roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: wireguard_port identity change and check_port_open verification

Browse Source 
Bug 1 — port not propagated to wg0.conf:
  The identity update path (wireguard_port via PUT /api/config) was calling
  wireguard_manager.update_config() which only saves to a JSON file via
  BaseServiceManager. wg0.conf was never updated, so after a container
  restart the WireGuard interface would still listen on the old port.
  Fix: call apply_config() instead — it writes ListenPort into wg0.conf.

Bug 2 — check_port_open ignored configured port:
  check_port_open() checked for 'listening port' in wg show output but
  never compared it against the configured port. A port-mismatch (e.g.
  after config change but before restart) would return True — misleading.
  Fix: require 'listening port: {configured_port}' to match exactly.

Tests added:
  - test_check_port_open_wrong_port_returns_false
  - test_check_port_open_explicit_port_matches
  - test_check_port_open_explicit_port_mismatch
  - test_wireguard_port_identity_change_calls_apply_config
  - test_wireguard_port_same_value_does_not_call_apply_config

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Dmitrii Iurco
2026-04-26 08:41:22 -04:00
parent 9677755b4f
commit de5ff75a2e
4 changed files with 90 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_wireguard_manager.py
+23
View File
@@ -522,6 +522,29 @@ class TestWireGuardSysctlAndPortCheck(unittest.TestCase):
result = self.wg.check_port_open()
self.assertTrue(result)
@patch('subprocess.run')
def test_check_port_open_wrong_port_returns_false(self, mock_run):
# wg0 is up but listening on 51820 while wg0.conf says 51821 — must return False
mock_run.return_value.returncode = 0
mock_run.return_value.stdout = 'interface: wg0\n listening port: 51820\n'
# Write wg0.conf with a different port so _get_configured_port() returns 51821
cfg_path = os.path.join(self.wg.wireguard_dir, 'wg0.conf')
with open(cfg_path, 'w') as f:
f.write('[Interface]\nListenPort = 51821\nPrivateKey = abc\n')
self.assertFalse(self.wg.check_port_open())
@patch('subprocess.run')
def test_check_port_open_explicit_port_matches(self, mock_run):
mock_run.return_value.returncode = 0
mock_run.return_value.stdout = 'interface: wg0\n listening port: 12345\n'
self.assertTrue(self.wg.check_port_open(port=12345))
@patch('subprocess.run')
def test_check_port_open_explicit_port_mismatch(self, mock_run):
mock_run.return_value.returncode = 0
mock_run.return_value.stdout = 'interface: wg0\n listening port: 51820\n'
self.assertFalse(self.wg.check_port_open(port=51821))
# ── get_peer_status ───────────────────────────────────────────────────────
@patch('subprocess.run')