From 6eff6645c7c58d74f177b74fdffa08a539ca2072 Mon Sep 17 00:00:00 2001
From: Bartosz Zbytniewski <bartosz.zbytniewski@nordsec.com>
Date: Wed, 18 Dec 2024 16:16:59 +0100
Subject: [PATCH] Improve fileshare monitoring tests

---
 test/qa/lib/fileshare.py  | 20 +++++++++++++++++
 test/qa/test_fileshare.py | 47 ++++++++++++++++++++++++++++++---------
 2 files changed, 56 insertions(+), 11 deletions(-)

diff --git a/test/qa/lib/fileshare.py b/test/qa/lib/fileshare.py
index 737ca9c9..a0df2aaa 100644
--- a/test/qa/lib/fileshare.py
+++ b/test/qa/lib/fileshare.py
@@ -8,6 +8,8 @@
 
 import pytest
 import sh
+import socket
+import os
 
 from . import FILE_HASH_UTILITY, logging, ssh
 
@@ -370,3 +372,21 @@ class FileSystemEntity(Enum):
 
     def __str__(self):
         return self.value
+
+
+def bind_port():
+    try:
+        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 0)
+        sock.bind(('0.0.0.0', 49111))
+        sock.listen(1)
+        print(f"Successfully bound to fileshare port")
+        return sock
+    except socket.error as e:
+        print(f"Failed to bind to fileshare port: {e}")
+        return None
+
+
+def port_is_allowed() -> bool:
+    rules = os.popen("sudo iptables -S").read()
+    return "49111 -m comment --comment nordvpn-meshnet -j ACCEPT" in rules
diff --git a/test/qa/test_fileshare.py b/test/qa/test_fileshare.py
index 64ae9786..7a78cabb 100644
--- a/test/qa/test_fileshare.py
+++ b/test/qa/test_fileshare.py
@@ -1347,26 +1347,51 @@ def test_clear():
     assert len(lines_outgoing) == 3, str(lines_outgoing)
 
 
-def test_fileshare_process_monitoring():
+def test_fileshare_process_monitoring_manages_fileshare_rules_on_process_state_changes():
     # port is open when fileshare is running
-    rules = os.popen("sudo iptables -S").read()
-    assert "49111 -m comment --comment nordvpn-meshnet -j ACCEPT" in rules
+    assert fileshare.port_is_allowed()
 
     sh.pkill("-SIGKILL", "nordfileshare")
-    # at the time of writing, the monitoring job is executed periodically every 500 milliseconds,
-    # wait for 1 second to be sure the job executed
-    time.sleep(1)
+    # at the time of writing, the monitoring job is executed periodically every second,
+    # wait for 2 seconds to be sure the job executed
+    time.sleep(2)
 
     # port is not allowed when fileshare is down
-    rules = os.popen("sudo iptables -S").read()
-    assert "49111 -m comment --comment nordvpn-meshnet -j ACCEPT" not in rules
+    assert not fileshare.port_is_allowed()
+
+    os.popen("/usr/lib/nordvpn/nordfileshare &")
+    time.sleep(2)
+    # port is allowed again when fileshare process is up
+    assert fileshare.port_is_allowed()
+
+
+def test_fileshare_process_monitoring_cuts_the_port_access_even_when_it_was_taken_before():
+    # stop meshnet to bind to 49111 first
+    sh.nordvpn.set.meshnet.off()
+
+    # no meshnet - no port
+    assert not fileshare.port_is_allowed()
+
+    # bind to port before fileshare process starts
+    sock = fileshare.bind_port()
+    assert sock is not None
+
+    # start meshnet
+    sh.nordvpn.set.meshnet.on() # now fileshare tries to start but fails because the port is taken
+    time.sleep(2)
+
+    # port should not be allowed (fileshare is down)
+    assert not fileshare.port_is_allowed()
 
+    # free the port
+    sock.close()
+
+    # now fileshare can start properly
     os.popen("/usr/lib/nordvpn/nordfileshare &")
-    time.sleep(10)
+    time.sleep(2)
 
     # port is allowed again when fileshare process is up
-    rules = os.popen("sudo iptables -S").read()
-    assert "49111 -m comment --comment nordvpn-meshnet -j ACCEPT" in rules
+    assert fileshare.port_is_allowed()
 
 
 @pytest.mark.parametrize("background_accept", [True, False], ids=["accept_bg", "accept_int"])