tstest/natlab/vmtest: add TestPeerRelay
Add a VM-based natlab test that exercises the peer-relay feature (feature/relayserver) end-to-end across three Tailscale nodes whose network topology makes a direct A<->B UDP path impossible: both peers are behind HardNAT (FreeBSD/pfSense-style endpoint-dependent NAT) with no port-mapping services, while the relay node is behind One2OneNAT so its STUN-discovered WAN endpoint is reachable from both peers. The test enables the relay server via EditPrefs, then waits for an a->b PingDisco whose PingResult.PeerRelay is set (proving magicsock chose the peer-relay path, not DERP), and finally asserts that the relay's DebugPeerRelaySessions LocalAPI reports the session. The existing TestPeerRelayPing in tstest/integration runs three tailscaled processes on the loopback interface with no NATs; this new vmtest covers peer relay through real per-VM kernels and NATs. To wire control-server capabilities into vmtest, also add a PeerRelayGrants() EnvOption (sibling of AllOnline, SameTailnetUser) that flips testcontrol.Server.PeerRelayGrants so the wildcard packet filter grants tailcfg.PeerCapabilityRelay and PeerCapabilityRelayTarget; without those caps magicsock won't consider any peer a candidate relay. Updates #13038 Change-Id: Ib3440b83ec442da0d3b89ffa48ceea9398ea9062 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
committed by
Brad Fitzpatrick
Brad Fitzpatrick
parent
9437a634e6
commit
93440604e0
@@ -91,6 +91,7 @@ type Env struct {
|
||||
|
||||
sameTailnetUser bool // all nodes register as the same Tailnet user
|
||||
allOnline bool // mark every peer as Online=true in MapResponses
|
||||
peerRelayGrants bool // grant peer-relay capabilities on the wildcard packet filter
|
||||
|
||||
// Shared resource initialization (sync.Once for things multiple nodes share).
|
||||
vnetOnce sync.Once
|
||||
@@ -373,6 +374,16 @@ func AllOnline() EnvOption {
|
||||
return envOptFunc(func(e *Env) { e.allOnline = true })
|
||||
}
|
||||
|
||||
// PeerRelayGrants returns an [EnvOption] that makes the test control server
|
||||
// grant [tailcfg.PeerCapabilityRelay] and [tailcfg.PeerCapabilityRelayTarget]
|
||||
// on the wildcard packet filter (testcontrol.Server.PeerRelayGrants). Without
|
||||
// those capabilities, magicsock does not consider any peer a candidate
|
||||
// peer-relay server, so a node that has [ipn.Prefs.RelayServerPort] set
|
||||
// cannot actually be used as a relay by its peers.
|
||||
func PeerRelayGrants() EnvOption {
|
||||
return envOptFunc(func(e *Env) { e.peerRelayGrants = true })
|
||||
}
|
||||
|
||||
// AddNetwork creates a new virtual network. Arguments follow the same pattern as
|
||||
// vnet.Config.AddNetwork (string IPs, NAT types, NetworkService values).
|
||||
func (e *Env) AddNetwork(opts ...any) *vnet.Network {
|
||||
@@ -1365,6 +1376,9 @@ func (e *Env) initVnet() {
|
||||
if e.allOnline {
|
||||
e.server.ControlServer().AllOnline = true
|
||||
}
|
||||
if e.peerRelayGrants {
|
||||
e.server.ControlServer().PeerRelayGrants = true
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user