tsnet: add test for packet filter generation from netmap

This is an integration test that covers all the code in Direct, Auto, and LocalBackend that processes NetMaps and creates a Filter. The test uses tsnet as a convenient proxy for setting up all the client pieces correctly, but is not actually a test specific to tsnet. Updates tailscale/corp#20514 Signed-off-by: James Sanderson <jsanderson@tailscale.com>
2025-08-15 07:27:30 +00:00 · 2025-03-21 09:30:42 +00:00
parent 5be6ff9b62
commit 85a7abef0c
3 changed files with 254 additions and 2 deletions
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@@ -1510,7 +1510,11 @@ func (nb *nodeBackend) peerCapsLocked(src netip.Addr) tailcfg.PeerCapMap {
 	return nil
 }

-func (nb *nodeBackend) GetFilterForTest() *filter.Filter {
+func (b *LocalBackend) GetFilterForTest() *filter.Filter {
+	if !testenv.InTest() {
+		panic("GetFilterForTest called outside of test")
+	}
+	nb := b.currentNode()
 	return nb.filterAtomic.Load()
 }

--- a/ipn/ipnlocal/local_test.go
+++ b/ipn/ipnlocal/local_test.go
@@ -5328,7 +5328,7 @@ func TestSrcCapPacketFilter(t *testing.T) {
 		}},
 	})

-	f := lb.currentNode().GetFilterForTest()
+	f := lb.GetFilterForTest()
 	res := f.Check(netip.MustParseAddr("2.2.2.2"), netip.MustParseAddr("1.1.1.1"), 22, ipproto.TCP)
 	if res != filter.Accept {
 		t.Errorf("Check(2.2.2.2, ...) = %s, want %s", res, filter.Accept)