mirror of
				https://github.com/tailscale/tailscale.git
				synced 2025-10-25 22:31:03 +02:00 
			
		
		
		
	So that we can debug customer problems more easily. Updates #11008 Signed-off-by: Fran Bull <fran@tailscale.com>
		
			
				
	
	
		
			572 lines
		
	
	
		
			19 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			572 lines
		
	
	
		
			19 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright (c) Tailscale Inc & AUTHORS
 | |
| // SPDX-License-Identifier: BSD-3-Clause
 | |
| 
 | |
| package appc
 | |
| 
 | |
| import (
 | |
| 	"context"
 | |
| 	"net/netip"
 | |
| 	"reflect"
 | |
| 	"slices"
 | |
| 	"testing"
 | |
| 	"time"
 | |
| 
 | |
| 	xmaps "golang.org/x/exp/maps"
 | |
| 	"golang.org/x/net/dns/dnsmessage"
 | |
| 	"tailscale.com/appc/appctest"
 | |
| 	"tailscale.com/tstest"
 | |
| 	"tailscale.com/util/mak"
 | |
| 	"tailscale.com/util/must"
 | |
| )
 | |
| 
 | |
| func fakeStoreRoutes(*RouteInfo) error { return nil }
 | |
| 
 | |
| func TestUpdateDomains(t *testing.T) {
 | |
| 	for _, shouldStore := range []bool{false, true} {
 | |
| 		ctx := context.Background()
 | |
| 		var a *AppConnector
 | |
| 		if shouldStore {
 | |
| 			a = NewAppConnector(t.Logf, &appctest.RouteCollector{}, &RouteInfo{}, fakeStoreRoutes)
 | |
| 		} else {
 | |
| 			a = NewAppConnector(t.Logf, &appctest.RouteCollector{}, nil, nil)
 | |
| 		}
 | |
| 		a.UpdateDomains([]string{"example.com"})
 | |
| 
 | |
| 		a.Wait(ctx)
 | |
| 		if got, want := a.Domains().AsSlice(), []string{"example.com"}; !slices.Equal(got, want) {
 | |
| 			t.Errorf("got %v; want %v", got, want)
 | |
| 		}
 | |
| 
 | |
| 		addr := netip.MustParseAddr("192.0.0.8")
 | |
| 		a.domains["example.com"] = append(a.domains["example.com"], addr)
 | |
| 		a.UpdateDomains([]string{"example.com"})
 | |
| 		a.Wait(ctx)
 | |
| 
 | |
| 		if got, want := a.domains["example.com"], []netip.Addr{addr}; !slices.Equal(got, want) {
 | |
| 			t.Errorf("got %v; want %v", got, want)
 | |
| 		}
 | |
| 
 | |
| 		// domains are explicitly downcased on set.
 | |
| 		a.UpdateDomains([]string{"UP.EXAMPLE.COM"})
 | |
| 		a.Wait(ctx)
 | |
| 		if got, want := xmaps.Keys(a.domains), []string{"up.example.com"}; !slices.Equal(got, want) {
 | |
| 			t.Errorf("got %v; want %v", got, want)
 | |
| 		}
 | |
| 	}
 | |
| }
 | |
| 
 | |
| func TestUpdateRoutes(t *testing.T) {
 | |
| 	for _, shouldStore := range []bool{false, true} {
 | |
| 		ctx := context.Background()
 | |
| 		rc := &appctest.RouteCollector{}
 | |
| 		var a *AppConnector
 | |
| 		if shouldStore {
 | |
| 			a = NewAppConnector(t.Logf, rc, &RouteInfo{}, fakeStoreRoutes)
 | |
| 		} else {
 | |
| 			a = NewAppConnector(t.Logf, rc, nil, nil)
 | |
| 		}
 | |
| 		a.updateDomains([]string{"*.example.com"})
 | |
| 
 | |
| 		// This route should be collapsed into the range
 | |
| 		a.ObserveDNSResponse(dnsResponse("a.example.com.", "192.0.2.1"))
 | |
| 		a.Wait(ctx)
 | |
| 
 | |
| 		if !slices.Equal(rc.Routes(), []netip.Prefix{netip.MustParsePrefix("192.0.2.1/32")}) {
 | |
| 			t.Fatalf("got %v, want %v", rc.Routes(), []netip.Prefix{netip.MustParsePrefix("192.0.2.1/32")})
 | |
| 		}
 | |
| 
 | |
| 		// This route should not be collapsed or removed
 | |
| 		a.ObserveDNSResponse(dnsResponse("b.example.com.", "192.0.0.1"))
 | |
| 		a.Wait(ctx)
 | |
| 
 | |
| 		routes := []netip.Prefix{netip.MustParsePrefix("192.0.2.0/24"), netip.MustParsePrefix("192.0.0.1/32")}
 | |
| 		a.updateRoutes(routes)
 | |
| 
 | |
| 		slices.SortFunc(rc.Routes(), prefixCompare)
 | |
| 		rc.SetRoutes(slices.Compact(rc.Routes()))
 | |
| 		slices.SortFunc(routes, prefixCompare)
 | |
| 
 | |
| 		// Ensure that the non-matching /32 is preserved, even though it's in the domains table.
 | |
| 		if !slices.EqualFunc(routes, rc.Routes(), prefixEqual) {
 | |
| 			t.Errorf("added routes: got %v, want %v", rc.Routes(), routes)
 | |
| 		}
 | |
| 
 | |
| 		// Ensure that the contained /32 is removed, replaced by the /24.
 | |
| 		wantRemoved := []netip.Prefix{netip.MustParsePrefix("192.0.2.1/32")}
 | |
| 		if !slices.EqualFunc(rc.RemovedRoutes(), wantRemoved, prefixEqual) {
 | |
| 			t.Fatalf("unexpected removed routes: %v", rc.RemovedRoutes())
 | |
| 		}
 | |
| 	}
 | |
| }
 | |
| 
 | |
| func TestUpdateRoutesUnadvertisesContainedRoutes(t *testing.T) {
 | |
| 	for _, shouldStore := range []bool{false, true} {
 | |
| 		rc := &appctest.RouteCollector{}
 | |
| 		var a *AppConnector
 | |
| 		if shouldStore {
 | |
| 			a = NewAppConnector(t.Logf, rc, &RouteInfo{}, fakeStoreRoutes)
 | |
| 		} else {
 | |
| 			a = NewAppConnector(t.Logf, rc, nil, nil)
 | |
| 		}
 | |
| 		mak.Set(&a.domains, "example.com", []netip.Addr{netip.MustParseAddr("192.0.2.1")})
 | |
| 		rc.SetRoutes([]netip.Prefix{netip.MustParsePrefix("192.0.2.1/32")})
 | |
| 		routes := []netip.Prefix{netip.MustParsePrefix("192.0.2.0/24")}
 | |
| 		a.updateRoutes(routes)
 | |
| 
 | |
| 		if !slices.EqualFunc(routes, rc.Routes(), prefixEqual) {
 | |
| 			t.Fatalf("got %v, want %v", rc.Routes(), routes)
 | |
| 		}
 | |
| 	}
 | |
| }
 | |
| 
 | |
| func TestDomainRoutes(t *testing.T) {
 | |
| 	for _, shouldStore := range []bool{false, true} {
 | |
| 		rc := &appctest.RouteCollector{}
 | |
| 		var a *AppConnector
 | |
| 		if shouldStore {
 | |
| 			a = NewAppConnector(t.Logf, rc, &RouteInfo{}, fakeStoreRoutes)
 | |
| 		} else {
 | |
| 			a = NewAppConnector(t.Logf, rc, nil, nil)
 | |
| 		}
 | |
| 		a.updateDomains([]string{"example.com"})
 | |
| 		a.ObserveDNSResponse(dnsResponse("example.com.", "192.0.0.8"))
 | |
| 		a.Wait(context.Background())
 | |
| 
 | |
| 		want := map[string][]netip.Addr{
 | |
| 			"example.com": {netip.MustParseAddr("192.0.0.8")},
 | |
| 		}
 | |
| 
 | |
| 		if got := a.DomainRoutes(); !reflect.DeepEqual(got, want) {
 | |
| 			t.Fatalf("DomainRoutes: got %v, want %v", got, want)
 | |
| 		}
 | |
| 	}
 | |
| }
 | |
| 
 | |
| func TestObserveDNSResponse(t *testing.T) {
 | |
| 	for _, shouldStore := range []bool{false, true} {
 | |
| 		ctx := context.Background()
 | |
| 		rc := &appctest.RouteCollector{}
 | |
| 		var a *AppConnector
 | |
| 		if shouldStore {
 | |
| 			a = NewAppConnector(t.Logf, rc, &RouteInfo{}, fakeStoreRoutes)
 | |
| 		} else {
 | |
| 			a = NewAppConnector(t.Logf, rc, nil, nil)
 | |
| 		}
 | |
| 
 | |
| 		// a has no domains configured, so it should not advertise any routes
 | |
| 		a.ObserveDNSResponse(dnsResponse("example.com.", "192.0.0.8"))
 | |
| 		if got, want := rc.Routes(), ([]netip.Prefix)(nil); !slices.Equal(got, want) {
 | |
| 			t.Errorf("got %v; want %v", got, want)
 | |
| 		}
 | |
| 
 | |
| 		wantRoutes := []netip.Prefix{netip.MustParsePrefix("192.0.0.8/32")}
 | |
| 
 | |
| 		a.updateDomains([]string{"example.com"})
 | |
| 		a.ObserveDNSResponse(dnsResponse("example.com.", "192.0.0.8"))
 | |
| 		a.Wait(ctx)
 | |
| 		if got, want := rc.Routes(), wantRoutes; !slices.Equal(got, want) {
 | |
| 			t.Errorf("got %v; want %v", got, want)
 | |
| 		}
 | |
| 
 | |
| 		// a CNAME record chain should result in a route being added if the chain
 | |
| 		// matches a routed domain.
 | |
| 		a.updateDomains([]string{"www.example.com", "example.com"})
 | |
| 		a.ObserveDNSResponse(dnsCNAMEResponse("192.0.0.9", "www.example.com.", "chain.example.com.", "example.com."))
 | |
| 		a.Wait(ctx)
 | |
| 		wantRoutes = append(wantRoutes, netip.MustParsePrefix("192.0.0.9/32"))
 | |
| 		if got, want := rc.Routes(), wantRoutes; !slices.Equal(got, want) {
 | |
| 			t.Errorf("got %v; want %v", got, want)
 | |
| 		}
 | |
| 
 | |
| 		// a CNAME record chain should result in a route being added if the chain
 | |
| 		// even if only found in the middle of the chain
 | |
| 		a.ObserveDNSResponse(dnsCNAMEResponse("192.0.0.10", "outside.example.org.", "www.example.com.", "example.org."))
 | |
| 		a.Wait(ctx)
 | |
| 		wantRoutes = append(wantRoutes, netip.MustParsePrefix("192.0.0.10/32"))
 | |
| 		if got, want := rc.Routes(), wantRoutes; !slices.Equal(got, want) {
 | |
| 			t.Errorf("got %v; want %v", got, want)
 | |
| 		}
 | |
| 
 | |
| 		wantRoutes = append(wantRoutes, netip.MustParsePrefix("2001:db8::1/128"))
 | |
| 
 | |
| 		a.ObserveDNSResponse(dnsResponse("example.com.", "2001:db8::1"))
 | |
| 		a.Wait(ctx)
 | |
| 		if got, want := rc.Routes(), wantRoutes; !slices.Equal(got, want) {
 | |
| 			t.Errorf("got %v; want %v", got, want)
 | |
| 		}
 | |
| 
 | |
| 		// don't re-advertise routes that have already been advertised
 | |
| 		a.ObserveDNSResponse(dnsResponse("example.com.", "2001:db8::1"))
 | |
| 		a.Wait(ctx)
 | |
| 		if !slices.Equal(rc.Routes(), wantRoutes) {
 | |
| 			t.Errorf("rc.Routes(): got %v; want %v", rc.Routes(), wantRoutes)
 | |
| 		}
 | |
| 
 | |
| 		// don't advertise addresses that are already in a control provided route
 | |
| 		pfx := netip.MustParsePrefix("192.0.2.0/24")
 | |
| 		a.updateRoutes([]netip.Prefix{pfx})
 | |
| 		wantRoutes = append(wantRoutes, pfx)
 | |
| 		a.ObserveDNSResponse(dnsResponse("example.com.", "192.0.2.1"))
 | |
| 		a.Wait(ctx)
 | |
| 		if !slices.Equal(rc.Routes(), wantRoutes) {
 | |
| 			t.Errorf("rc.Routes(): got %v; want %v", rc.Routes(), wantRoutes)
 | |
| 		}
 | |
| 		if !slices.Contains(a.domains["example.com"], netip.MustParseAddr("192.0.2.1")) {
 | |
| 			t.Errorf("missing %v from %v", "192.0.2.1", a.domains["exmaple.com"])
 | |
| 		}
 | |
| 	}
 | |
| }
 | |
| 
 | |
| func TestWildcardDomains(t *testing.T) {
 | |
| 	for _, shouldStore := range []bool{false, true} {
 | |
| 		ctx := context.Background()
 | |
| 		rc := &appctest.RouteCollector{}
 | |
| 		var a *AppConnector
 | |
| 		if shouldStore {
 | |
| 			a = NewAppConnector(t.Logf, rc, &RouteInfo{}, fakeStoreRoutes)
 | |
| 		} else {
 | |
| 			a = NewAppConnector(t.Logf, rc, nil, nil)
 | |
| 		}
 | |
| 
 | |
| 		a.updateDomains([]string{"*.example.com"})
 | |
| 		a.ObserveDNSResponse(dnsResponse("foo.example.com.", "192.0.0.8"))
 | |
| 		a.Wait(ctx)
 | |
| 		if got, want := rc.Routes(), []netip.Prefix{netip.MustParsePrefix("192.0.0.8/32")}; !slices.Equal(got, want) {
 | |
| 			t.Errorf("routes: got %v; want %v", got, want)
 | |
| 		}
 | |
| 		if got, want := a.wildcards, []string{"example.com"}; !slices.Equal(got, want) {
 | |
| 			t.Errorf("wildcards: got %v; want %v", got, want)
 | |
| 		}
 | |
| 
 | |
| 		a.updateDomains([]string{"*.example.com", "example.com"})
 | |
| 		if _, ok := a.domains["foo.example.com"]; !ok {
 | |
| 			t.Errorf("expected foo.example.com to be preserved in domains due to wildcard")
 | |
| 		}
 | |
| 		if got, want := a.wildcards, []string{"example.com"}; !slices.Equal(got, want) {
 | |
| 			t.Errorf("wildcards: got %v; want %v", got, want)
 | |
| 		}
 | |
| 
 | |
| 		// There was an early regression where the wildcard domain was added repeatedly, this guards against that.
 | |
| 		a.updateDomains([]string{"*.example.com", "example.com"})
 | |
| 		if len(a.wildcards) != 1 {
 | |
| 			t.Errorf("expected only one wildcard domain, got %v", a.wildcards)
 | |
| 		}
 | |
| 	}
 | |
| }
 | |
| 
 | |
| // dnsResponse is a test helper that creates a DNS response buffer for the given domain and address
 | |
| func dnsResponse(domain, address string) []byte {
 | |
| 	addr := netip.MustParseAddr(address)
 | |
| 	b := dnsmessage.NewBuilder(nil, dnsmessage.Header{})
 | |
| 	b.EnableCompression()
 | |
| 	b.StartAnswers()
 | |
| 	switch addr.BitLen() {
 | |
| 	case 32:
 | |
| 		b.AResource(
 | |
| 			dnsmessage.ResourceHeader{
 | |
| 				Name:  dnsmessage.MustNewName(domain),
 | |
| 				Type:  dnsmessage.TypeA,
 | |
| 				Class: dnsmessage.ClassINET,
 | |
| 				TTL:   0,
 | |
| 			},
 | |
| 			dnsmessage.AResource{
 | |
| 				A: addr.As4(),
 | |
| 			},
 | |
| 		)
 | |
| 	case 128:
 | |
| 		b.AAAAResource(
 | |
| 			dnsmessage.ResourceHeader{
 | |
| 				Name:  dnsmessage.MustNewName(domain),
 | |
| 				Type:  dnsmessage.TypeAAAA,
 | |
| 				Class: dnsmessage.ClassINET,
 | |
| 				TTL:   0,
 | |
| 			},
 | |
| 			dnsmessage.AAAAResource{
 | |
| 				AAAA: addr.As16(),
 | |
| 			},
 | |
| 		)
 | |
| 	default:
 | |
| 		panic("invalid address length")
 | |
| 	}
 | |
| 	return must.Get(b.Finish())
 | |
| }
 | |
| 
 | |
| func dnsCNAMEResponse(address string, domains ...string) []byte {
 | |
| 	addr := netip.MustParseAddr(address)
 | |
| 	b := dnsmessage.NewBuilder(nil, dnsmessage.Header{})
 | |
| 	b.EnableCompression()
 | |
| 	b.StartAnswers()
 | |
| 
 | |
| 	if len(domains) >= 2 {
 | |
| 		for i, domain := range domains[:len(domains)-1] {
 | |
| 			b.CNAMEResource(
 | |
| 				dnsmessage.ResourceHeader{
 | |
| 					Name:  dnsmessage.MustNewName(domain),
 | |
| 					Type:  dnsmessage.TypeCNAME,
 | |
| 					Class: dnsmessage.ClassINET,
 | |
| 					TTL:   0,
 | |
| 				},
 | |
| 				dnsmessage.CNAMEResource{
 | |
| 					CNAME: dnsmessage.MustNewName(domains[i+1]),
 | |
| 				},
 | |
| 			)
 | |
| 		}
 | |
| 	}
 | |
| 
 | |
| 	domain := domains[len(domains)-1]
 | |
| 
 | |
| 	switch addr.BitLen() {
 | |
| 	case 32:
 | |
| 		b.AResource(
 | |
| 			dnsmessage.ResourceHeader{
 | |
| 				Name:  dnsmessage.MustNewName(domain),
 | |
| 				Type:  dnsmessage.TypeA,
 | |
| 				Class: dnsmessage.ClassINET,
 | |
| 				TTL:   0,
 | |
| 			},
 | |
| 			dnsmessage.AResource{
 | |
| 				A: addr.As4(),
 | |
| 			},
 | |
| 		)
 | |
| 	case 128:
 | |
| 		b.AAAAResource(
 | |
| 			dnsmessage.ResourceHeader{
 | |
| 				Name:  dnsmessage.MustNewName(domain),
 | |
| 				Type:  dnsmessage.TypeAAAA,
 | |
| 				Class: dnsmessage.ClassINET,
 | |
| 				TTL:   0,
 | |
| 			},
 | |
| 			dnsmessage.AAAAResource{
 | |
| 				AAAA: addr.As16(),
 | |
| 			},
 | |
| 		)
 | |
| 	default:
 | |
| 		panic("invalid address length")
 | |
| 	}
 | |
| 	return must.Get(b.Finish())
 | |
| }
 | |
| 
 | |
| func prefixEqual(a, b netip.Prefix) bool {
 | |
| 	return a == b
 | |
| }
 | |
| 
 | |
| func prefixCompare(a, b netip.Prefix) int {
 | |
| 	if a.Addr().Compare(b.Addr()) == 0 {
 | |
| 		return a.Bits() - b.Bits()
 | |
| 	}
 | |
| 	return a.Addr().Compare(b.Addr())
 | |
| }
 | |
| 
 | |
| func prefixes(in ...string) []netip.Prefix {
 | |
| 	toRet := make([]netip.Prefix, len(in))
 | |
| 	for i, s := range in {
 | |
| 		toRet[i] = netip.MustParsePrefix(s)
 | |
| 	}
 | |
| 	return toRet
 | |
| }
 | |
| 
 | |
| func TestUpdateRouteRouteRemoval(t *testing.T) {
 | |
| 	for _, shouldStore := range []bool{false, true} {
 | |
| 		ctx := context.Background()
 | |
| 		rc := &appctest.RouteCollector{}
 | |
| 
 | |
| 		assertRoutes := func(prefix string, routes, removedRoutes []netip.Prefix) {
 | |
| 			if !slices.Equal(routes, rc.Routes()) {
 | |
| 				t.Fatalf("%s: (shouldStore=%t) routes want %v, got %v", prefix, shouldStore, routes, rc.Routes())
 | |
| 			}
 | |
| 			if !slices.Equal(removedRoutes, rc.RemovedRoutes()) {
 | |
| 				t.Fatalf("%s: (shouldStore=%t) removedRoutes want %v, got %v", prefix, shouldStore, removedRoutes, rc.RemovedRoutes())
 | |
| 			}
 | |
| 		}
 | |
| 
 | |
| 		var a *AppConnector
 | |
| 		if shouldStore {
 | |
| 			a = NewAppConnector(t.Logf, rc, &RouteInfo{}, fakeStoreRoutes)
 | |
| 		} else {
 | |
| 			a = NewAppConnector(t.Logf, rc, nil, nil)
 | |
| 		}
 | |
| 		// nothing has yet been advertised
 | |
| 		assertRoutes("appc init", []netip.Prefix{}, []netip.Prefix{})
 | |
| 
 | |
| 		a.UpdateDomainsAndRoutes([]string{}, prefixes("1.2.3.1/32", "1.2.3.2/32"))
 | |
| 		a.Wait(ctx)
 | |
| 		// the routes passed to UpdateDomainsAndRoutes have been advertised
 | |
| 		assertRoutes("simple update", prefixes("1.2.3.1/32", "1.2.3.2/32"), []netip.Prefix{})
 | |
| 
 | |
| 		// one route the same, one different
 | |
| 		a.UpdateDomainsAndRoutes([]string{}, prefixes("1.2.3.1/32", "1.2.3.3/32"))
 | |
| 		a.Wait(ctx)
 | |
| 		// old behavior: routes are not removed, resulting routes are both old and new
 | |
| 		// (we have dupe 1.2.3.1 routes because the test RouteAdvertiser doesn't have the deduplication
 | |
| 		// the real one does)
 | |
| 		wantRoutes := prefixes("1.2.3.1/32", "1.2.3.2/32", "1.2.3.1/32", "1.2.3.3/32")
 | |
| 		wantRemovedRoutes := []netip.Prefix{}
 | |
| 		if shouldStore {
 | |
| 			// new behavior: routes are removed, resulting routes are new only
 | |
| 			wantRoutes = prefixes("1.2.3.1/32", "1.2.3.1/32", "1.2.3.3/32")
 | |
| 			wantRemovedRoutes = prefixes("1.2.3.2/32")
 | |
| 		}
 | |
| 		assertRoutes("removal", wantRoutes, wantRemovedRoutes)
 | |
| 	}
 | |
| }
 | |
| 
 | |
| func TestUpdateDomainRouteRemoval(t *testing.T) {
 | |
| 	for _, shouldStore := range []bool{false, true} {
 | |
| 		ctx := context.Background()
 | |
| 		rc := &appctest.RouteCollector{}
 | |
| 
 | |
| 		assertRoutes := func(prefix string, routes, removedRoutes []netip.Prefix) {
 | |
| 			if !slices.Equal(routes, rc.Routes()) {
 | |
| 				t.Fatalf("%s: (shouldStore=%t) routes want %v, got %v", prefix, shouldStore, routes, rc.Routes())
 | |
| 			}
 | |
| 			if !slices.Equal(removedRoutes, rc.RemovedRoutes()) {
 | |
| 				t.Fatalf("%s: (shouldStore=%t) removedRoutes want %v, got %v", prefix, shouldStore, removedRoutes, rc.RemovedRoutes())
 | |
| 			}
 | |
| 		}
 | |
| 
 | |
| 		var a *AppConnector
 | |
| 		if shouldStore {
 | |
| 			a = NewAppConnector(t.Logf, rc, &RouteInfo{}, fakeStoreRoutes)
 | |
| 		} else {
 | |
| 			a = NewAppConnector(t.Logf, rc, nil, nil)
 | |
| 		}
 | |
| 		assertRoutes("appc init", []netip.Prefix{}, []netip.Prefix{})
 | |
| 
 | |
| 		a.UpdateDomainsAndRoutes([]string{"a.example.com", "b.example.com"}, []netip.Prefix{})
 | |
| 		a.Wait(ctx)
 | |
| 		// adding domains doesn't immediately cause any routes to be advertised
 | |
| 		assertRoutes("update domains", []netip.Prefix{}, []netip.Prefix{})
 | |
| 
 | |
| 		a.ObserveDNSResponse(dnsResponse("a.example.com.", "1.2.3.1"))
 | |
| 		a.ObserveDNSResponse(dnsResponse("a.example.com.", "1.2.3.2"))
 | |
| 		a.ObserveDNSResponse(dnsResponse("b.example.com.", "1.2.3.3"))
 | |
| 		a.ObserveDNSResponse(dnsResponse("b.example.com.", "1.2.3.4"))
 | |
| 		a.Wait(ctx)
 | |
| 		// observing dns responses causes routes to be advertised
 | |
| 		assertRoutes("observed dns", prefixes("1.2.3.1/32", "1.2.3.2/32", "1.2.3.3/32", "1.2.3.4/32"), []netip.Prefix{})
 | |
| 
 | |
| 		a.UpdateDomainsAndRoutes([]string{"a.example.com"}, []netip.Prefix{})
 | |
| 		a.Wait(ctx)
 | |
| 		// old behavior, routes are not removed
 | |
| 		wantRoutes := prefixes("1.2.3.1/32", "1.2.3.2/32", "1.2.3.3/32", "1.2.3.4/32")
 | |
| 		wantRemovedRoutes := []netip.Prefix{}
 | |
| 		if shouldStore {
 | |
| 			// new behavior, routes are removed for b.example.com
 | |
| 			wantRoutes = prefixes("1.2.3.1/32", "1.2.3.2/32")
 | |
| 			wantRemovedRoutes = prefixes("1.2.3.3/32", "1.2.3.4/32")
 | |
| 		}
 | |
| 		assertRoutes("removal", wantRoutes, wantRemovedRoutes)
 | |
| 	}
 | |
| }
 | |
| 
 | |
| func TestUpdateWildcardRouteRemoval(t *testing.T) {
 | |
| 	for _, shouldStore := range []bool{false, true} {
 | |
| 		ctx := context.Background()
 | |
| 		rc := &appctest.RouteCollector{}
 | |
| 
 | |
| 		assertRoutes := func(prefix string, routes, removedRoutes []netip.Prefix) {
 | |
| 			if !slices.Equal(routes, rc.Routes()) {
 | |
| 				t.Fatalf("%s: (shouldStore=%t) routes want %v, got %v", prefix, shouldStore, routes, rc.Routes())
 | |
| 			}
 | |
| 			if !slices.Equal(removedRoutes, rc.RemovedRoutes()) {
 | |
| 				t.Fatalf("%s: (shouldStore=%t) removedRoutes want %v, got %v", prefix, shouldStore, removedRoutes, rc.RemovedRoutes())
 | |
| 			}
 | |
| 		}
 | |
| 
 | |
| 		var a *AppConnector
 | |
| 		if shouldStore {
 | |
| 			a = NewAppConnector(t.Logf, rc, &RouteInfo{}, fakeStoreRoutes)
 | |
| 		} else {
 | |
| 			a = NewAppConnector(t.Logf, rc, nil, nil)
 | |
| 		}
 | |
| 		assertRoutes("appc init", []netip.Prefix{}, []netip.Prefix{})
 | |
| 
 | |
| 		a.UpdateDomainsAndRoutes([]string{"a.example.com", "*.b.example.com"}, []netip.Prefix{})
 | |
| 		a.Wait(ctx)
 | |
| 		// adding domains doesn't immediately cause any routes to be advertised
 | |
| 		assertRoutes("update domains", []netip.Prefix{}, []netip.Prefix{})
 | |
| 
 | |
| 		a.ObserveDNSResponse(dnsResponse("a.example.com.", "1.2.3.1"))
 | |
| 		a.ObserveDNSResponse(dnsResponse("a.example.com.", "1.2.3.2"))
 | |
| 		a.ObserveDNSResponse(dnsResponse("1.b.example.com.", "1.2.3.3"))
 | |
| 		a.ObserveDNSResponse(dnsResponse("2.b.example.com.", "1.2.3.4"))
 | |
| 		a.Wait(ctx)
 | |
| 		// observing dns responses causes routes to be advertised
 | |
| 		assertRoutes("observed dns", prefixes("1.2.3.1/32", "1.2.3.2/32", "1.2.3.3/32", "1.2.3.4/32"), []netip.Prefix{})
 | |
| 
 | |
| 		a.UpdateDomainsAndRoutes([]string{"a.example.com"}, []netip.Prefix{})
 | |
| 		a.Wait(ctx)
 | |
| 		// old behavior, routes are not removed
 | |
| 		wantRoutes := prefixes("1.2.3.1/32", "1.2.3.2/32", "1.2.3.3/32", "1.2.3.4/32")
 | |
| 		wantRemovedRoutes := []netip.Prefix{}
 | |
| 		if shouldStore {
 | |
| 			// new behavior, routes are removed for *.b.example.com
 | |
| 			wantRoutes = prefixes("1.2.3.1/32", "1.2.3.2/32")
 | |
| 			wantRemovedRoutes = prefixes("1.2.3.3/32", "1.2.3.4/32")
 | |
| 		}
 | |
| 		assertRoutes("removal", wantRoutes, wantRemovedRoutes)
 | |
| 	}
 | |
| }
 | |
| 
 | |
| func TestRoutesWithout(t *testing.T) {
 | |
| 	assert := func(msg string, got, want []netip.Prefix) {
 | |
| 		if !slices.Equal(want, got) {
 | |
| 			t.Errorf("%s: want %v, got %v", msg, want, got)
 | |
| 		}
 | |
| 	}
 | |
| 
 | |
| 	assert("empty routes", routesWithout([]netip.Prefix{}, []netip.Prefix{}), []netip.Prefix{})
 | |
| 	assert("a empty", routesWithout([]netip.Prefix{}, prefixes("1.1.1.1/32", "1.1.1.2/32")), []netip.Prefix{})
 | |
| 	assert("b empty", routesWithout(prefixes("1.1.1.1/32", "1.1.1.2/32"), []netip.Prefix{}), prefixes("1.1.1.1/32", "1.1.1.2/32"))
 | |
| 	assert("no overlap", routesWithout(prefixes("1.1.1.1/32", "1.1.1.2/32"), prefixes("1.1.1.3/32", "1.1.1.4/32")), prefixes("1.1.1.1/32", "1.1.1.2/32"))
 | |
| 	assert("a has fewer", routesWithout(prefixes("1.1.1.1/32", "1.1.1.2/32"), prefixes("1.1.1.1/32", "1.1.1.2/32", "1.1.1.3/32", "1.1.1.4/32")), []netip.Prefix{})
 | |
| 	assert("a has more", routesWithout(prefixes("1.1.1.1/32", "1.1.1.2/32", "1.1.1.3/32", "1.1.1.4/32"), prefixes("1.1.1.1/32", "1.1.1.3/32")), prefixes("1.1.1.2/32", "1.1.1.4/32"))
 | |
| }
 | |
| 
 | |
| func TestRateLogger(t *testing.T) {
 | |
| 	clock := tstest.Clock{}
 | |
| 	wasCalled := false
 | |
| 	rl := newRateLogger(func() time.Time { return clock.Now() }, 1*time.Second, func(count int64, _ time.Time, _ int64) {
 | |
| 		if count != 3 {
 | |
| 			t.Fatalf("count for prev period: got %d, want 3", count)
 | |
| 		}
 | |
| 		wasCalled = true
 | |
| 	})
 | |
| 
 | |
| 	for i := 0; i < 3; i++ {
 | |
| 		clock.Advance(1 * time.Millisecond)
 | |
| 		rl.update(0)
 | |
| 		if wasCalled {
 | |
| 			t.Fatalf("wasCalled: got true, want false")
 | |
| 		}
 | |
| 	}
 | |
| 
 | |
| 	clock.Advance(1 * time.Second)
 | |
| 	rl.update(0)
 | |
| 	if !wasCalled {
 | |
| 		t.Fatalf("wasCalled: got false, want true")
 | |
| 	}
 | |
| 
 | |
| 	wasCalled = false
 | |
| 	rl = newRateLogger(func() time.Time { return clock.Now() }, 1*time.Hour, func(count int64, _ time.Time, _ int64) {
 | |
| 		if count != 3 {
 | |
| 			t.Fatalf("count for prev period: got %d, want 3", count)
 | |
| 		}
 | |
| 		wasCalled = true
 | |
| 	})
 | |
| 
 | |
| 	for i := 0; i < 3; i++ {
 | |
| 		clock.Advance(1 * time.Minute)
 | |
| 		rl.update(0)
 | |
| 		if wasCalled {
 | |
| 			t.Fatalf("wasCalled: got true, want false")
 | |
| 		}
 | |
| 	}
 | |
| 
 | |
| 	clock.Advance(1 * time.Hour)
 | |
| 	rl.update(0)
 | |
| 	if !wasCalled {
 | |
| 		t.Fatalf("wasCalled: got false, want true")
 | |
| 	}
 | |
| }
 |