diff options
| -rw-r--r-- | src/Erebos/Discovery.hs | 16 | ||||
| -rw-r--r-- | test/discovery.test | 54 |
2 files changed, 69 insertions, 1 deletions
diff --git a/src/Erebos/Discovery.hs b/src/Erebos/Discovery.hs index 5788ab8..2c1d409 100644 --- a/src/Erebos/Discovery.hs +++ b/src/Erebos/Discovery.hs @@ -431,7 +431,14 @@ instance Service DiscoveryService where let addr = TunnelAddress {..} void $ serverPeerCustom server addr receiveFromTunnel server addr - [] -> svcPrint $ "Discovery: missing stream in tunnel response" + [] -> do + svcPrint $ "Discovery: missing stream in tunnel response" + liftIO $ closeStream tunnelWriter + + | Just tunnelWriter <- lookup (either refDigest id (dconnTarget conn)) (dpsOurTunnelRequests dps) + -> do + svcPrint $ "Discovery: tunnel request failed" + liftIO $ closeStream tunnelWriter #ifdef ENABLE_ICE_SUPPORT | Just dp <- M.lookup (either refDigest id $ dconnTarget conn) dpeers @@ -449,6 +456,7 @@ instance Service DiscoveryService where case M.lookup (either refDigest id $ dconnSource conn) dpeers of Just dp | Just dpeer <- dpPeer dp -> if + -- successful tunnel request | dconnTunnel conn , Just ( fromSource, toTarget ) <- lookup (either refDigest id (dconnSource conn)) (dpsRelayedTunnelRequests dps) , fromTarget : _ <- streams @@ -465,6 +473,12 @@ instance Service DiscoveryService where toSource <- readMVar toSourceVar relayStream fromTarget toSource + -- failed tunnel request + | Just ( _, toTarget ) <- lookup (either refDigest id (dconnSource conn)) (dpsRelayedTunnelRequests dps) + -> do + liftIO $ closeStream toTarget + sendToPeer dpeer $ DiscoveryConnectionResponse conn + | otherwise -> do sendToPeer dpeer $ DiscoveryConnectionResponse conn _ -> svcPrint $ "Discovery: failed to relay connection response" diff --git a/test/discovery.test b/test/discovery.test index d73e292..e80a755 100644 --- a/test/discovery.test +++ b/test/discovery.test @@ -162,3 +162,57 @@ test DiscoveryTunnel: send "stop-server" to p for p in [ pd, p1, p2 ]: expect /stop-server-done/ from p + + +test DiscoveryTunnelRefused: + let services = "discovery" + + subnet sd + subnet s1 + subnet s2 + + spawn as pd on sd + spawn as p1 on s1 + spawn as p2 on s2 + + for n in [ p1.node, p2.node ]: + shell on n: + nft add table inet filter + nft add chain inet filter input '{ type filter hook input priority filter ; policy drop; }' + nft add rule inet filter input 'ct state { established, related } accept' + + send "create-identity Discovery" to pd + send "create-identity Device1 Owner1" to p1 + send "create-identity Device2 Owner2" to p2 + + expect /create-identity-done ref ($refpat).*/ from p1 capture p1id + send "identity-info $p1id" to p1 + expect /identity-info ref $p1id base ($refpat) owner ($refpat).*/ from p1 capture p1base, p1owner + send "identity-info $p1owner" to p1 + expect /identity-info ref $p1owner base ($refpat).*/ from p1 capture p1obase + + expect /create-identity-done ref $refpat.*/ from p2 + expect /create-identity-done ref $refpat.*/ from pd + + for id in [ p1obase ]: + for p in [ pd, p1, p2 ]: + send "start-server services $services test-log" to p + + for p in [ p1, p2 ]: + with p: + send "peer-add ${pd.node.ip}" + expect: + /peer 1 addr ${pd.node.ip} 29665/ + /peer 1 id Discovery/ + expect from pd: + /peer [12] addr ${p.node.ip} 29665/ + /peer [12] id .*/ + + send "discovery-tunnel 1 $id" to p2 + expect /net-ostream-open ${pd.node.ip} 29665 1 1/ from p2 + expect /net-ostream-close-ack ${pd.node.ip} 29665 1 0/ from p2 + + for p in [ pd, p1, p2 ]: + send "stop-server" to p + for p in [ pd, p1, p2 ]: + expect /stop-server-done/ from p |