akillibulut
/
kilo
огледало од https://github.com/squat/kilo


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207
							// Copyright 2019 the Kilo authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package mesh

import (
	"testing"

	"github.com/kylelemons/godebug/pretty"
	"github.com/vishvananda/netlink"
	"golang.org/x/sys/unix"

	"github.com/squat/kilo/pkg/encapsulation"
)

func TestRoutes(t *testing.T) {
	nodes, peers, key, port := setup(t)
	kiloIface := 0
	privIface := 1
	tunlIface := 2
	mustTopoForGranularityAndHost := func(granularity Granularity, hostname string) *Topology {
		return mustTopo(t, nodes, peers, granularity, hostname, port, key, DefaultKiloSubnet, 0)
	}

	for _, tc := range []struct {
		name     string
		local    bool
		topology *Topology
		strategy encapsulation.Strategy
		routes   []*netlink.Route
		rules    []*netlink.Rule
	}{
		{
			name:     "logical from a",
			topology: mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name),
			strategy: encapsulation.Never,
			routes: []*netlink.Route{
				{
					Dst:       mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["b"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].cidrs[1],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["c"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &nodes["b"].AllowedLocationIPs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[2].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[2].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[1],
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["b"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
			},
		},
		{
			name:     "logical from b",
			topology: mustTopoForGranularityAndHost(LogicalGranularity, nodes["b"].Name),
			strategy: encapsulation.Never,
			routes: []*netlink.Route{
				{
					Dst:       mustTopoForGranularityAndHost(LogicalGranularity, nodes["b"].Name).segments[0].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["b"].Name).segments[0].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["a"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["b"].Name).segments[0].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       mustTopoForGranularityAndHost(LogicalGranularity, nodes["b"].Name).segments[2].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["b"].Name).segments[2].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[1],
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["b"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
			},
		},
		{
			name:     "logical from c",
			topology: mustTopoForGranularityAndHost(LogicalGranularity, nodes["c"].Name),
			strategy: encapsulation.Never,
			routes: []*netlink.Route{
				{
					Dst:       oneAddressCIDR(mustTopoForGranularityAndHost(LogicalGranularity, nodes["c"].Name).segments[0].wireGuardIP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       mustTopoForGranularityAndHost(LogicalGranularity, nodes["c"].Name).segments[0].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["a"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(mustTopoForGranularityAndHost(LogicalGranularity, nodes["c"].Name).segments[1].wireGuardIP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(mustTopoForGranularityAndHost(LogicalGranularity, nodes["c"].Name).segments[2].wireGuardIP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       mustTopoForGranularityAndHost(LogicalGranularity, nodes["c"].Name).segments[2].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[1],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["b"].AllowedIPs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
			},
		},
		{
			name:     "logical from d",
			topology: mustTopoForGranularityAndHost(LogicalGranularity, nodes["d"].Name),
			strategy: encapsulation.Never,
			routes: []*netlink.Route{
				{
					Dst:       mustTopoForGranularityAndHost(LogicalGranularity, nodes["d"].Name).segments[0].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["d"].Name).segments[0].wireGuardIP,
					LinkIndex: kiloIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["a"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["d"].Name).segments[0].wireGuardIP,
					LinkIndex: kiloIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       mustTopoForGranularityAndHost(LogicalGranularity, nodes["d"].Name).segments[1].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["d"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["b"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["d"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       mustTopoForGranularityAndHost(LogicalGranularity, nodes["d"].Name).segments[1].cidrs[1],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["d"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["c"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["d"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &nodes["b"].AllowedLocationIPs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["d"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[1],
					LinkIndex: kiloIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["b"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Protocol:  unix.RTPROT_STATIC,
				},
			},
		},
		{
			name:     "full from a",
			topology: mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name),
			strategy: encapsulation.Never,
			routes: []*netlink.Route{
				{
					Dst:       mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name).segments[1].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["b"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &nodes["b"].AllowedLocationIPs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name).segments[2].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name).segments[2].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["c"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name).segments[2].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name).segments[3].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name).segments[3].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[1],
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["b"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
			},
		},
		{
			name:     "full from b",
			topology: mustTopoForGranularityAndHost(FullGranularity, nodes["b"].Name),
			strategy: encapsulation.Never,
			routes: []*netlink.Route{
				{
					Dst:       mustTopoForGranularityAndHost(FullGranularity, nodes["b"].Name).segments[0].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["b"].Name).segments[0].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["a"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["b"].Name).segments[0].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       mustTopoForGranularityAndHost(FullGranularity, nodes["b"].Name).segments[2].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["b"].Name).segments[2].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["c"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["b"].Name).segments[2].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       mustTopoForGranularityAndHost(FullGranularity, nodes["b"].Name).segments[3].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["b"].Name).segments[3].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[1],
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["b"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
			},
		},
		{
			name:     "full from c",
			topology: mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name),
			strategy: encapsulation.Never,
			routes: []*netlink.Route{
				{
					Dst:       mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name).segments[0].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name).segments[0].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["a"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name).segments[0].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name).segments[1].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["b"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &nodes["b"].AllowedLocationIPs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name).segments[3].cidrs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name).segments[3].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[1],
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["b"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
			},
		},
		{
			name:     "logical from a local",
			local:    true,
			topology: mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name),
			strategy: encapsulation.Never,
			routes: []*netlink.Route{
				{
					Dst:       nodes["b"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["b"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["c"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["c"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &nodes["b"].AllowedLocationIPs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["d"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[2].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[1],
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["b"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
			},
		},
		{
			name:     "logical from a local always",
			local:    true,
			topology: mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name),
			strategy: encapsulation.Always,
			routes: []*netlink.Route{
				{
					Dst:       nodes["b"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["b"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["c"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["c"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &nodes["b"].AllowedLocationIPs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["d"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["a"].Name).segments[2].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[1],
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["b"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
			},
		},
		{
			name:     "logical from b local",
			local:    true,
			topology: mustTopoForGranularityAndHost(LogicalGranularity, nodes["b"].Name),
			strategy: encapsulation.Never,
			routes: []*netlink.Route{
				{
					Dst:       nodes["a"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["b"].Name).segments[0].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["a"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["b"].Name).segments[0].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["c"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["c"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["d"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["b"].Name).segments[2].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[1],
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["b"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
			},
		},
		{
			name:     "logical from b local always",
			local:    true,
			topology: mustTopoForGranularityAndHost(LogicalGranularity, nodes["b"].Name),
			strategy: encapsulation.Always,
			routes: []*netlink.Route{
				{
					Dst:       nodes["a"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["b"].Name).segments[0].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["a"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["b"].Name).segments[0].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["c"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["c"].InternalIP.IP,
					LinkIndex: tunlIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["c"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["c"].InternalIP.IP,
					LinkIndex: tunlIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
					Table:     kiloTableIndex,
				},
				{
					Dst:       nodes["d"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(LogicalGranularity, nodes["b"].Name).segments[2].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[1],
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["b"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
			},
			rules: []*netlink.Rule{
				defaultRule(&netlink.Rule{
					Src:   nodes["b"].Subnet,
					Dst:   nodes["c"].InternalIP,
					Table: kiloTableIndex,
				}),
				defaultRule(&netlink.Rule{
					Dst:     nodes["c"].InternalIP,
					IifName: DefaultKiloInterface,
					Table:   kiloTableIndex,
				}),
			},
		},
		{
			name:     "logical from c local",
			local:    true,
			topology: mustTopoForGranularityAndHost(LogicalGranularity, nodes["c"].Name),
			strategy: encapsulation.Never,
			routes: []*netlink.Route{
				{
					Dst:       oneAddressCIDR(mustTopoForGranularityAndHost(LogicalGranularity, nodes["c"].Name).segments[0].wireGuardIP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["a"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["a"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(mustTopoForGranularityAndHost(LogicalGranularity, nodes["c"].Name).segments[1].wireGuardIP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["b"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(mustTopoForGranularityAndHost(LogicalGranularity, nodes["c"].Name).segments[2].wireGuardIP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["d"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[1],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["b"].AllowedIPs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: privIface,
					Protocol:  unix.RTPROT_STATIC,
				},
			},
		},
		{
			name:     "logical from c local always",
			local:    true,
			topology: mustTopoForGranularityAndHost(LogicalGranularity, nodes["c"].Name),
			strategy: encapsulation.Always,
			routes: []*netlink.Route{
				{
					Dst:       oneAddressCIDR(mustTopoForGranularityAndHost(LogicalGranularity, nodes["c"].Name).segments[0].wireGuardIP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: tunlIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["a"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: tunlIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["a"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: tunlIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(mustTopoForGranularityAndHost(LogicalGranularity, nodes["c"].Name).segments[1].wireGuardIP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: tunlIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["b"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: tunlIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["b"].InternalIP,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: tunlIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
					Table:     kiloTableIndex,
				},
				{
					Dst:       oneAddressCIDR(mustTopoForGranularityAndHost(LogicalGranularity, nodes["c"].Name).segments[2].wireGuardIP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: tunlIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["d"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: tunlIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: tunlIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[1],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: tunlIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["b"].AllowedIPs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        nodes["b"].InternalIP.IP,
					LinkIndex: tunlIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
			},
			rules: []*netlink.Rule{
				defaultRule(&netlink.Rule{
					Src:   nodes["c"].Subnet,
					Dst:   nodes["b"].InternalIP,
					Table: kiloTableIndex,
				}),
			},
		},
		{
			name:     "full from a local",
			local:    true,
			topology: mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name),
			strategy: encapsulation.Never,
			routes: []*netlink.Route{
				{
					Dst:       nodes["b"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["b"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &nodes["b"].AllowedLocationIPs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["c"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name).segments[2].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["c"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name).segments[2].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["d"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["a"].Name).segments[3].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[1],
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["b"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["a"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
			},
		},
		{
			name:     "full from b local",
			local:    true,
			topology: mustTopoForGranularityAndHost(FullGranularity, nodes["b"].Name),
			strategy: encapsulation.Never,
			routes: []*netlink.Route{
				{
					Dst:       nodes["a"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["b"].Name).segments[0].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["a"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["b"].Name).segments[0].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["c"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["b"].Name).segments[2].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["c"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["b"].Name).segments[2].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["d"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["b"].Name).segments[3].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[1],
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["b"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["b"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
			},
		},
		{
			name:     "full from c local",
			local:    true,
			topology: mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name),
			strategy: encapsulation.Never,
			routes: []*netlink.Route{
				{
					Dst:       nodes["a"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name).segments[0].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["a"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name).segments[0].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["b"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       oneAddressCIDR(nodes["b"].InternalIP.IP),
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &nodes["b"].AllowedLocationIPs[0],
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name).segments[1].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       nodes["d"].Subnet,
					Flags:     int(netlink.FLAG_ONLINK),
					Gw:        mustTopoForGranularityAndHost(FullGranularity, nodes["c"].Name).segments[3].wireGuardIP,
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["a"].AllowedIPs[1],
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
				{
					Dst:       &peers["b"].AllowedIPs[0],
					LinkIndex: kiloIface,
					Src:       nodes["c"].InternalIP.IP,
					Protocol:  unix.RTPROT_STATIC,
				},
			},
		},
	} {
		routes, rules := tc.topology.Routes(DefaultKiloInterface, kiloIface, privIface, tunlIface, tc.local, encapsulation.NewIPIP(tc.strategy))
		if diff := pretty.Compare(routes, tc.routes); diff != "" {
			t.Errorf("test case %q: got diff: %v", tc.name, diff)
		}
		if diff := pretty.Compare(rules, tc.rules); diff != "" {
			t.Errorf("test case %q: got diff: %v", tc.name, diff)
		}
	}
}