2e0118d1a6
## Description This PR continues the refactoring of `netx` under the following principles: 1. do not break the rest of the tree and do not engage in extensive tree-wide refactoring yet 2. move under `netxlite` clearly related subpackages (e.g., `iox`, `netxmocks`) 3. move into `internal/netxlite/internal` stuff that is clearly private of `netxlite` 4. hide implementation details in `netxlite` pending new factories 5. refactor `tls` code in `netxlite` to clearly separate `crypto/tls` code from `utls` code After each commit, I run `go test -short -race ./...` locally. Each individual commit explains what it does. I will squash, but this operation will preserve the original commit titles, so this will give further insight on each step. ## Commits * refactor: rename netxmocks -> netxlite/mocks Part of https://github.com/ooni/probe/issues/1591 * refactor: rename quicx -> netxlite/quicx See https://github.com/ooni/probe/issues/1591 * refactor: rename iox -> netxlite/iox Regenerate sources and make sure the tests pass. See https://github.com/ooni/probe/issues/1591. * refactor(iox): move MockableReader to netxlite/mocks See https://github.com/ooni/probe/issues/1591 * refactor(netxlite): generator is an implementation detail See https://github.com/ooni/probe/issues/1591 * refactor(netxlite): separate tls and utls code See https://github.com/ooni/probe/issues/1591 * refactor(netxlite): hide most types but keep old names as legacy With this change we avoid breaking the rest of the tree, but we start hiding some implementation details a bit. Factories will follow. See https://github.com/ooni/probe/issues/1591
387 lines
11 KiB
Go
387 lines
11 KiB
Go
package netxlite
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"errors"
|
|
"net"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/apex/log"
|
|
"github.com/google/go-cmp/cmp"
|
|
"github.com/lucas-clemente/quic-go"
|
|
"github.com/ooni/probe-cli/v3/internal/netxlite/mocks"
|
|
"github.com/ooni/probe-cli/v3/internal/netxlite/quicx"
|
|
)
|
|
|
|
func TestQUICDialerQUICGoCannotSplitHostPort(t *testing.T) {
|
|
tlsConfig := &tls.Config{
|
|
ServerName: "www.google.com",
|
|
}
|
|
systemdialer := quicDialerQUICGo{
|
|
QUICListener: &quicListenerStdlib{},
|
|
}
|
|
ctx := context.Background()
|
|
sess, err := systemdialer.DialContext(
|
|
ctx, "udp", "a.b.c.d", tlsConfig, &quic.Config{})
|
|
if err == nil || !strings.HasSuffix(err.Error(), "missing port in address") {
|
|
t.Fatal("not the error we expected", err)
|
|
}
|
|
if sess != nil {
|
|
t.Fatal("expected nil sess here")
|
|
}
|
|
}
|
|
|
|
func TestQUICDialerQUICGoInvalidPort(t *testing.T) {
|
|
tlsConfig := &tls.Config{
|
|
ServerName: "www.google.com",
|
|
}
|
|
systemdialer := quicDialerQUICGo{
|
|
QUICListener: &quicListenerStdlib{},
|
|
}
|
|
ctx := context.Background()
|
|
sess, err := systemdialer.DialContext(
|
|
ctx, "udp", "8.8.4.4:xyz", tlsConfig, &quic.Config{})
|
|
if err == nil || !strings.HasSuffix(err.Error(), "invalid syntax") {
|
|
t.Fatal("not the error we expected", err)
|
|
}
|
|
if sess != nil {
|
|
t.Fatal("expected nil sess here")
|
|
}
|
|
}
|
|
|
|
func TestQUICDialerQUICGoInvalidIP(t *testing.T) {
|
|
tlsConfig := &tls.Config{
|
|
ServerName: "www.google.com",
|
|
}
|
|
systemdialer := quicDialerQUICGo{
|
|
QUICListener: &quicListenerStdlib{},
|
|
}
|
|
ctx := context.Background()
|
|
sess, err := systemdialer.DialContext(
|
|
ctx, "udp", "a.b.c.d:0", tlsConfig, &quic.Config{})
|
|
if !errors.Is(err, errInvalidIP) {
|
|
t.Fatal("not the error we expected", err)
|
|
}
|
|
if sess != nil {
|
|
t.Fatal("expected nil sess here")
|
|
}
|
|
}
|
|
|
|
func TestQUICDialerQUICGoCannotListen(t *testing.T) {
|
|
expected := errors.New("mocked error")
|
|
tlsConfig := &tls.Config{
|
|
ServerName: "www.google.com",
|
|
}
|
|
systemdialer := quicDialerQUICGo{
|
|
QUICListener: &mocks.QUICListener{
|
|
MockListen: func(addr *net.UDPAddr) (quicx.UDPLikeConn, error) {
|
|
return nil, expected
|
|
},
|
|
},
|
|
}
|
|
ctx := context.Background()
|
|
sess, err := systemdialer.DialContext(
|
|
ctx, "udp", "8.8.8.8:443", tlsConfig, &quic.Config{})
|
|
if !errors.Is(err, expected) {
|
|
t.Fatal("not the error we expected", err)
|
|
}
|
|
if sess != nil {
|
|
t.Fatal("expected nil sess here")
|
|
}
|
|
}
|
|
|
|
func TestQUICDialerQUICGoCannotPerformHandshake(t *testing.T) {
|
|
tlsConfig := &tls.Config{
|
|
ServerName: "dns.google",
|
|
}
|
|
systemdialer := quicDialerQUICGo{
|
|
QUICListener: &quicListenerStdlib{},
|
|
}
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
cancel() // fail immediately
|
|
sess, err := systemdialer.DialContext(
|
|
ctx, "udp", "8.8.8.8:443", tlsConfig, &quic.Config{})
|
|
if !errors.Is(err, context.Canceled) {
|
|
t.Fatal("not the error we expected", err)
|
|
}
|
|
if sess != nil {
|
|
log.Fatal("expected nil session here")
|
|
}
|
|
}
|
|
|
|
func TestQUICDialerQUICGoWorksAsIntended(t *testing.T) {
|
|
tlsConfig := &tls.Config{
|
|
ServerName: "dns.google",
|
|
}
|
|
systemdialer := quicDialerQUICGo{
|
|
QUICListener: &quicListenerStdlib{},
|
|
}
|
|
ctx := context.Background()
|
|
sess, err := systemdialer.DialContext(
|
|
ctx, "udp", "8.8.8.8:443", tlsConfig, &quic.Config{})
|
|
if err != nil {
|
|
t.Fatal("not the error we expected", err)
|
|
}
|
|
<-sess.HandshakeComplete().Done()
|
|
if err := sess.CloseWithError(0, ""); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func TestQUICDialerQUICGoTLSDefaultsForWeb(t *testing.T) {
|
|
expected := errors.New("mocked error")
|
|
var gotTLSConfig *tls.Config
|
|
tlsConfig := &tls.Config{
|
|
ServerName: "dns.google",
|
|
}
|
|
systemdialer := quicDialerQUICGo{
|
|
QUICListener: &quicListenerStdlib{},
|
|
mockDialEarlyContext: func(ctx context.Context, pconn net.PacketConn,
|
|
remoteAddr net.Addr, host string, tlsConfig *tls.Config,
|
|
quicConfig *quic.Config) (quic.EarlySession, error) {
|
|
gotTLSConfig = tlsConfig
|
|
return nil, expected
|
|
},
|
|
}
|
|
ctx := context.Background()
|
|
sess, err := systemdialer.DialContext(
|
|
ctx, "udp", "8.8.8.8:443", tlsConfig, &quic.Config{})
|
|
if !errors.Is(err, expected) {
|
|
t.Fatal("not the error we expected", err)
|
|
}
|
|
if sess != nil {
|
|
t.Fatal("expected nil session here")
|
|
}
|
|
if tlsConfig.RootCAs != nil {
|
|
t.Fatal("tlsConfig.RootCAs should not have been changed")
|
|
}
|
|
if gotTLSConfig.RootCAs != defaultCertPool {
|
|
t.Fatal("invalid gotTLSConfig.RootCAs")
|
|
}
|
|
if tlsConfig.NextProtos != nil {
|
|
t.Fatal("tlsConfig.NextProtos should not have been changed")
|
|
}
|
|
if diff := cmp.Diff(gotTLSConfig.NextProtos, []string{"h3"}); diff != "" {
|
|
t.Fatal("invalid gotTLSConfig.NextProtos", diff)
|
|
}
|
|
if tlsConfig.ServerName != gotTLSConfig.ServerName {
|
|
t.Fatal("the ServerName field must match")
|
|
}
|
|
}
|
|
|
|
func TestQUICDialerQUICGoTLSDefaultsForDoQ(t *testing.T) {
|
|
expected := errors.New("mocked error")
|
|
var gotTLSConfig *tls.Config
|
|
tlsConfig := &tls.Config{
|
|
ServerName: "dns.google",
|
|
}
|
|
systemdialer := quicDialerQUICGo{
|
|
QUICListener: &quicListenerStdlib{},
|
|
mockDialEarlyContext: func(ctx context.Context, pconn net.PacketConn,
|
|
remoteAddr net.Addr, host string, tlsConfig *tls.Config,
|
|
quicConfig *quic.Config) (quic.EarlySession, error) {
|
|
gotTLSConfig = tlsConfig
|
|
return nil, expected
|
|
},
|
|
}
|
|
ctx := context.Background()
|
|
sess, err := systemdialer.DialContext(
|
|
ctx, "udp", "8.8.8.8:8853", tlsConfig, &quic.Config{})
|
|
if !errors.Is(err, expected) {
|
|
t.Fatal("not the error we expected", err)
|
|
}
|
|
if sess != nil {
|
|
t.Fatal("expected nil session here")
|
|
}
|
|
if tlsConfig.RootCAs != nil {
|
|
t.Fatal("tlsConfig.RootCAs should not have been changed")
|
|
}
|
|
if gotTLSConfig.RootCAs != defaultCertPool {
|
|
t.Fatal("invalid gotTLSConfig.RootCAs")
|
|
}
|
|
if tlsConfig.NextProtos != nil {
|
|
t.Fatal("tlsConfig.NextProtos should not have been changed")
|
|
}
|
|
if diff := cmp.Diff(gotTLSConfig.NextProtos, []string{"dq"}); diff != "" {
|
|
t.Fatal("invalid gotTLSConfig.NextProtos", diff)
|
|
}
|
|
if tlsConfig.ServerName != gotTLSConfig.ServerName {
|
|
t.Fatal("the ServerName field must match")
|
|
}
|
|
}
|
|
|
|
func TestQUICDialerResolverSuccess(t *testing.T) {
|
|
tlsConfig := &tls.Config{}
|
|
dialer := &quicDialerResolver{
|
|
Resolver: &net.Resolver{}, Dialer: &quicDialerQUICGo{
|
|
QUICListener: &quicListenerStdlib{},
|
|
}}
|
|
sess, err := dialer.DialContext(
|
|
context.Background(), "udp", "www.google.com:443",
|
|
tlsConfig, &quic.Config{})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
<-sess.HandshakeComplete().Done()
|
|
if err := sess.CloseWithError(0, ""); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func TestQUICDialerResolverNoPort(t *testing.T) {
|
|
tlsConfig := &tls.Config{}
|
|
dialer := &quicDialerResolver{
|
|
Resolver: new(net.Resolver), Dialer: &quicDialerQUICGo{}}
|
|
sess, err := dialer.DialContext(
|
|
context.Background(), "udp", "www.google.com",
|
|
tlsConfig, &quic.Config{})
|
|
if err == nil || !strings.HasSuffix(err.Error(), "missing port in address") {
|
|
t.Fatal("not the error we expected")
|
|
}
|
|
if sess != nil {
|
|
t.Fatal("expected a nil sess here")
|
|
}
|
|
}
|
|
|
|
func TestQUICDialerResolverLookupHostAddress(t *testing.T) {
|
|
dialer := &quicDialerResolver{Resolver: &mocks.Resolver{
|
|
MockLookupHost: func(ctx context.Context, domain string) ([]string, error) {
|
|
// We should not arrive here and call this function but if we do then
|
|
// there is going to be an error that fails this test.
|
|
return nil, errors.New("mocked error")
|
|
},
|
|
}}
|
|
addrs, err := dialer.lookupHost(context.Background(), "1.1.1.1")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if len(addrs) != 1 || addrs[0] != "1.1.1.1" {
|
|
t.Fatal("not the result we expected")
|
|
}
|
|
}
|
|
|
|
func TestQUICDialerResolverLookupHostFailure(t *testing.T) {
|
|
tlsConfig := &tls.Config{}
|
|
expected := errors.New("mocked error")
|
|
dialer := &quicDialerResolver{Resolver: &mocks.Resolver{
|
|
MockLookupHost: func(ctx context.Context, domain string) ([]string, error) {
|
|
return nil, expected
|
|
},
|
|
}}
|
|
sess, err := dialer.DialContext(
|
|
context.Background(), "udp", "dns.google.com:853",
|
|
tlsConfig, &quic.Config{})
|
|
if !errors.Is(err, expected) {
|
|
t.Fatal("not the error we expected")
|
|
}
|
|
if sess != nil {
|
|
t.Fatal("expected nil sess")
|
|
}
|
|
}
|
|
|
|
func TestQUICDialerResolverInvalidPort(t *testing.T) {
|
|
// This test allows us to check for the case where every attempt
|
|
// to establish a connection leads to a failure
|
|
tlsConf := &tls.Config{}
|
|
dialer := &quicDialerResolver{
|
|
Resolver: new(net.Resolver), Dialer: &quicDialerQUICGo{
|
|
QUICListener: &quicListenerStdlib{},
|
|
}}
|
|
sess, err := dialer.DialContext(
|
|
context.Background(), "udp", "www.google.com:0",
|
|
tlsConf, &quic.Config{})
|
|
if err == nil {
|
|
t.Fatal("expected an error here")
|
|
}
|
|
if !strings.HasSuffix(err.Error(), "sendto: invalid argument") &&
|
|
!strings.HasSuffix(err.Error(), "sendto: can't assign requested address") {
|
|
t.Fatal("not the error we expected", err)
|
|
}
|
|
if sess != nil {
|
|
t.Fatal("expected nil sess")
|
|
}
|
|
}
|
|
|
|
func TestQUICDialerResolverApplyTLSDefaults(t *testing.T) {
|
|
expected := errors.New("mocked error")
|
|
var gotTLSConfig *tls.Config
|
|
tlsConfig := &tls.Config{}
|
|
dialer := &quicDialerResolver{
|
|
Resolver: new(net.Resolver), Dialer: &mocks.QUICContextDialer{
|
|
MockDialContext: func(ctx context.Context, network, address string,
|
|
tlsConfig *tls.Config, quicConfig *quic.Config) (quic.EarlySession, error) {
|
|
gotTLSConfig = tlsConfig
|
|
return nil, expected
|
|
},
|
|
}}
|
|
sess, err := dialer.DialContext(
|
|
context.Background(), "udp", "www.google.com:443",
|
|
tlsConfig, &quic.Config{})
|
|
if !errors.Is(err, expected) {
|
|
t.Fatal("not the error we expected", err)
|
|
}
|
|
if sess != nil {
|
|
t.Fatal("expected nil session here")
|
|
}
|
|
if tlsConfig.ServerName != "" {
|
|
t.Fatal("should not have changed tlsConfig.ServerName")
|
|
}
|
|
if gotTLSConfig.ServerName != "www.google.com" {
|
|
t.Fatal("gotTLSConfig.ServerName has not been set")
|
|
}
|
|
}
|
|
|
|
func TestQUICDialerLoggerSuccess(t *testing.T) {
|
|
d := &quicDialerLogger{
|
|
Dialer: &mocks.QUICContextDialer{
|
|
MockDialContext: func(ctx context.Context, network string,
|
|
address string, tlsConfig *tls.Config,
|
|
quicConfig *quic.Config) (quic.EarlySession, error) {
|
|
return &mocks.QUICEarlySession{
|
|
MockCloseWithError: func(
|
|
code quic.ApplicationErrorCode, reason string) error {
|
|
return nil
|
|
},
|
|
}, nil
|
|
},
|
|
},
|
|
Logger: log.Log,
|
|
}
|
|
ctx := context.Background()
|
|
tlsConfig := &tls.Config{}
|
|
quicConfig := &quic.Config{}
|
|
sess, err := d.DialContext(ctx, "udp", "8.8.8.8:443", tlsConfig, quicConfig)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if err := sess.CloseWithError(0, ""); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func TestQUICDialerLoggerFailure(t *testing.T) {
|
|
expected := errors.New("mocked error")
|
|
d := &quicDialerLogger{
|
|
Dialer: &mocks.QUICContextDialer{
|
|
MockDialContext: func(ctx context.Context, network string,
|
|
address string, tlsConfig *tls.Config,
|
|
quicConfig *quic.Config) (quic.EarlySession, error) {
|
|
return nil, expected
|
|
},
|
|
},
|
|
Logger: log.Log,
|
|
}
|
|
ctx := context.Background()
|
|
tlsConfig := &tls.Config{}
|
|
quicConfig := &quic.Config{}
|
|
sess, err := d.DialContext(ctx, "udp", "8.8.8.8:443", tlsConfig, quicConfig)
|
|
if !errors.Is(err, expected) {
|
|
t.Fatal("not the error we expected", err)
|
|
}
|
|
if sess != nil {
|
|
t.Fatal("expected nil session")
|
|
}
|
|
}
|