vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-28 17:43:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9412bdfdbeca3e010fe33f95d02eaeb65e07bb10
openclaw/apps/macos/Tests/OpenClawIPCTests/WideAreaGatewayDiscoveryTests.swift
Jacob Tomlinson a23c33a681 macOS: use MagicDNS for wide-area gateway discovery (#57833) 
* macOS: use MagicDNS for wide-area gateway discovery

Co-authored-by: nexrin <268879349+nexrin@users.noreply.github.com>

* macOS: tighten wide-area discovery review follow-ups

---------

Co-authored-by: nexrin <268879349+nexrin@users.noreply.github.com>
2026-03-31 10:04:11 +01:00

129 lines
4.6 KiB
Swift
Raw Blame History

import Darwin
import Foundation
import Testing
@testable import OpenClawDiscovery
private final class NameserverQueryLog: @unchecked Sendable {
private let lock = NSLock()
private var nameservers: [String] = []
func record(_ nameserver: String) {
self.lock.lock()
defer { self.lock.unlock() }
self.nameservers.append(nameserver)
}
func count(matching nameserver: String) -> Int {
self.lock.lock()
defer { self.lock.unlock() }
return self.nameservers.filter { $0 == nameserver }.count
}
}
@Suite(.serialized)
struct WideAreaGatewayDiscoveryTests {
@Test func `discovers beacon from tailnet dns sd fallback`() {
let originalWideAreaDomain = getenv("OPENCLAW_WIDE_AREA_DOMAIN").map { String(cString: $0) }
setenv("OPENCLAW_WIDE_AREA_DOMAIN", "openclaw.internal", 1)
defer {
if let originalWideAreaDomain {
setenv("OPENCLAW_WIDE_AREA_DOMAIN", originalWideAreaDomain, 1)
} else {
unsetenv("OPENCLAW_WIDE_AREA_DOMAIN")
}
}
let statusJson = """
{
"Self": { "TailscaleIPs": ["100.69.232.64"] },
"Peer": {
"peer-1": { "TailscaleIPs": ["100.123.224.76"] }
}
}
"""
let context = WideAreaGatewayDiscovery.DiscoveryContext(
tailscaleStatus: { statusJson },
dig: { args, _ in
let recordType = args.last ?? ""
let nameserver = args.first(where: { $0.hasPrefix("@") }) ?? ""
if recordType == "PTR" {
if nameserver == "@100.100.100.100" {
return "steipetacstudio-gateway._openclaw-gw._tcp.openclaw.internal.\n"
}
return ""
}
if recordType == "SRV" {
return "0 0 18789 steipetacstudio.openclaw.internal."
}
if recordType == "TXT" {
return "\"displayName=Peter\\226\\128\\153s Mac Studio (OpenClaw)\" \"gatewayPort=18789\" \"tailnetDns=peters-mac-studio-1.sheep-coho.ts.net\" \"cliPath=/Users/steipete/openclaw/src/entry.ts\""
}
return ""
})
let beacons = WideAreaGatewayDiscovery.discover(
timeoutSeconds: 2.0,
context: context)
#expect(beacons.count == 1)
let beacon = beacons[0]
let expectedDisplay = "Peter\u{2019}s Mac Studio (OpenClaw)"
#expect(beacon.displayName == expectedDisplay)
#expect(beacon.port == 18789)
#expect(beacon.gatewayPort == 18789)
#expect(beacon.tailnetDns == "peters-mac-studio-1.sheep-coho.ts.net")
#expect(beacon.cliPath == "/Users/steipete/openclaw/src/entry.ts")
}
@Test func `attacker peer cannot become nameserver`() {
let originalWideAreaDomain = getenv("OPENCLAW_WIDE_AREA_DOMAIN").map { String(cString: $0) }
setenv("OPENCLAW_WIDE_AREA_DOMAIN", "openclaw.internal", 1)
defer {
if let originalWideAreaDomain {
setenv("OPENCLAW_WIDE_AREA_DOMAIN", originalWideAreaDomain, 1)
} else {
unsetenv("OPENCLAW_WIDE_AREA_DOMAIN")
}
}
let statusJson = """
{
"Self": { "TailscaleIPs": ["100.64.0.1"] },
"Peer": {
"attacker": { "TailscaleIPs": ["100.64.0.2"] }
}
}
"""
let queriedNameservers = NameserverQueryLog()
let context = WideAreaGatewayDiscovery.DiscoveryContext(
tailscaleStatus: { statusJson },
dig: { args, _ in
let nameserver = args.first(where: { $0.hasPrefix("@") }) ?? ""
queriedNameservers.record(nameserver)
let recordType = args.last ?? ""
if recordType == "PTR" {
if nameserver == "@100.64.0.2" {
return "evil._openclaw-gw._tcp.openclaw.internal.\n"
}
return ""
}
if recordType == "SRV" {
return "0 0 443 evil.ts.net."
}
if recordType == "TXT" {
return "\"displayName=Evil\""
}
return ""
})
let beacons = WideAreaGatewayDiscovery.discover(
timeoutSeconds: 2.0,
context: context)
#expect(queriedNameservers.count(matching: "@100.64.0.2") == 0)
#expect(queriedNameservers.count(matching: "@100.100.100.100") == 1)
#expect(beacons.isEmpty)
}
}
Reference in New Issue View Git Blame Copy Permalink