nebula/handshake_manager_test.go

package nebula

import (
	"net"
	"testing"
	"time"

	"github.com/slackhq/nebula/cert"
	"github.com/slackhq/nebula/header"
	"github.com/slackhq/nebula/iputil"
	"github.com/slackhq/nebula/test"
	"github.com/slackhq/nebula/udp"
	"github.com/stretchr/testify/assert"
)

func Test_NewHandshakeManagerVpnIp(t *testing.T) {
	l := test.NewLogger()
	_, vpncidr, _ := net.ParseCIDR("172.1.1.1/24")
	_, localrange, _ := net.ParseCIDR("10.1.1.1/24")
	ip := iputil.Ip2VpnIp(net.ParseIP("172.1.1.2"))
	preferredRanges := []*net.IPNet{localrange}
	mainHM := NewHostMap(l, vpncidr, preferredRanges)
	lh := newTestLighthouse()

	cs := &CertState{
		RawCertificate:      []byte{},
		PrivateKey:          []byte{},
		Certificate:         &cert.NebulaCertificate{},
		RawCertificateNoKey: []byte{},
	}

	blah := NewHandshakeManager(l, mainHM, lh, &udp.NoopConn{}, defaultHandshakeConfig)
	blah.f = &Interface{handshakeManager: blah, pki: &PKI{}, l: l}
	blah.f.pki.cs.Store(cs)

	now := time.Now()
	blah.NextOutboundHandshakeTimerTick(now)

	i := blah.StartHandshake(ip, nil)
	i2 := blah.StartHandshake(ip, nil)
	assert.Same(t, i, i2)

	i.remotes = NewRemoteList(nil)

	// Adding something to pending should not affect the main hostmap
	assert.Len(t, mainHM.Hosts, 0)

	// Confirm they are in the pending index list
	assert.Contains(t, blah.vpnIps, ip)

	// Jump ahead `HandshakeRetries` ticks, offset by one to get the sleep logic right
	for i := 1; i <= DefaultHandshakeRetries+1; i++ {
		now = now.Add(time.Duration(i) * DefaultHandshakeTryInterval)
		blah.NextOutboundHandshakeTimerTick(now)
	}

	// Confirm they are still in the pending index list
	assert.Contains(t, blah.vpnIps, ip)

	// Tick 1 more time, a minute will certainly flush it out
	blah.NextOutboundHandshakeTimerTick(now.Add(time.Minute))

	// Confirm they have been removed
	assert.NotContains(t, blah.vpnIps, ip)
}

func testCountTimerWheelEntries(tw *LockingTimerWheel[iputil.VpnIp]) (c int) {
	for _, i := range tw.t.wheel {
		n := i.Head
		for n != nil {
			c++
			n = n.Next
		}
	}
	return c
}

type mockEncWriter struct {
}

func (mw *mockEncWriter) SendMessageToVpnIp(t header.MessageType, st header.MessageSubType, vpnIp iputil.VpnIp, p, nb, out []byte) {
	return
}

func (mw *mockEncWriter) SendVia(via *HostInfo, relay *Relay, ad, nb, out []byte, nocopy bool) {
	return
}

func (mw *mockEncWriter) SendMessageToHostInfo(t header.MessageType, st header.MessageSubType, hostinfo *HostInfo, p, nb, out []byte) {
	return
}

func (mw *mockEncWriter) Handshake(vpnIP iputil.VpnIp) {}
Public Release 2019-11-19 10:00:20 -07:00			`package nebula`

			`import (`
			`"net"`
			`"testing"`
			`"time"`

Clean up a hostinfo to reduce memory usage (#955) 2023-11-02 15:53:59 -06:00			`"github.com/slackhq/nebula/cert"`
Rework some things into packages (#489) 2021-11-03 19:54:04 -06:00			`"github.com/slackhq/nebula/header"`
			`"github.com/slackhq/nebula/iputil"`
Move util to test, contextual errors to util (#575) 2021-11-10 20:47:38 -07:00			`"github.com/slackhq/nebula/test"`
Rework some things into packages (#489) 2021-11-03 19:54:04 -06:00			`"github.com/slackhq/nebula/udp"`
Public Release 2019-11-19 10:00:20 -07:00			`"github.com/stretchr/testify/assert"`
			`)`

Rework some things into packages (#489) 2021-11-03 19:54:04 -06:00			`func Test_NewHandshakeManagerVpnIp(t *testing.T) {`
Move util to test, contextual errors to util (#575) 2021-11-10 20:47:38 -07:00			`l := test.NewLogger()`
Public Release 2019-11-19 10:00:20 -07:00			`_, vpncidr, _ := net.ParseCIDR("172.1.1.1/24")`
			`_, localrange, _ := net.ParseCIDR("10.1.1.1/24")`
Rework some things into packages (#489) 2021-11-03 19:54:04 -06:00			`ip := iputil.Ip2VpnIp(net.ParseIP("172.1.1.2"))`
Public Release 2019-11-19 10:00:20 -07:00			`preferredRanges := []*net.IPNet{localrange}`
Pull hostmap and pending hostmap apart, remove unused functions (#843) 2023-07-24 11:37:52 -06:00			`mainHM := NewHostMap(l, vpncidr, preferredRanges)`
switch to new sync/atomic helpers in go1.19 (#728) These new helpers make the code a lot cleaner. I confirmed that the simple helpers like `atomic.Int64` don't add any extra overhead as they get inlined by the compiler. `atomic.Pointer` adds an extra method call as it no longer gets inlined, but we aren't using these on the hot path so it is probably okay. 2022-10-31 11:37:41 -06:00			`lh := newTestLighthouse()`
Public Release 2019-11-19 10:00:20 -07:00
Clean up a hostinfo to reduce memory usage (#955) 2023-11-02 15:53:59 -06:00			`cs := &CertState{`
			`RawCertificate: []byte{},`
			`PrivateKey: []byte{},`
			`Certificate: &cert.NebulaCertificate{},`
			`RawCertificateNoKey: []byte{},`
			`}`

Simplify getting a hostinfo or starting a handshake with one (#954) 2023-08-21 17:51:45 -06:00			`blah := NewHandshakeManager(l, mainHM, lh, &udp.NoopConn{}, defaultHandshakeConfig)`
Clean up a hostinfo to reduce memory usage (#955) 2023-11-02 15:53:59 -06:00			`blah.f = &Interface{handshakeManager: blah, pki: &PKI{}, l: l}`
			`blah.f.pki.cs.Store(cs)`
Public Release 2019-11-19 10:00:20 -07:00
			`now := time.Now()`
Simplify getting a hostinfo or starting a handshake with one (#954) 2023-08-21 17:51:45 -06:00			`blah.NextOutboundHandshakeTimerTick(now)`
Public Release 2019-11-19 10:00:20 -07:00
Simplify getting a hostinfo or starting a handshake with one (#954) 2023-08-21 17:51:45 -06:00			`i := blah.StartHandshake(ip, nil)`
			`i2 := blah.StartHandshake(ip, nil)`
create ConnectionState before adding to HostMap (#535) We have a few small race conditions with creating the HostInfo.ConnectionState since we add the host info to the pendingHostMap before we set this field. We can make everything a lot easier if we just add an "init" function so that we can set this field in the hostinfo before we add it to the hostmap. 2021-11-08 12:46:22 -07:00			`assert.Same(t, i, i2)`

Dns static lookerupper (#796) * Support lighthouse DNS names, and regularly resolve the name in a background goroutine to discover DNS updates. 2023-05-09 09:22:08 -06:00			`i.remotes = NewRemoteList(nil)`
Refactor remotes and handshaking to give every address a fair shot (#437) 2021-04-14 12:50:09 -06:00
Public Release 2019-11-19 10:00:20 -07:00			`// Adding something to pending should not affect the main hostmap`
			`assert.Len(t, mainHM.Hosts, 0)`
Refactor remotes and handshaking to give every address a fair shot (#437) 2021-04-14 12:50:09 -06:00
Public Release 2019-11-19 10:00:20 -07:00			`// Confirm they are in the pending index list`
Pull hostmap and pending hostmap apart, remove unused functions (#843) 2023-07-24 11:37:52 -06:00			`assert.Contains(t, blah.vpnIps, ip)`
Public Release 2019-11-19 10:00:20 -07:00
Refactor remotes and handshaking to give every address a fair shot (#437) 2021-04-14 12:50:09 -06:00			// Jump ahead `HandshakeRetries` ticks, offset by one to get the sleep logic right
			`for i := 1; i <= DefaultHandshakeRetries+1; i++ {`
			`now = now.Add(time.Duration(i) * DefaultHandshakeTryInterval)`
Simplify getting a hostinfo or starting a handshake with one (#954) 2023-08-21 17:51:45 -06:00			`blah.NextOutboundHandshakeTimerTick(now)`
Public Release 2019-11-19 10:00:20 -07:00			`}`

			`// Confirm they are still in the pending index list`
Pull hostmap and pending hostmap apart, remove unused functions (#843) 2023-07-24 11:37:52 -06:00			`assert.Contains(t, blah.vpnIps, ip)`
Refactor remotes and handshaking to give every address a fair shot (#437) 2021-04-14 12:50:09 -06:00
			`// Tick 1 more time, a minute will certainly flush it out`
Simplify getting a hostinfo or starting a handshake with one (#954) 2023-08-21 17:51:45 -06:00			`blah.NextOutboundHandshakeTimerTick(now.Add(time.Minute))`
Refactor remotes and handshaking to give every address a fair shot (#437) 2021-04-14 12:50:09 -06:00
Public Release 2019-11-19 10:00:20 -07:00			`// Confirm they have been removed`
Pull hostmap and pending hostmap apart, remove unused functions (#843) 2023-07-24 11:37:52 -06:00			`assert.NotContains(t, blah.vpnIps, ip)`
Public Release 2019-11-19 10:00:20 -07:00			`}`

Generic timerwheel (#804) 2023-01-18 09:56:42 -07:00			`func testCountTimerWheelEntries(tw *LockingTimerWheel[iputil.VpnIp]) (c int) {`
			`for _, i := range tw.t.wheel {`
trigger handshakes when lighthouse reply arrives (#246) Currently, we wait until the next timer tick to act on the lighthouse's reply to our HostQuery. This means we can easily add hundreds of milliseconds of unnecessary delay to the handshake. To fix this, we can introduce a channel to trigger an outbound handshake without waiting for the next timer tick. A few samples of cold ping time between two hosts that require a lighthouse lookup: before (v1.2.0): time=156 ms time=252 ms time=12.6 ms time=301 ms time=352 ms time=49.4 ms time=150 ms time=13.5 ms time=8.24 ms time=161 ms time=355 ms after: time=3.53 ms time=3.14 ms time=3.08 ms time=3.92 ms time=7.78 ms time=3.59 ms time=3.07 ms time=3.22 ms time=3.12 ms time=3.08 ms time=8.04 ms I recommend reviewing this PR by looking at each commit individually, as some refactoring was required that makes the diff a bit confusing when combined together. 2020-07-22 08:35:10 -06:00			`n := i.Head`
			`for n != nil {`
			`c++`
			`n = n.Next`
			`}`
			`}`
			`return c`
			`}`

Public Release 2019-11-19 10:00:20 -07:00			`type mockEncWriter struct {`
			`}`

Rework some things into packages (#489) 2021-11-03 19:54:04 -06:00			`func (mw *mockEncWriter) SendMessageToVpnIp(t header.MessageType, st header.MessageSubType, vpnIp iputil.VpnIp, p, nb, out []byte) {`
Public Release 2019-11-19 10:00:20 -07:00			`return`
			`}`
Relay (#678) Co-authored-by: Wade Simmons <wsimmons@slack-corp.com> 2022-06-21 12:35:23 -06:00
update EncReader and EncWriter interface function args to have concrete types (#844) * Update LightHouseHandlerFunc to remove EncWriter param. * Move EncWriter to interface * EncReader, too 2023-04-07 12:28:37 -06:00			`func (mw mockEncWriter) SendVia(via HostInfo, relay *Relay, ad, nb, out []byte, nocopy bool) {`
Relay (#678) Co-authored-by: Wade Simmons <wsimmons@slack-corp.com> 2022-06-21 12:35:23 -06:00			`return`
			`}`

Rehandshaking (#838) Co-authored-by: Brad Higgins <brad@defined.net> Co-authored-by: Wade Simmons <wadey@slack-corp.com> 2023-05-04 14:16:37 -06:00			`func (mw mockEncWriter) SendMessageToHostInfo(t header.MessageType, st header.MessageSubType, hostinfo HostInfo, p, nb, out []byte) {`
			`return`
			`}`

Relay (#678) Co-authored-by: Wade Simmons <wsimmons@slack-corp.com> 2022-06-21 12:35:23 -06:00			`func (mw *mockEncWriter) Handshake(vpnIP iputil.VpnIp) {}`