firezone
test(connlib): simulate IO in state machine tests
This is similar to #4097 and #4585 but for the entire ClientState and GatewayState. We also do it in the context of a property-based test with the vision that we can deterministically explore a large space of state transitions and see where our main property breaks: Being able to send an ICMP packet from the client to the gateway.
In other words, we now correctly pass all the Transmits back and forth between the components as if they would receive it from the network. Due to the nature of property-based tests, this already exercises a very large input space. For example, if the client does not have an IPv6 socket and the gateway doesn't have an IPv4 socket, this test already checks whether we then correctly fall back to using a relay (because the allocation we make on the relay is the only network path where the STUN requests pass through).
What this does not (yet) do is set up a proper network topology. The dispatch_transmit function will happily "route" a Transmit from e.g. the client to the gateway even if they are in different subnets. In other words, these tests assume that the actual network itself works and we can exchange UDP packets between the components.
For now, we only send ICMPs to CIDR resources. As a next step, we can extend this to DNS resources by sending DNS queries for our DNS resources and then sending an ICMP to the resolved IP.
The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| firezone | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | May 22, 2024 11:01pm |
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
Terraform Cloud Plan Output
Plan: 15 to add, 15 to change, 15 to destroy.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Performance Test Results
TCP
| Test Name | Received/s | Sent/s | Retransmits |
|---|---|---|---|
| direct-tcp-client2server | 240.5 MiB (+1%) | 243.1 MiB (+1%) | 276 (+44%) |
| direct-tcp-server2client | 244.3 MiB (-1%) | 245.3 MiB (-1%) | 229 (-14%) |
| relayed-tcp-client2server | 224.2 MiB (-2%) | 225.7 MiB (-1%) | 247 (+16%) |
| relayed-tcp-server2client | 240.1 MiB (+3%) | 240.8 MiB (+3%) | 332 (+3%) |
UDP
| Test Name | Total/s | Jitter | Lost |
|---|---|---|---|
| direct-udp-client2server | 500.0 MiB (-0%) | 0.05ms (+46%) | 41.14% (+4%) |
| direct-udp-server2client | 500.0 MiB (+0%) | 0.01ms (-56%) | 24.61% (+10%) |
| relayed-udp-client2server | 500.0 MiB (+0%) | 0.06ms (-84%) | 56.27% (-3%) |
| relayed-udp-server2client | 500.0 MiB (+0%) | 0.03ms (+71%) | 42.92% (-16%) |
@ReactorScram I am merging based on @conectado 's review and to move my stacked PRs forward. I'll implement any feedback in follow-up PRs!