cleanup(netx): remove redundant config options (#791)
Part of https://github.com/ooni/probe/issues/2121
This commit is contained in:
parent
e9ed733f07
commit
76b65893a1
|
@ -263,7 +263,7 @@ func (m Measurer) Run(
|
|||
// See https://github.com/ooni/probe/issues/2112
|
||||
Dialer: netxlite.NewMaybeShapingDialer(netx.NewDialer(netx.Config{
|
||||
ContextByteCounting: true,
|
||||
DialSaver: saver,
|
||||
Saver: saver,
|
||||
Logger: sess.Logger(),
|
||||
})),
|
||||
Logger: sess.Logger(),
|
||||
|
|
|
@ -171,7 +171,7 @@ func (m *Measurer) Run(
|
|||
resolver := netx.NewResolver(netx.Config{
|
||||
BogonIsError: true,
|
||||
Logger: sess.Logger(),
|
||||
ResolveSaver: evsaver,
|
||||
Saver: evsaver,
|
||||
})
|
||||
addrs, err := m.lookupHost(ctx, URL.Hostname(), resolver)
|
||||
queries := tracex.NewDNSQueriesList(begin, evsaver.Read())
|
||||
|
|
|
@ -116,10 +116,9 @@ func (tk *TestKeys) run(
|
|||
begin := time.Now()
|
||||
err := tk.do(ctx, config, netx.NewDialer(netx.Config{
|
||||
ContextByteCounting: true,
|
||||
DialSaver: saver,
|
||||
Logger: sess.Logger(),
|
||||
ReadWriteSaver: saver,
|
||||
ResolveSaver: saver,
|
||||
Saver: saver,
|
||||
}), endpoint)
|
||||
events := saver.Read()
|
||||
tk.NetworkEvents = append(
|
||||
|
|
|
@ -41,15 +41,11 @@ func (c Configurer) NewConfiguration() (Configuration, error) {
|
|||
HTTPConfig: netx.Config{
|
||||
BogonIsError: c.Config.RejectDNSBogons,
|
||||
CacheResolutions: true,
|
||||
CertPool: c.Config.CertPool,
|
||||
ContextByteCounting: true,
|
||||
DialSaver: c.Saver,
|
||||
HTTP3Enabled: c.Config.HTTP3Enabled,
|
||||
HTTPSaver: c.Saver,
|
||||
Logger: c.Logger,
|
||||
ReadWriteSaver: c.Saver,
|
||||
ResolveSaver: c.Saver,
|
||||
TLSSaver: c.Saver,
|
||||
Saver: c.Saver,
|
||||
},
|
||||
}
|
||||
// fill DNS cache
|
||||
|
@ -96,7 +92,8 @@ func (c Configurer) NewConfiguration() (Configuration, error) {
|
|||
if err != nil {
|
||||
return configuration, err
|
||||
}
|
||||
configuration.HTTPConfig.NoTLSVerify = c.Config.NoTLSVerify
|
||||
configuration.HTTPConfig.TLSConfig.InsecureSkipVerify = c.Config.NoTLSVerify
|
||||
configuration.HTTPConfig.TLSConfig.RootCAs = c.Config.CertPool
|
||||
// configure proxy
|
||||
configuration.HTTPConfig.ProxyURL = c.ProxyURL
|
||||
return configuration, nil
|
||||
|
|
|
@ -33,23 +33,14 @@ func TestConfigurerNewConfigurationVanilla(t *testing.T) {
|
|||
if configuration.HTTPConfig.ContextByteCounting != true {
|
||||
t.Fatal("not the ContextByteCounting we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.DialSaver != saver {
|
||||
t.Fatal("not the DialSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.HTTPSaver != saver {
|
||||
t.Fatal("not the HTTPSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.Logger != log.Log {
|
||||
t.Fatal("not the Logger we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.ReadWriteSaver != saver {
|
||||
t.Fatal("not the ReadWriteSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.ResolveSaver != saver {
|
||||
t.Fatal("not the ResolveSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.TLSSaver != saver {
|
||||
t.Fatal("not the TLSSaver we expected")
|
||||
if configuration.HTTPConfig.Saver != saver {
|
||||
t.Fatal("not the Saver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.BaseResolver == nil {
|
||||
t.Fatal("not the BaseResolver we expected")
|
||||
|
@ -63,7 +54,7 @@ func TestConfigurerNewConfigurationVanilla(t *testing.T) {
|
|||
if configuration.HTTPConfig.TLSConfig.NextProtos[1] != "http/1.1" {
|
||||
t.Fatal("not the TLSConfig we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.NoTLSVerify == true {
|
||||
if configuration.HTTPConfig.TLSConfig.InsecureSkipVerify == true {
|
||||
t.Fatal("not the NoTLSVerify we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.ProxyURL != nil {
|
||||
|
@ -94,23 +85,14 @@ func TestConfigurerNewConfigurationResolverDNSOverHTTPSPowerdns(t *testing.T) {
|
|||
if configuration.HTTPConfig.ContextByteCounting != true {
|
||||
t.Fatal("not the ContextByteCounting we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.DialSaver != saver {
|
||||
t.Fatal("not the DialSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.HTTPSaver != saver {
|
||||
t.Fatal("not the HTTPSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.Logger != log.Log {
|
||||
t.Fatal("not the Logger we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.ReadWriteSaver != saver {
|
||||
t.Fatal("not the ReadWriteSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.ResolveSaver != saver {
|
||||
t.Fatal("not the ResolveSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.TLSSaver != saver {
|
||||
t.Fatal("not the TLSSaver we expected")
|
||||
if configuration.HTTPConfig.Saver != saver {
|
||||
t.Fatal("not the Saver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.BaseResolver == nil {
|
||||
t.Fatal("not the BaseResolver we expected")
|
||||
|
@ -139,7 +121,7 @@ func TestConfigurerNewConfigurationResolverDNSOverHTTPSPowerdns(t *testing.T) {
|
|||
if configuration.HTTPConfig.TLSConfig.NextProtos[1] != "http/1.1" {
|
||||
t.Fatal("not the TLSConfig we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.NoTLSVerify == true {
|
||||
if configuration.HTTPConfig.TLSConfig.InsecureSkipVerify == true {
|
||||
t.Fatal("not the NoTLSVerify we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.ProxyURL != nil {
|
||||
|
@ -170,23 +152,14 @@ func TestConfigurerNewConfigurationResolverDNSOverHTTPSGoogle(t *testing.T) {
|
|||
if configuration.HTTPConfig.ContextByteCounting != true {
|
||||
t.Fatal("not the ContextByteCounting we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.DialSaver != saver {
|
||||
t.Fatal("not the DialSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.HTTPSaver != saver {
|
||||
t.Fatal("not the HTTPSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.Logger != log.Log {
|
||||
t.Fatal("not the Logger we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.ReadWriteSaver != saver {
|
||||
t.Fatal("not the ReadWriteSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.ResolveSaver != saver {
|
||||
t.Fatal("not the ResolveSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.TLSSaver != saver {
|
||||
t.Fatal("not the TLSSaver we expected")
|
||||
if configuration.HTTPConfig.Saver != saver {
|
||||
t.Fatal("not the Saver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.BaseResolver == nil {
|
||||
t.Fatal("not the BaseResolver we expected")
|
||||
|
@ -215,7 +188,7 @@ func TestConfigurerNewConfigurationResolverDNSOverHTTPSGoogle(t *testing.T) {
|
|||
if configuration.HTTPConfig.TLSConfig.NextProtos[1] != "http/1.1" {
|
||||
t.Fatal("not the TLSConfig we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.NoTLSVerify == true {
|
||||
if configuration.HTTPConfig.TLSConfig.InsecureSkipVerify == true {
|
||||
t.Fatal("not the NoTLSVerify we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.ProxyURL != nil {
|
||||
|
@ -246,23 +219,14 @@ func TestConfigurerNewConfigurationResolverDNSOverHTTPSCloudflare(t *testing.T)
|
|||
if configuration.HTTPConfig.ContextByteCounting != true {
|
||||
t.Fatal("not the ContextByteCounting we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.DialSaver != saver {
|
||||
t.Fatal("not the DialSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.HTTPSaver != saver {
|
||||
t.Fatal("not the HTTPSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.Logger != log.Log {
|
||||
t.Fatal("not the Logger we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.ReadWriteSaver != saver {
|
||||
t.Fatal("not the ReadWriteSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.ResolveSaver != saver {
|
||||
t.Fatal("not the ResolveSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.TLSSaver != saver {
|
||||
t.Fatal("not the TLSSaver we expected")
|
||||
if configuration.HTTPConfig.Saver != saver {
|
||||
t.Fatal("not the Saver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.BaseResolver == nil {
|
||||
t.Fatal("not the BaseResolver we expected")
|
||||
|
@ -291,7 +255,7 @@ func TestConfigurerNewConfigurationResolverDNSOverHTTPSCloudflare(t *testing.T)
|
|||
if configuration.HTTPConfig.TLSConfig.NextProtos[1] != "http/1.1" {
|
||||
t.Fatal("not the TLSConfig we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.NoTLSVerify == true {
|
||||
if configuration.HTTPConfig.TLSConfig.InsecureSkipVerify == true {
|
||||
t.Fatal("not the NoTLSVerify we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.ProxyURL != nil {
|
||||
|
@ -322,23 +286,14 @@ func TestConfigurerNewConfigurationResolverUDP(t *testing.T) {
|
|||
if configuration.HTTPConfig.ContextByteCounting != true {
|
||||
t.Fatal("not the ContextByteCounting we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.DialSaver != saver {
|
||||
t.Fatal("not the DialSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.HTTPSaver != saver {
|
||||
t.Fatal("not the HTTPSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.Logger != log.Log {
|
||||
t.Fatal("not the Logger we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.ReadWriteSaver != saver {
|
||||
t.Fatal("not the ReadWriteSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.ResolveSaver != saver {
|
||||
t.Fatal("not the ResolveSaver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.TLSSaver != saver {
|
||||
t.Fatal("not the TLSSaver we expected")
|
||||
if configuration.HTTPConfig.Saver != saver {
|
||||
t.Fatal("not the Saver we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.BaseResolver == nil {
|
||||
t.Fatal("not the BaseResolver we expected")
|
||||
|
@ -367,7 +322,7 @@ func TestConfigurerNewConfigurationResolverUDP(t *testing.T) {
|
|||
if configuration.HTTPConfig.TLSConfig.NextProtos[1] != "http/1.1" {
|
||||
t.Fatal("not the TLSConfig we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.NoTLSVerify == true {
|
||||
if configuration.HTTPConfig.TLSConfig.InsecureSkipVerify == true {
|
||||
t.Fatal("not the NoTLSVerify we expected")
|
||||
}
|
||||
if configuration.HTTPConfig.ProxyURL != nil {
|
||||
|
@ -517,7 +472,7 @@ func TestConfigurerNewConfigurationNoTLSVerify(t *testing.T) {
|
|||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if configuration.HTTPConfig.NoTLSVerify != true {
|
||||
if configuration.HTTPConfig.TLSConfig.InsecureSkipVerify != true {
|
||||
t.Fatal("not the NoTLSVerify we expected")
|
||||
}
|
||||
}
|
||||
|
|
|
@ -23,7 +23,6 @@ package netx
|
|||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"errors"
|
||||
"net"
|
||||
"net/http"
|
||||
|
@ -45,23 +44,18 @@ type Config struct {
|
|||
BogonIsError bool // default: bogon is not error
|
||||
ByteCounter *bytecounter.Counter // default: no explicit byte counting
|
||||
CacheResolutions bool // default: no caching
|
||||
CertPool *x509.CertPool // default: use vendored gocertifi
|
||||
ContextByteCounting bool // default: no implicit byte counting
|
||||
DNSCache map[string][]string // default: cache is empty
|
||||
DialSaver *tracex.Saver // default: not saving dials
|
||||
Dialer model.Dialer // default: dialer.DNSDialer
|
||||
FullResolver model.Resolver // default: base resolver + goodies
|
||||
QUICDialer model.QUICDialer // default: quicdialer.DNSDialer
|
||||
HTTP3Enabled bool // default: disabled
|
||||
HTTPSaver *tracex.Saver // default: not saving HTTP
|
||||
Logger model.Logger // default: no logging
|
||||
NoTLSVerify bool // default: perform TLS verify
|
||||
ProxyURL *url.URL // default: no proxy
|
||||
ReadWriteSaver *tracex.Saver // default: not saving read/write
|
||||
ResolveSaver *tracex.Saver // default: not saving resolves
|
||||
ReadWriteSaver *tracex.Saver // default: not saving I/O events
|
||||
Saver *tracex.Saver // default: not saving non-I/O events
|
||||
TLSConfig *tls.Config // default: attempt using h2
|
||||
TLSDialer model.TLSDialer // default: dialer.TLSDialer
|
||||
TLSSaver *tracex.Saver // default: not saving TLS
|
||||
}
|
||||
|
||||
// NewResolver creates a new resolver from the specified config
|
||||
|
@ -93,7 +87,7 @@ func NewResolver(config Config) model.Resolver {
|
|||
Resolver: r,
|
||||
}
|
||||
}
|
||||
r = config.ResolveSaver.WrapResolver(r) // WAI when config.ResolveSaver==nil
|
||||
r = config.Saver.WrapResolver(r) // WAI when config.Saver==nil
|
||||
return &netxlite.ResolverIDNA{Resolver: r}
|
||||
}
|
||||
|
||||
|
@ -104,7 +98,7 @@ func NewDialer(config Config) model.Dialer {
|
|||
}
|
||||
logger := model.ValidLoggerOrDefault(config.Logger)
|
||||
d := netxlite.NewDialerWithResolver(
|
||||
logger, config.FullResolver, config.DialSaver.NewConnectObserver(),
|
||||
logger, config.FullResolver, config.Saver.NewConnectObserver(),
|
||||
config.ReadWriteSaver.NewReadWriteObserver(),
|
||||
)
|
||||
d = netxlite.NewMaybeProxyDialer(d, config.ProxyURL)
|
||||
|
@ -122,7 +116,7 @@ func NewQUICDialer(config Config) model.QUICDialer {
|
|||
// TODO(bassosimone): we should count the bytes consumed by this QUIC dialer
|
||||
ql := config.ReadWriteSaver.WrapQUICListener(netxlite.NewQUICListener())
|
||||
logger := model.ValidLoggerOrDefault(config.Logger)
|
||||
return netxlite.NewQUICDialerWithResolver(ql, logger, config.FullResolver, config.TLSSaver)
|
||||
return netxlite.NewQUICDialerWithResolver(ql, logger, config.FullResolver, config.Saver)
|
||||
}
|
||||
|
||||
// NewTLSDialer creates a new TLSDialer from the specified config
|
||||
|
@ -132,13 +126,8 @@ func NewTLSDialer(config Config) model.TLSDialer {
|
|||
}
|
||||
logger := model.ValidLoggerOrDefault(config.Logger)
|
||||
thx := netxlite.NewTLSHandshakerStdlib(logger)
|
||||
thx = config.TLSSaver.WrapTLSHandshaker(thx) // WAI when TLSSaver is nil
|
||||
thx = config.Saver.WrapTLSHandshaker(thx) // WAI even when config.Saver is nil
|
||||
tlsConfig := netxlite.ClonedTLSConfigOrNewEmptyConfig(config.TLSConfig)
|
||||
// TODO(bassosimone): we should not provide confusing options and
|
||||
// so we should drop CertPool and NoTLSVerify in favour of encouraging
|
||||
// the users of this library to always use a TLSConfig.
|
||||
tlsConfig.RootCAs = config.CertPool // netxlite uses default cert pool if this is nil
|
||||
tlsConfig.InsecureSkipVerify = config.NoTLSVerify
|
||||
return netxlite.NewTLSDialerWithConfig(config.Dialer, thx, tlsConfig)
|
||||
}
|
||||
|
||||
|
@ -165,9 +154,9 @@ func NewHTTPTransport(config Config) model.HTTPTransport {
|
|||
if config.Logger != nil {
|
||||
txp = &netxlite.HTTPTransportLogger{Logger: config.Logger, HTTPTransport: txp}
|
||||
}
|
||||
if config.HTTPSaver != nil {
|
||||
if config.Saver != nil {
|
||||
txp = &tracex.HTTPTransportSaver{
|
||||
HTTPTransport: txp, Saver: config.HTTPSaver}
|
||||
HTTPTransport: txp, Saver: config.Saver}
|
||||
}
|
||||
return txp
|
||||
}
|
||||
|
@ -241,7 +230,7 @@ func NewDNSClientWithOverrides(config Config, URL, hostOverride, SNIOverride,
|
|||
httpClient := &http.Client{Transport: NewHTTPTransport(config)}
|
||||
var txp model.DNSTransport = netxlite.NewUnwrappedDNSOverHTTPSTransportWithHostOverride(
|
||||
httpClient, URL, hostOverride)
|
||||
txp = config.ResolveSaver.WrapDNSTransport(txp) // safe when config.ResolveSaver == nil
|
||||
txp = config.Saver.WrapDNSTransport(txp) // safe when config.Saver == nil
|
||||
return netxlite.NewUnwrappedSerialResolver(txp), nil
|
||||
case "udp":
|
||||
dialer := NewDialer(config)
|
||||
|
@ -251,7 +240,7 @@ func NewDNSClientWithOverrides(config Config, URL, hostOverride, SNIOverride,
|
|||
}
|
||||
var txp model.DNSTransport = netxlite.NewUnwrappedDNSOverUDPTransport(
|
||||
dialer, endpoint)
|
||||
txp = config.ResolveSaver.WrapDNSTransport(txp) // safe when config.ResolveSaver == nil
|
||||
txp = config.Saver.WrapDNSTransport(txp) // safe when config.Saver == nil
|
||||
return netxlite.NewUnwrappedSerialResolver(txp), nil
|
||||
case "dot":
|
||||
config.TLSConfig.NextProtos = []string{"dot"}
|
||||
|
@ -262,7 +251,7 @@ func NewDNSClientWithOverrides(config Config, URL, hostOverride, SNIOverride,
|
|||
}
|
||||
var txp model.DNSTransport = netxlite.NewUnwrappedDNSOverTLSTransport(
|
||||
tlsDialer.DialTLSContext, endpoint)
|
||||
txp = config.ResolveSaver.WrapDNSTransport(txp) // safe when config.ResolveSaver == nil
|
||||
txp = config.Saver.WrapDNSTransport(txp) // safe when config.Saver == nil
|
||||
return netxlite.NewUnwrappedSerialResolver(txp), nil
|
||||
case "tcp":
|
||||
dialer := NewDialer(config)
|
||||
|
@ -272,7 +261,7 @@ func NewDNSClientWithOverrides(config Config, URL, hostOverride, SNIOverride,
|
|||
}
|
||||
var txp model.DNSTransport = netxlite.NewUnwrappedDNSOverTCPTransport(
|
||||
dialer.DialContext, endpoint)
|
||||
txp = config.ResolveSaver.WrapDNSTransport(txp) // safe when config.ResolveSaver == nil
|
||||
txp = config.Saver.WrapDNSTransport(txp) // safe when config.Saver == nil
|
||||
return netxlite.NewUnwrappedSerialResolver(txp), nil
|
||||
default:
|
||||
return nil, errors.New("unsupported resolver scheme")
|
||||
|
|
|
@ -119,7 +119,7 @@ func TestNewResolverWithLogging(t *testing.T) {
|
|||
func TestNewResolverWithSaver(t *testing.T) {
|
||||
saver := new(tracex.Saver)
|
||||
r := NewResolver(Config{
|
||||
ResolveSaver: saver,
|
||||
Saver: saver,
|
||||
})
|
||||
ir, ok := r.(*netxlite.ResolverIDNA)
|
||||
if !ok {
|
||||
|
@ -223,50 +223,12 @@ func TestNewTLSDialer(t *testing.T) {
|
|||
}
|
||||
})
|
||||
|
||||
t.Run("we can collect TLS measurements", func(t *testing.T) {
|
||||
t.Run("we can collect measurements", func(t *testing.T) {
|
||||
server := filtering.NewTLSServer(filtering.TLSActionReset)
|
||||
defer server.Close()
|
||||
saver := &tracex.Saver{}
|
||||
tdx := NewTLSDialer(Config{
|
||||
TLSSaver: saver,
|
||||
})
|
||||
conn, err := tdx.DialTLSContext(context.Background(), "tcp", server.Endpoint())
|
||||
if err == nil || err.Error() != netxlite.FailureConnectionReset {
|
||||
t.Fatal("unexpected err", err)
|
||||
}
|
||||
if conn != nil {
|
||||
t.Fatal("expected nil conn")
|
||||
}
|
||||
if len(saver.Read()) <= 0 {
|
||||
t.Fatal("did not read any event")
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("we can collect dial measurements", func(t *testing.T) {
|
||||
server := filtering.NewTLSServer(filtering.TLSActionReset)
|
||||
defer server.Close()
|
||||
saver := &tracex.Saver{}
|
||||
tdx := NewTLSDialer(Config{
|
||||
DialSaver: saver,
|
||||
})
|
||||
conn, err := tdx.DialTLSContext(context.Background(), "tcp", server.Endpoint())
|
||||
if err == nil || err.Error() != netxlite.FailureConnectionReset {
|
||||
t.Fatal("unexpected err", err)
|
||||
}
|
||||
if conn != nil {
|
||||
t.Fatal("expected nil conn")
|
||||
}
|
||||
if len(saver.Read()) <= 0 {
|
||||
t.Fatal("did not read any event")
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("we can collect I/O measurements", func(t *testing.T) {
|
||||
server := filtering.NewTLSServer(filtering.TLSActionReset)
|
||||
defer server.Close()
|
||||
saver := &tracex.Saver{}
|
||||
tdx := NewTLSDialer(Config{
|
||||
ReadWriteSaver: saver,
|
||||
Saver: saver,
|
||||
})
|
||||
conn, err := tdx.DialTLSContext(context.Background(), "tcp", server.Endpoint())
|
||||
if err == nil || err.Error() != netxlite.FailureConnectionReset {
|
||||
|
@ -283,7 +245,9 @@ func TestNewTLSDialer(t *testing.T) {
|
|||
t.Run("we can skip TLS verification", func(t *testing.T) {
|
||||
server := filtering.NewTLSServer(filtering.TLSActionBlockText)
|
||||
defer server.Close()
|
||||
tdx := NewTLSDialer(Config{NoTLSVerify: true})
|
||||
tdx := NewTLSDialer(Config{TLSConfig: &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
}})
|
||||
conn, err := tdx.DialTLSContext(context.Background(), "tcp", server.Endpoint())
|
||||
if err != nil {
|
||||
t.Fatal(err.(*netxlite.ErrWrapper).WrappedErr)
|
||||
|
@ -295,8 +259,8 @@ func TestNewTLSDialer(t *testing.T) {
|
|||
server := filtering.NewTLSServer(filtering.TLSActionBlockText)
|
||||
defer server.Close()
|
||||
tdx := NewTLSDialer(Config{
|
||||
CertPool: server.CertPool(),
|
||||
TLSConfig: &tls.Config{
|
||||
RootCAs: server.CertPool(),
|
||||
ServerName: "dns.google",
|
||||
},
|
||||
})
|
||||
|
@ -371,7 +335,7 @@ func TestNewWithLogger(t *testing.T) {
|
|||
func TestNewWithSaver(t *testing.T) {
|
||||
saver := new(tracex.Saver)
|
||||
txp := NewHTTPTransport(Config{
|
||||
HTTPSaver: saver,
|
||||
Saver: saver,
|
||||
})
|
||||
stxptxp, ok := txp.(*tracex.HTTPTransportSaver)
|
||||
if !ok {
|
||||
|
@ -483,7 +447,7 @@ func TestNewDNSClientCloudflareDoH(t *testing.T) {
|
|||
func TestNewDNSClientCloudflareDoHSaver(t *testing.T) {
|
||||
saver := new(tracex.Saver)
|
||||
dnsclient, err := NewDNSClient(
|
||||
Config{ResolveSaver: saver}, "doh://cloudflare")
|
||||
Config{Saver: saver}, "doh://cloudflare")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
@ -520,7 +484,7 @@ func TestNewDNSClientUDP(t *testing.T) {
|
|||
func TestNewDNSClientUDPDNSSaver(t *testing.T) {
|
||||
saver := new(tracex.Saver)
|
||||
dnsclient, err := NewDNSClient(
|
||||
Config{ResolveSaver: saver}, "udp://8.8.8.8:53")
|
||||
Config{Saver: saver}, "udp://8.8.8.8:53")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
@ -561,7 +525,7 @@ func TestNewDNSClientTCP(t *testing.T) {
|
|||
func TestNewDNSClientTCPDNSSaver(t *testing.T) {
|
||||
saver := new(tracex.Saver)
|
||||
dnsclient, err := NewDNSClient(
|
||||
Config{ResolveSaver: saver}, "tcp://8.8.8.8:53")
|
||||
Config{Saver: saver}, "tcp://8.8.8.8:53")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
@ -606,7 +570,7 @@ func TestNewDNSClientDoT(t *testing.T) {
|
|||
func TestNewDNSClientDoTDNSSaver(t *testing.T) {
|
||||
saver := new(tracex.Saver)
|
||||
dnsclient, err := NewDNSClient(
|
||||
Config{ResolveSaver: saver}, "dot://8.8.8.8:53")
|
||||
Config{Saver: saver}, "dot://8.8.8.8:53")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
@ -704,12 +668,9 @@ func TestSuccess(t *testing.T) {
|
|||
ByteCounter: counter,
|
||||
CacheResolutions: true,
|
||||
ContextByteCounting: true,
|
||||
DialSaver: &tracex.Saver{},
|
||||
HTTPSaver: &tracex.Saver{},
|
||||
Logger: log.Log,
|
||||
ReadWriteSaver: &tracex.Saver{},
|
||||
ResolveSaver: &tracex.Saver{},
|
||||
TLSSaver: &tracex.Saver{},
|
||||
Saver: &tracex.Saver{},
|
||||
}
|
||||
txp := NewHTTPTransport(config)
|
||||
client := &http.Client{Transport: txp}
|
||||
|
@ -729,20 +690,11 @@ func TestSuccess(t *testing.T) {
|
|||
if counter.Received.Load() <= 0 {
|
||||
t.Fatal("no bytes received?!")
|
||||
}
|
||||
if ev := config.DialSaver.Read(); len(ev) <= 0 {
|
||||
t.Fatal("no dial events?!")
|
||||
}
|
||||
if ev := config.HTTPSaver.Read(); len(ev) <= 0 {
|
||||
t.Fatal("no HTTP events?!")
|
||||
}
|
||||
if ev := config.ReadWriteSaver.Read(); len(ev) <= 0 {
|
||||
t.Fatal("no R/W events?!")
|
||||
}
|
||||
if ev := config.ResolveSaver.Read(); len(ev) <= 0 {
|
||||
t.Fatal("no resolver events?!")
|
||||
}
|
||||
if ev := config.TLSSaver.Read(); len(ev) <= 0 {
|
||||
t.Fatal("no TLS events?!")
|
||||
if ev := config.Saver.Read(); len(ev) <= 0 {
|
||||
t.Fatal("no non-I/O events?!")
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -753,7 +705,7 @@ func TestBogonResolutionNotBroken(t *testing.T) {
|
|||
DNSCache: map[string][]string{
|
||||
"www.google.com": {"127.0.0.1"},
|
||||
},
|
||||
ResolveSaver: saver,
|
||||
Saver: saver,
|
||||
Logger: log.Log,
|
||||
})
|
||||
addrs, err := r.LookupHost(context.Background(), "www.google.com")
|
||||
|
|
|
@ -86,13 +86,13 @@ func TestTLSServer(t *testing.T) {
|
|||
t.Run("certificate error when we're validating", func(t *testing.T) {
|
||||
srv := NewTLSServer(TLSActionBlockText)
|
||||
defer srv.Close()
|
||||
// Certificate.Verify now uses platform APIs to verify certificate validity
|
||||
// "Certificate.Verify now uses platform APIs to verify certificate validity
|
||||
// on macOS and iOS when it is called with a nil VerifyOpts.Roots or when using
|
||||
// the root pool returned from SystemCertPool. "
|
||||
// the root pool returned from SystemCertPool."
|
||||
//
|
||||
// -- https://tip.golang.org/doc/go1.18
|
||||
//
|
||||
// So we need to explicitly use our default cert pool otherwise we will
|
||||
// Thus, we need to explicitly use our default cert pool otherwise we will
|
||||
// see this test failing with a different error string here.
|
||||
config := &tls.Config{
|
||||
ServerName: "dns.google",
|
||||
|
|
Loading…
Reference in New Issue
Block a user