Commit Graph

21 Commits (e9cf3b4d3f36949f308b131d8446ee794e2f61d6)

Author SHA1 Message Date
ginuerzh e9cf3b4d3f e2e: add cmd probe failover test with true/false command nodes 2026-07-16 20:53:30 +08:00
ginuerzh bef00dffef e2e: add node liveness probe tests
TCP probe + FailFilter: dead node pre-marked, all requests succeed.
LowestLatency strategy: two probed nodes, selector picks fastest.
2026-07-16 20:53:30 +08:00
ginuerzh 1c6fadcb1e test(e2e): add routing matcher module e2e test suite
Verify node-level routing matchers via a two-proxy relay: a forward
proxy whose only chain node carries matcher Host(`tcp-echo`) is only
eligible for a matching Host, so the request is relayed upstream to the
echo server; a non-matching Host is excluded (no eligible node) and never
reaches the echo server. Mirrors the resolver/ingress e2e pattern.
2026-07-16 20:53:30 +08:00
ginuerzh 20f1e4a0b9 test(e2e): add resolver module e2e test suite
Verifies that a configured resolver drives the proxy's outbound DNS
resolution. A gost HTTP proxy uses a resolver whose only nameserver is a
test responder answering echo.test with the real echo server IP and
NXDOMAIN for everything else. A request to echo.test is resolved by the
custom resolver and reaches the echo server; an unmapped host fails to
resolve. Adds a parametrized DNS responder script and container helper.
2026-07-16 20:53:30 +08:00
ginuerzh 1fd69ac704 test(e2e): add ingress module e2e test suite
Verifies hostname→endpoint routing at the reverse-proxy tunnel
entrypoint. A public gost runs a tunnel handler with an ingress
mapping example.local→tunnel-UUID and an HTTP entrypoint; an internal
client binds a reverse tunnel forwarding to the echo server. A request
with a mapped Host is routed through the tunnel to the echo server,
while an unmapped Host matches no ingress rule and is rejected.
2026-07-16 20:53:30 +08:00
ginuerzh 9355607ba7 test(e2e): add hosts module e2e test suite
Verify the static hosts mapping (HostMapper) overrides DNS: a mapped
hostname resolves to the configured IP and reaches the echo server,
while an unmapped hostname fails to resolve.
2026-07-16 20:53:30 +08:00
ginuerzh 6746f556b7 test(e2e): add auth module e2e test suite
Verify HTTP proxy authentication for both inline single-user auth and a
named auther with multiple users. Covers valid credentials, wrong
password, missing credentials, and any-user-in-auther acceptance.
2026-07-16 20:53:30 +08:00
ginuerzh 3119cb43f2 test(e2e): add admission module e2e test suite
Verify service-level admission control gating by client source IP, in
both whitelist and blacklist modes. Contrasts a loopback client (curl
inside the gost container) against an external client (curl inside the
echo container) to exercise both admit and deny paths.
2026-07-16 20:53:30 +08:00
ginuerzh c7ea19ec66 test(e2e): add bypass module e2e test suite
Verify both blacklist and whitelist bypass modes: a matching destination
skips the dead chain node and connects directly to the echo server, while a
non-matching destination is forced through the dead node and never reaches it.
2026-07-16 20:53:30 +08:00
ginuerzh fa815bf4a0 test(e2e): add TLS listener rejectUnknownSNI test suite
Covers rejectUnknownSNI with and without a serverNames allow list,
verifying allowed/unknown/empty SNI handshakes via openssl s_client.
2026-07-16 20:53:30 +08:00
ginuerzh a8bd4a5f16 test(e2e): consolidate selector tests, add round-robin/fifo/backup failover
Merge parallel_selector_test.go into selector_test.go and add e2e coverage
for the round-robin + fail filter, fifo sticky fallback, and backup filter
strategies. Each test drives requests through a hop with one dead node and
asserts the selector marks and skips it so traffic converges on the live node.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-07-16 20:53:30 +08:00
ginuerzh 64b71bd8a6
test(e2e): add utls dialer regression suite (#888)
Adds an e2e suite (tests/e2e/utls_test.go + testdata/utls/*)
that exercises the utls dialer in a forward-proxy chain:

  curl -> client gost (http proxy :8080)
       -> chain node (http connector + utls dialer)
         -> server gost (http over TLS listener :8443)
           -> tcp-echo

Two cases:

- TestUTLSInsecure: regression for go-gost/gost#887. A utls
  dialer with `secure: false` must still complete the handshake
  (InsecureSkipVerify must be honoured). The old unsafe cast read
  garbage for InsecureSkipVerify and the handshake failed.
- TestUTLSSecureWithCA: exercises the converter's RootCAs /
  ServerName path with a CA-signed server cert.

Uses the deterministic `Chrome` fingerprint (not `randomized`, which
randomises the ClientHello and is flaky against a standard Go TLS
server).

Bumps github.com/go-gost/x to v0.13.11, which fixes the
second half of #887: the curve-preference enum divergence between
crypto/tls and utls (Go 1.24+ appends PQC hybrid curves that
utls does not define).

Related: go-gost/gost#887, go-gost/x#111, go-gost/x#112
2026-07-11 15:46:39 +08:00
ginuerzh ccf2989bc0 gost: bump x to v0.13.9, relay to v0.6.2; add PHT e2e tests
- go.mod: x v0.13.8 → v0.13.9, relay v0.6.1 → v0.6.2
- tests/e2e/pht_test.go: 3 test cases (basic tunnel, PHTs, heartbeat)
- tests/e2e/testdata/pht/: client/server and client_phts/server_phts YAML configs
2026-07-06 22:10:15 +08:00
ginuerzh dd56308b2e test(mtls): add e2e tests for mTLS client cert identity forwarding
Tests verify: mTLS proxy works with valid client cert, mTLS rejects
connections without client cert, HTTP auth plugin receives client_cn,
client_san, client_cert_fingerprint via PeerCert context propagation.
2026-07-04 19:00:44 +08:00
ginuerzh 43724a5c40 test: add http2 handler e2e suite and tighten host-mapper + idle-timeout tests
Add tests/e2e/http2_test.go covering the http2 handler/listener/connector/dialer
end-to-end through the canonical gost-as-client pattern (8 subtests: forward,
auth, bypass, probeResist/metadata, h2 stream multiplexing). Include
testdata/http2/{server,server_auth,server_bypass,server_proberesist,client,
client_auth}.yaml. Note that h2/h2c listeners pair with the tunnel handler
and only http2 listener pairs with handler http2 (reads r/w from metadata).

Tighten TestDNSHostMapper by pointing the handler at an unreachable upstream
so unmapped names fail at the exchanger, confirming the host-mapper path was
the sole reason mapped names resolved. Fix http_idle_timeout.py to speak HTTP
through the CONNECT tunnel rather than a raw ping, matching the echo backend.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-06-27 20:15:31 +08:00
ginuerzh 0bb9109c71 feat: add comprehensive forward handler e2e tests
Add TCP/UDP forward handler e2e tests covering basic forwarding, alias
(forward/tcp), sniffing, raw pipe, idleTimeout, multi-node protocol
filtering, sniffing bypass (403), stateful UDP, and stateless UDP.

New files:
- forward_test.go: ForwardSuite with 9 test methods
- testdata/forward/: server configs (tcp, udp, stateless, sniffing,
  bypass, multi-node, idleTimeout)
- scripts/tcp_idle_timeout.py, udp_forward_test.py: Python harnesses
  for in-container idle timeout and UDP echo verification
2026-06-27 13:59:22 +08:00
ginuerzh a0427be086 feat: add comprehensive DNS handler e2e tests
Adds 22 DNS e2e subtests across 8 test methods covering: upstream
resolution (A, AAAA, multi-A), TCP mode, bypass rules, host mapper,
exchange failure (graceful error recovery), rate limiter wiring,
invalid query handling, and DNS over TLS (mode: tls).

Includes two authoritative DNS responders (UDP/TCP), a standalone
DNS query client, and a TLS DNS query script.
2026-06-27 00:21:37 +08:00
ginuerzh 590c6f48bd feat: add file handler e2e tests covering GET, PUT, index, auth, and 404
Adds 5 test methods (7 test cases) for the file handler:
GET existing file, GET nonexistent file, GET index.html, PUT upload,
PUT without permission, and auth (no-auth-401, with-auth-success).

Includes test data files and server YAML configs under
tests/e2e/testdata/file/.
2026-06-26 22:19:13 +08:00
ginuerzh 69b561f944 feat: add comprehensive HTTP e2e tests covering connector, TLS, probeResist, idleTimeout, and UDP relay
Adds 12 new HTTP handler test scenarios: HTTP connector (no-auth, auth, TLS
upstream), CONNECT tunnel (no-sniffing, bypass-403), probeResist (host, web,
file, knock), idleTimeout, and UDP relay over HTTP. Introduces
RunGostContainerWithFiles helper for mounting extra files into test containers.
2026-06-26 22:00:35 +08:00
RMT 8740e6f258
Add e2e test cases for shadowsocks 2026-05-22 14:28:17 +08:00
RMT c06eb0d331 WIP 2026-04-26 22:18:07 +08:00