Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests fail without network connection #310

Open
lindi2 opened this issue Jul 16, 2022 · 1 comment
Open

tests fail without network connection #310

lindi2 opened this issue Jul 16, 2022 · 1 comment

Comments

@lindi2
Copy link

lindi2 commented Jul 16, 2022

The testsuite is currently failing on Debian build machines. I debugged this issue and noticed that it seems that the issue is that Debian packages are built in an environment where they cannot access the Internet. This is done using the "unshare" command so that the tests get run in an environment where "lo" is up and has a valid address but no other interfaces are available:

$ ./sslsplit.test 
defaults: 2 tests omitted because not building as root
Running suite(s): 
 main
 opts
 dynbuf
 logbuf
 cert
 cachemgr
 cachefkcrt
 cachetgcrt
 cachedsess
 cachessess
 ssl
 sys
 base64
 url
 util
 pxythrmgr
 defaults
100%: Checks: 142, Failures: 0, Errors: 0
$ sudo /usr/bin/sudo unshare -n -- /usr/lib/pbuilder/pbuilder-unshare-wrapper ./sslsplit.test 
Running suite(s): 
 main
 opts
Cannot resolve address '127.0.0.1' port '10443': Name or service not known
Cannot resolve address '::1' port '10443': Name or service not known
Cannot resolve address '127.0.0.1' port '10443': Name or service not known
Cannot resolve address '127.0.0.1' port '10443': Name or service not known
Cannot resolve address '127.0.0.1' port '10443': Name or service not known
Cannot resolve address '127.0.0.1' port '10443': Name or service not known
Cannot resolve address '127.0.0.1' port '10443': Name or service not known
Cannot resolve address '127.0.0.1' port '10443': Name or service not known
Cannot resolve address '127.0.0.1' port '10443': Name or service not known
Cannot resolve address '127.0.0.1' port '10025': Name or service not known
Cannot resolve address '127.0.0.1' port '10025': Name or service not known
Cannot resolve address '127.0.0.1' port '10443': Name or service not known
 dynbuf
 logbuf
 cert
 cachemgr
 cachefkcrt
 cachetgcrt
 cachedsess
 cachessess
 ssl
 sys
 base64
 url
 util
 pxythrmgr
 defaults
90%: Checks: 144, Failures: 1, Errors: 12
opts.t.c:99:E:proxyspec_parse:proxyspec_parse_01:0: (after this point) Early exit with return value 1
opts.t.c:124:E:proxyspec_parse:proxyspec_parse_02:0: (after this point) Early exit with return value 1
opts.t.c:179:E:proxyspec_parse:proxyspec_parse_05:0: (after this point) Early exit with return value 1
opts.t.c:203:E:proxyspec_parse:proxyspec_parse_06:0: (after this point) Early exit with return value 1
opts.t.c:227:E:proxyspec_parse:proxyspec_parse_07:0: (after this point) Early exit with return value 1
opts.t.c:251:E:proxyspec_parse:proxyspec_parse_08:0: (after this point) Early exit with return value 1
opts.t.c:302:E:proxyspec_parse:proxyspec_parse_11:0: (after this point) Early exit with return value 1
opts.t.c:342:E:proxyspec_parse:proxyspec_parse_13:0: (after this point) Early exit with return value 1
opts.t.c:377:E:proxyspec_parse:proxyspec_parse_14:0: (after this point) Early exit with return value 1
opts.t.c:414:E:proxyspec_parse:proxyspec_parse_15:0: (after this point) Early exit with return value 1
opts.t.c:437:E:proxyspec_parse:proxyspec_parse_16:0: (after this point) Early exit with return value 1
opts.t.c:487:E:proxyspec_parse:proxyspec_parse_18:0: (after this point) Early exit with return value 1
defaults.t.c:57:F:dropuser:defaults_dropuser_02:0: connect failed for user running tests
$ sudo /usr/bin/sudo unshare -n -- /usr/lib/pbuilder/pbuilder-unshare-wrapper ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever

I tried to troubleshoot this further and noticed that sys_sockaddr_parse in sys.c passes EVUTIL_AI_ADDRCONFIG to evutil_getaddrinfo which then further passes it to the libc getaddrinfo. According to documentation this flag requires the system to have a working IPv4 or IPv6 address other than just localhost:

       If hints.ai_flags includes the AI_ADDRCONFIG flag, then IPv4
       addresses are returned in the list pointed to by res only if the
       local system has at least one IPv4 address configured, and IPv6
       addresses are returned only if the local system has at least one
       IPv6 address configured.  The loopback address is not considered
       for this case as valid as a configured address.

What do you think? Should we

  1. Disable some or all tests during the build?
  2. Modify sys_sockaddr_parse so that sslsplit would be usable without a network connection?
@lindi2
Copy link
Author

lindi2 commented Jul 16, 2022

Here's also a pointer back to the Debian bug on this issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007962

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lindi2