TestTCPForwardLimits_PerClient verifies that the per-client limit for TCP forwarding works.
(t *testing.T)
| 815 | // TestTCPForwardLimits_PerClient verifies that the per-client limit for TCP |
| 816 | // forwarding works. |
| 817 | func TestTCPForwardLimits_PerClient(t *testing.T) { |
| 818 | clientmetric.ResetForTest(t) |
| 819 | tstest.AssertNotParallel(t) // calls envknob.Setenv |
| 820 | envknob.Setenv("TS_DEBUG_NETSTACK", "true") |
| 821 | t.Cleanup(func() { envknob.Setenv("TS_DEBUG_NETSTACK", "") }) |
| 822 | |
| 823 | // Set our test override limits during this test. |
| 824 | maxInFlightConnectionAttemptsForTest.Store(2) |
| 825 | t.Cleanup(func() { maxInFlightConnectionAttemptsForTest.Store(0) }) |
| 826 | maxInFlightConnectionAttemptsPerClientForTest.Store(1) |
| 827 | t.Cleanup(func() { maxInFlightConnectionAttemptsPerClientForTest.Store(0) }) |
| 828 | |
| 829 | impl := makeNetstack(t, func(impl *Impl) { |
| 830 | impl.ProcessSubnets = true |
| 831 | }) |
| 832 | |
| 833 | dialFn, gotConn := makeHangDialer(t) |
| 834 | impl.forwardDialFunc = dialFn |
| 835 | |
| 836 | prefs := ipn.NewPrefs() |
| 837 | prefs.AdvertiseRoutes = []netip.Prefix{ |
| 838 | // This is the TEST-NET-1 IP block for use in documentation, |
| 839 | // and should never actually be routable. |
| 840 | netip.MustParsePrefix("192.0.2.0/24"), |
| 841 | } |
| 842 | impl.lb.Start(ipn.Options{ |
| 843 | UpdatePrefs: prefs, |
| 844 | }) |
| 845 | impl.atomicIsLocalIPFunc.Store(looksLikeATailscaleSelfAddress) |
| 846 | |
| 847 | // Inject an "outbound" packet that's going to an IP address that times |
| 848 | // out. We need to re-parse from a byte slice so that the internal |
| 849 | // buffer in the packet.Parsed type is filled out. |
| 850 | client := netip.MustParseAddr("100.101.102.103") |
| 851 | destAddr := netip.MustParseAddr("192.0.2.1") |
| 852 | |
| 853 | // Helpers |
| 854 | var port uint16 = 1234 |
| 855 | mustInjectPacket := func() { |
| 856 | pkt := tcp4syn(t, client, destAddr, port, 4567) |
| 857 | port++ // to avoid deduplication based on endpoint |
| 858 | |
| 859 | var parsed packet.Parsed |
| 860 | parsed.Decode(pkt) |
| 861 | |
| 862 | // When injecting this packet, we want the outcome to be "drop |
| 863 | // silently", which indicates that netstack is processing the |
| 864 | // packet and not delivering it to the host system. |
| 865 | if resp, _ := impl.injectInbound(&parsed, impl.tundev, nil); resp != filter.DropSilently { |
| 866 | t.Fatalf("got filter outcome %v, want filter.DropSilently", resp) |
| 867 | } |
| 868 | } |
| 869 | |
| 870 | ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) |
| 871 | defer cancel() |
| 872 | |
| 873 | waitPacket := func() { |
| 874 | select { |
nothing calls this directly
no test coverage detected
searching dependent graphs…