[client] Close userspace firewall properly (#3426)

2026-05-15 21:29:56 +00:00 · 2025-03-04 11:19:42 +01:00
parent e41acdb9ac
commit 85aea0a030
16 changed files with 43 additions and 43 deletions
--- a/client/firewall/uspfilter/allow_netbird.go
+++ b/client/firewall/uspfilter/allow_netbird.go
@@ -13,7 +13,7 @@ import (
 )

 // Reset firewall to the default state
-func (m *Manager) Reset(stateManager *statemanager.Manager) error {
+func (m *Manager) Close(stateManager *statemanager.Manager) error {
 	m.mutex.Lock()
 	defer m.mutex.Unlock()

@@ -48,7 +48,7 @@ func (m *Manager) Reset(stateManager *statemanager.Manager) error {
 	}

 	if m.nativeFirewall != nil {
-		return m.nativeFirewall.Reset(stateManager)
+		return m.nativeFirewall.Close(stateManager)
 	}
 	return nil
 }
--- a/client/firewall/uspfilter/allow_netbird_windows.go
+++ b/client/firewall/uspfilter/allow_netbird_windows.go
@@ -21,8 +21,8 @@ const (
 	firewallRuleName        = "Netbird"
 )

-// Reset firewall to the default state
-func (m *Manager) Reset(*statemanager.Manager) error {
+// Close closes the firewall manager
+func (m *Manager) Close(*statemanager.Manager) error {
 	m.mutex.Lock()
 	defer m.mutex.Unlock()

--- a/client/firewall/uspfilter/uspfilter_bench_test.go
+++ b/client/firewall/uspfilter/uspfilter_bench_test.go
@@ -171,7 +171,7 @@ func BenchmarkCoreFiltering(b *testing.B) {
 					SetFilterFunc: func(device.PacketFilter) error { return nil },
 				}, false, flowLogger)
 				defer b.Cleanup(func() {
-					require.NoError(b, manager.Reset(nil))
+					require.NoError(b, manager.Close(nil))
 				})

 				manager.wgNetwork = &net.IPNet{
@@ -216,7 +216,7 @@ func BenchmarkStateScaling(b *testing.B) {
 				SetFilterFunc: func(device.PacketFilter) error { return nil },
 			}, false, flowLogger)
 			b.Cleanup(func() {
-				require.NoError(b, manager.Reset(nil))
+				require.NoError(b, manager.Close(nil))
 			})

 			manager.wgNetwork = &net.IPNet{
@@ -264,7 +264,7 @@ func BenchmarkEstablishmentOverhead(b *testing.B) {
 				SetFilterFunc: func(device.PacketFilter) error { return nil },
 			}, false, flowLogger)
 			b.Cleanup(func() {
-				require.NoError(b, manager.Reset(nil))
+				require.NoError(b, manager.Close(nil))
 			})

 			manager.wgNetwork = &net.IPNet{
@@ -463,7 +463,7 @@ func BenchmarkRoutedNetworkReturn(b *testing.B) {
 				SetFilterFunc: func(device.PacketFilter) error { return nil },
 			}, false, flowLogger)
 			b.Cleanup(func() {
-				require.NoError(b, manager.Reset(nil))
+				require.NoError(b, manager.Close(nil))
 			})

 			// Setup scenario
@@ -590,7 +590,7 @@ func BenchmarkLongLivedConnections(b *testing.B) {
 				SetFilterFunc: func(device.PacketFilter) error { return nil },
 			}, false, flowLogger)
 			defer b.Cleanup(func() {
-				require.NoError(b, manager.Reset(nil))
+				require.NoError(b, manager.Close(nil))
 			})

 			manager.SetNetwork(&net.IPNet{
@@ -678,7 +678,7 @@ func BenchmarkShortLivedConnections(b *testing.B) {
 				SetFilterFunc: func(device.PacketFilter) error { return nil },
 			}, false, flowLogger)
 			defer b.Cleanup(func() {
-				require.NoError(b, manager.Reset(nil))
+				require.NoError(b, manager.Close(nil))
 			})

 			manager.SetNetwork(&net.IPNet{
@@ -794,7 +794,7 @@ func BenchmarkParallelLongLivedConnections(b *testing.B) {
 				SetFilterFunc: func(device.PacketFilter) error { return nil },
 			}, false, flowLogger)
 			defer b.Cleanup(func() {
-				require.NoError(b, manager.Reset(nil))
+				require.NoError(b, manager.Close(nil))
 			})

 			manager.SetNetwork(&net.IPNet{
@@ -879,7 +879,7 @@ func BenchmarkParallelShortLivedConnections(b *testing.B) {
 				SetFilterFunc: func(device.PacketFilter) error { return nil },
 			}, false, flowLogger)
 			defer b.Cleanup(func() {
-				require.NoError(b, manager.Reset(nil))
+				require.NoError(b, manager.Close(nil))
 			})

 			manager.SetNetwork(&net.IPNet{
--- a/client/firewall/uspfilter/uspfilter_filter_test.go
+++ b/client/firewall/uspfilter/uspfilter_filter_test.go
@@ -39,7 +39,7 @@ func TestPeerACLFiltering(t *testing.T) {
 	require.NotNil(t, manager)

 	t.Cleanup(func() {
-		require.NoError(t, manager.Reset(nil))
+		require.NoError(t, manager.Close(nil))
 	})

 	manager.wgNetwork = wgNet
@@ -310,7 +310,7 @@ func setupRoutedManager(tb testing.TB, network string) *Manager {
 	require.False(tb, manager.nativeRouter)

 	tb.Cleanup(func() {
-		require.NoError(tb, manager.Reset(nil))
+		require.NoError(tb, manager.Close(nil))
 	})

 	return manager
--- a/client/firewall/uspfilter/uspfilter_test.go
+++ b/client/firewall/uspfilter/uspfilter_test.go
@@ -255,7 +255,7 @@ func TestManagerReset(t *testing.T) {
 		return
 	}

-	err = m.Reset(nil)
+	err = m.Close(nil)
 	if err != nil {
 		t.Errorf("failed to reset Manager: %v", err)
 		return
@@ -333,7 +333,7 @@ func TestNotMatchByIP(t *testing.T) {
 		return
 	}

-	if err = m.Reset(nil); err != nil {
+	if err = m.Close(nil); err != nil {
 		t.Errorf("failed to reset Manager: %v", err)
 		return
 	}
@@ -352,7 +352,7 @@ func TestRemovePacketHook(t *testing.T) {
 		t.Fatalf("Failed to create Manager: %s", err)
 	}
 	defer func() {
-		require.NoError(t, manager.Reset(nil))
+		require.NoError(t, manager.Close(nil))
 	}()

 	// Add a UDP packet hook
@@ -403,7 +403,7 @@ func TestProcessOutgoingHooks(t *testing.T) {
 	manager.udpTracker.Close()
 	manager.udpTracker = conntrack.NewUDPTracker(100*time.Millisecond, logger, flowLogger)
 	defer func() {
-		require.NoError(t, manager.Reset(nil))
+		require.NoError(t, manager.Close(nil))
 	}()

 	manager.decoders = sync.Pool{
@@ -484,7 +484,7 @@ func TestUSPFilterCreatePerformance(t *testing.T) {
 			time.Sleep(time.Second)

 			defer func() {
-				if err := manager.Reset(nil); err != nil {
+				if err := manager.Close(nil); err != nil {
 					t.Errorf("clear the manager state: %v", err)
 				}
 				time.Sleep(time.Second)
@@ -530,7 +530,7 @@ func TestStatefulFirewall_UDPTracking(t *testing.T) {
 		},
 	}
 	defer func() {
-		require.NoError(t, manager.Reset(nil))
+		require.NoError(t, manager.Close(nil))
 	}()

 	// Set up packet parameters