nebula/handshake_manager_test.go

package nebula

import (
	"net"
	"testing"
	"time"

	"github.com/slackhq/nebula/header"
	"github.com/slackhq/nebula/iputil"
	"github.com/slackhq/nebula/test"
	"github.com/slackhq/nebula/udp"
	"github.com/stretchr/testify/assert"
)

func Test_NewHandshakeManagerVpnIp(t *testing.T) {
	l := test.NewLogger()
	_, tuncidr, _ := net.ParseCIDR("172.1.1.1/24")
	_, vpncidr, _ := net.ParseCIDR("172.1.1.1/24")
	_, localrange, _ := net.ParseCIDR("10.1.1.1/24")
	ip := iputil.Ip2VpnIp(net.ParseIP("172.1.1.2"))
	preferredRanges := []*net.IPNet{localrange}
	mw := &mockEncWriter{}
	mainHM := NewHostMap(l, "test", vpncidr, preferredRanges)
	lh := newTestLighthouse()

	blah := NewHandshakeManager(l, tuncidr, preferredRanges, mainHM, lh, &udp.Conn{}, defaultHandshakeConfig)

	now := time.Now()
	blah.NextOutboundHandshakeTimerTick(now, mw)

	var initCalled bool
	initFunc := func(*HostInfo) {
		initCalled = true
	}

	i := blah.AddVpnIp(ip, initFunc)
	assert.True(t, initCalled)

	initCalled = false
	i2 := blah.AddVpnIp(ip, initFunc)
	assert.False(t, initCalled)
	assert.Same(t, i, i2)

	i.remotes = NewRemoteList()
	i.HandshakeReady = true

	// Adding something to pending should not affect the main hostmap
	assert.Len(t, mainHM.Hosts, 0)

	// Confirm they are in the pending index list
	assert.Contains(t, blah.pendingHostMap.Hosts, ip)

	// Jump ahead `HandshakeRetries` ticks, offset by one to get the sleep logic right
	for i := 1; i <= DefaultHandshakeRetries+1; i++ {
		now = now.Add(time.Duration(i) * DefaultHandshakeTryInterval)
		blah.NextOutboundHandshakeTimerTick(now, mw)
	}

	// Confirm they are still in the pending index list
	assert.Contains(t, blah.pendingHostMap.Hosts, ip)

	// Tick 1 more time, a minute will certainly flush it out
	blah.NextOutboundHandshakeTimerTick(now.Add(time.Minute), mw)

	// Confirm they have been removed
	assert.NotContains(t, blah.pendingHostMap.Hosts, ip)
}

func testCountTimerWheelEntries(tw *LockingTimerWheel[iputil.VpnIp]) (c int) {
	for _, i := range tw.t.wheel {
		n := i.Head
		for n != nil {
			c++
			n = n.Next
		}
	}
	return c
}

type mockEncWriter struct {
}

func (mw *mockEncWriter) SendMessageToVpnIp(t header.MessageType, st header.MessageSubType, vpnIp iputil.VpnIp, p, nb, out []byte) {
	return
}

func (mw *mockEncWriter) SendVia(via *HostInfo, relay *Relay, ad, nb, out []byte, nocopy bool) {
	return
}

func (mw *mockEncWriter) Handshake(vpnIP iputil.VpnIp) {}
Public Release 2019-11-19 17:00:20 +00:00			`package nebula`

			`import (`
			`"net"`
			`"testing"`
			`"time"`

Rework some things into packages (#489) 2021-11-03 20:54:04 -05:00			`"github.com/slackhq/nebula/header"`
			`"github.com/slackhq/nebula/iputil"`
Move util to test, contextual errors to util (#575) 2021-11-10 21:47:38 -06:00			`"github.com/slackhq/nebula/test"`
Rework some things into packages (#489) 2021-11-03 20:54:04 -05:00			`"github.com/slackhq/nebula/udp"`
Public Release 2019-11-19 17:00:20 +00:00			`"github.com/stretchr/testify/assert"`
			`)`

Rework some things into packages (#489) 2021-11-03 20:54:04 -05:00			`func Test_NewHandshakeManagerVpnIp(t *testing.T) {`
Move util to test, contextual errors to util (#575) 2021-11-10 21:47:38 -06:00			`l := test.NewLogger()`
subnet support 2019-12-12 16:34:17 +00:00			`_, tuncidr, _ := net.ParseCIDR("172.1.1.1/24")`
Public Release 2019-11-19 17:00:20 +00:00			`_, vpncidr, _ := net.ParseCIDR("172.1.1.1/24")`
			`_, localrange, _ := net.ParseCIDR("10.1.1.1/24")`
Rework some things into packages (#489) 2021-11-03 20:54:04 -05:00			`ip := iputil.Ip2VpnIp(net.ParseIP("172.1.1.2"))`
Public Release 2019-11-19 17:00:20 +00:00			`preferredRanges := []*net.IPNet{localrange}`
			`mw := &mockEncWriter{}`
Don't use a global logger (#423) 2021-03-26 09:46:30 -05:00			`mainHM := NewHostMap(l, "test", vpncidr, preferredRanges)`
switch to new sync/atomic helpers in go1.19 (#728) These new helpers make the code a lot cleaner. I confirmed that the simple helpers like `atomic.Int64` don't add any extra overhead as they get inlined by the compiler. `atomic.Pointer` adds an extra method call as it no longer gets inlined, but we aren't using these on the hot path so it is probably okay. 2022-10-31 13:37:41 -04:00			`lh := newTestLighthouse()`
Public Release 2019-11-19 17:00:20 +00:00
Lighthouse reload support (#649) Co-authored-by: John Maguire <contact@johnmaguire.me> 2022-03-14 12:35:13 -05:00			`blah := NewHandshakeManager(l, tuncidr, preferredRanges, mainHM, lh, &udp.Conn{}, defaultHandshakeConfig)`
Public Release 2019-11-19 17:00:20 +00:00
			`now := time.Now()`
			`blah.NextOutboundHandshakeTimerTick(now, mw)`

create ConnectionState before adding to HostMap (#535) We have a few small race conditions with creating the HostInfo.ConnectionState since we add the host info to the pendingHostMap before we set this field. We can make everything a lot easier if we just add an "init" function so that we can set this field in the hostinfo before we add it to the hostmap. 2021-11-08 14:46:22 -05:00			`var initCalled bool`
			`initFunc := func(*HostInfo) {`
			`initCalled = true`
			`}`

			`i := blah.AddVpnIp(ip, initFunc)`
			`assert.True(t, initCalled)`

			`initCalled = false`
			`i2 := blah.AddVpnIp(ip, initFunc)`
			`assert.False(t, initCalled)`
			`assert.Same(t, i, i2)`

Refactor remotes and handshaking to give every address a fair shot (#437) 2021-04-14 13:50:09 -05:00			`i.remotes = NewRemoteList()`
			`i.HandshakeReady = true`

Public Release 2019-11-19 17:00:20 +00:00			`// Adding something to pending should not affect the main hostmap`
			`assert.Len(t, mainHM.Hosts, 0)`
Refactor remotes and handshaking to give every address a fair shot (#437) 2021-04-14 13:50:09 -05:00
Public Release 2019-11-19 17:00:20 +00:00			`// Confirm they are in the pending index list`
Refactor remotes and handshaking to give every address a fair shot (#437) 2021-04-14 13:50:09 -05:00			`assert.Contains(t, blah.pendingHostMap.Hosts, ip)`
Public Release 2019-11-19 17:00:20 +00:00
Refactor remotes and handshaking to give every address a fair shot (#437) 2021-04-14 13:50:09 -05:00			// Jump ahead `HandshakeRetries` ticks, offset by one to get the sleep logic right
			`for i := 1; i <= DefaultHandshakeRetries+1; i++ {`
			`now = now.Add(time.Duration(i) * DefaultHandshakeTryInterval)`
			`blah.NextOutboundHandshakeTimerTick(now, mw)`
Public Release 2019-11-19 17:00:20 +00:00			`}`

			`// Confirm they are still in the pending index list`
Refactor remotes and handshaking to give every address a fair shot (#437) 2021-04-14 13:50:09 -05:00			`assert.Contains(t, blah.pendingHostMap.Hosts, ip)`

			`// Tick 1 more time, a minute will certainly flush it out`
			`blah.NextOutboundHandshakeTimerTick(now.Add(time.Minute), mw)`

Public Release 2019-11-19 17:00:20 +00:00			`// Confirm they have been removed`
Refactor remotes and handshaking to give every address a fair shot (#437) 2021-04-14 13:50:09 -05:00			`assert.NotContains(t, blah.pendingHostMap.Hosts, ip)`
Public Release 2019-11-19 17:00:20 +00:00			`}`

Generic timerwheel (#804) 2023-01-18 10:56:42 -06:00			`func testCountTimerWheelEntries(tw *LockingTimerWheel[iputil.VpnIp]) (c int) {`
			`for _, i := range tw.t.wheel {`
trigger handshakes when lighthouse reply arrives (#246) Currently, we wait until the next timer tick to act on the lighthouse's reply to our HostQuery. This means we can easily add hundreds of milliseconds of unnecessary delay to the handshake. To fix this, we can introduce a channel to trigger an outbound handshake without waiting for the next timer tick. A few samples of cold ping time between two hosts that require a lighthouse lookup: before (v1.2.0): time=156 ms time=252 ms time=12.6 ms time=301 ms time=352 ms time=49.4 ms time=150 ms time=13.5 ms time=8.24 ms time=161 ms time=355 ms after: time=3.53 ms time=3.14 ms time=3.08 ms time=3.92 ms time=7.78 ms time=3.59 ms time=3.07 ms time=3.22 ms time=3.12 ms time=3.08 ms time=8.04 ms I recommend reviewing this PR by looking at each commit individually, as some refactoring was required that makes the diff a bit confusing when combined together. 2020-07-22 10:35:10 -04:00			`n := i.Head`
			`for n != nil {`
			`c++`
			`n = n.Next`
			`}`
			`}`
			`return c`
			`}`

Public Release 2019-11-19 17:00:20 +00:00			`type mockEncWriter struct {`
			`}`

Rework some things into packages (#489) 2021-11-03 20:54:04 -05:00			`func (mw *mockEncWriter) SendMessageToVpnIp(t header.MessageType, st header.MessageSubType, vpnIp iputil.VpnIp, p, nb, out []byte) {`
Public Release 2019-11-19 17:00:20 +00:00			`return`
			`}`
Relay (#678) Co-authored-by: Wade Simmons <wsimmons@slack-corp.com> 2022-06-21 14:35:23 -04:00
update EncReader and EncWriter interface function args to have concrete types (#844) * Update LightHouseHandlerFunc to remove EncWriter param. * Move EncWriter to interface * EncReader, too 2023-04-07 14:28:37 -04:00			`func (mw mockEncWriter) SendVia(via HostInfo, relay *Relay, ad, nb, out []byte, nocopy bool) {`
Relay (#678) Co-authored-by: Wade Simmons <wsimmons@slack-corp.com> 2022-06-21 14:35:23 -04:00			`return`
			`}`

			`func (mw *mockEncWriter) Handshake(vpnIP iputil.VpnIp) {}`