fix: clean up stale wg-quick nftables tables in e2e test teardown
Unit Tests / test (push) Successful in 7m29s
Unit Tests / test (push) Successful in 7m29s
wg-quick creates an nftables 'preraw' table per interface that drops decrypted ICMP replies arriving on any other interface. If a test run crashes before bring_down(), the table persists and silently kills pings on subsequent runs (handshake succeeds, replies are decrypted, but the stale table drops them before the ping process sees them). Extend cleanup_stale_e2e_interfaces() to also delete any orphaned wg-quick-pic-e2e-* nftables tables found on the host. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -52,9 +52,18 @@ def build_wg_config(private_key: str, peer_ip: str, server_pubkey: str,
|
||||
|
||||
|
||||
def cleanup_stale_e2e_interfaces():
|
||||
"""Remove any leftover pic-e2e-* interfaces from previous failed runs."""
|
||||
"""Remove any leftover pic-e2e-* interfaces and nftables tables from previous failed runs."""
|
||||
result = subprocess.run(['ip', 'link', 'show'], capture_output=True, text=True)
|
||||
for line in result.stdout.splitlines():
|
||||
if 'pic-e2e-' in line:
|
||||
iface = line.split(':')[1].strip().split('@')[0]
|
||||
subprocess.run(['sudo', 'ip', 'link', 'delete', iface], capture_output=True)
|
||||
|
||||
# wg-quick creates an nftables table per interface; if the interface was never brought
|
||||
# down cleanly the table persists and drops decrypted ICMP replies on future runs.
|
||||
nft_result = subprocess.run(['nft', 'list', 'tables'], capture_output=True, text=True)
|
||||
for line in nft_result.stdout.splitlines():
|
||||
if 'wg-quick-pic-e2e-' in line:
|
||||
table_name = line.strip().split()[-1]
|
||||
subprocess.run(['sudo', 'nft', 'delete', 'table', 'ip', table_name],
|
||||
capture_output=True)
|
||||
|
||||
Reference in New Issue
Block a user