nebula/overlay/route_test.go

package overlay

import (
	"fmt"
	"net"
	"testing"

	"github.com/slackhq/nebula/config"
	"github.com/slackhq/nebula/iputil"
	"github.com/slackhq/nebula/test"
	"github.com/stretchr/testify/assert"
)

func Test_parseRoutes(t *testing.T) {
	l := test.NewLogger()
	c := config.NewC(l)
	_, n, _ := net.ParseCIDR("10.0.0.0/24")

	// test no routes config
	routes, err := parseRoutes(c, n)
	assert.Nil(t, err)
	assert.Len(t, routes, 0)

	// not an array
	c.Settings["tun"] = map[interface{}]interface{}{"routes": "hi"}
	routes, err = parseRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "tun.routes is not an array")

	// no routes
	c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{}}
	routes, err = parseRoutes(c, n)
	assert.Nil(t, err)
	assert.Len(t, routes, 0)

	// weird route
	c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{"asdf"}}
	routes, err = parseRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1 in tun.routes is invalid")

	// no mtu
	c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{}}}
	routes, err = parseRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1.mtu in tun.routes is not present")

	// bad mtu
	c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "nope"}}}
	routes, err = parseRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1.mtu in tun.routes is not an integer: strconv.Atoi: parsing \"nope\": invalid syntax")

	// low mtu
	c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "499"}}}
	routes, err = parseRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1.mtu in tun.routes is below 500: 499")

	// missing route
	c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "500"}}}
	routes, err = parseRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1.route in tun.routes is not present")

	// unparsable route
	c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "500", "route": "nope"}}}
	routes, err = parseRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1.route in tun.routes failed to parse: invalid CIDR address: nope")

	// below network range
	c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "500", "route": "1.0.0.0/8"}}}
	routes, err = parseRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1.route in tun.routes is not contained within the network attached to the certificate; route: 1.0.0.0/8, network: 10.0.0.0/24")

	// above network range
	c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "500", "route": "10.0.1.0/24"}}}
	routes, err = parseRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1.route in tun.routes is not contained within the network attached to the certificate; route: 10.0.1.0/24, network: 10.0.0.0/24")

	// happy case
	c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{
		map[interface{}]interface{}{"mtu": "9000", "route": "10.0.0.0/29"},
		map[interface{}]interface{}{"mtu": "8000", "route": "10.0.0.1/32"},
	}}
	routes, err = parseRoutes(c, n)
	assert.Nil(t, err)
	assert.Len(t, routes, 2)

	tested := 0
	for _, r := range routes {
		assert.True(t, r.Install)

		if r.MTU == 8000 {
			assert.Equal(t, "10.0.0.1/32", r.Cidr.String())
			tested++
		} else {
			assert.Equal(t, 9000, r.MTU)
			assert.Equal(t, "10.0.0.0/29", r.Cidr.String())
			tested++
		}
	}

	if tested != 2 {
		t.Fatal("Did not see both routes")
	}
}

func Test_parseUnsafeRoutes(t *testing.T) {
	l := test.NewLogger()
	c := config.NewC(l)
	_, n, _ := net.ParseCIDR("10.0.0.0/24")

	// test no routes config
	routes, err := parseUnsafeRoutes(c, n)
	assert.Nil(t, err)
	assert.Len(t, routes, 0)

	// not an array
	c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": "hi"}
	routes, err = parseUnsafeRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "tun.unsafe_routes is not an array")

	// no routes
	c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{}}
	routes, err = parseUnsafeRoutes(c, n)
	assert.Nil(t, err)
	assert.Len(t, routes, 0)

	// weird route
	c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{"asdf"}}
	routes, err = parseUnsafeRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1 in tun.unsafe_routes is invalid")

	// no via
	c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{}}}
	routes, err = parseUnsafeRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1.via in tun.unsafe_routes is not present")

	// invalid via
	for _, invalidValue := range []interface{}{
		127, false, nil, 1.0, []string{"1", "2"},
	} {
		c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": invalidValue}}}
		routes, err = parseUnsafeRoutes(c, n)
		assert.Nil(t, routes)
		assert.EqualError(t, err, fmt.Sprintf("entry 1.via in tun.unsafe_routes is not a string: found %T", invalidValue))
	}

	// unparsable via
	c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"mtu": "500", "via": "nope"}}}
	routes, err = parseUnsafeRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1.via in tun.unsafe_routes failed to parse address: nope")

	// missing route
	c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "500"}}}
	routes, err = parseUnsafeRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1.route in tun.unsafe_routes is not present")

	// unparsable route
	c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "500", "route": "nope"}}}
	routes, err = parseUnsafeRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1.route in tun.unsafe_routes failed to parse: invalid CIDR address: nope")

	// within network range
	c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "route": "10.0.0.0/24"}}}
	routes, err = parseUnsafeRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1.route in tun.unsafe_routes is contained within the network attached to the certificate; route: 10.0.0.0/24, network: 10.0.0.0/24")

	// below network range
	c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "route": "1.0.0.0/8"}}}
	routes, err = parseUnsafeRoutes(c, n)
	assert.Len(t, routes, 1)
	assert.Nil(t, err)

	// above network range
	c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "route": "10.0.1.0/24"}}}
	routes, err = parseUnsafeRoutes(c, n)
	assert.Len(t, routes, 1)
	assert.Nil(t, err)

	// no mtu
	c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "route": "1.0.0.0/8"}}}
	routes, err = parseUnsafeRoutes(c, n)
	assert.Len(t, routes, 1)
	assert.Equal(t, 0, routes[0].MTU)

	// bad mtu
	c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "nope"}}}
	routes, err = parseUnsafeRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1.mtu in tun.unsafe_routes is not an integer: strconv.Atoi: parsing \"nope\": invalid syntax")

	// low mtu
	c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "499"}}}
	routes, err = parseUnsafeRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1.mtu in tun.unsafe_routes is below 500: 499")

	// bad install
	c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "9000", "route": "1.0.0.0/29", "install": "nope"}}}
	routes, err = parseUnsafeRoutes(c, n)
	assert.Nil(t, routes)
	assert.EqualError(t, err, "entry 1.install in tun.unsafe_routes is not a boolean: strconv.ParseBool: parsing \"nope\": invalid syntax")

	// happy case
	c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{
		map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "9000", "route": "1.0.0.0/29", "install": "t"},
		map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "8000", "route": "1.0.0.1/32", "install": 0},
		map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "1500", "metric": 1234, "route": "1.0.0.2/32", "install": 1},
		map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "1500", "metric": 1234, "route": "1.0.0.2/32"},
	}}
	routes, err = parseUnsafeRoutes(c, n)
	assert.Nil(t, err)
	assert.Len(t, routes, 4)

	tested := 0
	for _, r := range routes {
		if r.MTU == 8000 {
			assert.Equal(t, "1.0.0.1/32", r.Cidr.String())
			assert.False(t, r.Install)
			tested++
		} else if r.MTU == 9000 {
			assert.Equal(t, 9000, r.MTU)
			assert.Equal(t, "1.0.0.0/29", r.Cidr.String())
			assert.True(t, r.Install)
			tested++
		} else {
			assert.Equal(t, 1500, r.MTU)
			assert.Equal(t, 1234, r.Metric)
			assert.Equal(t, "1.0.0.2/32", r.Cidr.String())
			assert.True(t, r.Install)
			tested++
		}
	}

	if tested != 4 {
		t.Fatal("Did not see all unsafe_routes")
	}
}

func Test_makeRouteTree(t *testing.T) {
	l := test.NewLogger()
	c := config.NewC(l)
	_, n, _ := net.ParseCIDR("10.0.0.0/24")

	c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{
		map[interface{}]interface{}{"via": "192.168.0.1", "route": "1.0.0.0/28"},
		map[interface{}]interface{}{"via": "192.168.0.2", "route": "1.0.0.1/32"},
	}}
	routes, err := parseUnsafeRoutes(c, n)
	assert.NoError(t, err)
	assert.Len(t, routes, 2)
	routeTree, err := makeRouteTree(l, routes, true)
	assert.NoError(t, err)

	ip := iputil.Ip2VpnIp(net.ParseIP("1.0.0.2"))
	ok, r := routeTree.MostSpecificContains(ip)
	assert.True(t, ok)
	assert.Equal(t, iputil.Ip2VpnIp(net.ParseIP("192.168.0.1")), r)

	ip = iputil.Ip2VpnIp(net.ParseIP("1.0.0.1"))
	ok, r = routeTree.MostSpecificContains(ip)
	assert.True(t, ok)
	assert.Equal(t, iputil.Ip2VpnIp(net.ParseIP("192.168.0.2")), r)

	ip = iputil.Ip2VpnIp(net.ParseIP("1.1.0.1"))
	ok, r = routeTree.MostSpecificContains(ip)
	assert.False(t, ok)
}
Move all of tun into overlay (#577) 2021-11-11 15:37:29 -07:00			`package overlay`
Public Release 2019-11-19 10:00:20 -07:00
			`import (`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`"fmt"`
Public Release 2019-11-19 10:00:20 -07:00			`"net"`
			`"testing"`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00
Rework some things into packages (#489) 2021-11-03 19:54:04 -06:00			`"github.com/slackhq/nebula/config"`
overlay: fix tun.RouteFor getting net.IP (#595) tun.RouteFor expects the routeTree to have an iputil.VpnIp inside of it instead of a net.IP. 2021-12-06 07:35:31 -07:00			`"github.com/slackhq/nebula/iputil"`
Move util to test, contextual errors to util (#575) 2021-11-10 20:47:38 -07:00			`"github.com/slackhq/nebula/test"`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`"github.com/stretchr/testify/assert"`
Public Release 2019-11-19 10:00:20 -07:00			`)`

Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`func Test_parseRoutes(t *testing.T) {`
Move util to test, contextual errors to util (#575) 2021-11-10 20:47:38 -07:00			`l := test.NewLogger()`
Rework some things into packages (#489) 2021-11-03 19:54:04 -06:00			`c := config.NewC(l)`
Public Release 2019-11-19 10:00:20 -07:00			`_, n, _ := net.ParseCIDR("10.0.0.0/24")`

			`// test no routes config`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err := parseRoutes(c, n)`
Public Release 2019-11-19 10:00:20 -07:00			`assert.Nil(t, err)`
			`assert.Len(t, routes, 0)`

			`// not an array`
			`c.Settings["tun"] = map[interface{}]interface{}{"routes": "hi"}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseRoutes(c, n)`
Public Release 2019-11-19 10:00:20 -07:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "tun.routes is not an array")`

			`// no routes`
			`c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseRoutes(c, n)`
Public Release 2019-11-19 10:00:20 -07:00			`assert.Nil(t, err)`
			`assert.Len(t, routes, 0)`

			`// weird route`
			`c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{"asdf"}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseRoutes(c, n)`
Public Release 2019-11-19 10:00:20 -07:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1 in tun.routes is invalid")`

			`// no mtu`
			`c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseRoutes(c, n)`
Public Release 2019-11-19 10:00:20 -07:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1.mtu in tun.routes is not present")`

			`// bad mtu`
			`c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "nope"}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseRoutes(c, n)`
Public Release 2019-11-19 10:00:20 -07:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1.mtu in tun.routes is not an integer: strconv.Atoi: parsing \"nope\": invalid syntax")`

			`// low mtu`
			`c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "499"}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseRoutes(c, n)`
Public Release 2019-11-19 10:00:20 -07:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1.mtu in tun.routes is below 500: 499")`

			`// missing route`
			`c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "500"}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseRoutes(c, n)`
Public Release 2019-11-19 10:00:20 -07:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1.route in tun.routes is not present")`

			`// unparsable route`
			`c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "500", "route": "nope"}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseRoutes(c, n)`
Public Release 2019-11-19 10:00:20 -07:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1.route in tun.routes failed to parse: invalid CIDR address: nope")`

			`// below network range`
			`c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "500", "route": "1.0.0.0/8"}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseRoutes(c, n)`
Public Release 2019-11-19 10:00:20 -07:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1.route in tun.routes is not contained within the network attached to the certificate; route: 1.0.0.0/8, network: 10.0.0.0/24")`

			`// above network range`
			`c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "500", "route": "10.0.1.0/24"}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseRoutes(c, n)`
Public Release 2019-11-19 10:00:20 -07:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1.route in tun.routes is not contained within the network attached to the certificate; route: 10.0.1.0/24, network: 10.0.0.0/24")`

			`// happy case`
			`c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{`
			`map[interface{}]interface{}{"mtu": "9000", "route": "10.0.0.0/29"},`
			`map[interface{}]interface{}{"mtu": "8000", "route": "10.0.0.1/32"},`
			`}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseRoutes(c, n)`
Public Release 2019-11-19 10:00:20 -07:00			`assert.Nil(t, err)`
			`assert.Len(t, routes, 2)`

			`tested := 0`
			`for _, r := range routes {`
Add ability to skip installing unsafe routes on the os routing table (#831) 2023-04-10 11:32:37 -06:00			`assert.True(t, r.Install)`

Move all of tun into overlay (#577) 2021-11-11 15:37:29 -07:00			`if r.MTU == 8000 {`
			`assert.Equal(t, "10.0.0.1/32", r.Cidr.String())`
Public Release 2019-11-19 10:00:20 -07:00			`tested++`
			`} else {`
Move all of tun into overlay (#577) 2021-11-11 15:37:29 -07:00			`assert.Equal(t, 9000, r.MTU)`
			`assert.Equal(t, "10.0.0.0/29", r.Cidr.String())`
Public Release 2019-11-19 10:00:20 -07:00			`tested++`
			`}`
			`}`

			`if tested != 2 {`
			`t.Fatal("Did not see both routes")`
			`}`
			`}`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`func Test_parseUnsafeRoutes(t *testing.T) {`
Move util to test, contextual errors to util (#575) 2021-11-10 20:47:38 -07:00			`l := test.NewLogger()`
Rework some things into packages (#489) 2021-11-03 19:54:04 -06:00			`c := config.NewC(l)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`_, n, _ := net.ParseCIDR("10.0.0.0/24")`

			`// test no routes config`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err := parseUnsafeRoutes(c, n)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`assert.Nil(t, err)`
			`assert.Len(t, routes, 0)`

			`// not an array`
			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": "hi"}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseUnsafeRoutes(c, n)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "tun.unsafe_routes is not an array")`

			`// no routes`
			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseUnsafeRoutes(c, n)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`assert.Nil(t, err)`
			`assert.Len(t, routes, 0)`

			`// weird route`
			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{"asdf"}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseUnsafeRoutes(c, n)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1 in tun.unsafe_routes is invalid")`

			`// no via`
			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseUnsafeRoutes(c, n)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1.via in tun.unsafe_routes is not present")`

			`// invalid via`
			`for _, invalidValue := range []interface{}{`
			`127, false, nil, 1.0, []string{"1", "2"},`
			`} {`
			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": invalidValue}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseUnsafeRoutes(c, n)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, fmt.Sprintf("entry 1.via in tun.unsafe_routes is not a string: found %T", invalidValue))`
			`}`

			`// unparsable via`
			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"mtu": "500", "via": "nope"}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseUnsafeRoutes(c, n)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1.via in tun.unsafe_routes failed to parse address: nope")`

			`// missing route`
			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "500"}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseUnsafeRoutes(c, n)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1.route in tun.unsafe_routes is not present")`

			`// unparsable route`
			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "500", "route": "nope"}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseUnsafeRoutes(c, n)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1.route in tun.unsafe_routes failed to parse: invalid CIDR address: nope")`

			`// within network range`
			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "route": "10.0.0.0/24"}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseUnsafeRoutes(c, n)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1.route in tun.unsafe_routes is contained within the network attached to the certificate; route: 10.0.0.0/24, network: 10.0.0.0/24")`

			`// below network range`
			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "route": "1.0.0.0/8"}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseUnsafeRoutes(c, n)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`assert.Len(t, routes, 1)`
			`assert.Nil(t, err)`

			`// above network range`
			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "route": "10.0.1.0/24"}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseUnsafeRoutes(c, n)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`assert.Len(t, routes, 1)`
			`assert.Nil(t, err)`

			`// no mtu`
			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "route": "1.0.0.0/8"}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseUnsafeRoutes(c, n)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`assert.Len(t, routes, 1)`
fix makeRouteTree allowMTU (#611) With the previous implementation, we check if route.MTU is greater than zero, but it will always be because we set it to the default MTU in parseUnsafeRoutes. This change leaves it as zero in parseUnsafeRoutes so it can be examined later. 2021-12-14 09:52:28 -07:00			`assert.Equal(t, 0, routes[0].MTU)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00
			`// bad mtu`
			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "nope"}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseUnsafeRoutes(c, n)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1.mtu in tun.unsafe_routes is not an integer: strconv.Atoi: parsing \"nope\": invalid syntax")`

			`// low mtu`
			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "499"}}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseUnsafeRoutes(c, n)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1.mtu in tun.unsafe_routes is below 500: 499")`

Add ability to skip installing unsafe routes on the os routing table (#831) 2023-04-10 11:32:37 -06:00			`// bad install`
			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "9000", "route": "1.0.0.0/29", "install": "nope"}}}`
			`routes, err = parseUnsafeRoutes(c, n)`
			`assert.Nil(t, routes)`
			`assert.EqualError(t, err, "entry 1.install in tun.unsafe_routes is not a boolean: strconv.ParseBool: parsing \"nope\": invalid syntax")`

unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`// happy case`
			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{`
Add ability to skip installing unsafe routes on the os routing table (#831) 2023-04-10 11:32:37 -06:00			`map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "9000", "route": "1.0.0.0/29", "install": "t"},`
			`map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "8000", "route": "1.0.0.1/32", "install": 0},`
			`map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "1500", "metric": 1234, "route": "1.0.0.2/32", "install": 1},`
Add an ability to specify metric for unsafe routes (#474) 2021-11-03 20:53:28 -06:00			`map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "1500", "metric": 1234, "route": "1.0.0.2/32"},`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`}}`
Push route handling into overlay, a few more nits fixed (#581) 2021-11-12 10:19:28 -07:00			`routes, err = parseUnsafeRoutes(c, n)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`assert.Nil(t, err)`
Add ability to skip installing unsafe routes on the os routing table (#831) 2023-04-10 11:32:37 -06:00			`assert.Len(t, routes, 4)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00
			`tested := 0`
			`for _, r := range routes {`
Move all of tun into overlay (#577) 2021-11-11 15:37:29 -07:00			`if r.MTU == 8000 {`
			`assert.Equal(t, "1.0.0.1/32", r.Cidr.String())`
Add ability to skip installing unsafe routes on the os routing table (#831) 2023-04-10 11:32:37 -06:00			`assert.False(t, r.Install)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`tested++`
Move all of tun into overlay (#577) 2021-11-11 15:37:29 -07:00			`} else if r.MTU == 9000 {`
			`assert.Equal(t, 9000, r.MTU)`
			`assert.Equal(t, "1.0.0.0/29", r.Cidr.String())`
Add ability to skip installing unsafe routes on the os routing table (#831) 2023-04-10 11:32:37 -06:00			`assert.True(t, r.Install)`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`tested++`
Add an ability to specify metric for unsafe routes (#474) 2021-11-03 20:53:28 -06:00			`} else {`
Move all of tun into overlay (#577) 2021-11-11 15:37:29 -07:00			`assert.Equal(t, 1500, r.MTU)`
			`assert.Equal(t, 1234, r.Metric)`
			`assert.Equal(t, "1.0.0.2/32", r.Cidr.String())`
Add ability to skip installing unsafe routes on the os routing table (#831) 2023-04-10 11:32:37 -06:00			`assert.True(t, r.Install)`
Add an ability to specify metric for unsafe routes (#474) 2021-11-03 20:53:28 -06:00			`tested++`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`}`
			`}`

Add ability to skip installing unsafe routes on the os routing table (#831) 2023-04-10 11:32:37 -06:00			`if tested != 4 {`
			`t.Fatal("Did not see all unsafe_routes")`
unsafe_routes mtu (#209) 2020-04-06 12:33:30 -06:00			`}`
			`}`
overlay: fix tun.RouteFor getting net.IP (#595) tun.RouteFor expects the routeTree to have an iputil.VpnIp inside of it instead of a net.IP. 2021-12-06 07:35:31 -07:00
			`func Test_makeRouteTree(t *testing.T) {`
			`l := test.NewLogger()`
			`c := config.NewC(l)`
			`_, n, _ := net.ParseCIDR("10.0.0.0/24")`

			`c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{`
			`map[interface{}]interface{}{"via": "192.168.0.1", "route": "1.0.0.0/28"},`
			`map[interface{}]interface{}{"via": "192.168.0.2", "route": "1.0.0.1/32"},`
			`}}`
			`routes, err := parseUnsafeRoutes(c, n)`
			`assert.NoError(t, err)`
			`assert.Len(t, routes, 2)`
fix makeRouteTree allowMTU (#611) With the previous implementation, we check if route.MTU is greater than zero, but it will always be because we set it to the default MTU in parseUnsafeRoutes. This change leaves it as zero in parseUnsafeRoutes so it can be examined later. 2021-12-14 09:52:28 -07:00			`routeTree, err := makeRouteTree(l, routes, true)`
overlay: fix tun.RouteFor getting net.IP (#595) tun.RouteFor expects the routeTree to have an iputil.VpnIp inside of it instead of a net.IP. 2021-12-06 07:35:31 -07:00			`assert.NoError(t, err)`

			`ip := iputil.Ip2VpnIp(net.ParseIP("1.0.0.2"))`
Use generics for CIDRTrees to avoid casting issues (#1004) 2023-11-02 16:05:08 -06:00			`ok, r := routeTree.MostSpecificContains(ip)`
			`assert.True(t, ok)`
			`assert.Equal(t, iputil.Ip2VpnIp(net.ParseIP("192.168.0.1")), r)`
overlay: fix tun.RouteFor getting net.IP (#595) tun.RouteFor expects the routeTree to have an iputil.VpnIp inside of it instead of a net.IP. 2021-12-06 07:35:31 -07:00
			`ip = iputil.Ip2VpnIp(net.ParseIP("1.0.0.1"))`
Use generics for CIDRTrees to avoid casting issues (#1004) 2023-11-02 16:05:08 -06:00			`ok, r = routeTree.MostSpecificContains(ip)`
			`assert.True(t, ok)`
			`assert.Equal(t, iputil.Ip2VpnIp(net.ParseIP("192.168.0.2")), r)`
overlay: fix tun.RouteFor getting net.IP (#595) tun.RouteFor expects the routeTree to have an iputil.VpnIp inside of it instead of a net.IP. 2021-12-06 07:35:31 -07:00
			`ip = iputil.Ip2VpnIp(net.ParseIP("1.1.0.1"))`
Use generics for CIDRTrees to avoid casting issues (#1004) 2023-11-02 16:05:08 -06:00			`ok, r = routeTree.MostSpecificContains(ip)`
			`assert.False(t, ok)`
overlay: fix tun.RouteFor getting net.IP (#595) tun.RouteFor expects the routeTree to have an iputil.VpnIp inside of it instead of a net.IP. 2021-12-06 07:35:31 -07:00			`}`