Skip to content

Commit

Permalink
test: use repeated probes
Browse files Browse the repository at this point in the history
  • Loading branch information
dlon committed Apr 9, 2024
1 parent 61b3f99 commit 08b40e0
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 14 deletions.
31 changes: 30 additions & 1 deletion test/test-manager/src/tests/helpers.rs
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ pub async fn reboot(rpc: &mut ServiceClient) -> Result<(), Error> {
Ok(())
}

#[derive(Debug, Default)]
#[derive(Debug, Default, PartialEq)]
pub struct ProbeResult {
tcp: usize,
udp: usize,
Expand Down Expand Up @@ -95,6 +95,35 @@ pub async fn get_tunnel_interface(client: &mut MullvadProxyClient) -> Option<Str
}
}

/// Same as send_guest_probes, but repeated until a consistent result is observed (but giving up
/// after a number of attempts). This is useful where we're not necessarily in the desired state
/// yet.
pub async fn send_repeated_guest_probes(
rpc: ServiceClient,
interface: String,
destination: SocketAddr,
) -> ProbeResult {
const MAX_ATTEMPTS: usize = 5;
const RETRY_INTERVAL: Duration = Duration::from_secs(3);

let mut previous_result = None;

for _ in 0..MAX_ATTEMPTS {
let new_result = Some(send_guest_probes(rpc.clone(), interface.clone(), destination).await);

if previous_result == new_result {
return new_result.unwrap();
}

previous_result = new_result;

tokio::time::sleep(RETRY_INTERVAL).await;
}

// cannot panic as we've received at least one result
previous_result.unwrap()
}

/// Sends a number of probes and returns the number of observed packets (UDP, TCP, or ICMP)
pub async fn send_guest_probes(
rpc: ServiceClient,
Expand Down
18 changes: 5 additions & 13 deletions test/test-manager/src/tests/settings.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use super::{
helpers,
helpers::{connect_and_wait, send_guest_probes},
helpers::{connect_and_wait, send_guest_probes, send_repeated_guest_probes},
Error, TestContext,
};
use crate::vm::network::DUMMY_LAN_INTERFACE_IP;
Expand Down Expand Up @@ -61,15 +61,13 @@ pub async fn test_lan(
.await
.expect("failed to enable LAN sharing");

// Firewall updates are a bit racey, so wait for a while
tokio::time::sleep(std::time::Duration::from_secs(3)).await;

// Ensure LAN is reachable
//

log::info!("Test whether outgoing LAN traffic is blocked");

let detected_probes = send_guest_probes(rpc.clone(), default_interface, lan_destination).await;
let detected_probes =
send_repeated_guest_probes(rpc.clone(), default_interface, lan_destination).await;
assert!(
detected_probes.all(),
"did not observe all outgoing LAN packets: {detected_probes:?}"
Expand Down Expand Up @@ -117,16 +115,13 @@ pub async fn test_lockdown(
.await
.expect("failed to enable lockdown mode");

// Firewall updates are a bit racey, so wait for a while
tokio::time::sleep(std::time::Duration::from_secs(3)).await;

// Ensure all destinations are unreachable
//

let default_interface = rpc.get_default_interface().await?;

let detected_probes =
send_guest_probes(rpc.clone(), default_interface.clone(), lan_destination).await;
send_repeated_guest_probes(rpc.clone(), default_interface.clone(), lan_destination).await;
assert!(
detected_probes.none(),
"observed outgoing packets to LAN: {detected_probes:?}"
Expand All @@ -149,14 +144,11 @@ pub async fn test_lockdown(
.await
.expect("failed to enable LAN sharing");

// Firewall updates are a bit racey, so wait for a while
tokio::time::sleep(std::time::Duration::from_secs(3)).await;

// Ensure private IPs are reachable, but not others
//

let detected_probes =
send_guest_probes(rpc.clone(), default_interface.clone(), lan_destination).await;
send_repeated_guest_probes(rpc.clone(), default_interface.clone(), lan_destination).await;
assert!(
detected_probes.all(),
"did not observe some outgoing packets: {detected_probes:?}"
Expand Down

0 comments on commit 08b40e0

Please sign in to comment.