1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause
//go:build linux
package linuxfw
import (
"net/netip"
"tailscale.com/types/logger"
)
// FakeNetfilterRunner is a fake netfilter runner for tests.
type FakeNetfilterRunner struct {
// services is a map that tracks the firewall rules added/deleted via
// EnsureDNATRuleForSvc/DeleteDNATRuleForSvc.
services map[string]struct {
TailscaleServiceIP netip.Addr
ClusterIP netip.Addr
}
}
// NewFakeNetfilterRunner creates a new FakeNetfilterRunner.
func NewFakeNetfilterRunner() *FakeNetfilterRunner {
return &FakeNetfilterRunner{
services: make(map[string]struct {
TailscaleServiceIP netip.Addr
ClusterIP netip.Addr
}),
}
}
func (f *FakeNetfilterRunner) EnsureDNATRuleForSvc(svcName string, origDst, dst netip.Addr) error {
f.services[svcName] = struct {
TailscaleServiceIP netip.Addr
ClusterIP netip.Addr
}{origDst, dst}
return nil
}
func (f *FakeNetfilterRunner) DeleteDNATRuleForSvc(svcName string, origDst, dst netip.Addr) error {
delete(f.services, svcName)
return nil
}
func (f *FakeNetfilterRunner) GetServiceState() map[string]struct {
TailscaleServiceIP netip.Addr
ClusterIP netip.Addr
} {
return f.services
}
func (f *FakeNetfilterRunner) HasIPV6() bool {
return true
}
func (f *FakeNetfilterRunner) HasIPV6Filter() bool {
return true
}
func (f *FakeNetfilterRunner) HasIPV6NAT() bool {
return true
}
func (f *FakeNetfilterRunner) AddBase(tunname string) error { return nil }
func (f *FakeNetfilterRunner) DelBase() error { return nil }
func (f *FakeNetfilterRunner) AddChains() error { return nil }
func (f *FakeNetfilterRunner) DelChains() error { return nil }
func (f *FakeNetfilterRunner) AddHooks() error { return nil }
func (f *FakeNetfilterRunner) DelHooks(logf logger.Logf) error { return nil }
func (f *FakeNetfilterRunner) AddSNATRule() error { return nil }
func (f *FakeNetfilterRunner) DelSNATRule() error { return nil }
func (f *FakeNetfilterRunner) AddStatefulRule(tunname string) error { return nil }
func (f *FakeNetfilterRunner) DelStatefulRule(tunname string) error { return nil }
func (f *FakeNetfilterRunner) AddLoopbackRule(addr netip.Addr) error { return nil }
func (f *FakeNetfilterRunner) DelLoopbackRule(addr netip.Addr) error { return nil }
func (f *FakeNetfilterRunner) AddDNATRule(origDst, dst netip.Addr) error { return nil }
func (f *FakeNetfilterRunner) DNATWithLoadBalancer(origDst netip.Addr, dsts []netip.Addr) error {
return nil
}
func (f *FakeNetfilterRunner) EnsureSNATForDst(src, dst netip.Addr) error { return nil }
func (f *FakeNetfilterRunner) DNATNonTailscaleTraffic(tun string, dst netip.Addr) error { return nil }
func (f *FakeNetfilterRunner) ClampMSSToPMTU(tun string, addr netip.Addr) error { return nil }
func (f *FakeNetfilterRunner) AddMagicsockPortRule(port uint16, network string) error { return nil }
func (f *FakeNetfilterRunner) DelMagicsockPortRule(port uint16, network string) error { return nil }
func (f *FakeNetfilterRunner) DeletePortMapRuleForSvc(svc, tun string, targetIP netip.Addr, pm PortMap) error {
return nil
}
func (f *FakeNetfilterRunner) DeleteSvc(svc, tun string, targetIPs []netip.Addr, pms []PortMap) error {
return nil
}
func (f *FakeNetfilterRunner) EnsurePortMapRuleForSvc(svc, tun string, targetIP netip.Addr, pm PortMap) error {
return nil
}
|
