Skip to content

Commit

Permalink
server_test checkExpectedServerTunnelLogFields fixes
Browse files Browse the repository at this point in the history 
- Always use the actual tunnel protocol, taking the demux into account, in all
  conditional checks
- Check tls_profile/tls_version log fields in all TLS/HTTPS cases
- Check meek_tls_padding log field
  • Loading branch information
@rod-hynes
rod-hynes committed Sep 6, 2024
1 parent a250068 commit e9a9b00
Showing 1 changed file with 38 additions and 37 deletions.
75 changes: 38 additions & 37 deletions psiphon/server/server_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2114,12 +2114,15 @@ func checkExpectedServerTunnelLogFields(
return fmt.Errorf("unexpected host_id '%s'", fields["host_id"])
}

expectedRelayProtocol := runConfig.tunnelProtocol
tunnelProtocol := runConfig.tunnelProtocol
if runConfig.clientTunnelProtocol != "" {
expectedRelayProtocol = runConfig.clientTunnelProtocol
// In cases such as UNFRONTED-HTTPS-OSSH/TLS-OSSH demux,
// runConfig.tunnelProtocol is the server listening protocol and
// runConfig.clientTunnelProtocol is the actual tunnel protocol.
tunnelProtocol = runConfig.clientTunnelProtocol
}

if fields["relay_protocol"].(string) != expectedRelayProtocol {
if fields["relay_protocol"].(string) != tunnelProtocol {
return fmt.Errorf("unexpected relay_protocol '%s'", fields["relay_protocol"])
}

Expand Down Expand Up @@ -2238,7 +2241,7 @@ func checkExpectedServerTunnelLogFields(
}
}

if protocol.TunnelProtocolUsesObfuscatedSSH(runConfig.tunnelProtocol) {
if protocol.TunnelProtocolUsesObfuscatedSSH(tunnelProtocol) {

for _, name := range []string{
"padding",
Expand All @@ -2250,8 +2253,7 @@ func checkExpectedServerTunnelLogFields(
}
}

if protocol.TunnelProtocolUsesMeek(runConfig.tunnelProtocol) &&
(runConfig.clientTunnelProtocol == "" || protocol.TunnelProtocolUsesMeekHTTPS(runConfig.clientTunnelProtocol)) {
if protocol.TunnelProtocolUsesMeek(tunnelProtocol) {

for _, name := range []string{
"user_agent",
Expand All @@ -2275,7 +2277,7 @@ func checkExpectedServerTunnelLogFields(
}
}

if protocol.TunnelProtocolUsesMeekHTTP(runConfig.tunnelProtocol) {
if protocol.TunnelProtocolUsesMeekHTTP(tunnelProtocol) {

for _, name := range []string{
"meek_host_header",
Expand All @@ -2294,7 +2296,7 @@ func checkExpectedServerTunnelLogFields(
return fmt.Errorf("unexpected meek_host_header '%s'", fields["meek_host_header"])
}

if !protocol.TunnelProtocolUsesFrontedMeek(runConfig.tunnelProtocol) {
if !protocol.TunnelProtocolUsesFrontedMeek(tunnelProtocol) {
for _, name := range []string{
"meek_dial_ip_address",
"meek_resolved_ip_address",
Expand All @@ -2306,12 +2308,10 @@ func checkExpectedServerTunnelLogFields(
}
}

if protocol.TunnelProtocolUsesMeekHTTPS(runConfig.tunnelProtocol) &&
(runConfig.clientTunnelProtocol == "" || protocol.TunnelProtocolUsesMeekHTTPS(runConfig.clientTunnelProtocol)) {
if protocol.TunnelProtocolUsesMeekHTTPS(tunnelProtocol) {

for _, name := range []string{
"tls_profile",
"tls_version",
"meek_tls_padding",
"meek_sni_server_name",
} {
if fields[name] == nil || fmt.Sprintf("%s", fields[name]) == "" {
Expand All @@ -2324,7 +2324,7 @@ func checkExpectedServerTunnelLogFields(
return fmt.Errorf("unexpected meek_sni_server_name '%s'", fields["meek_sni_server_name"])
}

if !protocol.TunnelProtocolUsesFrontedMeek(runConfig.tunnelProtocol) {
if !protocol.TunnelProtocolUsesFrontedMeek(tunnelProtocol) {
for _, name := range []string{
"meek_dial_ip_address",
"meek_resolved_ip_address",
Expand All @@ -2335,6 +2335,21 @@ func checkExpectedServerTunnelLogFields(
}
}
}
}

if protocol.TunnelProtocolUsesMeekHTTPS(tunnelProtocol) ||
protocol.TunnelProtocolUsesTLSOSSH(tunnelProtocol) {

for _, name := range []string{
"tls_profile",
"tls_version",
"tls_sent_ticket",
"tls_did_resume",
} {
if fields[name] == nil || fmt.Sprintf("%s", fields[name]) == "" {
return fmt.Errorf("missing expected field '%s'", name)
}
}

if !common.Contains(protocol.SupportedTLSProfiles, fields["tls_profile"].(string)) {
return fmt.Errorf("unexpected tls_profile '%s'", fields["tls_profile"])
Expand All @@ -2347,21 +2362,24 @@ func checkExpectedServerTunnelLogFields(
}
}

if protocol.TunnelProtocolUsesMeekHTTPS(runConfig.tunnelProtocol) ||
protocol.TunnelProtocolUsesTLSOSSH(runConfig.tunnelProtocol) {

if protocol.TunnelProtocolUsesTLSOSSH(tunnelProtocol) {
for _, name := range []string{
"tls_sent_ticket",
"tls_did_resume",
"tls_padding",
"tls_ossh_sni_server_name",
"tls_ossh_transformed_host_name",
} {
if fields[name] == nil || fmt.Sprintf("%s", fields[name]) == "" {
return fmt.Errorf("missing expected field '%s'", name)
}
}

hostName := fields["tls_ossh_sni_server_name"].(string)
if regexp.MustCompile(testCustomHostNameRegex).FindString(hostName) != hostName {
return fmt.Errorf("unexpected tls_ossh_sni_server_name '%s'", fields["tls_ossh_sni_server_name"])
}
}

if protocol.TunnelProtocolUsesQUIC(runConfig.tunnelProtocol) {
if protocol.TunnelProtocolUsesQUIC(tunnelProtocol) {

for _, name := range []string{
"quic_version",
Expand All @@ -2384,24 +2402,7 @@ func checkExpectedServerTunnelLogFields(
}
}

if protocol.TunnelProtocolUsesTLSOSSH(expectedRelayProtocol) {
for _, name := range []string{
"tls_padding",
"tls_ossh_sni_server_name",
"tls_ossh_transformed_host_name",
} {
if fields[name] == nil || fmt.Sprintf("%s", fields[name]) == "" {
return fmt.Errorf("missing expected field '%s'", name)
}
}

hostName := fields["tls_ossh_sni_server_name"].(string)
if regexp.MustCompile(testCustomHostNameRegex).FindString(hostName) != hostName {
return fmt.Errorf("unexpected tls_ossh_sni_server_name '%s'", fields["tls_ossh_sni_server_name"])
}
}

if protocol.TunnelProtocolUsesInproxy(runConfig.tunnelProtocol) {
if protocol.TunnelProtocolUsesInproxy(tunnelProtocol) {

for _, name := range []string{

Expand Down

0 comments on commit e9a9b00

Please sign in to comment.