webnet
/
tailscale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

net/netns, misc tests: remove TestOnlySkipPrivilegedOps, argv checks

Browse Source 
The netns UID check is sufficient for now. We can do something else
later if/when needed.
main
Brad Fitzpatrick 6 years ago
parent 7a410f9236
commit becce82246
6 changed files with 10 additions and 61 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      derp/derphttp/derphttp_test.go
  2. 5
      net/netcheck/netcheck_test.go
  3. 15
      net/netns/netns.go
  4. 36
      net/netns/netns_linux.go
  5. 5
      wgengine/magicsock/magicsock_test.go
  6. 5
      wgengine/watchdog_test.go

5
derp/derphttp/derphttp_test.go
Unescape View File

@ -15,14 +15,9 @@ import (
"time"
"tailscale.com/derp"
"tailscale.com/net/netns"
"tailscale.com/types/key"
)
func init() {
netns.TestOnlySkipPrivilegedOps()
}
func TestSendRecv(t *testing.T) {
const numClients = 3
var serverPrivateKey key.Private

5
net/netcheck/netcheck_test.go
Unescape View File

@ -16,16 +16,11 @@ import (
"time"
"tailscale.com/net/interfaces"
"tailscale.com/net/netns"
"tailscale.com/net/stun"
"tailscale.com/net/stun/stuntest"
"tailscale.com/tailcfg"
)
func init() {
netns.TestOnlySkipPrivilegedOps()
}
func TestHairpinSTUN(t *testing.T) {
tx := stun.NewTxID()
c := &Client{

15
net/netns/netns.go
Unescape View File

@ -11,13 +11,7 @@
// operating system, and perhaps even by version of the OS.
package netns
import (
"net"
"tailscale.com/syncs"
)
var skipPrivileged syncs.AtomicBool
import "net"
// Listener returns a new net.Listener with its Control hook func
// initialized as necessary to run in logical network namespace that
@ -32,10 +26,3 @@ func Listener() *net.ListenConfig {
func Dialer() *net.Dialer {
return &net.Dialer{Control: control}
}
// TestOnlySkipPrivilegedOps disables any behavior in this package
// that requires root or other elevated privileges. It's used only in
// tests, and using it definitely breaks some Tailscale functionality.
func TestOnlySkipPrivilegedOps() {
skipPrivileged.Set(true)
}

36
net/netns/netns_linux.go
Unescape View File

@ -6,11 +6,11 @@ package netns
import (
"errors"
"flag"
"fmt"
"io/ioutil"
"os"
"os/exec"
"path/filepath"
"strings"
"sync"
"syscall"
@ -72,30 +72,18 @@ func defaultRouteInterface() (string, error) {
// ignoreErrors returns true if we should ignore setsocketopt errors in
// this instance.
func ignoreErrors() bool {
// If we're in a test, ignore errors. Assume the test knows
// what it's doing and will do its own skips or permission
// checks if it's setting up a world that needs netns to work.
// But by default, assume that tests don't need netns and it's
// harmless to ignore the sockopts failing.
if flag.CommandLine.Lookup("test.v") != nil {
return true
}
if os.Getuid() != 0 {
// only root can manipulate these socket flags
return true
}
// TODO(apenwarr): this snooping around in the args is way too magic.
// It would be better to explicitly activate, or not, this dialer
// by passing it from the toplevel program.
v, _ := os.Executable()
switch filepath.Base(v) {
case "tailscale":
for _, arg := range os.Args {
if arg == "netcheck" {
return true
}
}
case "tailscaled":
for _, arg := range os.Args {
if arg == "-fake" || arg == "--fake" {
return true
}
}
}
return false
}
@ -104,12 +92,6 @@ func ignoreErrors() bool {
// It's intentionally the same signature as net.Dialer.Control
// and net.ListenConfig.Control.
func control(network, address string, c syscall.RawConn) error {
if skipPrivileged.Get() {
// We can't set socket marks without CAP_NET_ADMIN on linux,
// skip as requested.
return nil
}
var sockErr error
err := c.Control(func(fd uintptr) {
if ipRuleAvailable() {

5
wgengine/magicsock/magicsock_test.go
Unescape View File

@ -26,7 +26,6 @@ import (
"tailscale.com/derp"
"tailscale.com/derp/derphttp"
"tailscale.com/derp/derpmap"
"tailscale.com/net/netns"
"tailscale.com/net/stun/stuntest"
"tailscale.com/tailcfg"
"tailscale.com/tstest"
@ -36,10 +35,6 @@ import (
"tailscale.com/wgengine/tstun"
)
func init() {
netns.TestOnlySkipPrivilegedOps()
}
// WaitReady waits until the magicsock is entirely initialized and connected
// to its home DERP server. This is normally not necessary, since magicsock
// is intended to be entirely asynchronous, but it helps eliminate race

5
wgengine/watchdog_test.go
Unescape View File

@ -11,15 +11,10 @@ import (
"testing"
"time"
"tailscale.com/net/netns"
"tailscale.com/wgengine/router"
"tailscale.com/wgengine/tstun"
)
func init() {
netns.TestOnlySkipPrivilegedOps()
}
func TestWatchdog(t *testing.T) {
t.Parallel()

Write Preview
Loading…
Cancel
Save