mirror of
https://github.com/apernet/hysteria.git
synced 2025-04-04 13:07:39 +03:00
61 lines
1.6 KiB
Go
61 lines
1.6 KiB
Go
package outbounds
|
|
|
|
import (
|
|
"net"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestACLEngine(t *testing.T) {
|
|
ob1, ob2, ob3 := &mockPluggableOutbound{}, &mockPluggableOutbound{}, &mockPluggableOutbound{}
|
|
obs := []OutboundEntry{
|
|
{"ob1", ob1},
|
|
{"ob2", ob2},
|
|
{"ob3", ob3},
|
|
{"direct", ob2},
|
|
}
|
|
acl, err := NewACLEngineFromString(`
|
|
ob2(google.com,tcp)
|
|
ob3(youtube.com,udp)
|
|
ob1 (1.1.1.1/24,*,8.8.8.8)
|
|
Direct(cia.gov)
|
|
reJect(nsa.gov)
|
|
`, obs, nil)
|
|
assert.NoError(t, err)
|
|
|
|
// No match, default, should be the first (ob1)
|
|
ob1.EXPECT().TCP(&AddrEx{Host: "example.com"}).Return(nil, nil).Once()
|
|
conn, err := acl.TCP(&AddrEx{Host: "example.com"})
|
|
assert.NoError(t, err)
|
|
assert.Nil(t, conn)
|
|
|
|
// Match ob2
|
|
ob2.EXPECT().TCP(&AddrEx{Host: "google.com"}).Return(nil, nil).Once()
|
|
conn, err = acl.TCP(&AddrEx{Host: "google.com"})
|
|
assert.NoError(t, err)
|
|
assert.Nil(t, conn)
|
|
|
|
// Match ob3
|
|
ob3.EXPECT().UDP(&AddrEx{Host: "youtube.com"}).Return(nil, nil).Once()
|
|
udpConn, err := acl.UDP(&AddrEx{Host: "youtube.com"})
|
|
assert.NoError(t, err)
|
|
assert.Nil(t, udpConn)
|
|
|
|
// Match ob1 hijack IP
|
|
ob1.EXPECT().TCP(&AddrEx{Host: "8.8.8.8", ResolveInfo: &ResolveInfo{IPv4: net.ParseIP("8.8.8.8").To4()}}).Return(nil, nil).Once()
|
|
conn, err = acl.TCP(&AddrEx{ResolveInfo: &ResolveInfo{IPv4: net.ParseIP("1.1.1.22")}})
|
|
assert.NoError(t, err)
|
|
assert.Nil(t, conn)
|
|
|
|
// direct should be ob2 as we override it
|
|
ob2.EXPECT().TCP(&AddrEx{Host: "cia.gov"}).Return(nil, nil).Once()
|
|
conn, err = acl.TCP(&AddrEx{Host: "cia.gov"})
|
|
assert.NoError(t, err)
|
|
assert.Nil(t, conn)
|
|
|
|
// reject
|
|
conn, err = acl.TCP(&AddrEx{Host: "nsa.gov"})
|
|
assert.Error(t, err)
|
|
assert.Nil(t, conn)
|
|
}
|