fixes for test scripts

lib/cnf/config.go

@@ -30,8 +30,8 @@ type ServiceConfig struct {
 type ServiceListener struct {
 	Mode   meta.ListenMode `yaml:"mode" default:"transparent"`
 	Port   uint16          `yaml:"port"`
-	IP4    []string        `yaml:"ip4" default:"[\"127.0.0.1\"]"`
-	IP6    []string        `yaml:"ip6" default:"[\"::1\"]"`
+	IP4    YamlStringArray `yaml:"ip4" default:"[\"127.0.0.1\"]"`
+	IP6    YamlStringArray `yaml:"ip6" default:"[\"::1\"]"`
 	Tcp    bool            `yaml:"tcp" default:"true"`
 	Udp    bool            `yaml:"udp" default:"false"` // not implemented
 	TProxy bool            `yaml:"tproxy" default:"false"`

test/config.yml

@@ -14,12 +14,20 @@ service:
       tproxy: true
     - mode: 'proxyproto'
       port: PORT_BASE3
+      ip4: ['0.0.0.0']
+      ip6: ['::']
     - mode: 'http'
       port: PORT_BASE4
+      ip4: ['0.0.0.0']
+      ip6: ['::']
     # - mode: 'https'
     #   port: PORT_BASE5
+    #   ip4: ['0.0.0.0']
+    #   ip6: ['::']
     # - mode: 'socks5'
     #   port: PORT_BASE6
+    #   ip4: ['0.0.0.0']
+    #   ip6: ['::']
 
   certs:
     # caPublic: 'CRT_BASE.ca.crt'
@@ -39,33 +47,40 @@ service:
     retries: 1  # connect-retries
 
   metrics:
-    enabled: false
+    enabled: true
     port: 9512
 
 vars:
   - name: 'net_private'
     value: ['192.168.0.0/16', '172.16.0.0/12', '10.0.0.0/8']
-  - name: 'svc_http'
+  - name: 'svc_tcp'
     value: [80, 443]
+  - name: 'svc_udp'
+    value: [53, 123]
 
 rules:
   - match:
-      dest: '192.168.100.0/24'
-    action: 'drop'
-
-  - match:
-      port: ['!443', '!80']
-    action: 'drop'
+      dest: '!$net_private'
+      port: '$svc_tcp'
+      protoL3: 'ip4'
+      protoL4: 'tcp'
+    action: 'accept'
 
   - match:
-      src: '$net_private'
-      dest: '$net_private'
-      port: '$svc_http'
+      port: '$svc_tcp'
+      protoL3: 'ip6'
       protoL4: 'tcp'
     action: 'accept'
 
   - match:
       dest: '!$net_private'
-      port: [443, 80]
-      protoL4: 'tcp'
+      port: '$svc_udp'
+      protoL3: 'ip4'
+      protoL4: 'udp'
+    action: 'accept'
+
+  - match:
+      port: '$svc_udp'
+      protoL3: 'ip6'
+      protoL4: 'udp'
     action: 'accept'

test/main.sh

@@ -14,27 +14,7 @@ then
   PORT_BASE="3${PORT_BASE:1}"
 fi
 
-function log {
-  echo ''
-  echo "$1"
-  echo ''
-}
-
-function log_header {
-  echo "##### $1 #####"
-}
-
-function stop_proxy {
-  log 'STOPPING PROXY'
-  ssh_cmd "sudo systemctl stop calamary@${VERSION}.service"
-}
-
-function cleanup {
-  log 'CLEANUP'
-  ssh_cmd "sudo rm -f ${TMP_BASE}*"
-  rm -f ./*_tmp.*
-  stop_proxy
-}
+source ./util/main.sh
 
 cleanup
 
@@ -50,9 +30,6 @@ log 'GENERATING CERTS'
 openssl req -x509 -newkey rsa:4096 -keyout 'cert_tmp.key' -out 'cert_tmp.crt' -sha256 -days 60 -nodes -subj "$CERT_CN" 2>/dev/null
 
 log 'COPYING FILES TO PROXY-HOST'
-function copy_file {
-    scp -P "$PROXY_SSH_PORT" "$1" "$PROXY_USER"@"$PROXY_HOST":"$2" >/dev/null 2>&1
-}
 
 copy_file 'calamary' "$TMP_BASE"
 copy_file 'config_tmp.yml' "${TMP_BASE}.yml"
@@ -63,13 +40,7 @@ ssh_cmd "sudo chown proxy:proxy ${TMP_BASE}*"
 log 'STARTING PROXY'
 ssh_cmd "sudo systemctl start calamary@${VERSION}.service"
 
-function fail {
-  log 'TEST-RUN FAILED!'
-  status='FAILED'
-  stop_proxy
-  update_badge
-  exit 99
-}
+# todo: iptables/nftables NAT for transparent mode
 
 log 'STARTING TESTS'
 

test/testGeneral.sh

@@ -3,11 +3,11 @@
 set -uo pipefail
 set +e
 
-# tests are targeting the 'transparent' mode
-
 source ./util/base.sh
 
+PORT_BASE="${PORT_BASE:='1000'}"
 PROXY_PORT="${PROXY_PORT:="${PORT_BASE}1"}"
+# tests are targeting the 'transparent' mode
 
 testsGeneral=()
 

test/testHttp.sh

@@ -5,6 +5,7 @@ set +e
 
 source ./util/base.sh
 
+PORT_BASE="${PORT_BASE:='1000'}"
 PROXY_PORT="${PROXY_PORT:="${PORT_BASE}4"}"
 
 export http_proxy="http://${PROXY_HOST}:${PROXY_PORT}"

test/testHttps.sh

@@ -5,6 +5,7 @@ set +e
 
 source ./util/base.sh
 
+PORT_BASE="${PORT_BASE:='1000'}"
 PROXY_PORT="${PROXY_PORT:="${PORT_BASE}5"}"
 
 export http_proxy="https://${PROXY_HOST}:${PROXY_PORT}"

test/testProxyproto.sh

@@ -5,6 +5,7 @@ set +e
 
 source ./util/base.sh
 
+PORT_BASE="${PORT_BASE:='1000'}"
 PROXY_PORT="${PROXY_PORT:="${PORT_BASE}3"}"
 
 testsProxyproto=()

test/testSocks5.sh

@@ -5,6 +5,7 @@ set +e
 
 source ./util/base.sh
 
+PORT_BASE="${PORT_BASE:='1000'}"
 PROXY_PORT="${PROXY_PORT:="${PORT_BASE}6"}"
 
 export http_proxy="socks5://${PROXY_HOST}:${PROXY_PORT}"

test/testTransparent.sh

@@ -4,8 +4,8 @@ set -uo pipefail
 set +e
 
 source ./util/base.sh
-source ./util/route.sh
 
+PORT_BASE="${PORT_BASE:='1000'}"
 PROXY_PORT="${PROXY_PORT:="${PORT_BASE}1"}"
 
 testsTransparent=()

test/testTransparentTproxy.sh

@@ -5,6 +5,7 @@ set +e
 
 source ./util/base.sh
 
+PORT_BASE="${PORT_BASE:='1000'}"
 PROXY_PORT="${PROXY_PORT:="${PORT_BASE}2"}"
 
 testsTransparentTproxy=()

test/tools/sources.txt

@@ -0,0 +1 @@
+EasyRSA: https://github.com/OpenVPN/easy-rsa/

test/util/base.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+source ./route.sh
+
 function runTest {
   testScript="$1"
   echo ''

test/util/main.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+function log {
+  echo "$1"
+}
+
+function log_header {
+  echo "##### $1 #####"
+}
+
+function stop_proxy {
+  log 'STOPPING PROXY'
+  ssh_cmd "sudo systemctl stop calamary@${VERSION}.service"
+}
+
+function cleanup {
+  log 'CLEANUP'
+  ssh_cmd "sudo rm -f ${TMP_BASE}*"
+  rm -f ./*_tmp.*
+  stop_proxy
+}
+
+function copy_file {
+    scp -P "$PROXY_SSH_PORT" "$1" "$PROXY_USER"@"$PROXY_HOST":"$2" >/dev/null 2>&1
+}
+
+function fail {
+  log 'TEST-RUN FAILED!'
+  status='FAILED'
+  stop_proxy
+  update_badge
+  exit 99
+}

test/wrapper.sh

@@ -5,6 +5,8 @@
 
 set -eo pipefail
 
+echo ''
+
 if [ -z "$1" ]
 then
   echo ''
@@ -31,9 +33,7 @@ BADGE_COLORS[FAILED]='#d9644d'
 BADGE_COLORS[FAILED-ENVIRONMENT]='#d9644d'
 
 function log {
-  echo ''
   echo "$1"
-  echo ''
 }
 
 function update_badge {
@@ -80,3 +80,5 @@ WD="$(pwd)"
 # start actual testing
 log 'STARTING TESTS'
 source ./main.sh
+
+echo ''