NAT Traversal testing utils and test WIPs

Author: joshuakarp

scripts/test-pipelines.sh

@@ -59,7 +59,7 @@ test $test_dir:
   interruptible: true
   script:
     - >
-        nix-shell -I nixpkgs=./pkgs.nix --packages nodejs --run '
+        nix-shell -I nixpkgs=./pkgs.nix --packages nodejs iproute2 utillinux nftables iptables --run '
         npm ci;
         npm test -- ${test_files[@]};
         '
@@ -76,7 +76,7 @@ test index:
   interruptible: true
   script:
     - >
-        nix-shell -I nixpkgs=./pkgs.nix --packages nodejs --run '
+        nix-shell -I nixpkgs=./pkgs.nix --packages nodejs iptables-legacy --run '
         npm ci;
         npm test -- ${test_files[@]};
         '

shell.nix

@@ -11,6 +11,7 @@ in
       grpc-tools
       grpcurl
       utils.pkg
+      utillinux
     ];
     PKG_CACHE_PATH = utils.pkgCachePath;
     PKG_IGNORE_TAG = 1;

tests/nat/endpointDependentNAT.test.ts

@@ -0,0 +1,147 @@
+import os from 'os';
+import path from 'path';
+import fs from 'fs';
+import Logger, { LogLevel, StreamHandler } from '@matrixai/logger';
+import * as testNatUtils from './utils';
+
+describe('endpoint dependent NAT traversal', () => {
+  const logger = new Logger('EDM NAT test', LogLevel.WARN, [
+    new StreamHandler(),
+  ]);
+  let dataDir: string;
+  beforeEach(async () => {
+    dataDir = await fs.promises.mkdtemp(
+      path.join(os.tmpdir(), 'polykey-test-'),
+    );
+  });
+  afterEach(async () => {
+    await fs.promises.rm(dataDir, {
+      force: true,
+      recursive: true,
+    });
+  });
+  test(
+    'Node1 behind EDM NAT connects to Node2',
+    async () => {
+      const {
+        userPid,
+        agent1Pid,
+        password,
+        dataDir,
+        agent1NodePath,
+        agent2NodeId,
+        tearDownNAT,
+      } = await testNatUtils.setupNAT('edm', 'dmz', logger);
+      const { exitCode, stdout } = await testNatUtils.pkExecNs(
+        userPid,
+        agent1Pid,
+        ['nodes', 'ping', agent2NodeId, '--format', 'json'],
+        {
+          PK_NODE_PATH: agent1NodePath,
+          PK_PASSWORD: password,
+        },
+        dataDir,
+      );
+      expect(exitCode).toBe(0);
+      expect(JSON.parse(stdout)).toEqual({
+        success: true,
+        message: 'Node is Active.',
+      });
+      await tearDownNAT();
+    },
+    global.defaultTimeout * 2,
+  );
+  test(
+    'Node1 connects to Node2 behind EDM NAT',
+    async () => {
+      const {
+        userPid,
+        agent1Pid,
+        password,
+        dataDir,
+        agent1NodePath,
+        agent2NodeId,
+        tearDownNAT,
+      } = await testNatUtils.setupNAT('dmz', 'edm', logger);
+      const { exitCode, stdout } = await testNatUtils.pkExecNs(
+        userPid,
+        agent1Pid,
+        ['nodes', 'ping', agent2NodeId, '--format', 'json'],
+        {
+          PK_NODE_PATH: agent1NodePath,
+          PK_PASSWORD: password,
+        },
+        dataDir,
+      );
+      expect(exitCode).toBe(0);
+      expect(JSON.parse(stdout)).toEqual({
+        success: true,
+        message: 'Node is Active.',
+      });
+      await tearDownNAT();
+    },
+    global.defaultTimeout * 2,
+  );
+  test(
+    'Node1 behind EDM NAT cannot connect to Node2 behind EDM NAT',
+    async () => {
+      const {
+        userPid,
+        agent1Pid,
+        password,
+        dataDir,
+        agent1NodePath,
+        agent2NodeId,
+        tearDownNAT,
+      } = await testNatUtils.setupNAT('edm', 'edm', logger);
+      const { exitCode, stdout } = await testNatUtils.pkExecNs(
+        userPid,
+        agent1Pid,
+        ['nodes', 'ping', agent2NodeId, '--format', 'json'],
+        {
+          PK_NODE_PATH: agent1NodePath,
+          PK_PASSWORD: password,
+        },
+        dataDir,
+      );
+      expect(exitCode).not.toBe(0);
+      expect(JSON.parse(stdout)).toEqual({
+        success: false,
+        message: `No response received`,
+      });
+      await tearDownNAT();
+    },
+    global.defaultTimeout * 2,
+  );
+  test(
+    'Node1 behind EDM NAT cannot connect to Node2 behind EIM NAT',
+    async () => {
+      const {
+        userPid,
+        agent1Pid,
+        password,
+        dataDir,
+        agent1NodePath,
+        agent2NodeId,
+        tearDownNAT,
+      } = await testNatUtils.setupNAT('edm', 'eim', logger);
+      const { exitCode, stdout } = await testNatUtils.pkExecNs(
+        userPid,
+        agent1Pid,
+        ['nodes', 'ping', agent2NodeId, '--format', 'json'],
+        {
+          PK_NODE_PATH: agent1NodePath,
+          PK_PASSWORD: password,
+        },
+        dataDir,
+      );
+      expect(exitCode).not.toBe(0);
+      expect(JSON.parse(stdout)).toEqual({
+        success: false,
+        message: `No response received`,
+      });
+      await tearDownNAT();
+    },
+    global.defaultTimeout * 2,
+  );
+});