summaryrefslogtreecommitdiffhomepage
path: root/ios
diff options
context:
space:
mode:
authorBug Magnet <marco.nikic@mullvad.net>2025-01-30 14:30:13 +0100
committerBug Magnet <marco.nikic@mullvad.net>2025-02-06 15:45:41 +0100
commit3ca258932612cfd1349cdfb644e49a3e7d9740db (patch)
tree8138c86d8e43105d62252e8278ec175fd162cc5a /ios
parentcf93a4607e9773e86a089d098ac2e02d892e84a5 (diff)
downloadmullvadvpn-3ca258932612cfd1349cdfb644e49a3e7d9740db.tar.xz
mullvadvpn-3ca258932612cfd1349cdfb644e49a3e7d9740db.zip
Remove LeakRule protocol for now, improve leak test names
Diffstat (limited to 'ios')
-rw-r--r--ios/MullvadVPN.xcodeproj/project.pbxproj6
-rw-r--r--ios/MullvadVPNUITests/Base/BaseUITestCase.swift4
-rw-r--r--ios/MullvadVPNUITests/LeakTests.swift28
-rw-r--r--ios/MullvadVPNUITests/Networking/LeakCheck.swift14
-rw-r--r--ios/MullvadVPNUITests/Networking/PacketCapture.swift2
-rw-r--r--ios/MullvadVPNUITests/Networking/TestRouterAPIClient.swift12
-rw-r--r--ios/MullvadVPNUITests/Networking/TrafficGenerator.swift4
7 files changed, 38 insertions, 32 deletions
diff --git a/ios/MullvadVPN.xcodeproj/project.pbxproj b/ios/MullvadVPN.xcodeproj/project.pbxproj
index a19ea40998..76e944a9c7 100644
--- a/ios/MullvadVPN.xcodeproj/project.pbxproj
+++ b/ios/MullvadVPN.xcodeproj/project.pbxproj
@@ -4276,14 +4276,14 @@
85557B0C2B591B0F00795FE1 /* Networking */ = {
isa = PBXGroup;
children = (
- 85607C882D131CCD00037E34 /* TestRouterAPIClient.swift */,
- 8555C65F2D102FFE0092DAD0 /* LeakCheck.swift */,
85557B0D2B591B2600795FE1 /* FirewallClient.swift */,
85557B0F2B59215F00795FE1 /* FirewallRule.swift */,
+ 8555C65F2D102FFE0092DAD0 /* LeakCheck.swift */,
85557B132B5983CF00795FE1 /* MullvadAPIWrapper.swift */,
85E3BDE42B70E18C00FA71FD /* Networking.swift */,
- 856952DB2BD2922A008C1F84 /* PartnerAPIClient.swift */,
85978A532BE0F10E00F999A7 /* PacketCapture.swift */,
+ 856952DB2BD2922A008C1F84 /* PartnerAPIClient.swift */,
+ 85607C882D131CCD00037E34 /* TestRouterAPIClient.swift */,
8590A5432C2AF43400B9BF7B /* TrafficGenerator.swift */,
);
path = Networking;
diff --git a/ios/MullvadVPNUITests/Base/BaseUITestCase.swift b/ios/MullvadVPNUITests/Base/BaseUITestCase.swift
index 7b978a61f0..fd27c45900 100644
--- a/ios/MullvadVPNUITests/Base/BaseUITestCase.swift
+++ b/ios/MullvadVPNUITests/Base/BaseUITestCase.swift
@@ -227,11 +227,11 @@ class BaseUITestCase: XCTestCase {
packetCaptureClient.stopCapture(session: packetCaptureSession)
}
- let pcap = packetCaptureClient.getPCAP(session: packetCaptureSession)
+ let pcapFileContents = packetCaptureClient.getPCAP(session: packetCaptureSession)
let parsedCapture = packetCaptureClient.getParsedCapture(session: packetCaptureSession)
self.packetCaptureSession = nil
- let pcapAttachment = XCTAttachment(data: pcap)
+ let pcapAttachment = XCTAttachment(data: pcapFileContents)
pcapAttachment.name = self.name + ".pcap"
pcapAttachment.lifetime = .keepAlways
self.add(pcapAttachment)
diff --git a/ios/MullvadVPNUITests/LeakTests.swift b/ios/MullvadVPNUITests/LeakTests.swift
index d1c3d6b786..17f75683b9 100644
--- a/ios/MullvadVPNUITests/LeakTests.swift
+++ b/ios/MullvadVPNUITests/LeakTests.swift
@@ -9,13 +9,22 @@
import XCTest
class LeakTests: LoggedInWithTimeUITestCase {
+ static let capturedStreamStartTimestamp: Double = 8
+ static let capturedStreamEndTimestamp: Double = 3
+
override func tearDown() {
FirewallClient().removeRules()
super.tearDown()
}
- /// Send UDP traffic to a host, connect to relay and make sure while connected to relay no traffic leaked went directly to the host
- func testNoLeak() throws {
+ /// Send UDP traffic to a host, connect to relay and make sure - while connected to relay -
+ /// that no leaked traffic went directly to the host
+ func testConnectionStartedBeforeTunnelShouldNotLeakOutside() throws {
+ let skipReason = """
+ Connections started before the packet tunnel will leak as long as
+ includeAllNetworks is not set to true when starting the tunnel.
+ """
+ try XCTSkipIf(true, skipReason)
let targetIPAddress = Networking.getAlwaysReachableIPAddress()
startPacketCapture()
let trafficGenerator = TrafficGenerator(destinationHost: targetIPAddress, port: 80)
@@ -39,12 +48,16 @@ class LeakTests: LoggedInWithTimeUITestCase {
var capturedStreams = stopPacketCapture()
// For now cut the beginning and and end of the stream to trim out the part where the tunnel connection was not up
- capturedStreams = PacketCaptureClient.trimPackets(streams: capturedStreams, secondsStart: 8, secondsEnd: 3)
+ capturedStreams = PacketCaptureClient.trimPackets(
+ streams: capturedStreams,
+ secondsStart: Self.capturedStreamStartTimestamp,
+ secondsEnd: Self.capturedStreamEndTimestamp
+ )
LeakCheck.assertNoLeaks(streams: capturedStreams, rules: [NoTrafficToHostLeakRule(host: targetIPAddress)])
}
/// Send UDP traffic to a host, connect to relay and then disconnect to intentionally leak traffic and make sure that the test catches the leak
- func testShouldLeak() throws {
+ func testTrafficCapturedOutsideOfTunnelShouldLeak() throws {
let targetIPAddress = Networking.getAlwaysReachableIPAddress()
startPacketCapture()
let trafficGenerator = TrafficGenerator(destinationHost: targetIPAddress, port: 80)
@@ -72,7 +85,6 @@ class LeakTests: LoggedInWithTimeUITestCase {
// Keep the tunnel connection for a while
RunLoop.current.run(until: .now + 5)
- app.launch()
TunnelControlPage(app)
.tapDisconnectButton()
@@ -82,7 +94,11 @@ class LeakTests: LoggedInWithTimeUITestCase {
var capturedStreams = stopPacketCapture()
// For now cut the beginning and and end of the stream to trim out the part where the tunnel connection was not up
- capturedStreams = PacketCaptureClient.trimPackets(streams: capturedStreams, secondsStart: 8, secondsEnd: 3)
+ capturedStreams = PacketCaptureClient.trimPackets(
+ streams: capturedStreams,
+ secondsStart: Self.capturedStreamStartTimestamp,
+ secondsEnd: Self.capturedStreamEndTimestamp
+ )
LeakCheck.assertLeaks(streams: capturedStreams, rules: [NoTrafficToHostLeakRule(host: targetIPAddress)])
}
}
diff --git a/ios/MullvadVPNUITests/Networking/LeakCheck.swift b/ios/MullvadVPNUITests/Networking/LeakCheck.swift
index 5c751527ef..2a9319976f 100644
--- a/ios/MullvadVPNUITests/Networking/LeakCheck.swift
+++ b/ios/MullvadVPNUITests/Networking/LeakCheck.swift
@@ -9,30 +9,26 @@
import XCTest
class LeakCheck {
- static func assertNoLeaks(streams: [Stream], rules: [LeakRule]) {
+ static func assertNoLeaks(streams: [Stream], rules: [NoTrafficToHostLeakRule]) {
XCTAssertFalse(streams.isEmpty, "No streams to leak check")
XCTAssertFalse(rules.isEmpty, "No leak rules to check")
for rule in rules where rule.isViolated(streams: streams) {
- XCTFail("Leak rule violated")
+ XCTFail("Leaked traffic destined to \(rule.host) outside of the tunnel connection")
}
}
- static func assertLeaks(streams: [Stream], rules: [LeakRule]) {
+ static func assertLeaks(streams: [Stream], rules: [NoTrafficToHostLeakRule]) {
XCTAssertFalse(streams.isEmpty, "No streams to leak check")
XCTAssertFalse(rules.isEmpty, "No leak rules to check")
for rule in rules where rule.isViolated(streams: streams) == false {
- XCTFail("Leak rule unexpectedly not violated when asserting leak")
+ XCTFail("Expected to leak traffic to \(rule.host) outside of tunnel")
}
}
}
-protocol LeakRule {
- func isViolated(streams: [Stream]) -> Bool
-}
-
-class NoTrafficToHostLeakRule: LeakRule {
+class NoTrafficToHostLeakRule {
let host: String
init(host: String) {
diff --git a/ios/MullvadVPNUITests/Networking/PacketCapture.swift b/ios/MullvadVPNUITests/Networking/PacketCapture.swift
index 7c26d9cc59..d47e8433ba 100644
--- a/ios/MullvadVPNUITests/Networking/PacketCapture.swift
+++ b/ios/MullvadVPNUITests/Networking/PacketCapture.swift
@@ -164,6 +164,8 @@ class PacketCaptureClient: TestRouterAPIClient {
var collectionStartDate: Date?
var collectionEndDate: Date?
+ XCTAssertTrue(streams.count >= 1, "Captured streams are empty, expected at least 1")
+
for stream in streams {
if collectionStartDate != nil {
collectionStartDate = min(collectionStartDate!, stream.dateInterval.start)
diff --git a/ios/MullvadVPNUITests/Networking/TestRouterAPIClient.swift b/ios/MullvadVPNUITests/Networking/TestRouterAPIClient.swift
index 7eb1f535dd..0d9c9da258 100644
--- a/ios/MullvadVPNUITests/Networking/TestRouterAPIClient.swift
+++ b/ios/MullvadVPNUITests/Networking/TestRouterAPIClient.swift
@@ -9,16 +9,8 @@
import XCTest
class TestRouterAPIClient {
- // swiftlint:disable force_cast
- static let baseURL = URL(
- string:
- Bundle(for: FirewallClient.self).infoDictionary?["FirewallApiBaseURL"] as! String
- )!
- // swiftlint:enable force_cast
-
- static func getIPAddress() throws -> String {
- return ""
- }
+ // swiftlint:disable:next force_cast
+ static let baseURL = URL(string: Bundle(for: FirewallClient.self).infoDictionary?["FirewallApiBaseURL"] as! String)!
/// Gets the IP address of the device under test
public func getDeviceIPAddress() throws -> String {
diff --git a/ios/MullvadVPNUITests/Networking/TrafficGenerator.swift b/ios/MullvadVPNUITests/Networking/TrafficGenerator.swift
index 6e9faaad2b..8a911837f5 100644
--- a/ios/MullvadVPNUITests/Networking/TrafficGenerator.swift
+++ b/ios/MullvadVPNUITests/Networking/TrafficGenerator.swift
@@ -35,12 +35,12 @@ class TrafficGenerator {
print("Attempting to reconnect")
connection.forceCancel()
- connection = recreateConnection()
+ connection = createConnection()
setupConnection()
setupOtherHandlers()
}
- func recreateConnection() -> NWConnection {
+ func createConnection() -> NWConnection {
let params = NWParameters.udp
return NWConnection(
host: NWEndpoint.Host(destinationHost),
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.