mirror of
https://github.com/telemt/telemt.git
synced 2026-07-11 14:30:18 +03:00
Rustfmt
This commit is contained in:
@@ -340,9 +340,21 @@ fn cidr_rate_limits_accept_auto_templates_in_strict_config() {
|
||||
"#,
|
||||
);
|
||||
|
||||
assert!(cfg.access.cidr_rate_limits.contains_key(&CidrRateLimitKey::AutoDual(24)));
|
||||
assert!(cfg.access.cidr_rate_limits.contains_key(&CidrRateLimitKey::AutoV4(30)));
|
||||
assert!(cfg.access.cidr_rate_limits.contains_key(&CidrRateLimitKey::AutoV6(64)));
|
||||
assert!(
|
||||
cfg.access
|
||||
.cidr_rate_limits
|
||||
.contains_key(&CidrRateLimitKey::AutoDual(24))
|
||||
);
|
||||
assert!(
|
||||
cfg.access
|
||||
.cidr_rate_limits
|
||||
.contains_key(&CidrRateLimitKey::AutoV4(30))
|
||||
);
|
||||
assert!(
|
||||
cfg.access
|
||||
.cidr_rate_limits
|
||||
.contains_key(&CidrRateLimitKey::AutoV6(64))
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
@@ -1774,7 +1786,9 @@ fn client_mss_bulk_out_of_range_is_rejected() {
|
||||
"#
|
||||
);
|
||||
let dir = std::env::temp_dir();
|
||||
let path = dir.join(format!("telemt_client_mss_bulk_out_of_range_{value}_test.toml"));
|
||||
let path = dir.join(format!(
|
||||
"telemt_client_mss_bulk_out_of_range_{value}_test.toml"
|
||||
));
|
||||
std::fs::write(&path, toml).unwrap();
|
||||
let err = ProxyConfig::load(&path).unwrap_err().to_string();
|
||||
|
||||
|
||||
@@ -101,9 +101,11 @@ async fn write_secure_payload(payload_len: usize) -> (MeD2cWriteMode, Vec<u8>) {
|
||||
fn assert_secure_payload_with_tail_padding(cleartext: &[u8], payload_len: usize) {
|
||||
let wire_len = secure_wire_len(cleartext);
|
||||
assert_eq!(cleartext.len(), 4 + wire_len);
|
||||
assert!(cleartext[4..4 + payload_len]
|
||||
.iter()
|
||||
.all(|byte| *byte == 0xa5));
|
||||
assert!(
|
||||
cleartext[4..4 + payload_len]
|
||||
.iter()
|
||||
.all(|byte| *byte == 0xa5)
|
||||
);
|
||||
|
||||
let padding_len = wire_len
|
||||
.checked_sub(payload_len)
|
||||
|
||||
@@ -453,9 +453,7 @@ impl PolicySnapshot {
|
||||
fn match_auto_cidr(&self, ip: IpAddr) -> Option<CidrPolicyMatch<'_>> {
|
||||
let rule = match ip {
|
||||
IpAddr::V4(_) => self.cidr_auto_rules_v4.first()?,
|
||||
IpAddr::V6(_) => self
|
||||
.cidr_auto_rules_v6
|
||||
.first()?,
|
||||
IpAddr::V6(_) => self.cidr_auto_rules_v6.first()?,
|
||||
};
|
||||
let key = auto_cidr_bucket_key(ip, rule.prefix_len)?;
|
||||
Some(CidrPolicyMatch::Auto {
|
||||
|
||||
@@ -68,13 +68,9 @@ async fn apply_rules_for_binary(
|
||||
let chain = namespace.iptables_chain.as_str();
|
||||
let _ = run_command(binary, &["-t", "filter", "-N", chain], None).await;
|
||||
run_command(binary, &["-t", "filter", "-F", chain], None).await?;
|
||||
if run_command(
|
||||
binary,
|
||||
&["-t", "filter", "-C", "INPUT", "-j", chain],
|
||||
None,
|
||||
)
|
||||
.await
|
||||
.is_err()
|
||||
if run_command(binary, &["-t", "filter", "-C", "INPUT", "-j", chain], None)
|
||||
.await
|
||||
.is_err()
|
||||
{
|
||||
run_command(
|
||||
binary,
|
||||
@@ -260,13 +256,7 @@ pub(super) async fn clear_rules_for_binary(
|
||||
let mut removed = false;
|
||||
let chain = namespace.iptables_chain.as_str();
|
||||
for _ in 0..8 {
|
||||
match run_command(
|
||||
binary,
|
||||
&["-t", "filter", "-D", "INPUT", "-j", chain],
|
||||
None,
|
||||
)
|
||||
.await
|
||||
{
|
||||
match run_command(binary, &["-t", "filter", "-D", "INPUT", "-j", chain], None).await {
|
||||
Ok(()) => {
|
||||
removed = true;
|
||||
}
|
||||
|
||||
@@ -97,9 +97,7 @@ pub(crate) async fn clear_synlimit_rules_all_backends() -> Result<bool, String>
|
||||
clear_synlimit_rules_for_namespace(&namespace).await
|
||||
}
|
||||
|
||||
async fn clear_synlimit_rules_for_namespace(
|
||||
namespace: &SynLimitNamespace,
|
||||
) -> Result<bool, String> {
|
||||
async fn clear_synlimit_rules_for_namespace(namespace: &SynLimitNamespace) -> Result<bool, String> {
|
||||
if !has_cap_net_admin() {
|
||||
return Ok(false);
|
||||
}
|
||||
|
||||
@@ -319,7 +319,10 @@ mod tests {
|
||||
targets.iptables_v4[0].ip,
|
||||
Some(IpAddr::V4(Ipv4Addr::new(203, 0, 113, 1)))
|
||||
);
|
||||
assert_eq!(targets.iptables_v6[0].ip, Some(IpAddr::V6(Ipv6Addr::LOCALHOST)));
|
||||
assert_eq!(
|
||||
targets.iptables_v6[0].ip,
|
||||
Some(IpAddr::V6(Ipv6Addr::LOCALHOST))
|
||||
);
|
||||
assert_eq!(
|
||||
targets.nft_v4[0].ip,
|
||||
Some(IpAddr::V4(Ipv4Addr::new(203, 0, 113, 2)))
|
||||
|
||||
@@ -199,8 +199,7 @@ pub(super) async fn clear_rules_all_families(
|
||||
let mut removed = false;
|
||||
let table = namespace.nft_table.as_str();
|
||||
for family in [NftFamily::Inet, NftFamily::Ip, NftFamily::Ip6] {
|
||||
match run_command("nft", &["delete", "table", family.as_str(), table], None).await
|
||||
{
|
||||
match run_command("nft", &["delete", "table", family.as_str(), table], None).await {
|
||||
Ok(()) => {
|
||||
removed = true;
|
||||
}
|
||||
|
||||
@@ -729,7 +729,10 @@ mod tests {
|
||||
assert_eq!(
|
||||
MePool::select_socks_bound_addr(
|
||||
IpFamily::V4,
|
||||
Some(upstream_egress(UpstreamRouteKind::Socks5, Some(bogon_bound)))
|
||||
Some(upstream_egress(
|
||||
UpstreamRouteKind::Socks5,
|
||||
Some(bogon_bound)
|
||||
))
|
||||
),
|
||||
None
|
||||
);
|
||||
@@ -776,7 +779,9 @@ mod tests {
|
||||
);
|
||||
assert_eq!(
|
||||
KdfClientPortSource::from_socks_bound_port(
|
||||
Some(zero_port_bound).filter(|addr| addr.port() != 0).map(|addr| addr.port())
|
||||
Some(zero_port_bound)
|
||||
.filter(|addr| addr.port() != 0)
|
||||
.map(|addr| addr.port())
|
||||
),
|
||||
KdfClientPortSource::LocalSocket
|
||||
);
|
||||
|
||||
Reference in New Issue
Block a user