mirrors/nebula
1
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2025-12-05 18:20:48 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

V2 certificate format (#1216)

Browse source 
Co-authored-by: Nate Brown <nbrown.us@gmail.com>
Co-authored-by: Jack Doan <jackdoan@rivian.com>
Co-authored-by: brad-defined <77982333+brad-defined@users.noreply.github.com>
Co-authored-by: Jack Doan <me@jackdoan.com>
This commit is contained in:
Nate Brown 2025-03-06 11:28:26 -06:00 committed by GitHub
parent 2b427a7e89
commit d97ed57a19
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
105 changed files with 8276 additions and 4528 deletions
Download patch file Download diff file Expand all files Collapse all files

55
remote_list_test.go
View file

@ -9,11 +9,11 @@ import (
)
func TestRemoteList_Rebuild(t *testing.T) {
rl := NewRemoteList(nil)
rl := NewRemoteList([]netip.Addr{netip.MustParseAddr("0.0.0.0")}, nil)
rl.unlockedSetV4(
netip.MustParseAddr("0.0.0.0"),
netip.MustParseAddr("0.0.0.0"),
[]*Ip4AndPort{
[]*V4AddrPort{
newIp4AndPortFromString("70.199.182.92:1475"), // this is duped
newIp4AndPortFromString("172.17.0.182:10101"),
newIp4AndPortFromString("172.17.1.1:10101"), // this is duped
@ -25,20 +25,30 @@ func TestRemoteList_Rebuild(t *testing.T) {
newIp4AndPortFromString("70.199.182.92:1476"), // almost dupe of 0 with a diff port
newIp4AndPortFromString("70.199.182.92:1475"), // this is a dupe
},
func(netip.Addr, *Ip4AndPort) bool { return true },
func(netip.Addr, *V4AddrPort) bool { return true },
)
rl.unlockedSetV6(
netip.MustParseAddr("0.0.0.1"),
netip.MustParseAddr("0.0.0.1"),
[]*Ip6AndPort{
[]*V6AddrPort{
newIp6AndPortFromString("[1::1]:1"), // this is duped
newIp6AndPortFromString("[1::1]:2"), // almost dupe of 0 with a diff port, also gets duped
newIp6AndPortFromString("[1:100::1]:1"),
newIp6AndPortFromString("[1::1]:1"), // this is a dupe
newIp6AndPortFromString("[1::1]:2"), // this is a dupe
},
func(netip.Addr, *Ip6AndPort) bool { return true },
func(netip.Addr, *V6AddrPort) bool { return true },
)
rl.unlockedSetRelay(
netip.MustParseAddr("0.0.0.1"),
[]netip.Addr{
netip.MustParseAddr("1::1"),
netip.MustParseAddr("1.2.3.4"),
netip.MustParseAddr("1.2.3.4"),
netip.MustParseAddr("1::1"),
},
)
rl.Rebuild([]netip.Prefix{})
@ -76,6 +86,11 @@ func TestRemoteList_Rebuild(t *testing.T) {
assert.Equal(t, "[1::1]:2", rl.addrs[8].String())
assert.Equal(t, "[1:100::1]:1", rl.addrs[9].String())
// assert relay deduplicated
assert.Len(t, rl.relays, 2)
assert.Equal(t, "1.2.3.4", rl.relays[0].String())
assert.Equal(t, "1::1", rl.relays[1].String())
// Ensure we can hoist a specific ipv4 range over anything else
rl.Rebuild([]netip.Prefix{netip.MustParsePrefix("172.17.0.0/16")})
assert.Len(t, rl.addrs, 10, "addrs contains too many entries")
@ -98,11 +113,11 @@ func TestRemoteList_Rebuild(t *testing.T) {
}
func BenchmarkFullRebuild(b *testing.B) {
rl := NewRemoteList(nil)
rl := NewRemoteList([]netip.Addr{netip.MustParseAddr("0.0.0.0")}, nil)
rl.unlockedSetV4(
netip.MustParseAddr("0.0.0.0"),
netip.MustParseAddr("0.0.0.0"),
[]*Ip4AndPort{
[]*V4AddrPort{
newIp4AndPortFromString("70.199.182.92:1475"),
newIp4AndPortFromString("172.17.0.182:10101"),
newIp4AndPortFromString("172.17.1.1:10101"),
@ -112,19 +127,19 @@ func BenchmarkFullRebuild(b *testing.B) {
newIp4AndPortFromString("172.17.1.1:10101"), // this is a dupe
newIp4AndPortFromString("70.199.182.92:1476"), // dupe of 0 with a diff port
},
func(netip.Addr, *Ip4AndPort) bool { return true },
func(netip.Addr, *V4AddrPort) bool { return true },
)
rl.unlockedSetV6(
netip.MustParseAddr("0.0.0.0"),
netip.MustParseAddr("0.0.0.0"),
[]*Ip6AndPort{
[]*V6AddrPort{
newIp6AndPortFromString("[1::1]:1"),
newIp6AndPortFromString("[1::1]:2"), // dupe of 0 with a diff port
newIp6AndPortFromString("[1:100::1]:1"),
newIp6AndPortFromString("[1::1]:1"), // this is a dupe
},
func(netip.Addr, *Ip6AndPort) bool { return true },
func(netip.Addr, *V6AddrPort) bool { return true },
)
b.Run("no preferred", func(b *testing.B) {
@ -160,11 +175,11 @@ func BenchmarkFullRebuild(b *testing.B) {
}
func BenchmarkSortRebuild(b *testing.B) {
rl := NewRemoteList(nil)
rl := NewRemoteList([]netip.Addr{netip.MustParseAddr("0.0.0.0")}, nil)
rl.unlockedSetV4(
netip.MustParseAddr("0.0.0.0"),
netip.MustParseAddr("0.0.0.0"),
[]*Ip4AndPort{
[]*V4AddrPort{
newIp4AndPortFromString("70.199.182.92:1475"),
newIp4AndPortFromString("172.17.0.182:10101"),
newIp4AndPortFromString("172.17.1.1:10101"),
@ -174,19 +189,19 @@ func BenchmarkSortRebuild(b *testing.B) {
newIp4AndPortFromString("172.17.1.1:10101"), // this is a dupe
newIp4AndPortFromString("70.199.182.92:1476"), // dupe of 0 with a diff port
},
func(netip.Addr, *Ip4AndPort) bool { return true },
func(netip.Addr, *V4AddrPort) bool { return true },
)
rl.unlockedSetV6(
netip.MustParseAddr("0.0.0.0"),
netip.MustParseAddr("0.0.0.0"),
[]*Ip6AndPort{
[]*V6AddrPort{
newIp6AndPortFromString("[1::1]:1"),
newIp6AndPortFromString("[1::1]:2"), // dupe of 0 with a diff port
newIp6AndPortFromString("[1:100::1]:1"),
newIp6AndPortFromString("[1::1]:1"), // this is a dupe
},
func(netip.Addr, *Ip6AndPort) bool { return true },
func(netip.Addr, *V6AddrPort) bool { return true },
)
b.Run("no preferred", func(b *testing.B) {
@ -224,19 +239,19 @@ func BenchmarkSortRebuild(b *testing.B) {
})
}
func newIp4AndPortFromString(s string) *Ip4AndPort {
func newIp4AndPortFromString(s string) *V4AddrPort {
a := netip.MustParseAddrPort(s)
v4Addr := a.Addr().As4()
return &Ip4AndPort{
Ip: binary.BigEndian.Uint32(v4Addr[:]),
return &V4AddrPort{
Addr: binary.BigEndian.Uint32(v4Addr[:]),
Port: uint32(a.Port()),
}
}
func newIp6AndPortFromString(s string) *Ip6AndPort {
func newIp6AndPortFromString(s string) *V6AddrPort {
a := netip.MustParseAddrPort(s)
v6Addr := a.Addr().As16()
return &Ip6AndPort{
return &V6AddrPort{
Hi: binary.BigEndian.Uint64(v6Addr[:8]),
Lo: binary.BigEndian.Uint64(v6Addr[8:]),
Port: uint32(a.Port()),