Skip to content

Commit

Permalink
Improve fileshare monitoring tests
Browse files Browse the repository at this point in the history
  • Loading branch information
devzbysiu committed Dec 18, 2024
1 parent 07f7256 commit 0992103
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 11 deletions.
20 changes: 20 additions & 0 deletions test/qa/lib/fileshare.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@

import pytest
import sh
import socket
import os

from . import FILE_HASH_UTILITY, logging, ssh

Expand Down Expand Up @@ -370,3 +372,21 @@ class FileSystemEntity(Enum):

def __str__(self):
return self.value


def bind_port():
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 0)
sock.bind(('0.0.0.0', 49111))
sock.listen(1)
print(f"Successfully bound to fileshare port")
return sock
except socket.error as e:
print(f"Failed to bind to fileshare port: {e}")
return None


def port_is_allowed() -> bool:
rules = os.popen("sudo iptables -S").read()
return "49111 -m comment --comment nordvpn-meshnet -j ACCEPT" in rules
47 changes: 36 additions & 11 deletions test/qa/test_fileshare.py
Original file line number Diff line number Diff line change
Expand Up @@ -1347,26 +1347,51 @@ def test_clear():
assert len(lines_outgoing) == 3, str(lines_outgoing)


def test_fileshare_process_monitoring():
def test_fileshare_process_monitoring_manages_fileshare_rules_on_process_state_changes():
# port is open when fileshare is running
rules = os.popen("sudo iptables -S").read()
assert "49111 -m comment --comment nordvpn-meshnet -j ACCEPT" in rules
assert fileshare.port_is_allowed()

sh.pkill("-SIGKILL", "nordfileshare")
# at the time of writing, the monitoring job is executed periodically every 500 milliseconds,
# wait for 1 second to be sure the job executed
time.sleep(1)
# at the time of writing, the monitoring job is executed periodically every second,
# wait for 2 seconds to be sure the job executed
time.sleep(2)

# port is not allowed when fileshare is down
rules = os.popen("sudo iptables -S").read()
assert "49111 -m comment --comment nordvpn-meshnet -j ACCEPT" not in rules
assert not fileshare.port_is_allowed()

os.popen("/usr/lib/nordvpn/nordfileshare &")
time.sleep(2)
# port is allowed again when fileshare process is up
assert fileshare.port_is_allowed()


def test_fileshare_process_monitoring_cuts_the_port_access_even_when_it_was_taken_before():
# stop meshnet to bind to 49111 first
sh.nordvpn.set.meshnet.off()

# no meshnet - no port
assert not fileshare.port_is_allowed()

# bind to port before fileshare process starts
sock = fileshare.bind_port()
assert sock is not None

# start meshnet
sh.nordvpn.set.meshnet.on() # now fileshare tries to start but fails because the port is taken
time.sleep(2)

# port should not be allowed (fileshare is down)
assert not fileshare.port_is_allowed()

# free the port
sock.close()

# now fileshare can start properly
os.popen("/usr/lib/nordvpn/nordfileshare &")
time.sleep(10)
time.sleep(2)

# port is allowed again when fileshare process is up
rules = os.popen("sudo iptables -S").read()
assert "49111 -m comment --comment nordvpn-meshnet -j ACCEPT" in rules
assert fileshare.port_is_allowed()


@pytest.mark.parametrize("background_accept", [True, False], ids=["accept_bg", "accept_int"])
Expand Down

0 comments on commit 0992103

Please sign in to comment.