(b *testing.B, file string, opt benchOpt)
| 1254 | } |
| 1255 | |
| 1256 | func benchmarkFile(b *testing.B, file string, opt benchOpt) { |
| 1257 | var matches []Match |
| 1258 | bts, err := os.ReadFile(file) |
| 1259 | if err != nil { |
| 1260 | b.Fatal(err) |
| 1261 | } |
| 1262 | if err := json.Unmarshal(bts, &matches); err != nil { |
| 1263 | b.Fatal(err) |
| 1264 | } |
| 1265 | |
| 1266 | var localNets netipx.IPSetBuilder |
| 1267 | pfx := []netip.Prefix{ |
| 1268 | netip.MustParsePrefix("100.96.14.120/32"), |
| 1269 | netip.MustParsePrefix("fd7a:115c:a1e0:ab12:4843:cd96:6260:e78/128"), |
| 1270 | } |
| 1271 | for _, p := range pfx { |
| 1272 | localNets.AddPrefix(p) |
| 1273 | } |
| 1274 | |
| 1275 | var logIPs netipx.IPSetBuilder |
| 1276 | logIPs.AddPrefix(tsaddr.CGNATRange()) |
| 1277 | logIPs.AddPrefix(tsaddr.TailscaleULARange()) |
| 1278 | |
| 1279 | f := New(matches, nil, must.Get(localNets.IPSet()), must.Get(logIPs.IPSet()), nil, logger.Discard) |
| 1280 | var srcIP, dstIP netip.Addr |
| 1281 | if opt.v4 { |
| 1282 | srcIP = netip.MustParseAddr("1.2.3.4") |
| 1283 | dstIP = pfx[0].Addr() |
| 1284 | } else { |
| 1285 | srcIP = netip.MustParseAddr("2012::3456") |
| 1286 | dstIP = pfx[1].Addr() |
| 1287 | } |
| 1288 | if !opt.validLocalDst { |
| 1289 | dstIP = dstIP.Next() // to make it not in localNets |
| 1290 | } |
| 1291 | proto := ipproto.TCP |
| 1292 | if opt.udp { |
| 1293 | proto = ipproto.UDP |
| 1294 | } |
| 1295 | const sport = 33123 |
| 1296 | const dport = 443 |
| 1297 | pkt := parsed(proto, srcIP.String(), dstIP.String(), sport, dport) |
| 1298 | if opt.tcpNotSYN { |
| 1299 | pkt.TCPFlags = packet.TCPPsh // anything that's not SYN |
| 1300 | } |
| 1301 | if opt.udpOpen { |
| 1302 | tuple := flowtrack.MakeTuple(proto, |
| 1303 | netip.AddrPortFrom(srcIP, sport), |
| 1304 | netip.AddrPortFrom(dstIP, dport), |
| 1305 | ) |
| 1306 | f.state.mu.Lock() |
| 1307 | f.state.lru.Add(tuple, struct{}{}) |
| 1308 | f.state.mu.Unlock() |
| 1309 | } |
| 1310 | |
| 1311 | want := Drop |
| 1312 | if opt.wantAccept { |
| 1313 | want = Accept |
no test coverage detected
searching dependent graphs…