cmd/sniproxy/server_test.go


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

// Copyright (c) Tailscale Inc & contributors
// SPDX-License-Identifier: BSD-3-Clause

package main

import (
	"net/netip"
	"testing"

	"github.com/google/go-cmp/cmp"
	"github.com/google/go-cmp/cmp/cmpopts"
	"tailscale.com/tailcfg"
	"tailscale.com/types/appctype"
)

func TestMakeConnectorsFromConfig(t *testing.T) {
	tcs := []struct {
		name  string
		input *appctype.AppConnectorConfig
		want  map[appctype.ConfigID]connector
	}{
		{
			"empty",
			&appctype.AppConnectorConfig{},
			nil,
		},
		{
			"DNAT",
			&appctype.AppConnectorConfig{
				DNAT: map[appctype.ConfigID]appctype.DNATConfig{
					"swiggity_swooty": {
						Addrs: []netip.Addr{netip.MustParseAddr("100.64.0.1"), netip.MustParseAddr("fd7a:115c:a1e0::1")},
						To:    []string{"example.org"},
						IP:    []tailcfg.ProtoPortRange{{Proto: 0, Ports: tailcfg.PortRange{First: 0, Last: 65535}}},
					},
				},
			},
			map[appctype.ConfigID]connector{
				"swiggity_swooty": {
					Handlers: map[target]handler{
						{
							Dest:     netip.MustParsePrefix("100.64.0.1/32"),
							Matching: tailcfg.ProtoPortRange{Proto: 0, Ports: tailcfg.PortRange{First: 0, Last: 65535}},
						}: &tcpRoundRobinHandler{To: []string{"example.org"}, ReachableIPs: []netip.Addr{netip.MustParseAddr("100.64.0.1"), netip.MustParseAddr("fd7a:115c:a1e0::1")}},
						{
							Dest:     netip.MustParsePrefix("fd7a:115c:a1e0::1/128"),
							Matching: tailcfg.ProtoPortRange{Proto: 0, Ports: tailcfg.PortRange{First: 0, Last: 65535}},
						}: &tcpRoundRobinHandler{To: []string{"example.org"}, ReachableIPs: []netip.Addr{netip.MustParseAddr("100.64.0.1"), netip.MustParseAddr("fd7a:115c:a1e0::1")}},
					},
				},
			},
		},
		{
			"SNIProxy",
			&appctype.AppConnectorConfig{
				SNIProxy: map[appctype.ConfigID]appctype.SNIProxyConfig{
					"swiggity_swooty": {
						Addrs:          []netip.Addr{netip.MustParseAddr("100.64.0.1"), netip.MustParseAddr("fd7a:115c:a1e0::1")},
						AllowedDomains: []string{"example.org"},
						IP:             []tailcfg.ProtoPortRange{{Proto: 0, Ports: tailcfg.PortRange{First: 0, Last: 65535}}},
					},
				},
			},
			map[appctype.ConfigID]connector{
				"swiggity_swooty": {
					Handlers: map[target]handler{
						{
							Dest:     netip.MustParsePrefix("100.64.0.1/32"),
							Matching: tailcfg.ProtoPortRange{Proto: 0, Ports: tailcfg.PortRange{First: 0, Last: 65535}},
						}: &tcpSNIHandler{Allowlist: []string{"example.org"}, ReachableIPs: []netip.Addr{netip.MustParseAddr("100.64.0.1"), netip.MustParseAddr("fd7a:115c:a1e0::1")}},
						{
							Dest:     netip.MustParsePrefix("fd7a:115c:a1e0::1/128"),
							Matching: tailcfg.ProtoPortRange{Proto: 0, Ports: tailcfg.PortRange{First: 0, Last: 65535}},
						}: &tcpSNIHandler{Allowlist: []string{"example.org"}, ReachableIPs: []netip.Addr{netip.MustParseAddr("100.64.0.1"), netip.MustParseAddr("fd7a:115c:a1e0::1")}},
					},
				},
			},
		},
	}

	for _, tc := range tcs {
		t.Run(tc.name, func(t *testing.T) {
			connectors := makeConnectorsFromConfig(tc.input)

			if diff := cmp.Diff(connectors, tc.want,
				cmpopts.IgnoreFields(tcpRoundRobinHandler{}, "DialContext"),
				cmpopts.IgnoreFields(tcpSNIHandler{}, "DialContext"),
				cmp.Comparer(func(x, y netip.Addr) bool {
					return x == y
				})); diff != "" {
				t.Fatalf("mismatch (-want +got):\n%s", diff)
			}
		})
	}
}