cloudflared-mirror/ingress/icmp_posix_test.go

//go:build darwin || linux

package ingress

import (
	"context"
	"os"
	"testing"
	"time"

	"github.com/google/gopacket/layers"
	"github.com/rs/zerolog"
	"github.com/stretchr/testify/require"
	"golang.org/x/net/icmp"
	"golang.org/x/net/ipv4"

	"github.com/cloudflare/cloudflared/packet"
)

func TestFunnelIdleTimeout(t *testing.T) {
	const (
		idleTimeout = time.Second
		echoID      = 42573
		startSeq    = 8129
	)
	logger := zerolog.New(os.Stderr)
	proxy, err := newICMPProxy(localhostIP, "", &logger, idleTimeout)
	require.NoError(t, err)

	ctx, cancel := context.WithCancel(context.Background())

	proxyDone := make(chan struct{})
	go func() {
		proxy.Serve(ctx)
		close(proxyDone)
	}()

	// Send a packet to register the flow
	pk := packet.ICMP{
		IP: &packet.IP{
			Src:      localhostIP,
			Dst:      localhostIP,
			Protocol: layers.IPProtocolICMPv4,
		},
		Message: &icmp.Message{
			Type: ipv4.ICMPTypeEcho,
			Code: 0,
			Body: &icmp.Echo{
				ID:   echoID,
				Seq:  startSeq,
				Data: []byte(t.Name()),
			},
		},
	}
	muxer := newMockMuxer(0)
	responder := packetResponder{
		datagramMuxer: muxer,
	}
	require.NoError(t, proxy.Request(ctx, &pk, &responder))
	validateEchoFlow(t, <-muxer.cfdToEdge, &pk)

	// Send second request, should reuse the funnel
	require.NoError(t, proxy.Request(ctx, &pk, &packetResponder{
		datagramMuxer: muxer,
	}))
	validateEchoFlow(t, <-muxer.cfdToEdge, &pk)

	time.Sleep(idleTimeout * 2)
	newMuxer := newMockMuxer(0)
	newResponder := packetResponder{
		datagramMuxer: newMuxer,
	}
	require.NoError(t, proxy.Request(ctx, &pk, &newResponder))
	validateEchoFlow(t, <-newMuxer.cfdToEdge, &pk)

	cancel()
	<-proxyDone
}

func TestReuseFunnel(t *testing.T) {
	const (
		idleTimeout = time.Second
		echoID      = 42573
		startSeq    = 8129
	)
	logger := zerolog.New(os.Stderr)
	proxy, err := newICMPProxy(localhostIP, "", &logger, idleTimeout)
	require.NoError(t, err)

	ctx, cancel := context.WithCancel(context.Background())

	proxyDone := make(chan struct{})
	go func() {
		proxy.Serve(ctx)
		close(proxyDone)
	}()

	// Send a packet to register the flow
	pk := packet.ICMP{
		IP: &packet.IP{
			Src:      localhostIP,
			Dst:      localhostIP,
			Protocol: layers.IPProtocolICMPv4,
		},
		Message: &icmp.Message{
			Type: ipv4.ICMPTypeEcho,
			Code: 0,
			Body: &icmp.Echo{
				ID:   echoID,
				Seq:  startSeq,
				Data: []byte(t.Name()),
			},
		},
	}
	tuple := flow3Tuple{
		srcIP:          pk.Src,
		dstIP:          pk.Dst,
		originalEchoID: echoID,
	}
	muxer := newMockMuxer(0)
	responder := packetResponder{
		datagramMuxer: muxer,
	}
	require.NoError(t, proxy.Request(ctx, &pk, &responder))
	validateEchoFlow(t, <-muxer.cfdToEdge, &pk)
	funnel1, found := getFunnel(t, proxy, tuple)
	require.True(t, found)

	// Send second request, should reuse the funnel
	require.NoError(t, proxy.Request(ctx, &pk, &packetResponder{
		datagramMuxer: muxer,
	}))
	validateEchoFlow(t, <-muxer.cfdToEdge, &pk)
	funnel2, found := getFunnel(t, proxy, tuple)
	require.True(t, found)
	require.Equal(t, funnel1, funnel2)

	cancel()
	<-proxyDone
}
TUN-6696: Refactor flow into funnel and close idle funnels A funnel is an abstraction for 1 source to many destinations. As part of this refactoring, shared logic between Darwin and Linux are moved into icmp_posix 2022-09-02 16:29:50 +00:00			`//go:build darwin \|\| linux`

			`package ingress`

			`import (`
			`"context"`
			`"os"`
			`"testing"`
			`"time"`

			`"github.com/google/gopacket/layers"`
			`"github.com/rs/zerolog"`
			`"github.com/stretchr/testify/require"`
			`"golang.org/x/net/icmp"`
			`"golang.org/x/net/ipv4"`

			`"github.com/cloudflare/cloudflared/packet"`
			`)`

			`func TestFunnelIdleTimeout(t *testing.T) {`
			`const (`
			`idleTimeout = time.Second`
			`echoID = 42573`
			`startSeq = 8129`
			`)`
			`logger := zerolog.New(os.Stderr)`
TUN-6741: ICMP proxy tries to listen on specific IPv4 & IPv6 when possible If it cannot determine the correct interface IP, it will fallback to all interfaces. This commit also introduces the icmpv4-src and icmpv6-src flags 2022-09-20 10:39:51 +00:00			`proxy, err := newICMPProxy(localhostIP, "", &logger, idleTimeout)`
TUN-6696: Refactor flow into funnel and close idle funnels A funnel is an abstraction for 1 source to many destinations. As part of this refactoring, shared logic between Darwin and Linux are moved into icmp_posix 2022-09-02 16:29:50 +00:00			`require.NoError(t, err)`

			`ctx, cancel := context.WithCancel(context.Background())`

			`proxyDone := make(chan struct{})`
			`go func() {`
			`proxy.Serve(ctx)`
			`close(proxyDone)`
			`}()`

			`// Send a packet to register the flow`
			`pk := packet.ICMP{`
			`IP: &packet.IP{`
			`Src: localhostIP,`
			`Dst: localhostIP,`
			`Protocol: layers.IPProtocolICMPv4,`
			`},`
			`Message: &icmp.Message{`
			`Type: ipv4.ICMPTypeEcho,`
			`Code: 0,`
			`Body: &icmp.Echo{`
			`ID: echoID,`
			`Seq: startSeq,`
			`Data: []byte(t.Name()),`
			`},`
			`},`
			`}`
TUN-6856: Refactor to lay foundation for tracing ICMP Remove send and return methods from Funnel interface. Users of Funnel can provide their own send and return methods without wrapper to comply with the interface. Move packet router to ingress package to avoid circular dependency 2022-10-13 10:01:25 +00:00			`muxer := newMockMuxer(0)`
			`responder := packetResponder{`
			`datagramMuxer: muxer,`
TUN-6696: Refactor flow into funnel and close idle funnels A funnel is an abstraction for 1 source to many destinations. As part of this refactoring, shared logic between Darwin and Linux are moved into icmp_posix 2022-09-02 16:29:50 +00:00			`}`
TUN-6856: Refactor to lay foundation for tracing ICMP Remove send and return methods from Funnel interface. Users of Funnel can provide their own send and return methods without wrapper to comply with the interface. Move packet router to ingress package to avoid circular dependency 2022-10-13 10:01:25 +00:00			`require.NoError(t, proxy.Request(ctx, &pk, &responder))`
TUN-6876: Fix flaky TestTraceICMPRouterEcho by taking account request span can return before reply 2022-10-19 13:37:10 +00:00			`validateEchoFlow(t, <-muxer.cfdToEdge, &pk)`
TUN-6696: Refactor flow into funnel and close idle funnels A funnel is an abstraction for 1 source to many destinations. As part of this refactoring, shared logic between Darwin and Linux are moved into icmp_posix 2022-09-02 16:29:50 +00:00
			`// Send second request, should reuse the funnel`
TUN-6856: Refactor to lay foundation for tracing ICMP Remove send and return methods from Funnel interface. Users of Funnel can provide their own send and return methods without wrapper to comply with the interface. Move packet router to ingress package to avoid circular dependency 2022-10-13 10:01:25 +00:00			`require.NoError(t, proxy.Request(ctx, &pk, &packetResponder{`
ZTC-234: Replace ICMP funnels when ingress connection changes Origintunneld has been observed to continue sending reply packets to the first incoming connection it received, even if a newer connection is observed to be sending the requests. OTD uses the funnel library from cloudflared, which is why the changes are here. In theory, cloudflared has the same type of bug where a ping session switching between quic connections will continue sending replies to the first connection. This bug has not been tested or confirmed though, but this PR will fix if it exists. 2022-11-08 23:12:33 +00:00			`datagramMuxer: muxer,`
TUN-6856: Refactor to lay foundation for tracing ICMP Remove send and return methods from Funnel interface. Users of Funnel can provide their own send and return methods without wrapper to comply with the interface. Move packet router to ingress package to avoid circular dependency 2022-10-13 10:01:25 +00:00			`}))`
TUN-6876: Fix flaky TestTraceICMPRouterEcho by taking account request span can return before reply 2022-10-19 13:37:10 +00:00			`validateEchoFlow(t, <-muxer.cfdToEdge, &pk)`
TUN-6696: Refactor flow into funnel and close idle funnels A funnel is an abstraction for 1 source to many destinations. As part of this refactoring, shared logic between Darwin and Linux are moved into icmp_posix 2022-09-02 16:29:50 +00:00
			`time.Sleep(idleTimeout * 2)`
TUN-6856: Refactor to lay foundation for tracing ICMP Remove send and return methods from Funnel interface. Users of Funnel can provide their own send and return methods without wrapper to comply with the interface. Move packet router to ingress package to avoid circular dependency 2022-10-13 10:01:25 +00:00			`newMuxer := newMockMuxer(0)`
			`newResponder := packetResponder{`
			`datagramMuxer: newMuxer,`
TUN-6696: Refactor flow into funnel and close idle funnels A funnel is an abstraction for 1 source to many destinations. As part of this refactoring, shared logic between Darwin and Linux are moved into icmp_posix 2022-09-02 16:29:50 +00:00			`}`
TUN-6856: Refactor to lay foundation for tracing ICMP Remove send and return methods from Funnel interface. Users of Funnel can provide their own send and return methods without wrapper to comply with the interface. Move packet router to ingress package to avoid circular dependency 2022-10-13 10:01:25 +00:00			`require.NoError(t, proxy.Request(ctx, &pk, &newResponder))`
TUN-6876: Fix flaky TestTraceICMPRouterEcho by taking account request span can return before reply 2022-10-19 13:37:10 +00:00			`validateEchoFlow(t, <-newMuxer.cfdToEdge, &pk)`
TUN-6696: Refactor flow into funnel and close idle funnels A funnel is an abstraction for 1 source to many destinations. As part of this refactoring, shared logic between Darwin and Linux are moved into icmp_posix 2022-09-02 16:29:50 +00:00
			`cancel()`
			`<-proxyDone`
			`}`
ZTC-234: macOS tests 2022-11-10 17:09:47 +00:00
			`func TestReuseFunnel(t *testing.T) {`
			`const (`
			`idleTimeout = time.Second`
			`echoID = 42573`
			`startSeq = 8129`
			`)`
			`logger := zerolog.New(os.Stderr)`
			`proxy, err := newICMPProxy(localhostIP, "", &logger, idleTimeout)`
			`require.NoError(t, err)`

			`ctx, cancel := context.WithCancel(context.Background())`

			`proxyDone := make(chan struct{})`
			`go func() {`
			`proxy.Serve(ctx)`
			`close(proxyDone)`
			`}()`

			`// Send a packet to register the flow`
			`pk := packet.ICMP{`
			`IP: &packet.IP{`
			`Src: localhostIP,`
			`Dst: localhostIP,`
			`Protocol: layers.IPProtocolICMPv4,`
			`},`
			`Message: &icmp.Message{`
			`Type: ipv4.ICMPTypeEcho,`
			`Code: 0,`
			`Body: &icmp.Echo{`
			`ID: echoID,`
			`Seq: startSeq,`
			`Data: []byte(t.Name()),`
			`},`
			`},`
			`}`
			`tuple := flow3Tuple{`
			`srcIP: pk.Src,`
			`dstIP: pk.Dst,`
			`originalEchoID: echoID,`
			`}`
			`muxer := newMockMuxer(0)`
			`responder := packetResponder{`
			`datagramMuxer: muxer,`
			`}`
			`require.NoError(t, proxy.Request(ctx, &pk, &responder))`
			`validateEchoFlow(t, <-muxer.cfdToEdge, &pk)`
			`funnel1, found := getFunnel(t, proxy, tuple)`
			`require.True(t, found)`

			`// Send second request, should reuse the funnel`
			`require.NoError(t, proxy.Request(ctx, &pk, &packetResponder{`
			`datagramMuxer: muxer,`
			`}))`
			`validateEchoFlow(t, <-muxer.cfdToEdge, &pk)`
			`funnel2, found := getFunnel(t, proxy, tuple)`
			`require.True(t, found)`
			`require.Equal(t, funnel1, funnel2)`

			`cancel()`
			`<-proxyDone`
			`}`