1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
module discovery
def refpat = /blake2#[0-9a-f]*/
test ManualDiscovery:
let services = "discovery"
subnet sd
subnet s1
subnet s2
spawn as pd on sd
spawn as p1 on s1
spawn as p2 on s2
send "create-identity Discovery" to pd
send "create-identity Device1 Owner1" to p1
send "create-identity Device2 Owner2" to p2
expect /create-identity-done ref ($refpat).*/ from p1 capture p1id
send "identity-info $p1id" to p1
expect /identity-info ref $p1id base ($refpat) owner ($refpat).*/ from p1 capture p1base, p1owner
send "identity-info $p1owner" to p1
expect /identity-info ref $p1owner base ($refpat).*/ from p1 capture p1obase
expect /create-identity-done ref $refpat.*/ from p2
expect /create-identity-done ref $refpat.*/ from pd
# Test discovery using owner and device identities:
for id in [ p1obase, p1base ]:
for p in [ pd, p1, p2 ]:
send "start-server services $services" to p
for p in [ p1, p2 ]:
with p:
send "peer-add ${pd.node.ip}"
expect:
/peer 1 addr ${pd.node.ip} 29665/
/peer 1 id Discovery/
expect from pd:
/peer [12] addr ${p.node.ip} 29665/
/peer [12] id .*/
send "discovery-connect $id" to p2
expect from p1:
/peer [0-9]+ addr ${p2.node.ip} 29665/
/peer [0-9]+ id Device2 Owner2/
expect from p2:
/peer [0-9]+ addr ${p1.node.ip} 29665/
/peer [0-9]+ id Device1 Owner1/
for p in [ pd, p1, p2 ]:
send "stop-server" to p
for p in [ pd, p1, p2 ]:
expect /stop-server-done/ from p
# Test delayed discovery with new peer
for id in [ p1obase ]:
for p in [ pd, p1, p2 ]:
send "start-server services $services" to p
with p1:
send "peer-add ${pd.node.ip}"
expect:
/peer 1 addr ${pd.node.ip} 29665/
/peer 1 id Discovery/
expect from pd:
/peer [12] addr ${p1.node.ip} 29665/
/peer [12] id Device1 Owner1/
send "discovery-connect $id" to p2
with p2:
send "peer-add ${pd.node.ip}"
expect:
/peer 1 addr ${pd.node.ip} 29665/
/peer 1 id Discovery/
expect from pd:
/peer [12] addr ${p2.node.ip} 29665/
/peer [12] id Device2 Owner2/
expect from p1:
/peer [0-9]+ addr ${p2.node.ip} 29665/
/peer [0-9]+ id Device2 Owner2/
expect from p2:
/peer [0-9]+ addr ${p1.node.ip} 29665/
/peer [0-9]+ id Device1 Owner1/
for p in [ pd, p1, p2 ]:
send "stop-server" to p
for p in [ pd, p1, p2 ]:
expect /stop-server-done/ from p
test DiscoveryTunnel:
let services = "discovery"
subnet sd
subnet s1
subnet s2
spawn as pd on sd
spawn as p1 on s1
spawn as p2 on s2
for n in [ p1.node, p2.node ]:
shell on n:
nft add table inet filter
nft add chain inet filter input '{ type filter hook input priority filter ; policy drop; }'
nft add rule inet filter input 'ct state { established, related } accept'
send "create-identity Discovery" to pd
send "create-identity Device1 Owner1" to p1
send "create-identity Device2 Owner2" to p2
expect /create-identity-done ref ($refpat).*/ from p1 capture p1id
send "identity-info $p1id" to p1
expect /identity-info ref $p1id base ($refpat) owner ($refpat).*/ from p1 capture p1base, p1owner
send "identity-info $p1owner" to p1
expect /identity-info ref $p1owner base ($refpat).*/ from p1 capture p1obase
expect /create-identity-done ref $refpat.*/ from p2
expect /create-identity-done ref $refpat.*/ from pd
for id in [ p1obase ]:
for p in [ pd, p1, p2 ]:
send "start-server services $services" to p
for p in [ p1, p2 ]:
with p:
send "peer-add ${pd.node.ip}"
expect:
/peer 1 addr ${pd.node.ip} 29665/
/peer 1 id Discovery/
expect from pd:
/peer [12] addr ${p.node.ip} 29665/
/peer [12] id .*/
send "discovery-tunnel 1 $id" to p2
expect from p1:
/peer [0-9]+ addr tunnel@.*/
/peer [0-9]+ id Device2 Owner2/
expect from p2:
/peer [0-9]+ addr tunnel@.*/
/peer [0-9]+ id Device1 Owner1/
for p in [ pd, p1, p2 ]:
send "stop-server" to p
for p in [ pd, p1, p2 ]:
expect /stop-server-done/ from p
|