cleanup(netx): remove redundant config options (#791)

Part of https://github.com/ooni/probe/issues/2121

internal/engine/experiment/dash/dash.go

@@ -263,7 +263,7 @@ func (m Measurer) Run(
 			// See https://github.com/ooni/probe/issues/2112
 			Dialer: netxlite.NewMaybeShapingDialer(netx.NewDialer(netx.Config{
 				ContextByteCounting: true,
-				DialSaver:           saver,
+				Saver:               saver,
 				Logger:              sess.Logger(),
 			})),
 			Logger: sess.Logger(),

internal/engine/experiment/dnscheck/dnscheck.go

@@ -171,7 +171,7 @@ func (m *Measurer) Run(
 	resolver := netx.NewResolver(netx.Config{
 		BogonIsError: true,
 		Logger:       sess.Logger(),
-		ResolveSaver: evsaver,
+		Saver:        evsaver,
 	})
 	addrs, err := m.lookupHost(ctx, URL.Hostname(), resolver)
 	queries := tracex.NewDNSQueriesList(begin, evsaver.Read())

internal/engine/experiment/stunreachability/stunreachability.go

@@ -116,10 +116,9 @@ func (tk *TestKeys) run(
 	begin := time.Now()
 	err := tk.do(ctx, config, netx.NewDialer(netx.Config{
 		ContextByteCounting: true,
-		DialSaver:           saver,
 		Logger:              sess.Logger(),
 		ReadWriteSaver:      saver,
-		ResolveSaver:        saver,
+		Saver:               saver,
 	}), endpoint)
 	events := saver.Read()
 	tk.NetworkEvents = append(

internal/engine/experiment/urlgetter/configurer.go

@@ -41,15 +41,11 @@ func (c Configurer) NewConfiguration() (Configuration, error) {
 		HTTPConfig: netx.Config{
 			BogonIsError:        c.Config.RejectDNSBogons,
 			CacheResolutions:    true,
-			CertPool:            c.Config.CertPool,
 			ContextByteCounting: true,
-			DialSaver:           c.Saver,
 			HTTP3Enabled:        c.Config.HTTP3Enabled,
-			HTTPSaver:           c.Saver,
 			Logger:              c.Logger,
 			ReadWriteSaver:      c.Saver,
-			ResolveSaver:        c.Saver,
+			Saver:               c.Saver,
-			TLSSaver:            c.Saver,
 		},
 	}
 	// fill DNS cache
@@ -96,7 +92,8 @@ func (c Configurer) NewConfiguration() (Configuration, error) {
 	if err != nil {
 		return configuration, err
 	}
-	configuration.HTTPConfig.NoTLSVerify = c.Config.NoTLSVerify
+	configuration.HTTPConfig.TLSConfig.InsecureSkipVerify = c.Config.NoTLSVerify
+	configuration.HTTPConfig.TLSConfig.RootCAs = c.Config.CertPool
 	// configure proxy
 	configuration.HTTPConfig.ProxyURL = c.ProxyURL
 	return configuration, nil

internal/engine/experiment/urlgetter/configurer_test.go

@@ -33,23 +33,14 @@ func TestConfigurerNewConfigurationVanilla(t *testing.T) {
 	if configuration.HTTPConfig.ContextByteCounting != true {
 		t.Fatal("not the ContextByteCounting we expected")
 	}
-	if configuration.HTTPConfig.DialSaver != saver {
-		t.Fatal("not the DialSaver we expected")
-	}
-	if configuration.HTTPConfig.HTTPSaver != saver {
-		t.Fatal("not the HTTPSaver we expected")
-	}
 	if configuration.HTTPConfig.Logger != log.Log {
 		t.Fatal("not the Logger we expected")
 	}
 	if configuration.HTTPConfig.ReadWriteSaver != saver {
 		t.Fatal("not the ReadWriteSaver we expected")
 	}
-	if configuration.HTTPConfig.ResolveSaver != saver {
+	if configuration.HTTPConfig.Saver != saver {
-		t.Fatal("not the ResolveSaver we expected")
+		t.Fatal("not the Saver we expected")
-	}
-	if configuration.HTTPConfig.TLSSaver != saver {
-		t.Fatal("not the TLSSaver we expected")
 	}
 	if configuration.HTTPConfig.BaseResolver == nil {
 		t.Fatal("not the BaseResolver we expected")
@@ -63,7 +54,7 @@ func TestConfigurerNewConfigurationVanilla(t *testing.T) {
 	if configuration.HTTPConfig.TLSConfig.NextProtos[1] != "http/1.1" {
 		t.Fatal("not the TLSConfig we expected")
 	}
-	if configuration.HTTPConfig.NoTLSVerify == true {
+	if configuration.HTTPConfig.TLSConfig.InsecureSkipVerify == true {
 		t.Fatal("not the NoTLSVerify we expected")
 	}
 	if configuration.HTTPConfig.ProxyURL != nil {
@@ -94,23 +85,14 @@ func TestConfigurerNewConfigurationResolverDNSOverHTTPSPowerdns(t *testing.T) {
 	if configuration.HTTPConfig.ContextByteCounting != true {
 		t.Fatal("not the ContextByteCounting we expected")
 	}
-	if configuration.HTTPConfig.DialSaver != saver {
-		t.Fatal("not the DialSaver we expected")
-	}
-	if configuration.HTTPConfig.HTTPSaver != saver {
-		t.Fatal("not the HTTPSaver we expected")
-	}
 	if configuration.HTTPConfig.Logger != log.Log {
 		t.Fatal("not the Logger we expected")
 	}
 	if configuration.HTTPConfig.ReadWriteSaver != saver {
 		t.Fatal("not the ReadWriteSaver we expected")
 	}
-	if configuration.HTTPConfig.ResolveSaver != saver {
+	if configuration.HTTPConfig.Saver != saver {
-		t.Fatal("not the ResolveSaver we expected")
+		t.Fatal("not the Saver we expected")
-	}
-	if configuration.HTTPConfig.TLSSaver != saver {
-		t.Fatal("not the TLSSaver we expected")
 	}
 	if configuration.HTTPConfig.BaseResolver == nil {
 		t.Fatal("not the BaseResolver we expected")
@@ -139,7 +121,7 @@ func TestConfigurerNewConfigurationResolverDNSOverHTTPSPowerdns(t *testing.T) {
 	if configuration.HTTPConfig.TLSConfig.NextProtos[1] != "http/1.1" {
 		t.Fatal("not the TLSConfig we expected")
 	}
-	if configuration.HTTPConfig.NoTLSVerify == true {
+	if configuration.HTTPConfig.TLSConfig.InsecureSkipVerify == true {
 		t.Fatal("not the NoTLSVerify we expected")
 	}
 	if configuration.HTTPConfig.ProxyURL != nil {
@@ -170,23 +152,14 @@ func TestConfigurerNewConfigurationResolverDNSOverHTTPSGoogle(t *testing.T) {
 	if configuration.HTTPConfig.ContextByteCounting != true {
 		t.Fatal("not the ContextByteCounting we expected")
 	}
-	if configuration.HTTPConfig.DialSaver != saver {
-		t.Fatal("not the DialSaver we expected")
-	}
-	if configuration.HTTPConfig.HTTPSaver != saver {
-		t.Fatal("not the HTTPSaver we expected")
-	}
 	if configuration.HTTPConfig.Logger != log.Log {
 		t.Fatal("not the Logger we expected")
 	}
 	if configuration.HTTPConfig.ReadWriteSaver != saver {
 		t.Fatal("not the ReadWriteSaver we expected")
 	}
-	if configuration.HTTPConfig.ResolveSaver != saver {
+	if configuration.HTTPConfig.Saver != saver {
-		t.Fatal("not the ResolveSaver we expected")
+		t.Fatal("not the Saver we expected")
-	}
-	if configuration.HTTPConfig.TLSSaver != saver {
-		t.Fatal("not the TLSSaver we expected")
 	}
 	if configuration.HTTPConfig.BaseResolver == nil {
 		t.Fatal("not the BaseResolver we expected")
@@ -215,7 +188,7 @@ func TestConfigurerNewConfigurationResolverDNSOverHTTPSGoogle(t *testing.T) {
 	if configuration.HTTPConfig.TLSConfig.NextProtos[1] != "http/1.1" {
 		t.Fatal("not the TLSConfig we expected")
 	}
-	if configuration.HTTPConfig.NoTLSVerify == true {
+	if configuration.HTTPConfig.TLSConfig.InsecureSkipVerify == true {
 		t.Fatal("not the NoTLSVerify we expected")
 	}
 	if configuration.HTTPConfig.ProxyURL != nil {
@@ -246,23 +219,14 @@ func TestConfigurerNewConfigurationResolverDNSOverHTTPSCloudflare(t *testing.T)
 	if configuration.HTTPConfig.ContextByteCounting != true {
 		t.Fatal("not the ContextByteCounting we expected")
 	}
-	if configuration.HTTPConfig.DialSaver != saver {
-		t.Fatal("not the DialSaver we expected")
-	}
-	if configuration.HTTPConfig.HTTPSaver != saver {
-		t.Fatal("not the HTTPSaver we expected")
-	}
 	if configuration.HTTPConfig.Logger != log.Log {
 		t.Fatal("not the Logger we expected")
 	}
 	if configuration.HTTPConfig.ReadWriteSaver != saver {
 		t.Fatal("not the ReadWriteSaver we expected")
 	}
-	if configuration.HTTPConfig.ResolveSaver != saver {
+	if configuration.HTTPConfig.Saver != saver {
-		t.Fatal("not the ResolveSaver we expected")
+		t.Fatal("not the Saver we expected")
-	}
-	if configuration.HTTPConfig.TLSSaver != saver {
-		t.Fatal("not the TLSSaver we expected")
 	}
 	if configuration.HTTPConfig.BaseResolver == nil {
 		t.Fatal("not the BaseResolver we expected")
@@ -291,7 +255,7 @@ func TestConfigurerNewConfigurationResolverDNSOverHTTPSCloudflare(t *testing.T)
 	if configuration.HTTPConfig.TLSConfig.NextProtos[1] != "http/1.1" {
 		t.Fatal("not the TLSConfig we expected")
 	}
-	if configuration.HTTPConfig.NoTLSVerify == true {
+	if configuration.HTTPConfig.TLSConfig.InsecureSkipVerify == true {
 		t.Fatal("not the NoTLSVerify we expected")
 	}
 	if configuration.HTTPConfig.ProxyURL != nil {
@@ -322,23 +286,14 @@ func TestConfigurerNewConfigurationResolverUDP(t *testing.T) {
 	if configuration.HTTPConfig.ContextByteCounting != true {
 		t.Fatal("not the ContextByteCounting we expected")
 	}
-	if configuration.HTTPConfig.DialSaver != saver {
-		t.Fatal("not the DialSaver we expected")
-	}
-	if configuration.HTTPConfig.HTTPSaver != saver {
-		t.Fatal("not the HTTPSaver we expected")
-	}
 	if configuration.HTTPConfig.Logger != log.Log {
 		t.Fatal("not the Logger we expected")
 	}
 	if configuration.HTTPConfig.ReadWriteSaver != saver {
 		t.Fatal("not the ReadWriteSaver we expected")
 	}
-	if configuration.HTTPConfig.ResolveSaver != saver {
+	if configuration.HTTPConfig.Saver != saver {
-		t.Fatal("not the ResolveSaver we expected")
+		t.Fatal("not the Saver we expected")
-	}
-	if configuration.HTTPConfig.TLSSaver != saver {
-		t.Fatal("not the TLSSaver we expected")
 	}
 	if configuration.HTTPConfig.BaseResolver == nil {
 		t.Fatal("not the BaseResolver we expected")
@@ -367,7 +322,7 @@ func TestConfigurerNewConfigurationResolverUDP(t *testing.T) {
 	if configuration.HTTPConfig.TLSConfig.NextProtos[1] != "http/1.1" {
 		t.Fatal("not the TLSConfig we expected")
 	}
-	if configuration.HTTPConfig.NoTLSVerify == true {
+	if configuration.HTTPConfig.TLSConfig.InsecureSkipVerify == true {
 		t.Fatal("not the NoTLSVerify we expected")
 	}
 	if configuration.HTTPConfig.ProxyURL != nil {
@@ -517,7 +472,7 @@ func TestConfigurerNewConfigurationNoTLSVerify(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if configuration.HTTPConfig.NoTLSVerify != true {
+	if configuration.HTTPConfig.TLSConfig.InsecureSkipVerify != true {
 		t.Fatal("not the NoTLSVerify we expected")
 	}
 }

internal/engine/netx/netx.go

@@ -23,7 +23,6 @@ package netx
 
 import (
 	"crypto/tls"
-	"crypto/x509"
 	"errors"
 	"net"
 	"net/http"
@@ -45,23 +44,18 @@ type Config struct {
 	BogonIsError        bool                 // default: bogon is not error
 	ByteCounter         *bytecounter.Counter // default: no explicit byte counting
 	CacheResolutions    bool                 // default: no caching
-	CertPool            *x509.CertPool       // default: use vendored gocertifi
 	ContextByteCounting bool                 // default: no implicit byte counting
 	DNSCache            map[string][]string  // default: cache is empty
-	DialSaver           *tracex.Saver        // default: not saving dials
 	Dialer              model.Dialer         // default: dialer.DNSDialer
 	FullResolver        model.Resolver       // default: base resolver + goodies
 	QUICDialer          model.QUICDialer     // default: quicdialer.DNSDialer
 	HTTP3Enabled        bool                 // default: disabled
-	HTTPSaver           *tracex.Saver        // default: not saving HTTP
 	Logger              model.Logger         // default: no logging
-	NoTLSVerify         bool                 // default: perform TLS verify
 	ProxyURL            *url.URL             // default: no proxy
-	ReadWriteSaver      *tracex.Saver        // default: not saving read/write
+	ReadWriteSaver      *tracex.Saver        // default: not saving I/O events
-	ResolveSaver        *tracex.Saver        // default: not saving resolves
+	Saver               *tracex.Saver        // default: not saving non-I/O events
 	TLSConfig           *tls.Config          // default: attempt using h2
 	TLSDialer           model.TLSDialer      // default: dialer.TLSDialer
-	TLSSaver            *tracex.Saver        // default: not saving TLS
 }
 
 // NewResolver creates a new resolver from the specified config
@@ -93,7 +87,7 @@ func NewResolver(config Config) model.Resolver {
 			Resolver: r,
 		}
 	}
-	r = config.ResolveSaver.WrapResolver(r) // WAI when config.ResolveSaver==nil
+	r = config.Saver.WrapResolver(r) // WAI when config.Saver==nil
 	return &netxlite.ResolverIDNA{Resolver: r}
 }
 
@@ -104,7 +98,7 @@ func NewDialer(config Config) model.Dialer {
 	}
 	logger := model.ValidLoggerOrDefault(config.Logger)
 	d := netxlite.NewDialerWithResolver(
-		logger, config.FullResolver, config.DialSaver.NewConnectObserver(),
+		logger, config.FullResolver, config.Saver.NewConnectObserver(),
 		config.ReadWriteSaver.NewReadWriteObserver(),
 	)
 	d = netxlite.NewMaybeProxyDialer(d, config.ProxyURL)
@@ -122,7 +116,7 @@ func NewQUICDialer(config Config) model.QUICDialer {
 	// TODO(bassosimone): we should count the bytes consumed by this QUIC dialer
 	ql := config.ReadWriteSaver.WrapQUICListener(netxlite.NewQUICListener())
 	logger := model.ValidLoggerOrDefault(config.Logger)
-	return netxlite.NewQUICDialerWithResolver(ql, logger, config.FullResolver, config.TLSSaver)
+	return netxlite.NewQUICDialerWithResolver(ql, logger, config.FullResolver, config.Saver)
 }
 
 // NewTLSDialer creates a new TLSDialer from the specified config
@@ -132,13 +126,8 @@ func NewTLSDialer(config Config) model.TLSDialer {
 	}
 	logger := model.ValidLoggerOrDefault(config.Logger)
 	thx := netxlite.NewTLSHandshakerStdlib(logger)
-	thx = config.TLSSaver.WrapTLSHandshaker(thx) // WAI when TLSSaver is nil
+	thx = config.Saver.WrapTLSHandshaker(thx) // WAI even when config.Saver is nil
 	tlsConfig := netxlite.ClonedTLSConfigOrNewEmptyConfig(config.TLSConfig)
-	// TODO(bassosimone): we should not provide confusing options and
-	// so we should drop CertPool and NoTLSVerify in favour of encouraging
-	// the users of this library to always use a TLSConfig.
-	tlsConfig.RootCAs = config.CertPool // netxlite uses default cert pool if this is nil
-	tlsConfig.InsecureSkipVerify = config.NoTLSVerify
 	return netxlite.NewTLSDialerWithConfig(config.Dialer, thx, tlsConfig)
 }
 
@@ -165,9 +154,9 @@ func NewHTTPTransport(config Config) model.HTTPTransport {
 	if config.Logger != nil {
 		txp = &netxlite.HTTPTransportLogger{Logger: config.Logger, HTTPTransport: txp}
 	}
-	if config.HTTPSaver != nil {
+	if config.Saver != nil {
 		txp = &tracex.HTTPTransportSaver{
-			HTTPTransport: txp, Saver: config.HTTPSaver}
+			HTTPTransport: txp, Saver: config.Saver}
 	}
 	return txp
 }
@@ -241,7 +230,7 @@ func NewDNSClientWithOverrides(config Config, URL, hostOverride, SNIOverride,
 		httpClient := &http.Client{Transport: NewHTTPTransport(config)}
 		var txp model.DNSTransport = netxlite.NewUnwrappedDNSOverHTTPSTransportWithHostOverride(
 			httpClient, URL, hostOverride)
-		txp = config.ResolveSaver.WrapDNSTransport(txp) // safe when config.ResolveSaver == nil
+		txp = config.Saver.WrapDNSTransport(txp) // safe when config.Saver == nil
 		return netxlite.NewUnwrappedSerialResolver(txp), nil
 	case "udp":
 		dialer := NewDialer(config)
@@ -251,7 +240,7 @@ func NewDNSClientWithOverrides(config Config, URL, hostOverride, SNIOverride,
 		}
 		var txp model.DNSTransport = netxlite.NewUnwrappedDNSOverUDPTransport(
 			dialer, endpoint)
-		txp = config.ResolveSaver.WrapDNSTransport(txp) // safe when config.ResolveSaver == nil
+		txp = config.Saver.WrapDNSTransport(txp) // safe when config.Saver == nil
 		return netxlite.NewUnwrappedSerialResolver(txp), nil
 	case "dot":
 		config.TLSConfig.NextProtos = []string{"dot"}
@@ -262,7 +251,7 @@ func NewDNSClientWithOverrides(config Config, URL, hostOverride, SNIOverride,
 		}
 		var txp model.DNSTransport = netxlite.NewUnwrappedDNSOverTLSTransport(
 			tlsDialer.DialTLSContext, endpoint)
-		txp = config.ResolveSaver.WrapDNSTransport(txp) // safe when config.ResolveSaver == nil
+		txp = config.Saver.WrapDNSTransport(txp) // safe when config.Saver == nil
 		return netxlite.NewUnwrappedSerialResolver(txp), nil
 	case "tcp":
 		dialer := NewDialer(config)
@@ -272,7 +261,7 @@ func NewDNSClientWithOverrides(config Config, URL, hostOverride, SNIOverride,
 		}
 		var txp model.DNSTransport = netxlite.NewUnwrappedDNSOverTCPTransport(
 			dialer.DialContext, endpoint)
-		txp = config.ResolveSaver.WrapDNSTransport(txp) // safe when config.ResolveSaver == nil
+		txp = config.Saver.WrapDNSTransport(txp) // safe when config.Saver == nil
 		return netxlite.NewUnwrappedSerialResolver(txp), nil
 	default:
 		return nil, errors.New("unsupported resolver scheme")

internal/engine/netx/netx_test.go

@@ -119,7 +119,7 @@ func TestNewResolverWithLogging(t *testing.T) {
 func TestNewResolverWithSaver(t *testing.T) {
 	saver := new(tracex.Saver)
 	r := NewResolver(Config{
-		ResolveSaver: saver,
+		Saver: saver,
 	})
 	ir, ok := r.(*netxlite.ResolverIDNA)
 	if !ok {
@@ -223,50 +223,12 @@ func TestNewTLSDialer(t *testing.T) {
 		}
 	})
 
-	t.Run("we can collect TLS measurements", func(t *testing.T) {
+	t.Run("we can collect measurements", func(t *testing.T) {
 		server := filtering.NewTLSServer(filtering.TLSActionReset)
 		defer server.Close()
 		saver := &tracex.Saver{}
 		tdx := NewTLSDialer(Config{
-			TLSSaver: saver,
+			Saver: saver,
-		})
-		conn, err := tdx.DialTLSContext(context.Background(), "tcp", server.Endpoint())
-		if err == nil || err.Error() != netxlite.FailureConnectionReset {
-			t.Fatal("unexpected err", err)
-		}
-		if conn != nil {
-			t.Fatal("expected nil conn")
-		}
-		if len(saver.Read()) <= 0 {
-			t.Fatal("did not read any event")
-		}
-	})
-
-	t.Run("we can collect dial measurements", func(t *testing.T) {
-		server := filtering.NewTLSServer(filtering.TLSActionReset)
-		defer server.Close()
-		saver := &tracex.Saver{}
-		tdx := NewTLSDialer(Config{
-			DialSaver: saver,
-		})
-		conn, err := tdx.DialTLSContext(context.Background(), "tcp", server.Endpoint())
-		if err == nil || err.Error() != netxlite.FailureConnectionReset {
-			t.Fatal("unexpected err", err)
-		}
-		if conn != nil {
-			t.Fatal("expected nil conn")
-		}
-		if len(saver.Read()) <= 0 {
-			t.Fatal("did not read any event")
-		}
-	})
-
-	t.Run("we can collect I/O measurements", func(t *testing.T) {
-		server := filtering.NewTLSServer(filtering.TLSActionReset)
-		defer server.Close()
-		saver := &tracex.Saver{}
-		tdx := NewTLSDialer(Config{
-			ReadWriteSaver: saver,
 		})
 		conn, err := tdx.DialTLSContext(context.Background(), "tcp", server.Endpoint())
 		if err == nil || err.Error() != netxlite.FailureConnectionReset {
@@ -283,7 +245,9 @@ func TestNewTLSDialer(t *testing.T) {
 	t.Run("we can skip TLS verification", func(t *testing.T) {
 		server := filtering.NewTLSServer(filtering.TLSActionBlockText)
 		defer server.Close()
-		tdx := NewTLSDialer(Config{NoTLSVerify: true})
+		tdx := NewTLSDialer(Config{TLSConfig: &tls.Config{
+			InsecureSkipVerify: true,
+		}})
 		conn, err := tdx.DialTLSContext(context.Background(), "tcp", server.Endpoint())
 		if err != nil {
 			t.Fatal(err.(*netxlite.ErrWrapper).WrappedErr)
@@ -295,8 +259,8 @@ func TestNewTLSDialer(t *testing.T) {
 		server := filtering.NewTLSServer(filtering.TLSActionBlockText)
 		defer server.Close()
 		tdx := NewTLSDialer(Config{
-			CertPool: server.CertPool(),
 			TLSConfig: &tls.Config{
+				RootCAs:    server.CertPool(),
 				ServerName: "dns.google",
 			},
 		})
@@ -371,7 +335,7 @@ func TestNewWithLogger(t *testing.T) {
 func TestNewWithSaver(t *testing.T) {
 	saver := new(tracex.Saver)
 	txp := NewHTTPTransport(Config{
-		HTTPSaver: saver,
+		Saver: saver,
 	})
 	stxptxp, ok := txp.(*tracex.HTTPTransportSaver)
 	if !ok {
@@ -483,7 +447,7 @@ func TestNewDNSClientCloudflareDoH(t *testing.T) {
 func TestNewDNSClientCloudflareDoHSaver(t *testing.T) {
 	saver := new(tracex.Saver)
 	dnsclient, err := NewDNSClient(
-		Config{ResolveSaver: saver}, "doh://cloudflare")
+		Config{Saver: saver}, "doh://cloudflare")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -520,7 +484,7 @@ func TestNewDNSClientUDP(t *testing.T) {
 func TestNewDNSClientUDPDNSSaver(t *testing.T) {
 	saver := new(tracex.Saver)
 	dnsclient, err := NewDNSClient(
-		Config{ResolveSaver: saver}, "udp://8.8.8.8:53")
+		Config{Saver: saver}, "udp://8.8.8.8:53")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -561,7 +525,7 @@ func TestNewDNSClientTCP(t *testing.T) {
 func TestNewDNSClientTCPDNSSaver(t *testing.T) {
 	saver := new(tracex.Saver)
 	dnsclient, err := NewDNSClient(
-		Config{ResolveSaver: saver}, "tcp://8.8.8.8:53")
+		Config{Saver: saver}, "tcp://8.8.8.8:53")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -606,7 +570,7 @@ func TestNewDNSClientDoT(t *testing.T) {
 func TestNewDNSClientDoTDNSSaver(t *testing.T) {
 	saver := new(tracex.Saver)
 	dnsclient, err := NewDNSClient(
-		Config{ResolveSaver: saver}, "dot://8.8.8.8:53")
+		Config{Saver: saver}, "dot://8.8.8.8:53")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -704,12 +668,9 @@ func TestSuccess(t *testing.T) {
 		ByteCounter:         counter,
 		CacheResolutions:    true,
 		ContextByteCounting: true,
-		DialSaver:           &tracex.Saver{},
-		HTTPSaver:           &tracex.Saver{},
 		Logger:              log.Log,
 		ReadWriteSaver:      &tracex.Saver{},
-		ResolveSaver:        &tracex.Saver{},
+		Saver:               &tracex.Saver{},
-		TLSSaver:            &tracex.Saver{},
 	}
 	txp := NewHTTPTransport(config)
 	client := &http.Client{Transport: txp}
@@ -729,20 +690,11 @@ func TestSuccess(t *testing.T) {
 	if counter.Received.Load() <= 0 {
 		t.Fatal("no bytes received?!")
 	}
-	if ev := config.DialSaver.Read(); len(ev) <= 0 {
-		t.Fatal("no dial events?!")
-	}
-	if ev := config.HTTPSaver.Read(); len(ev) <= 0 {
-		t.Fatal("no HTTP events?!")
-	}
 	if ev := config.ReadWriteSaver.Read(); len(ev) <= 0 {
 		t.Fatal("no R/W events?!")
 	}
-	if ev := config.ResolveSaver.Read(); len(ev) <= 0 {
+	if ev := config.Saver.Read(); len(ev) <= 0 {
-		t.Fatal("no resolver events?!")
+		t.Fatal("no non-I/O events?!")
-	}
-	if ev := config.TLSSaver.Read(); len(ev) <= 0 {
-		t.Fatal("no TLS events?!")
 	}
 }
 
@@ -753,8 +705,8 @@ func TestBogonResolutionNotBroken(t *testing.T) {
 		DNSCache: map[string][]string{
 			"www.google.com": {"127.0.0.1"},
 		},
-		ResolveSaver: saver,
+		Saver:  saver,
-		Logger:       log.Log,
+		Logger: log.Log,
 	})
 	addrs, err := r.LookupHost(context.Background(), "www.google.com")
 	if !errors.Is(err, netxlite.ErrDNSBogon) {

internal/netxlite/filtering/tls_test.go

@@ -86,13 +86,13 @@ func TestTLSServer(t *testing.T) {
 		t.Run("certificate error when we're validating", func(t *testing.T) {
 			srv := NewTLSServer(TLSActionBlockText)
 			defer srv.Close()
-			//     Certificate.Verify now uses platform APIs to verify certificate validity
+			//     "Certificate.Verify now uses platform APIs to verify certificate validity
 			//     on macOS and iOS when it is called with a nil VerifyOpts.Roots or when using
-			//     the root pool returned from SystemCertPool. "
+			//     the root pool returned from SystemCertPool."
 			//
 			//     -- https://tip.golang.org/doc/go1.18
 			//
-			// So we need to explicitly use our default cert pool otherwise we will
+			// Thus, we need to explicitly use our default cert pool otherwise we will
 			// see this test failing with a different error string here.
 			config := &tls.Config{
 				ServerName: "dns.google",