mirror of
https://github.com/tonarino/innernet.git
synced 2025-01-10 04:19:31 +02:00
server: addd ipv6 tests as feature flag alongside ipv4
This commit is contained in:
parent
9c5380c7f8
commit
22203e63d0
5
.github/workflows/rust.yml
vendored
5
.github/workflows/rust.yml
vendored
@ -47,6 +47,11 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
command: test
|
command: test
|
||||||
args: --verbose
|
args: --verbose
|
||||||
|
- name: Test (IPv6)
|
||||||
|
uses: actions-rs/cargo@v1
|
||||||
|
with:
|
||||||
|
command: test
|
||||||
|
args: --features v6-test --verbose
|
||||||
- name: Clippy
|
- name: Clippy
|
||||||
uses: actions-rs/cargo@v1
|
uses: actions-rs/cargo@v1
|
||||||
with:
|
with:
|
||||||
|
@ -12,6 +12,9 @@ version = "1.4.1"
|
|||||||
name = "innernet-server"
|
name = "innernet-server"
|
||||||
path = "src/main.rs"
|
path = "src/main.rs"
|
||||||
|
|
||||||
|
[features]
|
||||||
|
v6-test = []
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
anyhow = "1"
|
anyhow = "1"
|
||||||
bytes = "1"
|
bytes = "1"
|
||||||
|
@ -103,7 +103,11 @@ mod tests {
|
|||||||
|
|
||||||
let old_peers = DatabasePeer::list(&server.db().lock())?;
|
let old_peers = DatabasePeer::list(&server.db().lock())?;
|
||||||
|
|
||||||
let peer = test::developer_peer_contents("developer3", "10.80.64.4")?;
|
let peer = if cfg!(feature = "v6-test") {
|
||||||
|
test::developer_peer_contents("developer3", "fd00:1337::2:0:0:3")?
|
||||||
|
} else {
|
||||||
|
test::developer_peer_contents("developer3", "10.80.64.4")?
|
||||||
|
};
|
||||||
|
|
||||||
let res = server
|
let res = server
|
||||||
.form_request(test::ADMIN_PEER_IP, "POST", "/v1/admin/peers", &peer)
|
.form_request(test::ADMIN_PEER_IP, "POST", "/v1/admin/peers", &peer)
|
||||||
|
@ -651,8 +651,13 @@ mod tests {
|
|||||||
async fn test_with_session_disguised_with_headers() -> Result<(), Error> {
|
async fn test_with_session_disguised_with_headers() -> Result<(), Error> {
|
||||||
let server = test::Server::new()?;
|
let server = test::Server::new()?;
|
||||||
|
|
||||||
|
let path = if cfg!(feature = "v6-test") {
|
||||||
|
format!("http://[{}]/v1/admin/peers", test::WG_MANAGE_PEER_IP)
|
||||||
|
} else {
|
||||||
|
format!("http://{}/v1/admin/peers", test::WG_MANAGE_PEER_IP)
|
||||||
|
};
|
||||||
let req = Request::builder()
|
let req = Request::builder()
|
||||||
.uri(format!("http://{}/v1/admin/peers", test::WG_MANAGE_PEER_IP))
|
.uri(path)
|
||||||
.header("Forwarded", format!("for={}", test::ADMIN_PEER_IP))
|
.header("Forwarded", format!("for={}", test::ADMIN_PEER_IP))
|
||||||
.header("X-Forwarded-For", test::ADMIN_PEER_IP)
|
.header("X-Forwarded-For", test::ADMIN_PEER_IP)
|
||||||
.header("X-Real-IP", test::ADMIN_PEER_IP)
|
.header("X-Real-IP", test::ADMIN_PEER_IP)
|
||||||
@ -660,7 +665,11 @@ mod tests {
|
|||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
||||||
// Request from an unknown IP, trying to disguise as an admin using HTTP headers.
|
// Request from an unknown IP, trying to disguise as an admin using HTTP headers.
|
||||||
let res = server.raw_request("10.80.80.80", req).await;
|
let res = if cfg!(feature = "v6-test") {
|
||||||
|
server.raw_request("fd00:1337::1337", req).await
|
||||||
|
} else {
|
||||||
|
server.raw_request("10.80.80.80", req).await
|
||||||
|
};
|
||||||
|
|
||||||
// addr::remote() filter only look at remote_addr from TCP socket.
|
// addr::remote() filter only look at remote_addr from TCP socket.
|
||||||
// HTTP headers are not considered. This also means that innernet
|
// HTTP headers are not considered. This also means that innernet
|
||||||
@ -676,13 +685,22 @@ mod tests {
|
|||||||
|
|
||||||
let key = Key::generate_private().generate_public();
|
let key = Key::generate_private().generate_public();
|
||||||
|
|
||||||
|
let path = if cfg!(feature = "v6-test") {
|
||||||
|
format!("http://[{}]/v1/admin/peers", test::WG_MANAGE_PEER_IP)
|
||||||
|
} else {
|
||||||
|
format!("http://{}/v1/admin/peers", test::WG_MANAGE_PEER_IP)
|
||||||
|
};
|
||||||
// Request from an unknown IP, trying to disguise as an admin using HTTP headers.
|
// Request from an unknown IP, trying to disguise as an admin using HTTP headers.
|
||||||
let req = Request::builder()
|
let req = Request::builder()
|
||||||
.uri(format!("http://{}/v1/admin/peers", test::WG_MANAGE_PEER_IP))
|
.uri(path)
|
||||||
.header(shared::INNERNET_PUBKEY_HEADER, key.to_base64())
|
.header(shared::INNERNET_PUBKEY_HEADER, key.to_base64())
|
||||||
.body(Body::empty())
|
.body(Body::empty())
|
||||||
.unwrap();
|
.unwrap();
|
||||||
let res = server.raw_request("10.80.80.80", req).await;
|
let res = if cfg!(feature = "v6-test") {
|
||||||
|
server.raw_request("fd00:1337::1337", req).await
|
||||||
|
} else {
|
||||||
|
server.raw_request("10.80.80.80", req).await
|
||||||
|
};
|
||||||
|
|
||||||
// addr::remote() filter only look at remote_addr from TCP socket.
|
// addr::remote() filter only look at remote_addr from TCP socket.
|
||||||
// HTTP headers are not considered. This also means that innernet
|
// HTTP headers are not considered. This also means that innernet
|
||||||
@ -696,12 +714,21 @@ mod tests {
|
|||||||
async fn test_unparseable_public_key() -> Result<(), Error> {
|
async fn test_unparseable_public_key() -> Result<(), Error> {
|
||||||
let server = test::Server::new()?;
|
let server = test::Server::new()?;
|
||||||
|
|
||||||
|
let path = if cfg!(feature = "v6-test") {
|
||||||
|
format!("http://[{}]/v1/admin/peers", test::WG_MANAGE_PEER_IP)
|
||||||
|
} else {
|
||||||
|
format!("http://{}/v1/admin/peers", test::WG_MANAGE_PEER_IP)
|
||||||
|
};
|
||||||
let req = Request::builder()
|
let req = Request::builder()
|
||||||
.uri(format!("http://{}/v1/admin/peers", test::WG_MANAGE_PEER_IP))
|
.uri(path)
|
||||||
.header(shared::INNERNET_PUBKEY_HEADER, "!!!")
|
.header(shared::INNERNET_PUBKEY_HEADER, "!!!")
|
||||||
.body(Body::empty())
|
.body(Body::empty())
|
||||||
.unwrap();
|
.unwrap();
|
||||||
let res = server.raw_request("10.80.80.80", req).await;
|
let res = if cfg!(feature = "v6-test") {
|
||||||
|
server.raw_request("fd00:1337::1337", req).await
|
||||||
|
} else {
|
||||||
|
server.raw_request("10.80.80.80", req).await
|
||||||
|
};
|
||||||
|
|
||||||
// addr::remote() filter only look at remote_addr from TCP socket.
|
// addr::remote() filter only look at remote_addr from TCP socket.
|
||||||
// HTTP headers are not considered. This also means that innernet
|
// HTTP headers are not considered. This also means that innernet
|
||||||
|
@ -14,21 +14,47 @@ use std::{collections::HashMap, net::SocketAddr, path::PathBuf, sync::Arc};
|
|||||||
use tempfile::TempDir;
|
use tempfile::TempDir;
|
||||||
use wgctrl::{Backend, InterfaceName, Key, KeyPair};
|
use wgctrl::{Backend, InterfaceName, Key, KeyPair};
|
||||||
|
|
||||||
pub const ROOT_CIDR: &str = "10.80.0.0/15";
|
#[cfg(not(feature = "v6-test"))]
|
||||||
pub const SERVER_CIDR: &str = "10.80.0.1/32";
|
mod v4 {
|
||||||
pub const ADMIN_CIDR: &str = "10.80.1.0/24";
|
pub const ROOT_CIDR: &str = "10.80.0.0/15";
|
||||||
pub const DEVELOPER_CIDR: &str = "10.80.64.0/24";
|
pub const SERVER_CIDR: &str = "10.80.0.1/32";
|
||||||
pub const USER_CIDR: &str = "10.80.128.0/17";
|
pub const ADMIN_CIDR: &str = "10.80.1.0/24";
|
||||||
pub const EXPERIMENTAL_CIDR: &str = "10.81.0.0/16";
|
pub const DEVELOPER_CIDR: &str = "10.80.64.0/24";
|
||||||
pub const EXPERIMENTAL_SUBCIDR: &str = "10.81.0.0/17";
|
pub const USER_CIDR: &str = "10.80.128.0/17";
|
||||||
|
pub const EXPERIMENTAL_CIDR: &str = "10.81.0.0/16";
|
||||||
|
pub const EXPERIMENTAL_SUBCIDR: &str = "10.81.0.0/17";
|
||||||
|
|
||||||
pub const ADMIN_PEER_IP: &str = "10.80.1.1";
|
pub const ADMIN_PEER_IP: &str = "10.80.1.1";
|
||||||
pub const WG_MANAGE_PEER_IP: &str = "10.80.1.1";
|
pub const WG_MANAGE_PEER_IP: &str = ADMIN_PEER_IP;
|
||||||
pub const DEVELOPER1_PEER_IP: &str = "10.80.64.2";
|
pub const DEVELOPER1_PEER_IP: &str = "10.80.64.2";
|
||||||
pub const DEVELOPER2_PEER_IP: &str = "10.80.64.3";
|
pub const DEVELOPER2_PEER_IP: &str = "10.80.64.3";
|
||||||
pub const USER1_PEER_IP: &str = "10.80.128.2";
|
pub const USER1_PEER_IP: &str = "10.80.128.2";
|
||||||
pub const USER2_PEER_IP: &str = "10.80.129.2";
|
pub const USER2_PEER_IP: &str = "10.80.129.2";
|
||||||
pub const EXPERIMENT_SUBCIDR_PEER_IP: &str = "10.81.0.1";
|
pub const EXPERIMENT_SUBCIDR_PEER_IP: &str = "10.81.0.1";
|
||||||
|
}
|
||||||
|
#[cfg(not(feature = "v6-test"))]
|
||||||
|
pub use v4::*;
|
||||||
|
|
||||||
|
#[cfg(feature = "v6-test")]
|
||||||
|
mod v6 {
|
||||||
|
pub const ROOT_CIDR: &str = "fd00:1337::/64";
|
||||||
|
pub const SERVER_CIDR: &str = "fd00:1337::1/128";
|
||||||
|
pub const ADMIN_CIDR: &str = "fd00:1337::1:0:0:0/80";
|
||||||
|
pub const DEVELOPER_CIDR: &str = "fd00:1337::2:0:0:0/80";
|
||||||
|
pub const USER_CIDR: &str = "fd00:1337::3:0:0:0/80";
|
||||||
|
pub const EXPERIMENTAL_CIDR: &str = "fd00:1337::4:0:0:0/80";
|
||||||
|
pub const EXPERIMENTAL_SUBCIDR: &str = "fd00:1337::4:0:0:0/81";
|
||||||
|
|
||||||
|
pub const ADMIN_PEER_IP: &str = "fd00:1337::1:0:0:1";
|
||||||
|
pub const WG_MANAGE_PEER_IP: &str = ADMIN_PEER_IP;
|
||||||
|
pub const DEVELOPER1_PEER_IP: &str = "fd00:1337::2:0:0:1";
|
||||||
|
pub const DEVELOPER2_PEER_IP: &str = "fd00:1337::2:0:0:2";
|
||||||
|
pub const USER1_PEER_IP: &str = "fd00:1337::3:0:0:1";
|
||||||
|
pub const USER2_PEER_IP: &str = "fd00:1337::3:0:0:2";
|
||||||
|
pub const EXPERIMENT_SUBCIDR_PEER_IP: &str = "fd00:1337::4:0:0:1";
|
||||||
|
}
|
||||||
|
#[cfg(feature = "v6-test")]
|
||||||
|
pub use v6::*;
|
||||||
|
|
||||||
pub const ROOT_CIDR_ID: i64 = 1;
|
pub const ROOT_CIDR_ID: i64 = 1;
|
||||||
pub const INFRA_CIDR_ID: i64 = 2;
|
pub const INFRA_CIDR_ID: i64 = 2;
|
||||||
@ -160,8 +186,13 @@ impl Server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
fn base_request_builder(&self, verb: &str, path: &str) -> http::request::Builder {
|
fn base_request_builder(&self, verb: &str, path: &str) -> http::request::Builder {
|
||||||
|
let path = if cfg!(feature = "v6-test") {
|
||||||
|
format!("http://[{}]{}", WG_MANAGE_PEER_IP, path)
|
||||||
|
} else {
|
||||||
|
format!("http://{}{}", WG_MANAGE_PEER_IP, path)
|
||||||
|
};
|
||||||
Request::builder()
|
Request::builder()
|
||||||
.uri(format!("http://{}{}", WG_MANAGE_PEER_IP, path))
|
.uri(path)
|
||||||
.method(verb)
|
.method(verb)
|
||||||
.header(
|
.header(
|
||||||
shared::INNERNET_PUBKEY_HEADER,
|
shared::INNERNET_PUBKEY_HEADER,
|
||||||
|
Loading…
Reference in New Issue
Block a user