diff --git a/lib/cnf/config.go b/lib/cnf/config.go index c731dc0..492b9a0 100644 --- a/lib/cnf/config.go +++ b/lib/cnf/config.go @@ -30,8 +30,8 @@ type ServiceConfig struct { type ServiceListener struct { Mode meta.ListenMode `yaml:"mode" default:"transparent"` Port uint16 `yaml:"port"` - IP4 []string `yaml:"ip4" default:"[\"127.0.0.1\"]"` - IP6 []string `yaml:"ip6" default:"[\"::1\"]"` + IP4 YamlStringArray `yaml:"ip4" default:"[\"127.0.0.1\"]"` + IP6 YamlStringArray `yaml:"ip6" default:"[\"::1\"]"` Tcp bool `yaml:"tcp" default:"true"` Udp bool `yaml:"udp" default:"false"` // not implemented TProxy bool `yaml:"tproxy" default:"false"` diff --git a/test/config.yml b/test/config.yml index 3f99014..24b73c4 100644 --- a/test/config.yml +++ b/test/config.yml @@ -14,12 +14,20 @@ service: tproxy: true - mode: 'proxyproto' port: PORT_BASE3 + ip4: ['0.0.0.0'] + ip6: ['::'] - mode: 'http' port: PORT_BASE4 + ip4: ['0.0.0.0'] + ip6: ['::'] # - mode: 'https' # port: PORT_BASE5 + # ip4: ['0.0.0.0'] + # ip6: ['::'] # - mode: 'socks5' # port: PORT_BASE6 + # ip4: ['0.0.0.0'] + # ip6: ['::'] certs: # caPublic: 'CRT_BASE.ca.crt' @@ -39,33 +47,40 @@ service: retries: 1 # connect-retries metrics: - enabled: false + enabled: true port: 9512 vars: - name: 'net_private' value: ['192.168.0.0/16', '172.16.0.0/12', '10.0.0.0/8'] - - name: 'svc_http' + - name: 'svc_tcp' value: [80, 443] + - name: 'svc_udp' + value: [53, 123] rules: - match: - dest: '192.168.100.0/24' - action: 'drop' - - - match: - port: ['!443', '!80'] - action: 'drop' + dest: '!$net_private' + port: '$svc_tcp' + protoL3: 'ip4' + protoL4: 'tcp' + action: 'accept' - match: - src: '$net_private' - dest: '$net_private' - port: '$svc_http' + port: '$svc_tcp' + protoL3: 'ip6' protoL4: 'tcp' action: 'accept' - match: dest: '!$net_private' - port: [443, 80] - protoL4: 'tcp' + port: '$svc_udp' + protoL3: 'ip4' + protoL4: 'udp' + action: 'accept' + + - match: + port: '$svc_udp' + protoL3: 'ip6' + protoL4: 'udp' action: 'accept' diff --git a/test/main.sh b/test/main.sh index cd3b2ca..39bc60a 100644 --- a/test/main.sh +++ b/test/main.sh @@ -14,27 +14,7 @@ then PORT_BASE="3${PORT_BASE:1}" fi -function log { - echo '' - echo "$1" - echo '' -} - -function log_header { - echo "##### $1 #####" -} - -function stop_proxy { - log 'STOPPING PROXY' - ssh_cmd "sudo systemctl stop calamary@${VERSION}.service" -} - -function cleanup { - log 'CLEANUP' - ssh_cmd "sudo rm -f ${TMP_BASE}*" - rm -f ./*_tmp.* - stop_proxy -} +source ./util/main.sh cleanup @@ -50,9 +30,6 @@ log 'GENERATING CERTS' openssl req -x509 -newkey rsa:4096 -keyout 'cert_tmp.key' -out 'cert_tmp.crt' -sha256 -days 60 -nodes -subj "$CERT_CN" 2>/dev/null log 'COPYING FILES TO PROXY-HOST' -function copy_file { - scp -P "$PROXY_SSH_PORT" "$1" "$PROXY_USER"@"$PROXY_HOST":"$2" >/dev/null 2>&1 -} copy_file 'calamary' "$TMP_BASE" copy_file 'config_tmp.yml' "${TMP_BASE}.yml" @@ -63,13 +40,7 @@ ssh_cmd "sudo chown proxy:proxy ${TMP_BASE}*" log 'STARTING PROXY' ssh_cmd "sudo systemctl start calamary@${VERSION}.service" -function fail { - log 'TEST-RUN FAILED!' - status='FAILED' - stop_proxy - update_badge - exit 99 -} +# todo: iptables/nftables NAT for transparent mode log 'STARTING TESTS' diff --git a/test/testGeneral.sh b/test/testGeneral.sh index 79b2e03..e6f1d27 100644 --- a/test/testGeneral.sh +++ b/test/testGeneral.sh @@ -3,11 +3,11 @@ set -uo pipefail set +e -# tests are targeting the 'transparent' mode - source ./util/base.sh +PORT_BASE="${PORT_BASE:='1000'}" PROXY_PORT="${PROXY_PORT:="${PORT_BASE}1"}" +# tests are targeting the 'transparent' mode testsGeneral=() diff --git a/test/testHttp.sh b/test/testHttp.sh index 932245b..a3f0db7 100644 --- a/test/testHttp.sh +++ b/test/testHttp.sh @@ -5,6 +5,7 @@ set +e source ./util/base.sh +PORT_BASE="${PORT_BASE:='1000'}" PROXY_PORT="${PROXY_PORT:="${PORT_BASE}4"}" export http_proxy="http://${PROXY_HOST}:${PROXY_PORT}" diff --git a/test/testHttps.sh b/test/testHttps.sh index 7ce2f9c..47867f7 100644 --- a/test/testHttps.sh +++ b/test/testHttps.sh @@ -5,6 +5,7 @@ set +e source ./util/base.sh +PORT_BASE="${PORT_BASE:='1000'}" PROXY_PORT="${PROXY_PORT:="${PORT_BASE}5"}" export http_proxy="https://${PROXY_HOST}:${PROXY_PORT}" diff --git a/test/testProxyproto.sh b/test/testProxyproto.sh index de83a43..c472769 100644 --- a/test/testProxyproto.sh +++ b/test/testProxyproto.sh @@ -5,6 +5,7 @@ set +e source ./util/base.sh +PORT_BASE="${PORT_BASE:='1000'}" PROXY_PORT="${PROXY_PORT:="${PORT_BASE}3"}" testsProxyproto=() diff --git a/test/testSocks5.sh b/test/testSocks5.sh index 67ee8f9..90d3855 100644 --- a/test/testSocks5.sh +++ b/test/testSocks5.sh @@ -5,6 +5,7 @@ set +e source ./util/base.sh +PORT_BASE="${PORT_BASE:='1000'}" PROXY_PORT="${PROXY_PORT:="${PORT_BASE}6"}" export http_proxy="socks5://${PROXY_HOST}:${PROXY_PORT}" diff --git a/test/testTransparent.sh b/test/testTransparent.sh index 7f5b449..498dbf5 100644 --- a/test/testTransparent.sh +++ b/test/testTransparent.sh @@ -4,8 +4,8 @@ set -uo pipefail set +e source ./util/base.sh -source ./util/route.sh +PORT_BASE="${PORT_BASE:='1000'}" PROXY_PORT="${PROXY_PORT:="${PORT_BASE}1"}" testsTransparent=() diff --git a/test/testTransparentTproxy.sh b/test/testTransparentTproxy.sh index b1ba47c..b261449 100644 --- a/test/testTransparentTproxy.sh +++ b/test/testTransparentTproxy.sh @@ -5,6 +5,7 @@ set +e source ./util/base.sh +PORT_BASE="${PORT_BASE:='1000'}" PROXY_PORT="${PROXY_PORT:="${PORT_BASE}2"}" testsTransparentTproxy=() diff --git a/test/tools/EasyRSA-3.1.6.tgz b/test/tools/EasyRSA-3.1.6.tgz new file mode 100644 index 0000000..8886aac Binary files /dev/null and b/test/tools/EasyRSA-3.1.6.tgz differ diff --git a/test/tools/sources.txt b/test/tools/sources.txt new file mode 100644 index 0000000..30ae17b --- /dev/null +++ b/test/tools/sources.txt @@ -0,0 +1 @@ +EasyRSA: https://github.com/OpenVPN/easy-rsa/ \ No newline at end of file diff --git a/test/util/base.sh b/test/util/base.sh index c5a9856..9d7c9d3 100644 --- a/test/util/base.sh +++ b/test/util/base.sh @@ -1,5 +1,7 @@ #!/bin/bash +source ./route.sh + function runTest { testScript="$1" echo '' diff --git a/test/util/main.sh b/test/util/main.sh new file mode 100644 index 0000000..379177f --- /dev/null +++ b/test/util/main.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +function log { + echo "$1" +} + +function log_header { + echo "##### $1 #####" +} + +function stop_proxy { + log 'STOPPING PROXY' + ssh_cmd "sudo systemctl stop calamary@${VERSION}.service" +} + +function cleanup { + log 'CLEANUP' + ssh_cmd "sudo rm -f ${TMP_BASE}*" + rm -f ./*_tmp.* + stop_proxy +} + +function copy_file { + scp -P "$PROXY_SSH_PORT" "$1" "$PROXY_USER"@"$PROXY_HOST":"$2" >/dev/null 2>&1 +} + +function fail { + log 'TEST-RUN FAILED!' + status='FAILED' + stop_proxy + update_badge + exit 99 +} diff --git a/test/wrapper.sh b/test/wrapper.sh index f1d8925..49285ce 100644 --- a/test/wrapper.sh +++ b/test/wrapper.sh @@ -5,6 +5,8 @@ set -eo pipefail +echo '' + if [ -z "$1" ] then echo '' @@ -31,9 +33,7 @@ BADGE_COLORS[FAILED]='#d9644d' BADGE_COLORS[FAILED-ENVIRONMENT]='#d9644d' function log { - echo '' echo "$1" - echo '' } function update_badge { @@ -80,3 +80,5 @@ WD="$(pwd)" # start actual testing log 'STARTING TESTS' source ./main.sh + +echo ''