|
|
}
|
|
})
|
|
}
|
|
|
|
func setupTestEnv(t *testing.T) {
|
|
t.Helper()
|
|
|
|
setupDummyInterfacesAndRoutes(t)
|
|
|
|
wgInterface := createWGInterface(t, expectedVPNint, "100.64.0.1/24", 51820)
|
|
t.Cleanup(func() {
|
|
assert.NoError(t, wgInterface.Close())
|
|
})
|
|
|
|
r := NewSysOps(wgInterface, nil)
|
|
_, _, err := r.SetupRouting(nil, nil)
|
|
require.NoError(t, err, "setupRouting should not return err")
|
|
t.Cleanup(func() {
|
|
assert.NoError(t, r.CleanupRouting(nil))
|
|
})
|
|
|
|
index, err := net.InterfaceByName(wgInterface.Name())
|
|
require.NoError(t, err, "InterfaceByName should not return err")
|
|
intf := &net.Interface{Index: index.Index, Name: wgInterface.Name()}
|
|
|
|
// default route exists in main table and vpn table
|
|
setupRouteAndCleanup(t, r, netip.MustParsePrefix("0.0.0.0/0"), intf)
|
|
|
|
// 10.0.0.0/8 route exists in main table and vpn table
|
|
setupRouteAndCleanup(t, r, netip.MustParsePrefix("10.0.0.0/8"), intf)
|
|
|
|
// 10.10.0.0/24 more specific route exists in vpn table
|
|
setupRouteAndCleanup(t, r, netip.MustParsePrefix("10.10.0.0/24"), intf)
|
|
|
|
// unique route in vpn table
|
|
setupRouteAndCleanup(t, r, netip.MustParsePrefix("172.16.0.0/12"), intf)
|
|
}
|
|
|
|
func TestIsVpnRoute(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
addr string
|
|
vpnRoutes []string
|
|
localRoutes []string
|
|
expectedVpn bool
|
|
expectedPrefix netip.Prefix
|
|
}{
|
|
{
|
|
name: "Match in VPN routes",
|
|
addr: "192.168.1.1",
|
|
vpnRoutes: []string{"192.168.1.0/24"},
|
|
localRoutes: []string{"10.0.0.0/8"},
|
|
expectedVpn: true,
|
|
expectedPrefix: netip.MustParsePrefix("192.168.1.0/24"),
|
|
},
|
|
{
|
|
name: "Match in local routes",
|
|
addr: "10.1.1.1",
|
|
vpnRoutes: []string{"192.168.1.0/24"},
|
|
localRoutes: []string{"10.0.0.0/8"},
|
|
expectedVpn: false,
|
|
expectedPrefix: netip.MustParsePrefix("10.0.0.0/8"),
|
|
},
|
|
{
|
|
name: "No match",
|
|
addr: "172.16.0.1",
|
|
vpnRoutes: []string{"192.168.1.0/24"},
|
|
localRoutes: []string{"10.0.0.0/8"},
|
|
expectedVpn: false,
|
|
expectedPrefix: netip.Prefix{},
|
|
},
|
|
{
|
|
name: "Default route ignored",
|
|
addr: "192.168.1.1",
|
|
vpnRoutes: []string{"0.0.0.0/0", "192.168.1.0/24"},
|
|
localRoutes: []string{"10.0.0.0/8"},
|
|
expectedVpn: true,
|
|
expectedPrefix: netip.MustParsePrefix("192.168.1.0/24"),
|
|
},
|
|
{
|
|
name: "Default route matches but ignored",
|
|
addr: "172.16.1.1",
|
|
vpnRoutes: []string{"0.0.0.0/0", "192.168.1.0/24"},
|
|
localRoutes: []string{"10.0.0.0/8"},
|
|
expectedVpn: false,
|
|
expectedPrefix: netip.Prefix{},
|
|
},
|
|
{
|
|
name: "Longest prefix match local",
|
|
addr: "192.168.1.1",
|
|
vpnRoutes: []string{"192.168.0.0/16"},
|
|
localRoutes: []string{"192.168.1.0/24"},
|
|
expectedVpn: false,
|
|
expectedPrefix: netip.MustParsePrefix("192.168.1.0/24"),
|
|
},
|
|
{
|
|
name: "Longest prefix match local multiple",
|
|
addr: "192.168.0.1",
|
|
vpnRoutes: []string{"192.168.0.0/16", "192.168.0.0/25", "192.168.0.0/27"},
|
|
localRoutes: []string{"192.168.0.0/24", "192.168.0.0/26", "192.168.0.0/28"},
|
|
expectedVpn: false,
|
|
expectedPrefix: netip.MustParsePrefix("192.168.0.0/28"),
|
|
},
|
|
{
|
|
name: "Longest prefix match vpn",
|
|
addr: "192.168.1.1",
|
|
vpnRoutes: []string{"192.168.1.0/24"},
|
|
localRoutes: []string{"192.168.0.0/16"},
|
|
expectedVpn: true,
|
|
expectedPrefix: netip.MustParsePrefix("192.168.1.0/24"),
|
|
},
|
|
{
|
|
name: "Longest prefix match vpn multiple",
|
|
addr: "192.168.0.1",
|
|
vpnRoutes: []string{"192.168.0.0/16", "192.168.0.0/25", "192.168.0.0/27"},
|
|
localRoutes: []string{"192.168.0.0/24", "192.168.0.0/26"},
|
|
expectedVpn: true,
|
|
expectedPrefix: netip.MustParsePrefix("192.168.0.0/27"),
|
|
},
|
|
{
|
|
name: "Duplicate prefix in both",
|
|
addr: "192.168.1.1",
|
|
vpnRoutes: []string{"192.168.1.0/24"},
|
|
localRoutes: []string{"192.168.1.0/24"},
|
|
expectedVpn: false,
|
|
expectedPrefix: netip.MustParsePrefix("192.168.1.0/24"),
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
addr, err := netip.ParseAddr(tt.addr)
|
|
if err != nil {
|
|
t.Fatalf("Failed to parse address %s: %v", tt.addr, err)
|
|
}
|
|
|
|
var vpnRoutes, localRoutes []netip.Prefix
|
|
for _, route := range tt.vpnRoutes {
|
|
prefix, err := netip.ParsePrefix(route)
|
|
if err != nil {
|
|
t.Fatalf("Failed to parse VPN route %s: %v", route, err)
|
|
}
|
|
vpnRoutes = append(vpnRoutes, prefix)
|
|
}
|
|
|
|
for _, route := range tt.localRoutes {
|
|
prefix, err := netip.ParsePrefix(route)
|
|
if err != nil {
|
|
t.Fatalf("Failed to parse local route %s: %v", route, err)
|
|
}
|
|
localRoutes = append(localRoutes, prefix)
|
|
}
|
|
|
|
isVpn, matchedPrefix := isVpnRoute(addr, vpnRoutes, localRoutes)
|
|
assert.Equal(t, tt.expectedVpn, isVpn, "isVpnRoute should return expectedVpn value")
|
|
assert.Equal(t, tt.expectedPrefix, matchedPrefix, "isVpnRoute should return expectedVpn prefix")
|
|
})
|
|
}
|
|
}
|