Commit Graph

10 Commits (64b71bd8a6522e1adca62e02c34bf027d0c82b99)

Author SHA1 Message Date
ginuerzh 64b71bd8a6
test(e2e): add utls dialer regression suite (#888)
Adds an e2e suite (tests/e2e/utls_test.go + testdata/utls/*)
that exercises the utls dialer in a forward-proxy chain:

  curl -> client gost (http proxy :8080)
       -> chain node (http connector + utls dialer)
         -> server gost (http over TLS listener :8443)
           -> tcp-echo

Two cases:

- TestUTLSInsecure: regression for go-gost/gost#887. A utls
  dialer with `secure: false` must still complete the handshake
  (InsecureSkipVerify must be honoured). The old unsafe cast read
  garbage for InsecureSkipVerify and the handshake failed.
- TestUTLSSecureWithCA: exercises the converter's RootCAs /
  ServerName path with a CA-signed server cert.

Uses the deterministic `Chrome` fingerprint (not `randomized`, which
randomises the ClientHello and is flaky against a standard Go TLS
server).

Bumps github.com/go-gost/x to v0.13.11, which fixes the
second half of #887: the curve-preference enum divergence between
crypto/tls and utls (Go 1.24+ appends PQC hybrid curves that
utls does not define).

Related: go-gost/gost#887, go-gost/x#111, go-gost/x#112
2026-07-11 15:46:39 +08:00
ginuerzh ccf2989bc0 gost: bump x to v0.13.9, relay to v0.6.2; add PHT e2e tests
- go.mod: x v0.13.8 → v0.13.9, relay v0.6.1 → v0.6.2
- tests/e2e/pht_test.go: 3 test cases (basic tunnel, PHTs, heartbeat)
- tests/e2e/testdata/pht/: client/server and client_phts/server_phts YAML configs
2026-07-06 22:10:15 +08:00
ginuerzh dd56308b2e test(mtls): add e2e tests for mTLS client cert identity forwarding
Tests verify: mTLS proxy works with valid client cert, mTLS rejects
connections without client cert, HTTP auth plugin receives client_cn,
client_san, client_cert_fingerprint via PeerCert context propagation.
2026-07-04 19:00:44 +08:00
ginuerzh 43724a5c40 test: add http2 handler e2e suite and tighten host-mapper + idle-timeout tests
Add tests/e2e/http2_test.go covering the http2 handler/listener/connector/dialer
end-to-end through the canonical gost-as-client pattern (8 subtests: forward,
auth, bypass, probeResist/metadata, h2 stream multiplexing). Include
testdata/http2/{server,server_auth,server_bypass,server_proberesist,client,
client_auth}.yaml. Note that h2/h2c listeners pair with the tunnel handler
and only http2 listener pairs with handler http2 (reads r/w from metadata).

Tighten TestDNSHostMapper by pointing the handler at an unreachable upstream
so unmapped names fail at the exchanger, confirming the host-mapper path was
the sole reason mapped names resolved. Fix http_idle_timeout.py to speak HTTP
through the CONNECT tunnel rather than a raw ping, matching the echo backend.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-06-27 20:15:31 +08:00
ginuerzh 0bb9109c71 feat: add comprehensive forward handler e2e tests
Add TCP/UDP forward handler e2e tests covering basic forwarding, alias
(forward/tcp), sniffing, raw pipe, idleTimeout, multi-node protocol
filtering, sniffing bypass (403), stateful UDP, and stateless UDP.

New files:
- forward_test.go: ForwardSuite with 9 test methods
- testdata/forward/: server configs (tcp, udp, stateless, sniffing,
  bypass, multi-node, idleTimeout)
- scripts/tcp_idle_timeout.py, udp_forward_test.py: Python harnesses
  for in-container idle timeout and UDP echo verification
2026-06-27 13:59:22 +08:00
ginuerzh a0427be086 feat: add comprehensive DNS handler e2e tests
Adds 22 DNS e2e subtests across 8 test methods covering: upstream
resolution (A, AAAA, multi-A), TCP mode, bypass rules, host mapper,
exchange failure (graceful error recovery), rate limiter wiring,
invalid query handling, and DNS over TLS (mode: tls).

Includes two authoritative DNS responders (UDP/TCP), a standalone
DNS query client, and a TLS DNS query script.
2026-06-27 00:21:37 +08:00
ginuerzh 590c6f48bd feat: add file handler e2e tests covering GET, PUT, index, auth, and 404
Adds 5 test methods (7 test cases) for the file handler:
GET existing file, GET nonexistent file, GET index.html, PUT upload,
PUT without permission, and auth (no-auth-401, with-auth-success).

Includes test data files and server YAML configs under
tests/e2e/testdata/file/.
2026-06-26 22:19:13 +08:00
ginuerzh 69b561f944 feat: add comprehensive HTTP e2e tests covering connector, TLS, probeResist, idleTimeout, and UDP relay
Adds 12 new HTTP handler test scenarios: HTTP connector (no-auth, auth, TLS
upstream), CONNECT tunnel (no-sniffing, bypass-403), probeResist (host, web,
file, knock), idleTimeout, and UDP relay over HTTP. Introduces
RunGostContainerWithFiles helper for mounting extra files into test containers.
2026-06-26 22:00:35 +08:00
RMT 8740e6f258
Add e2e test cases for shadowsocks 2026-05-22 14:28:17 +08:00
RMT c06eb0d331 WIP 2026-04-26 22:18:07 +08:00