-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMakefile
164 lines (120 loc) · 4.42 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
build:
go build
clean: force
rm -rf out
run: clean
go run . bash
force:
# Targets beginning with "test-" are run automatically in CI
webui-sleep-forever: clean
go run . --webui :5000 -- sleep infinity
webui-curl-loop: clean
go run . --webui :5000 -- bash -c "while true; do echo "curling..."; curl -s https://www.example.com > out; sleep 1; done"
tcpdump-port-11223:
sudo tcpdump -i lo 'tcp port 11223'
# Test cases
test-with-hello: clean
go run . -- go run ./experiments/hello
test-with-netcat-http: clean
go run . -- bash -c "printf 'GET / HTTP/1.1\r\nHOST: example.com\r\nUser-Agent: nc\r\n\r\n' | nc 93.184.215.14 80 > out"
test-with-curl: clean
go run . -- bash -c "env curl -s https://example.com > out"
test-with-curl-non-tls: clean
go run . -- bash -c "curl -s http://example.com > out"
test-with-curl-monasticacademy: clean
go run . -- bash -c "curl -sL http://monasticacademy.org > out"
test-with-curl-pre-resolved: clean
go run . -- bash -c "curl -s --resolve example.com:443:93.184.215.14 https://example.com > out"
test-with-curl-pre-resolved-non-tls: clean
go run . -- bash -c "curl -s --resolve example.com:80:93.184.215.14 http://example.com > out"
# works with gvisor stack but not homegrown stack
test-with-wget: clean
go run . -- wget https://example.com -O out
test-with-udp-11223: clean
go run . -- bash -c "echo 'hello udp' | socat udp4:1.2.3.4:11223 - "
test-with-two-udp-packets: clean
go run . -- bash -c "echo 'hello udp' | socat udp4:1.2.3.4:11223 - ; echo 'hello again udp' | socat udp4:1.2.3.4:11223 - "
test-with-socat-dns: clean
go run . -- bash -c "echo cfc9 0100 0001 0000 0000 0000 0a64 7563 6b64 7563 6b67 6f03 636f 6d00 0001 0001 | xxd -p -r | socat udp4:1.1.1.1:53 - | xxd"
test-with-dig: clean
go run . -- dig -t a google.com
test-with-dig-1111: clean
go run . -- dig -t a google.com @1.1.1.1
test-with-nslookup: clean
go run . -- nslookup google.com
test-with-netcat-11223: clean
go run . -- bash -c "netcat example.com 11223 < /dev/null"
test-with-java: clean
javac experiments/java/Example.java
go run . -- java -cp experiments/java Example
test-with-doh: clean
go run . -- curl --doh-url https://cloudflare-dns.com/dns-query https://www.example.com
test-with-js: clean
go run . node experiments/js/get.js
test-with-self: clean
go run . go run . curl https://www.example.com
# These tests are currently broken
broken-test-with-nonroot-user: clean
go run . --user $(USER) -- bash -norc
# these tests require things that I do not want to install into github actions
local-test-with-oci: clean
go run . -- oci ce cluster generate-token --region us-ashburn-1 --cluster-id ocid1.cluster.oc1.iad.aaaaaaaauluvhw2v2emhebn4h724eedou76nhacixlczbj4emc52m44j4asq
local-test-with-gcloud: clean
go run . -- gcloud compute instances list
# docker-based tests
docker-test: clean
mkdir -p .build
go build -o .build/httptap
docker run \
--interactive \
--tty \
--rm \
--volume .:/src \
--workdir /src \
--cap-add SYS_ADMIN \
--device /dev/net/tun:/dev/net/tun \
ubuntu \
.build/httptap --no-overlay -- curl -so out https://www.example.com
docker-test-with-alpine: clean
mkdir -p .build
CGO_ENABLED=0 go build -o .build/httptap
docker run \
--interactive \
--tty \
--rm \
--volume .:/src \
--workdir /src \
--cap-add SYS_ADMIN \
--device /dev/net/tun:/dev/net/tun \
alpine/curl \
.build/httptap --no-overlay -- curl -so out https://www.example.com
docker-test-with-distroless: clean
mkdir -p .build
CGO_ENABLED=0 go build -o .build/httptap
CGO_ENABLED=0 go build -o .build/hi ./experiments/hello
docker run \
--interactive \
--tty \
--rm \
--volume .:/src \
--workdir /src \
--cap-add SYS_ADMIN \
--device /dev/net/tun:/dev/net/tun \
gcr.io/distroless/static-debian12 \
.build/httptap --no-overlay -- .build/hi
# tests that require sudo
sudo-test: clean
go build -o /tmp/httptap .
sudo /tmp/httptap bash
sudo-test-with-no-new-user-namespace: clean
go build -o /tmp/httptap .
sudo /tmp/httptap --no-new-user-namespace -- curl -so out https://www.example.com
sudo-test-with-udp-experiment:
go build -o /tmp/httptap
go build -o /tmp/udp-experiment ./experiments/udp
sudo /tmp/httptap /tmp/udp-experiment httptap 1.2.3.4:11223
# tests that require setcap
setcap-test-with-setcap:
go build -o /tmp/httptap
sudo setcap 'cap_net_admin=ep cap_sys_admin=ep cap_dac_override=ep' /tmp/httptap
/tmp/httptap --no-new-user-namespace -- curl -so out https://www.example.com