Merge branch 'add-remaining-lwo'

author: David Lönnhager <david.l@mullvad.net> 2025-09-30 16:09:50 +0200
committer: David Lönnhager <david.l@mullvad.net> 2025-09-30 16:09:50 +0200
commit: 30bae1819de1ede5c4b9334dbd2b6cf945e237fd (patch)
tree: 05e7334b2d134b47b32e1f1c725ffcf490d9a6c2 /test
parent: 51ede1644ebb79ef2f2d054a03b278ea78e5df63 (diff)
parent: 6ee119d8e435c91a12392a0aae94303f448c3676 (diff)
download: mullvadvpn-30bae1819de1ede5c4b9334dbd2b6cf945e237fd.tar.xz
mullvadvpn-30bae1819de1ede5c4b9334dbd2b6cf945e237fd.zip
2 files changed, 66 insertions, 24 deletions
diff --git a/test/test-manager/src/tests/tunnel.rs b/test/test-manager/src/tests/tunnel.rs
index 3d6ac6432e..7cf23c1ef2 100644
--- a/test/test-manager/src/tests/tunnel.rs
+++ b/test/test-manager/src/tests/tunnel.rs
@@ -322,6 +322,45 @@ pub async fn test_wireguard_over_quic_ipvx(
     Ok(())
 }
 
+/// Use LWO obfuscation. This tests whether the daemon can connect using LWO.
+/// Note that this doesn't verify that the outgoing traffic does not look like WG
+#[duplicate_item(
+      VX     test_wireguard_over_lwo_ipvx;
+    [ V4 ] [ test_wireguard_over_lwo_ipv4 ];
+    [ V6 ] [ test_wireguard_over_lwo_ipv6 ];
+)]
+#[test_function(skip)]
+pub async fn test_wireguard_over_lwo_ipvx(
+    _: TestContext,
+    rpc: ServiceClient,
+    mut mullvad_client: MullvadProxyClient,
+) -> anyhow::Result<()> {
+    let ip_version = IpVersion::VX;
+
+    log::info!("Enable LWO as obfuscation method");
+    let query = RelayQueryBuilder::wireguard()
+        .ip_version(ip_version)
+        .lwo()
+        .build();
+    apply_settings_from_relay_query(&mut mullvad_client, query).await?;
+
+    log::info!("Connect to WireGuard via LWO endpoint");
+    connect_and_wait(&mut mullvad_client).await?;
+
+    // Verify that the device has a Mullvad exit IP
+    let conncheck = geoip_lookup_with_retries(&rpc).await;
+    let mullvad_exit_ip = conncheck
+        .as_ref()
+        .is_ok_and(|am_i_mullvad| am_i_mullvad.mullvad_exit_ip);
+    ensure!(
+        mullvad_exit_ip,
+        "Device is either blocked ❌ or leaking 💦 - {:?}",
+        conncheck,
+    );
+
+    Ok(())
+}
+
 /// Test whether bridge mode works. This fails if:
 /// * No outgoing traffic to the bridge/entry relay is observed from the SUT.
 /// * The conncheck reports an unexpected exit relay.
diff --git a/test/test-manager/test_macro/src/lib.rs b/test/test-manager/test_macro/src/lib.rs
index 88b1f4f1df..8fe3c32916 100644
--- a/test/test-manager/test_macro/src/lib.rs
+++ b/test/test-manager/test_macro/src/lib.rs
@@ -106,35 +106,38 @@ fn get_test_macro_parameters(attributes: &syn::AttributeArgs) -> Result<MacroPar
     let mut skip = false;
 
     for attribute in attributes {
-        // we only use name-value attributes
-        let NestedMeta::Meta(Meta::NameValue(nv)) = attribute else {
-            bail!(attribute, "unknown attribute");
-        };
-        let lit = &nv.lit;
+        match attribute {
+            NestedMeta::Meta(Meta::Path(path)) if path.is_ident("skip") => {
+                skip = true;
+            }
+            NestedMeta::Meta(Meta::NameValue(nv)) => {
+                let lit = &nv.lit;
 
-        match &nv.path {
-            path if path.is_ident("priority") => match lit {
-                Lit::Int(lit_int) => priority = Some(lit_int.base10_parse().unwrap()),
-                _ => bail!(nv, "'priority' should have an integer value"),
-            },
-            path if path.is_ident("target_os") => {
-                let Lit::Str(lit_str) = lit else {
-                    bail!(nv, "'target_os' should have a string value");
-                };
+                match &nv.path {
+                    path if path.is_ident("priority") => match lit {
+                        Lit::Int(lit_int) => priority = Some(lit_int.base10_parse().unwrap()),
+                        _ => bail!(nv, "'priority' should have an integer value"),
+                    },
+                    path if path.is_ident("target_os") => {
+                        let Lit::Str(lit_str) = lit else {
+                            bail!(nv, "'target_os' should have a string value");
+                        };
 
-                let target = match lit_str.value().parse() {
-                    Ok(os) => os,
-                    Err(e) => bail!(lit_str, "{e}"),
-                };
+                        let target = match lit_str.value().parse() {
+                            Ok(os) => os,
+                            Err(e) => bail!(lit_str, "{e}"),
+                        };
 
-                if targets.contains(&target) {
-                    bail!(nv, "Duplicate target");
-                }
+                        if targets.contains(&target) {
+                            bail!(nv, "Duplicate target");
+                        }
 
-                targets.push(target);
+                        targets.push(target);
+                    }
+                    _ => bail!(nv, "unknown attribute"),
+                }
             }
-            path if path.is_ident("skip") => skip = true,
-            _ => bail!(nv, "unknown attribute"),
+            _ => bail!(attribute, "unknown attribute"),
         }
     }
author	David Lönnhager <david.l@mullvad.net>	2025-09-30 16:09:50 +0200
committer	David Lönnhager <david.l@mullvad.net>	2025-09-30 16:09:50 +0200
commit	30bae1819de1ede5c4b9334dbd2b6cf945e237fd (patch)
tree	05e7334b2d134b47b32e1f1c725ffcf490d9a6c2 /test
parent	51ede1644ebb79ef2f2d054a03b278ea78e5df63 (diff)
parent	6ee119d8e435c91a12392a0aae94303f448c3676 (diff)
download	mullvadvpn-30bae1819de1ede5c4b9334dbd2b6cf945e237fd.tar.xz mullvadvpn-30bae1819de1ede5c4b9334dbd2b6cf945e237fd.zip