wgengine/magicsock: add a connectivity test for facing firewalls.

The test demonstrates that magicsock can traverse two stateful firewalls facing each other, that each require localhost to initiate connections. Signed-off-by: David Anderson <danderson@tailscale.com>
2025-11-15 02:05:16 +00:00 · 2020-07-11 07:03:19 +00:00
parent 1f7b1a4c6c
commit 88e8456e9b
3 changed files with 48 additions and 3 deletions
--- a/wgengine/magicsock/magicsock_test.go
+++ b/wgengine/magicsock/magicsock_test.go
@@ -368,6 +368,34 @@ func TestTwoDevicePing(t *testing.T) {
 			}
 			testTwoDevicePing(t, n)
 		})
+
+		t.Run("facing firewalls", func(t *testing.T) {
+			mstun := &natlab.Machine{Name: "stun"}
+			f1 := &natlab.Firewall{}
+			f2 := &natlab.Firewall{}
+			m1 := &natlab.Machine{
+				Name:         "m1",
+				HandlePacket: f1.HandlePacket,
+			}
+			m2 := &natlab.Machine{
+				Name:         "m2",
+				HandlePacket: f2.HandlePacket,
+			}
+			inet := natlab.NewInternet()
+			sif := mstun.Attach("eth0", inet)
+			m1if := m1.Attach("eth0", inet)
+			m2if := m2.Attach("eth0", inet)
+
+			n := &devices{
+				m1:     m1,
+				m1IP:   m1if.V4(),
+				m2:     m2,
+				m2IP:   m2if.V4(),
+				stun:   mstun,
+				stunIP: sif.V4(),
+			}
+			testTwoDevicePing(t, n)
+		})
 	})
 }