def test_configure(self):
nl = NextLayer()
with taddons.context(nl) as tctx:
with pytest.raises(Exception, match="mutually exclusive"):
tctx.configure(nl,
allow_hosts=["example.org"],
ignore_hosts=["example.com"])
def test_make_top_layer(self):
nl = NextLayer()
ctx = MagicMock()
with taddons.context(nl) as tctx:
tctx.configure(nl, mode="regular")
assert isinstance(nl.make_top_layer(ctx), layers.modes.HttpProxy)
tctx.configure(nl, mode="transparent")
assert isinstance(nl.make_top_layer(ctx), layers.modes.TransparentProxy)
tctx.configure(nl, mode="reverse:http://example.com")
assert isinstance(nl.make_top_layer(ctx), layers.modes.ReverseProxy)
tctx.configure(nl, mode="socks5")
with pytest.raises(NotImplementedError):
nl.make_top_layer(ctx)
def test_next_layer(self):
nl = NextLayer()
ctx = MagicMock()
ctx.client.alpn = None
ctx.server.address = ("example.com", 443)
with taddons.context(nl) as tctx:
ctx.layers = []
assert isinstance(nl._next_layer(ctx, b"", b""), layers.modes.HttpProxy)
assert nl._next_layer(ctx, b"", b"") is None
tctx.configure(nl, ignore_hosts=["example.com"])
assert isinstance(nl._next_layer(ctx, b"123", b""), layers.TCPLayer)
assert nl._next_layer(ctx, client_hello_no_extensions[:10], b"") is None
tctx.configure(nl, ignore_hosts=[])
assert isinstance(nl._next_layer(ctx, client_hello_no_extensions, b""), layers.ServerTLSLayer)
assert isinstance(nl._next_layer(ctx, client_hello_no_extensions, b""), layers.ClientTLSLayer)
ctx.layers = []
assert isinstance(nl._next_layer(ctx, b"", b""), layers.modes.HttpProxy)
assert isinstance(nl._next_layer(ctx, b"GET http://example.com/ HTTP/1.1\r\n", b""), layers.HttpLayer)
assert ctx.layers[-1].mode == HTTPMode.regular
ctx.layers = []
tctx.configure(nl, mode="upstream:http://localhost:8081")
assert isinstance(nl._next_layer(ctx, b"", b""), layers.modes.HttpProxy)
assert isinstance(nl._next_layer(ctx, b"GET http://example.com/ HTTP/1.1\r\n", b""), layers.HttpLayer)
assert ctx.layers[-1].mode == HTTPMode.upstream
tctx.configure(nl, tcp_hosts=["example.com"])
assert isinstance(nl._next_layer(ctx, b"123", b""), layers.TCPLayer)
tctx.configure(nl, tcp_hosts=[])
assert isinstance(nl._next_layer(ctx, b"GET /foo", b""), layers.HttpLayer)
assert isinstance(nl._next_layer(ctx, b"", b"hello"), layers.TCPLayer)
l = MagicMock()
nl.next_layer(l)
assert isinstance(l.layer, layers.modes.HttpProxy)
def test_ignore_connection(self):
nl = NextLayer()
with taddons.context(nl) as tctx:
assert not nl.ignore_connection(("example.com", 443), b"")
tctx.configure(nl, ignore_hosts=["example.com"])
assert nl.ignore_connection(("example.com", 443), b"")
assert nl.ignore_connection(("example.com", 1234), b"")
assert nl.ignore_connection(("com", 443), b"") is False
assert nl.ignore_connection(None, b"") is False
assert nl.ignore_connection(None, client_hello_no_extensions) is False
assert nl.ignore_connection(None, client_hello_with_extensions)
assert nl.ignore_connection(None, client_hello_with_extensions[:-5]) is None
# invalid clienthello
assert nl.ignore_connection(None, client_hello_no_extensions[:9] + b"\x00" * 200) is False
# different server name and SNI
assert nl.ignore_connection(("decoy", 1234), client_hello_with_extensions)
tctx.configure(nl, ignore_hosts=[], allow_hosts=["example.com"])
assert nl.ignore_connection(("example.com", 443), b"") is False
assert nl.ignore_connection(("example.org", 443), b"")
# different server name and SNI
assert nl.ignore_connection(("decoy", 1234), client_hello_with_extensions) is False