mirror of
https://github.com/cloudflare/cloudflared.git
synced 2026-06-23 04:10:20 +00:00
Miguel da Costa Martins Marcelino
3315fa6e0f
As it stands, cloudflared prechecks are not taking the `protocol` flag into consideration and is instead falling back to the default protocol, which is QUIC. Prechecks should report the protocol cloudflared will use, not the default protocol.
731 lines
32 KiB
Go
731 lines
32 KiB
Go
package prechecks
|
||
|
||
import (
|
||
"errors"
|
||
"math"
|
||
"net"
|
||
"testing"
|
||
"time"
|
||
|
||
"github.com/google/uuid"
|
||
"github.com/rs/zerolog"
|
||
"github.com/stretchr/testify/assert"
|
||
"github.com/stretchr/testify/require"
|
||
"go.uber.org/mock/gomock"
|
||
|
||
"github.com/cloudflare/cloudflared/connection"
|
||
"github.com/cloudflare/cloudflared/edgediscovery/allregions"
|
||
"github.com/cloudflare/cloudflared/mocks"
|
||
)
|
||
|
||
const (
|
||
emptyCert = ""
|
||
)
|
||
|
||
// ---------------------------------------------------------------------------
|
||
// Helpers
|
||
// ---------------------------------------------------------------------------
|
||
|
||
// twoRegionAddrs returns a two-group [][]*EdgeAddr with one IPv4 address per
|
||
// region. Used by tests that only need to exercise the V4 path.
|
||
func twoRegionAddrs() [][]*allregions.EdgeAddr {
|
||
makeV4 := func(ip string) *allregions.EdgeAddr {
|
||
parsed := net.ParseIP(ip)
|
||
return &allregions.EdgeAddr{
|
||
TCP: &net.TCPAddr{IP: parsed, Port: 7844},
|
||
UDP: &net.UDPAddr{IP: parsed, Port: 7844},
|
||
IPVersion: allregions.V4,
|
||
}
|
||
}
|
||
return [][]*allregions.EdgeAddr{
|
||
{makeV4("1.2.3.4")},
|
||
{makeV4("5.6.7.8")},
|
||
}
|
||
}
|
||
|
||
// twoRegionAddrsBothFamilies returns a two-group [][]*EdgeAddr with one IPv4
|
||
// and one IPv6 address per region, used by per-family probe tests.
|
||
func twoRegionAddrsBothFamilies() [][]*allregions.EdgeAddr {
|
||
makeAddr := func(ip string, v allregions.EdgeIPVersion) *allregions.EdgeAddr {
|
||
parsed := net.ParseIP(ip)
|
||
return &allregions.EdgeAddr{
|
||
TCP: &net.TCPAddr{IP: parsed, Port: 7844},
|
||
UDP: &net.UDPAddr{IP: parsed, Port: 7844},
|
||
IPVersion: v,
|
||
}
|
||
}
|
||
return [][]*allregions.EdgeAddr{
|
||
{makeAddr("1.2.3.4", allregions.V4), makeAddr("2001:db8::1", allregions.V6)},
|
||
{makeAddr("5.6.7.8", allregions.V4), makeAddr("2001:db8::2", allregions.V6)},
|
||
}
|
||
}
|
||
|
||
// nopConn is a net.Conn whose Close() is a no-op, used as the success value
|
||
// for TCP and management dial mocks.
|
||
type nopConn struct{ net.Conn }
|
||
|
||
func (nopConn) Close() error { return nil }
|
||
|
||
// requireStatuses asserts the probe statuses in report.Results match
|
||
// expected (in order), failing immediately on length mismatch.
|
||
func requireStatuses(t *testing.T, report Report, expected ...Status) {
|
||
t.Helper()
|
||
require.Len(t, report.Results, len(expected))
|
||
for i, want := range expected {
|
||
got := report.Results[i].ProbeStatus
|
||
assert.Equalf(t, want, got,
|
||
"result[%d] (%s/%s): got %s, want %s",
|
||
i, report.Results[i].Component, report.Results[i].Target, got, want)
|
||
}
|
||
}
|
||
|
||
func nopLogger() *zerolog.Logger {
|
||
l := zerolog.Nop()
|
||
return &l
|
||
}
|
||
|
||
// newFakeQUICConn creates a mock QUIC connection with CloseWithError
|
||
// expectation pre-configured so gomock does not fail at runtime.
|
||
func newFakeQUICConn(ctrl *gomock.Controller) *mocks.MockQUICConnection {
|
||
conn := mocks.NewMockQUICConnection(ctrl)
|
||
conn.EXPECT().CloseWithError(gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
|
||
return conn
|
||
}
|
||
|
||
// ---------------------------------------------------------------------------
|
||
// Tests
|
||
// ---------------------------------------------------------------------------
|
||
|
||
// TestRun_AllPass verifies that when all probes succeed the report contains
|
||
// 7 rows: 2 DNS + 2 QUIC (one per region) + 2 HTTP/2 (one per region) + 1 API.
|
||
func TestRun_AllPass(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
fakeQUICConn := newFakeQUICConn(ctrl)
|
||
|
||
dns.EXPECT().Resolve(gomock.Any()).Return(twoRegionAddrs(), nil)
|
||
// twoRegionAddrs has 2 regions × 1 V4 address each = 2 dials per transport.
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil).Times(2)
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(fakeQUICConn, nil).Times(2)
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
report := Run(t.Context(), emptyCert, Config{Timeout: 2 * time.Second, IPVersion: allregions.Auto},
|
||
nopLogger(), RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
// 2 DNS + 2 QUIC + 2 HTTP2 + 1 API = 7 results.
|
||
requireStatuses(t, report, Pass, Pass, Pass, Pass, Pass, Pass, Pass)
|
||
assert.NotEqual(t, uuid.Nil, report.RunID, "RunID must be set")
|
||
require.NotNil(t, report.SuggestedProtocol)
|
||
assert.Equal(t, connection.QUIC, *report.SuggestedProtocol)
|
||
assert.False(t, report.hasHardFail())
|
||
assert.False(t, report.hasWarn())
|
||
}
|
||
|
||
// TestRun_QUICBlocked verifies that when QUIC is blocked on all regions,
|
||
// the report is degraded (warn) and HTTP/2 is the suggested protocol.
|
||
func TestRun_QUICBlocked(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
|
||
dns.EXPECT().Resolve(gomock.Any()).Return(twoRegionAddrs(), nil)
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil).AnyTimes()
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nil, errors.New("connection refused")).AnyTimes()
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
report := Run(t.Context(), emptyCert, Config{Timeout: 2 * time.Second, IPVersion: allregions.Auto},
|
||
nopLogger(), RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
// 2 DNS Pass + 2 QUIC Fail + 2 HTTP2 Pass + 1 API Pass.
|
||
requireStatuses(t, report, Pass, Pass, Fail, Fail, Pass, Pass, Pass)
|
||
require.NotNil(t, report.SuggestedProtocol)
|
||
assert.Equal(t, connection.HTTP2, *report.SuggestedProtocol)
|
||
assert.False(t, report.hasHardFail())
|
||
assert.True(t, report.hasWarn())
|
||
}
|
||
|
||
// TestRun_HTTP2Blocked verifies that when HTTP/2 is blocked on all regions,
|
||
// the report is degraded (warn) and QUIC is the suggested protocol.
|
||
func TestRun_HTTP2Blocked(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
fakeQUICConn := newFakeQUICConn(ctrl)
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
|
||
dns.EXPECT().Resolve(gomock.Any()).Return(twoRegionAddrs(), nil)
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nil, errors.New("connection refused")).AnyTimes()
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(fakeQUICConn, nil).AnyTimes()
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
report := Run(t.Context(), emptyCert, Config{Timeout: 2 * time.Second, IPVersion: allregions.Auto},
|
||
nopLogger(), RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
// 2 DNS Pass + 2 QUIC Pass + 2 HTTP2 Fail + 1 API Pass.
|
||
requireStatuses(t, report, Pass, Pass, Pass, Pass, Fail, Fail, Pass)
|
||
require.NotNil(t, report.SuggestedProtocol)
|
||
assert.Equal(t, connection.QUIC, *report.SuggestedProtocol)
|
||
assert.False(t, report.hasHardFail())
|
||
assert.True(t, report.hasWarn())
|
||
}
|
||
|
||
// TestRun_BothTransportsBlocked verifies that when both QUIC and HTTP/2 are
|
||
// blocked on all regions it is a hard fail with no suggested protocol.
|
||
func TestRun_BothTransportsBlocked(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
|
||
dns.EXPECT().Resolve(gomock.Any()).Return(twoRegionAddrs(), nil)
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nil, errors.New("blocked")).AnyTimes()
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nil, errors.New("blocked")).AnyTimes()
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
report := Run(t.Context(), emptyCert, Config{Timeout: 2 * time.Second, IPVersion: allregions.Auto},
|
||
nopLogger(), RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
// 2 DNS Pass + 2 QUIC Fail + 2 HTTP2 Fail + 1 API Pass.
|
||
requireStatuses(t, report, Pass, Pass, Fail, Fail, Fail, Fail, Pass)
|
||
assert.Nil(t, report.SuggestedProtocol)
|
||
assert.True(t, report.hasHardFail())
|
||
}
|
||
|
||
// TestRun_PartialRegionQUICFail verifies "worst wins" semantics: when QUIC
|
||
// passes for region1 but fails for region2, QUIC is treated as failed and
|
||
// HTTP/2 becomes the suggested protocol.
|
||
func TestRun_PartialRegionQUICFail(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
fakeQUICConn := newFakeQUICConn(ctrl)
|
||
|
||
// Two regions: 1.2.3.4 (region1) and 5.6.7.8 (region2).
|
||
dns.EXPECT().Resolve(gomock.Any()).Return(twoRegionAddrs(), nil)
|
||
|
||
// TCP/HTTP2: both regions pass.
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil).AnyTimes()
|
||
|
||
// QUIC: region1 (1.2.3.4) passes, region2 (5.6.7.8) fails.
|
||
region1Addr := &net.UDPAddr{IP: net.ParseIP("1.2.3.4"), Port: 7844}
|
||
region2Addr := &net.UDPAddr{IP: net.ParseIP("5.6.7.8"), Port: 7844}
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), region1Addr.AddrPort(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(fakeQUICConn, nil).AnyTimes()
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), region2Addr.AddrPort(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nil, errors.New("connection refused")).AnyTimes()
|
||
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
report := Run(t.Context(), emptyCert, Config{Timeout: 2 * time.Second, IPVersion: allregions.Auto},
|
||
nopLogger(), RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
// 2 DNS Pass + QUIC-region1 Pass + QUIC-region2 Fail + 2 HTTP2 Pass + 1 API Pass.
|
||
requireStatuses(t, report, Pass, Pass, Pass, Fail, Pass, Pass, Pass)
|
||
|
||
// Worst wins: region2 QUIC failed, so QUIC is treated as failed overall.
|
||
// HTTP/2 passes on all regions → HTTP/2 is the suggested protocol.
|
||
require.NotNil(t, report.SuggestedProtocol)
|
||
assert.Equal(t, connection.HTTP2, *report.SuggestedProtocol)
|
||
assert.False(t, report.hasHardFail())
|
||
assert.True(t, report.hasWarn())
|
||
}
|
||
|
||
// TestRun_DNSFail_SkipsTransports verifies that when DNS fails, transport rows
|
||
// are emitted as Skip (one per DNS region) and no transport dials are made.
|
||
func TestRun_DNSFail_SkipsTransports(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
|
||
dns.EXPECT().Resolve(gomock.Any()).
|
||
Return(nil, errors.New("no such host")).AnyTimes()
|
||
// Transport dialers must NOT be called when DNS fails.
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Times(0)
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Times(0)
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
report := Run(t.Context(), emptyCert, Config{Timeout: 2 * time.Second, IPVersion: allregions.Auto},
|
||
nopLogger(), RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
// DNS failure emits 2 Fail rows (one per default region).
|
||
// Transport rows: one skip per DNS region for QUIC and HTTP/2 = 2 QUIC skips + 2 HTTP2 skips.
|
||
// 2 DNS Fail + 2 QUIC Skip + 2 HTTP2 Skip + 1 API Pass = 7 results.
|
||
require.Len(t, report.Results, 7)
|
||
assert.Equal(t, Fail, report.Results[0].ProbeStatus, "DNS region1")
|
||
assert.Equal(t, Fail, report.Results[1].ProbeStatus, "DNS region2")
|
||
assert.Equal(t, Skip, report.Results[2].ProbeStatus, "QUIC region1 must be skipped")
|
||
assert.Equal(t, Skip, report.Results[3].ProbeStatus, "QUIC region2 must be skipped")
|
||
assert.Equal(t, Skip, report.Results[4].ProbeStatus, "HTTP/2 region1 must be skipped")
|
||
assert.Equal(t, Skip, report.Results[5].ProbeStatus, "HTTP/2 region2 must be skipped")
|
||
assert.Equal(t, Pass, report.Results[6].ProbeStatus, "API still runs")
|
||
assert.True(t, report.hasHardFail())
|
||
}
|
||
|
||
// TestRun_ManagementAPIFail verifies that a Management API failure results
|
||
// in a warning (not a hard fail) and QUIC remains the suggested protocol.
|
||
func TestRun_ManagementAPIFail(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
fakeQUICConn := newFakeQUICConn(ctrl)
|
||
|
||
dns.EXPECT().Resolve(gomock.Any()).Return(twoRegionAddrs(), nil)
|
||
// twoRegionAddrs has 2 regions × 1 V4 address each; each succeeds on first try.
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil).Times(2)
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(fakeQUICConn, nil).Times(2)
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nil, errors.New("connection refused")).AnyTimes()
|
||
|
||
report := Run(t.Context(), emptyCert, Config{Timeout: 2 * time.Second, IPVersion: allregions.Auto},
|
||
nopLogger(), RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
// 2 DNS Pass + 2 QUIC Pass + 2 HTTP2 Pass + 1 API Fail.
|
||
requireStatuses(t, report, Pass, Pass, Pass, Pass, Pass, Pass, Fail)
|
||
require.NotNil(t, report.SuggestedProtocol)
|
||
assert.Equal(t, connection.QUIC, *report.SuggestedProtocol)
|
||
assert.False(t, report.hasHardFail())
|
||
assert.True(t, report.hasWarn())
|
||
}
|
||
|
||
// TestRun_RegionFlagForwardedToDNS verifies that the --region flag is passed
|
||
// verbatim to the DNS resolver and that regional hostnames appear in the results.
|
||
func TestRun_RegionFlagForwardedToDNS(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
fakeQUICConn := newFakeQUICConn(ctrl)
|
||
|
||
// The region string must be forwarded verbatim to the DNS resolver.
|
||
dns.EXPECT().Resolve("us").Return(twoRegionAddrs(), nil)
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil).Times(2)
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(fakeQUICConn, nil).Times(2)
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
report := Run(t.Context(), emptyCert, Config{Region: "us", Timeout: 2 * time.Second, IPVersion: allregions.Auto},
|
||
nopLogger(), RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
// DNS rows carry regional hostnames (indices 0 and 1).
|
||
assert.Equal(t, "us-region1.v2.argotunnel.com", report.Results[0].Target, "DNS region1")
|
||
assert.Equal(t, "us-region2.v2.argotunnel.com", report.Results[1].Target, "DNS region2")
|
||
|
||
// Transport rows reuse the same regional hostnames (QUIC: 2,3 / HTTP2: 4,5).
|
||
assert.Equal(t, "us-region1.v2.argotunnel.com", report.Results[2].Target, "QUIC region1")
|
||
assert.Equal(t, "us-region2.v2.argotunnel.com", report.Results[3].Target, "QUIC region2")
|
||
assert.Equal(t, "us-region1.v2.argotunnel.com", report.Results[4].Target, "HTTP2 region1")
|
||
assert.Equal(t, "us-region2.v2.argotunnel.com", report.Results[5].Target, "HTTP2 region2")
|
||
}
|
||
|
||
// TestRun_QUICUsesProbeConnIndex verifies that the QUIC probe always uses the
|
||
// reserved sentinel connIndex (math.MaxUint8 = 255) to bypass port-reuse checks.
|
||
func TestRun_QUICUsesProbeConnIndex(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
fakeQUICConn := newFakeQUICConn(ctrl)
|
||
|
||
dns.EXPECT().Resolve(gomock.Any()).Return(twoRegionAddrs(), nil)
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil).Times(2)
|
||
// connIndex must be the reserved sentinel (math.MaxUint8 = 255), never 0.
|
||
// twoRegionAddrs has 2 regions × 1 V4 address each → 2 calls.
|
||
quicD.EXPECT().DialQuic(
|
||
gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(),
|
||
gomock.Eq(uint8(math.MaxUint8)),
|
||
gomock.Any(), gomock.Any(),
|
||
).Return(fakeQUICConn, nil).Times(2)
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
Run(t.Context(), emptyCert, Config{Timeout: 2 * time.Second, IPVersion: allregions.Auto},
|
||
nopLogger(), RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
}
|
||
|
||
// TestRun_BothFamiliesProbed verifies that when both V4 and V6 addresses are
|
||
// present in the DNS response, both are probed (2 regions × 2 families = 4 dials).
|
||
func TestRun_BothFamiliesProbed(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
fakeQUICConn := newFakeQUICConn(ctrl)
|
||
|
||
dns.EXPECT().Resolve(gomock.Any()).Return(twoRegionAddrsBothFamilies(), nil)
|
||
// 2 regions × 2 families = 4 dial calls each for QUIC and HTTP/2.
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil).Times(4)
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(fakeQUICConn, nil).Times(4)
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
report := Run(t.Context(), emptyCert, Config{Timeout: 2 * time.Second, IPVersion: allregions.Auto},
|
||
nopLogger(), RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
// 2 DNS + 2 QUIC + 2 HTTP2 + 1 API = 7 results, all passing.
|
||
requireStatuses(t, report, Pass, Pass, Pass, Pass, Pass, Pass, Pass)
|
||
require.NotNil(t, report.SuggestedProtocol)
|
||
assert.Equal(t, connection.QUIC, *report.SuggestedProtocol)
|
||
}
|
||
|
||
// TestRun_IPVersionRestriction verifies that when a single IP family is
|
||
// configured, only that family is probed (2 regions × 1 addr = 2 dials per
|
||
// transport) and the excluded family is never dialled.
|
||
func TestRun_IPVersionRestriction(t *testing.T) {
|
||
t.Parallel()
|
||
|
||
tests := []struct {
|
||
name string
|
||
ipVersion allregions.ConfigIPVersion
|
||
}{
|
||
{"IPv4Only skips V6", allregions.IPv4Only},
|
||
{"IPv6Only skips V4", allregions.IPv6Only},
|
||
}
|
||
|
||
for _, tt := range tests {
|
||
t.Run(tt.name, func(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
fakeQUICConn := newFakeQUICConn(ctrl)
|
||
|
||
dns.EXPECT().Resolve(gomock.Any()).Return(twoRegionAddrsBothFamilies(), nil)
|
||
// 2 regions × 1 addr per restricted family = 2 dials each.
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil).Times(2)
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(fakeQUICConn, nil).Times(2)
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
report := Run(t.Context(), emptyCert, Config{Timeout: 2 * time.Second, IPVersion: tt.ipVersion},
|
||
nopLogger(), RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
requireStatuses(t, report, Pass, Pass, Pass, Pass, Pass, Pass, Pass)
|
||
})
|
||
}
|
||
}
|
||
|
||
// TestRun_EdgeAddrs_SingleAddr verifies that a single --edge addr bypasses DNS
|
||
// probing. The report contains one DNS Skip row, transport rows labeled with
|
||
// the raw addr string, and the Management API row.
|
||
func TestRun_EdgeAddrs_SingleAddr(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
fakeQUICConn := newFakeQUICConn(ctrl)
|
||
|
||
// DNS resolver must NOT be called when EdgeAddrs is set.
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
dns.EXPECT().Resolve(gomock.Any()).Times(0)
|
||
|
||
// One addr resolves to one group → one dial per transport.
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil).Times(1)
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(fakeQUICConn, nil).Times(1)
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
cfg := Config{
|
||
EdgeAddrs: []string{"127.0.0.1:7844"},
|
||
Timeout: 2 * time.Second,
|
||
IPVersion: allregions.Auto,
|
||
}
|
||
report := Run(t.Context(), emptyCert, cfg, nopLogger(),
|
||
RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
// 1 DNS Skip + 1 QUIC + 1 HTTP2 + 1 API = 4 results.
|
||
requireStatuses(t, report, Pass, Pass, Pass, Pass)
|
||
assert.Equal(t, ProbeTypeDNS, report.Results[0].Type, "first row must be DNS skip")
|
||
assert.Equal(t, "127.0.0.1:7844", report.Results[1].Target, "QUIC target must be the raw --edge addr")
|
||
assert.Equal(t, "127.0.0.1:7844", report.Results[2].Target, "HTTP2 target must be the raw --edge addr")
|
||
require.NotNil(t, report.SuggestedProtocol)
|
||
assert.Equal(t, connection.QUIC, *report.SuggestedProtocol)
|
||
}
|
||
|
||
// TestRun_EdgeAddrs_MultipleAddrs verifies that multiple --edge addrs produce
|
||
// one transport row per addr, each labeled with its original addr string.
|
||
func TestRun_EdgeAddrs_MultipleAddrs(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
fakeQUICConn := newFakeQUICConn(ctrl)
|
||
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
dns.EXPECT().Resolve(gomock.Any()).Times(0)
|
||
|
||
// Two addrs → two groups → two dials per transport.
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil).Times(2)
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(fakeQUICConn, nil).Times(2)
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
cfg := Config{
|
||
EdgeAddrs: []string{"127.0.0.1:7844", "127.0.0.2:7844"},
|
||
Timeout: 2 * time.Second,
|
||
IPVersion: allregions.Auto,
|
||
}
|
||
report := Run(t.Context(), emptyCert, cfg, nopLogger(),
|
||
RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
// 2 DNS Pass (one per addr) + 2 QUIC + 2 HTTP2 + 1 API = 7 results.
|
||
requireStatuses(t, report, Pass, Pass, Pass, Pass, Pass, Pass, Pass)
|
||
assert.Equal(t, ProbeTypeDNS, report.Results[0].Type, "first row must be DNS skip addr1")
|
||
assert.Equal(t, "127.0.0.1:7844", report.Results[0].Target, "DNS skip addr1 label")
|
||
assert.Equal(t, ProbeTypeDNS, report.Results[1].Type, "second row must be DNS skip addr2")
|
||
assert.Equal(t, "127.0.0.2:7844", report.Results[1].Target, "DNS skip addr2 label")
|
||
assert.Equal(t, "127.0.0.1:7844", report.Results[2].Target, "QUIC addr1")
|
||
assert.Equal(t, "127.0.0.2:7844", report.Results[3].Target, "QUIC addr2")
|
||
assert.Equal(t, "127.0.0.1:7844", report.Results[4].Target, "HTTP2 addr1")
|
||
assert.Equal(t, "127.0.0.2:7844", report.Results[5].Target, "HTTP2 addr2")
|
||
}
|
||
|
||
// TestRun_EdgeAddrs_UnresolvableAddr verifies that when all --edge addrs fail
|
||
// to resolve, the DNS resolver is not called and transport rows are skipped,
|
||
// mirroring the DNS skip row.
|
||
func TestRun_EdgeAddrs_UnresolvableAddr(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
dns.EXPECT().Resolve(gomock.Any()).Times(0)
|
||
|
||
// Unresolvable addr → no groups → no transport dials.
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Times(0)
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Times(0)
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
cfg := Config{
|
||
EdgeAddrs: []string{"not-a-valid-addr"},
|
||
Timeout: 2 * time.Second,
|
||
IPVersion: allregions.Auto,
|
||
}
|
||
report := Run(t.Context(), emptyCert, cfg, nopLogger(),
|
||
RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
// 1 DNS Fail + 1 QUIC Skip + 1 HTTP2 Skip + 1 API = 4 results.
|
||
requireStatuses(t, report, Fail, Skip, Skip, Pass)
|
||
assert.Equal(t, ProbeTypeDNS, report.Results[0].Type)
|
||
assert.Equal(t, "not-a-valid-addr", report.Results[0].Target)
|
||
assert.Equal(t, ProbeTypeQUIC, report.Results[1].Type)
|
||
assert.Equal(t, ProbeTypeHTTP2, report.Results[2].Type)
|
||
assert.Nil(t, report.SuggestedProtocol)
|
||
assert.True(t, report.hasHardFail())
|
||
}
|
||
|
||
// ---------------------------------------------------------------------------
|
||
// Protocol override tests
|
||
// ---------------------------------------------------------------------------
|
||
|
||
// TestRun_ProtocolOverride_HTTP2_BothPass verifies that when --protocol http2
|
||
// is set and both transports are reachable, the summary reports HTTP/2 (not
|
||
// QUIC, which would otherwise win the heuristic).
|
||
func TestRun_ProtocolOverride_HTTP2_BothPass(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
fakeQUICConn := newFakeQUICConn(ctrl)
|
||
|
||
dns.EXPECT().Resolve(gomock.Any()).Return(twoRegionAddrs(), nil)
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil).AnyTimes()
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(fakeQUICConn, nil).AnyTimes()
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
cfg := Config{
|
||
Timeout: 2 * time.Second,
|
||
IPVersion: allregions.Auto,
|
||
ProtocolOverride: "http2",
|
||
}
|
||
report := Run(t.Context(), emptyCert, cfg, nopLogger(),
|
||
RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
// Both transports pass, but the override must win — HTTP/2 is reported.
|
||
require.NotNil(t, report.SuggestedProtocol)
|
||
assert.Equal(t, connection.HTTP2, *report.SuggestedProtocol,
|
||
"override http2 should be reported even though QUIC probes also passed")
|
||
assert.False(t, report.hasHardFail())
|
||
}
|
||
|
||
// TestRun_ProtocolOverride_QUIC_BothPass verifies that when --protocol quic is
|
||
// set and both transports are reachable, the summary reports QUIC (same as the
|
||
// heuristic would choose, but driven by the override).
|
||
func TestRun_ProtocolOverride_QUIC_BothPass(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
fakeQUICConn := newFakeQUICConn(ctrl)
|
||
|
||
dns.EXPECT().Resolve(gomock.Any()).Return(twoRegionAddrs(), nil)
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil).AnyTimes()
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(fakeQUICConn, nil).AnyTimes()
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
cfg := Config{
|
||
Timeout: 2 * time.Second,
|
||
IPVersion: allregions.Auto,
|
||
ProtocolOverride: "quic",
|
||
}
|
||
report := Run(t.Context(), emptyCert, cfg, nopLogger(),
|
||
RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
require.NotNil(t, report.SuggestedProtocol)
|
||
assert.Equal(t, connection.QUIC, *report.SuggestedProtocol)
|
||
assert.False(t, report.hasHardFail())
|
||
}
|
||
|
||
// TestRun_ProtocolOverride_HTTP2_QUICBlocked verifies that when --protocol http2
|
||
// is set and QUIC is blocked, we still report HTTP/2 (not a fallback to the
|
||
// heuristic, since the overridden transport is healthy).
|
||
func TestRun_ProtocolOverride_HTTP2_QUICBlocked(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
|
||
dns.EXPECT().Resolve(gomock.Any()).Return(twoRegionAddrs(), nil)
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil).AnyTimes()
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nil, errors.New("blocked")).AnyTimes()
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
cfg := Config{
|
||
Timeout: 2 * time.Second,
|
||
IPVersion: allregions.Auto,
|
||
ProtocolOverride: "http2",
|
||
}
|
||
report := Run(t.Context(), emptyCert, cfg, nopLogger(),
|
||
RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
require.NotNil(t, report.SuggestedProtocol)
|
||
assert.Equal(t, connection.HTTP2, *report.SuggestedProtocol)
|
||
assert.False(t, report.hasHardFail())
|
||
}
|
||
|
||
// TestRun_ProtocolOverride_HTTP2_BothBlocked verifies that when --protocol http2
|
||
// is set but the HTTP/2 transport itself also fails (hard fail), the override
|
||
// falls through to the heuristic which returns nil — there is no usable protocol.
|
||
func TestRun_ProtocolOverride_HTTP2_BothBlocked(t *testing.T) {
|
||
t.Parallel()
|
||
ctrl := gomock.NewController(t)
|
||
|
||
dns := mocks.NewMockDNSResolver(ctrl)
|
||
tcp := mocks.NewMockTCPDialer(ctrl)
|
||
quicD := mocks.NewMockQUICDialer(ctrl)
|
||
mgmt := mocks.NewMockManagementDialer(ctrl)
|
||
|
||
dns.EXPECT().Resolve(gomock.Any()).Return(twoRegionAddrs(), nil)
|
||
tcp.EXPECT().DialEdge(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nil, errors.New("blocked")).AnyTimes()
|
||
quicD.EXPECT().DialQuic(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nil, errors.New("blocked")).AnyTimes()
|
||
mgmt.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any()).
|
||
Return(nopConn{}, nil)
|
||
|
||
cfg := Config{
|
||
Timeout: 2 * time.Second,
|
||
IPVersion: allregions.Auto,
|
||
ProtocolOverride: "http2",
|
||
}
|
||
report := Run(t.Context(), emptyCert, cfg, nopLogger(),
|
||
RunDialers{DNSResolver: dns, TCPDialer: tcp, QUICDialer: quicD, ManagementDialer: mgmt})
|
||
|
||
// The overridden transport (HTTP/2) is blocked, so the override cannot be
|
||
// honoured and the hard-fail path reports no suggested protocol.
|
||
assert.Nil(t, report.SuggestedProtocol)
|
||
assert.True(t, report.hasHardFail())
|
||
}
|