address comment

This commit is contained in:
benedettadavico
2026-06-02 08:03:27 +02:00
parent 8392f7da94
commit dad2d30773
3 changed files with 45 additions and 25 deletions
+13 -13
View File
@@ -80,8 +80,6 @@ pub async fn wg_probe(
AuthenticatorVersion::V1 | AuthenticatorVersion::UNKNOWN => bail!("unknown version number"),
};
let mut wg_outcome = WgProbeResults::default();
info!(
"connecting to authenticator: {}...",
auth_client.auth_recipient
@@ -135,9 +133,9 @@ pub async fn wg_probe(
info!("Successfully registered with the gateway");
wg_outcome.can_register = true;
// Run tunnel connectivity tests using shared helper
// Run tunnel connectivity tests using shared helper.
// run_tunnel_tests issues blocking CGo calls into Go, so it must run on
// tokio's dedicated blocking thread pool to avoid stalling the async runtime.
let tunnel_config = WgTunnelConfig::new(
registered_data.private_ips().ipv4.to_string(),
registered_data.private_ips().ipv6.to_string(),
@@ -145,16 +143,18 @@ pub async fn wg_probe(
public_key_hex,
wg_endpoint,
);
let awg_str = awg_args.unwrap_or_default();
run_tunnel_tests(
&tunnel_config,
&netstack_args,
&awg_args.unwrap_or_default(),
port_check_only,
&mut wg_outcome,
);
let mut tunnel_result = tokio::task::spawn_blocking(move || {
run_tunnel_tests(&tunnel_config, &netstack_args, &awg_str, port_check_only)
})
.await
.map_err(|e| anyhow::anyhow!("netstack task panicked: {e}"))?;
Ok(wg_outcome)
// can_register is determined by the auth handshake above, not by netstack
tunnel_result.can_register = true;
Ok(tunnel_result)
}
pub async fn lp_registration_probe(
+11 -8
View File
@@ -65,24 +65,25 @@ impl WgTunnelConfig {
/// - Optional download test
/// - Optional exit policy port check (TCP connect through tunnel)
///
/// Results are written directly into the provided `wg_outcome` to avoid field-by-field
/// copying at call sites.
/// **Important:** this function issues blocking FFI calls into Go (CGo) and MUST be
/// called via `tokio::task::spawn_blocking` at any async call site. It returns a
/// fresh `WgProbeResults`; the caller sets `can_register` after verifying WG
/// registration succeeded.
///
/// # Arguments
/// * `config` - WireGuard tunnel configuration
/// * `netstack_args` - Netstack test parameters (DNS, hosts to ping, timeouts, etc.)
/// * `awg_args` - Amnezia WireGuard arguments (empty string for standard WG)
/// * `port_check_only` - If true, skip pings/download and only run TCP port checks
/// * `wg_outcome` - Mutable reference to write test results into
// This function extracts the shared netstack testing logic from
// wg_probe() and wg_probe_lp() to eliminate code duplication.
// This function extracts the shared netstack testing logic from wg_probe()
// to eliminate code duplication across probe modes.
pub fn run_tunnel_tests(
config: &WgTunnelConfig,
netstack_args: &NetstackArgs,
awg_args: &str,
port_check_only: bool,
wg_outcome: &mut WgProbeResults,
) {
) -> WgProbeResults {
let mut wg_outcome = WgProbeResults::default();
// Build the netstack request
let netstack_request = NetstackRequest::new(
&config.private_ipv4,
@@ -143,7 +144,7 @@ pub fn run_tunnel_tests(
// in port-check-only mode, skip IPv6 tests — port checks ran through IPv4 above
if port_check_only {
info!("Port-check-only mode: skipping IPv6 tunnel tests");
return;
return wg_outcome;
}
// Perform IPv6 ping test
@@ -182,4 +183,6 @@ pub fn run_tunnel_tests(
error!("Internal error (IPv6): {error}")
}
}
wg_outcome
}
@@ -3,6 +3,8 @@ use crate::cli::common;
use crate::log_capture::LogCapture;
use nym_gateway_probe::RunPortsConfig;
use tracing::instrument;
// Hard deadline for a single port-scan job.
const PORT_SCAN_HARD_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(5400);
pub(crate) async fn run_ports_check(
servers: &[ServerConfig],
@@ -55,15 +57,30 @@ pub(crate) async fn run_ports_check(
let credentials_args = common::credential_args_from(testrun.ticket_materials);
log_capture.start();
let port_check_result_res = nym_gateway_probe::Probe::run_ports_for_agent(
let probe_future = nym_gateway_probe::Probe::run_ports_for_agent(
gateway_identity_pubkey,
network,
&run_ports_config,
credentials_args,
)
.await;
);
let port_check_result_res = tokio::time::timeout(PORT_SCAN_HARD_TIMEOUT, probe_future).await;
let probe_log = log_capture.stop_and_drain();
let port_check_result = port_check_result_res?;
let port_check_result = match port_check_result_res {
Ok(inner) => inner?,
Err(_elapsed) => {
tracing::error!(
gateway = %gateway_identity_key,
testrun = testrun_id,
timeout_secs = PORT_SCAN_HARD_TIMEOUT.as_secs(),
"Port scan exceeded hard timeout; aborting to free resources"
);
return Err(anyhow::anyhow!(
"port scan timed out after {}s",
PORT_SCAN_HARD_TIMEOUT.as_secs()
));
}
};
submit_ports_check_results_to_servers(
servers,