From b68b8e1e8ffbf71bd43dedda00a40d9a1f0151af Mon Sep 17 00:00:00 2001 From: Simone Basso Date: Tue, 24 May 2022 16:29:13 +0200 Subject: [PATCH] fix({simplequic,tls}ping): default SNI to URL's hostname (#753) See https://github.com/ooni/probe/issues/2111 --- .../simplequicping/simplequicping.go | 17 +++++-- .../simplequicping/simplequicping_test.go | 48 +++++++++++++++++++ internal/engine/experiment/tlsping/tlsping.go | 17 +++++-- .../engine/experiment/tlsping/tlsping_test.go | 48 +++++++++++++++++++ 4 files changed, 122 insertions(+), 8 deletions(-) diff --git a/internal/engine/experiment/simplequicping/simplequicping.go b/internal/engine/experiment/simplequicping/simplequicping.go index 2d6e041..6114db1 100644 --- a/internal/engine/experiment/simplequicping/simplequicping.go +++ b/internal/engine/experiment/simplequicping/simplequicping.go @@ -8,6 +8,7 @@ import ( "crypto/tls" "errors" "fmt" + "net" "net/url" "strings" "time" @@ -58,6 +59,17 @@ func (c *Config) repetitions() int64 { return 10 } +func (c *Config) sni(address string) string { + if c.SNI != "" { + return c.SNI + } + addr, _, err := net.SplitHostPort(address) + if err != nil { + return "" + } + return addr +} + // TestKeys contains the experiment results. type TestKeys struct { Pings []*SinglePing `json:"pings"` @@ -118,9 +130,6 @@ func (m *Measurer) Run( if parsed.Port() == "" { return errMissingPort } - if m.config.SNI == "" { - sess.Logger().Warn("no -O SNI= specified from command line") - } tk := new(TestKeys) measurement.TestKeys = tk out := make(chan *measurex.EndpointMeasurement) @@ -162,7 +171,7 @@ func (m *Measurer) quicHandshake(ctx context.Context, mxmx *measurex.Measurer, return mxmx.QUICHandshake(ctx, address, &tls.Config{ NextProtos: strings.Split(m.config.alpn(), " "), RootCAs: netxlite.NewDefaultCertPool(), - ServerName: m.config.SNI, + ServerName: m.config.sni(address), }) } diff --git a/internal/engine/experiment/simplequicping/simplequicping_test.go b/internal/engine/experiment/simplequicping/simplequicping_test.go index b937bad..58addd4 100644 --- a/internal/engine/experiment/simplequicping/simplequicping_test.go +++ b/internal/engine/experiment/simplequicping/simplequicping_test.go @@ -186,3 +186,51 @@ func generateTLSConfig() *tls.Config { NextProtos: []string{"quic-echo-example"}, } } + +func TestConfig_sni(t *testing.T) { + type fields struct { + SNI string + } + type args struct { + address string + } + tests := []struct { + name string + fields fields + args args + want string + }{{ + name: "with config.SNI being set", + fields: fields{ + SNI: "x.org", + }, + args: args{ + address: "google.com:443", + }, + want: "x.org", + }, { + name: "with invalid endpoint", + fields: fields{}, + args: args{ + address: "google.com", + }, + want: "", + }, { + name: "with valid endpoint", + fields: fields{}, + args: args{ + address: "google.com:443", + }, + want: "google.com", + }} + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + c := &Config{ + SNI: tt.fields.SNI, + } + if got := c.sni(tt.args.address); got != tt.want { + t.Fatalf("Config.sni() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/internal/engine/experiment/tlsping/tlsping.go b/internal/engine/experiment/tlsping/tlsping.go index f388df4..8049cc9 100644 --- a/internal/engine/experiment/tlsping/tlsping.go +++ b/internal/engine/experiment/tlsping/tlsping.go @@ -8,6 +8,7 @@ import ( "crypto/tls" "errors" "fmt" + "net" "net/url" "strings" "time" @@ -58,6 +59,17 @@ func (c *Config) repetitions() int64 { return 10 } +func (c *Config) sni(address string) string { + if c.SNI != "" { + return c.SNI + } + addr, _, err := net.SplitHostPort(address) + if err != nil { + return "" + } + return addr +} + // TestKeys contains the experiment results. type TestKeys struct { Pings []*SinglePing `json:"pings"` @@ -119,9 +131,6 @@ func (m *Measurer) Run( if parsed.Port() == "" { return errMissingPort } - if m.config.SNI == "" { - sess.Logger().Warn("no -O SNI= specified from command line") - } tk := new(TestKeys) measurement.TestKeys = tk out := make(chan *measurex.EndpointMeasurement) @@ -165,7 +174,7 @@ func (m *Measurer) tlsConnectAndHandshake(ctx context.Context, mxmx *measurex.Me return mxmx.TLSConnectAndHandshake(ctx, address, &tls.Config{ NextProtos: strings.Split(m.config.alpn(), " "), RootCAs: netxlite.NewDefaultCertPool(), - ServerName: m.config.SNI, + ServerName: m.config.sni(address), }) } diff --git a/internal/engine/experiment/tlsping/tlsping_test.go b/internal/engine/experiment/tlsping/tlsping_test.go index 6eaf567..eeb050e 100644 --- a/internal/engine/experiment/tlsping/tlsping_test.go +++ b/internal/engine/experiment/tlsping/tlsping_test.go @@ -119,3 +119,51 @@ func TestMeasurer_run(t *testing.T) { } }) } + +func TestConfig_sni(t *testing.T) { + type fields struct { + SNI string + } + type args struct { + address string + } + tests := []struct { + name string + fields fields + args args + want string + }{{ + name: "with config.SNI being set", + fields: fields{ + SNI: "x.org", + }, + args: args{ + address: "google.com:443", + }, + want: "x.org", + }, { + name: "with invalid endpoint", + fields: fields{}, + args: args{ + address: "google.com", + }, + want: "", + }, { + name: "with valid endpoint", + fields: fields{}, + args: args{ + address: "google.com:443", + }, + want: "google.com", + }} + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + c := &Config{ + SNI: tt.fields.SNI, + } + if got := c.sni(tt.args.address); got != tt.want { + t.Fatalf("Config.sni() = %v, want %v", got, tt.want) + } + }) + } +}