test: TailscaleUtil CGNAT range unit tests#2134
Open
marcdhansen wants to merge 6 commits intodebauchee:masterfrom
Open
test: TailscaleUtil CGNAT range unit tests#2134marcdhansen wants to merge 6 commits intodebauchee:masterfrom
marcdhansen wants to merge 6 commits intodebauchee:masterfrom
Conversation
Phase 2: Tailscale integration (--tailscale-mode) Reviewed: CGNAT range verified, Windows/Unix interface detection correct, SSL controls disabled in GUI when Tailscale active, --tailscale-mode wired through ArgParser/ServerApp/ClientApp.
Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
Expose is_tailscale_addr() in barrier::detail namespace so it can be tested directly without requiring real network interfaces. Add 8 boundary and edge-case tests covering the 100.64.0.0/10 CGNAT range. Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
- Fix AddressJustBelowRange test: 0x6443FFFFu (100.67.255.255) was inside the CGNAT range; correct value for 100.63.255.255 is 0x643FFFFFu - Add in-class initializer (= false) to m_TailscaleMode in AppConfig, consistent with m_RequireClientCertificate Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
marcdhansen
commented
Apr 4, 2026
Author
marcdhansen
left a comment
marcdhansen
left a comment
There was a problem hiding this comment.
Parallel Agent Review — 3 reviewers (code, silent-failure, test-coverage)
Blockers (resolved before posting)
AddressJustBelowRange test had wrong hex constant (flagged by all 3 agents — fixed in 268179f)
0x6443FFFFu decodes to 100.67.255.255, which is inside the Tailscale range. EXPECT_FALSE would have failed at runtime. Corrected to 0x643FFFFFu (100.63.255.255).
Important (resolved before posting)
m_TailscaleMode uninitialized in AppConfig (flagged by 2 agents — fixed in 268179f)
bool m_TailscaleMode; had no in-class initializer, unlike m_RequireClientCertificate = false on the line below. Added = false to match the convention and prevent indeterminate value if loadSettings() is not called.
Important (open — pre-existing, not introduced by this PR)
Silent failures in TailscaleUtil.cpp have no logging:
- Unix path:
getifaddrsfailure returns{}silently — conflates a system error (ENOMEM, permission denied) with "Tailscale not installed" - Windows path: if the second
GetAdaptersAddressescall fails after the buffer-overflow retry,retis discarded with no log
These are in the Phase 2 code; suggest filing a follow-up issue.
Suggestions
- No test for
get_tailscale_address()itself — the PR is correctly scoped to white-box testingis_tailscale_addr. A brief comment in the test file explaining why (requires real network interfaces) would help future contributors. PrivateRfc1918NotInRangepacks 3 assertions — splitting into named tests would give cleaner failure diagnostics.0xFFFFFFFFu(all-ones/broadcast) not tested — not a correctness risk, but a common robustness canary for range functions.
Strengths
- Boundary testing (first, last, just-below, just-above) is exactly right for a range-check function
- Tests live in
barrier::detailnamespace — clean white-box approach without polluting public API - CMakeLists uses
GLOB_RECURSE— no build system changes needed - Windows
GetAdaptersAddressesretry pattern is correct --tailscale-modecorrectly sets bothm_tailscaleMode = trueandm_enableCrypto = falseatomically
- Add .github/workflows/ci.yml: builds on Ubuntu 22.04, runs ctest - Add add_test(unittests) to CMakeLists so ctest discovers the binary - Pass -DBARRIER_BUILD_TESTS=ON to enable the test targets The upstream Azure Pipelines config builds but never runs tests; this fills that gap for the fork. Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
is_tailscale_addr()inbarrier::detailnamespace so it can be tested without real network interfacessrc/test/unittests/net/TailscaleUtilTests.cppcovering:Test plan
unitteststarget and confirm new tests passnet/tests (FingerprintDatabase, SecureUtils)🤖 Generated with Claude Code