pkg/shttp[3], bat, skip: convert web demo tools to pan

Convert pkg/shttp, pkg/shttp3, bat, skip, and web-gateway to use pan.

The shttp package now uses the quicutil.SingleStream, making it
incompatible with previous versions.

The shttp and shttp3 libraries now allow specifying a pan Policy. This
Policy can be changed at any time.

Add new path policy commandline options to bat.

Author: matzf

bat/bat.go

@@ -36,6 +36,7 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/netsec-ethz/scion-apps/pkg/pan"
 	"github.com/netsec-ethz/scion-apps/pkg/shttp"
 )
 
@@ -49,6 +50,8 @@ const (
 
 var (
 	interactive      bool
+	sequence         string
+	preference       string
 	ver              bool
 	form             bool
 	pretty           bool
@@ -70,7 +73,11 @@ var (
 )
 
 func init() {
-	flag.BoolVar(&interactive, "in", false, "Lets user choose the path to destination")
+	flag.BoolVar(&interactive, "interactive", false, "Prompt user for interactive path selection")
+	flag.StringVar(&sequence, "sequence", "", "Sequence of space separated hop predicates to specify path")
+	flag.StringVar(&preference, "preference", "", "Preference sorting order for paths. "+
+		"Comma-separated list of available sorting options: "+
+		strings.Join(pan.AvailablePreferencePolicies, "|"))
 	flag.BoolVar(&ver, "v", false, "Print Version Number")
 	flag.BoolVar(&ver, "version", false, "Print Version Number")
 	flag.BoolVar(&pretty, "pretty", true, "Print Json Pretty Format")
@@ -97,7 +104,11 @@ func init() {
 	flag.Usage = usage
 	flag.Parse()
 
-	defaultSetting.Transport = shttp.DefaultTransport
+	policy, err := pan.PolicyFromCommandline(sequence, preference, interactive)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defaultSetting.Transport, _ = shttp.NewTransport(nil, policy)
 }
 
 func parsePrintOption(s string) {

pkg/shttp/server.go

@@ -20,12 +20,10 @@ import (
 	"net"
 	"net/http"
 
-	"github.com/lucas-clemente/quic-go"
-	"github.com/netsec-ethz/scion-apps/pkg/appnet/appquic"
+	"github.com/netsec-ethz/scion-apps/pkg/pan"
+	"github.com/netsec-ethz/scion-apps/pkg/quicutil"
 )
 
-const nextProtoRaw = "raw" // Used for pretend-its-TCP QUIC
-
 // Server wraps a http.Server making it work with SCION
 type Server struct {
 	*http.Server
@@ -87,40 +85,16 @@ func (srv *Server) ListenAndServeTLS(certFile, keyFile string) error {
 
 func listen(addr string) (net.Listener, error) {
 	tlsCfg := &tls.Config{
-		NextProtos:   []string{nextProtoRaw},
-		Certificates: appquic.GetDummyTLSCerts(),
-	}
-	laddr, err := net.ResolveUDPAddr("udp", addr)
-	if err != nil {
-		return nil, err
+		NextProtos:   []string{quicutil.SingleStreamProto},
+		Certificates: quicutil.MustGenerateSelfSignedCert(),
 	}
-	quicListener, err := appquic.Listen(laddr, tlsCfg, nil)
+	laddr, err := pan.ParseOptionalIPPort(addr)
 	if err != nil {
 		return nil, err
 	}
-	return singleStreamListener{quicListener}, nil
-}
-
-type singleStreamListener struct {
-	quic.Listener
-}
-
-func (l singleStreamListener) Accept() (net.Conn, error) {
-	ctx := context.Background()
-	sess, err := l.Listener.Accept(ctx)
+	quicListener, err := pan.ListenQUIC(context.Background(), laddr, nil, tlsCfg, nil)
 	if err != nil {
 		return nil, err
 	}
-	str, err := sess.AcceptStream(ctx)
-	return singleStreamSession{sess, str}, err
-}
-
-type singleStreamSession struct {
-	quic.Session
-	quic.Stream
-}
-
-func (s singleStreamSession) Close() error {
-	s.Stream.Close()
-	return s.Session.CloseWithError(0, "")
+	return quicutil.SingleStreamListener{Listener: quicListener}, nil
 }

pkg/shttp/transport.go

@@ -24,8 +24,10 @@ import (
 	"time"
 
 	"github.com/lucas-clemente/quic-go"
-	"github.com/netsec-ethz/scion-apps/pkg/appnet"
-	"github.com/netsec-ethz/scion-apps/pkg/appnet/appquic"
+	"inet.af/netaddr"
+
+	"github.com/netsec-ethz/scion-apps/pkg/pan"
+	"github.com/netsec-ethz/scion-apps/pkg/quicutil"
 )
 
 // DefaultTransport is the default RoundTripper that can be used for HTTP over
@@ -36,6 +38,7 @@ var DefaultTransport = &http.Transport{
 	Proxy: http.ProxyFromEnvironment,
 	DialContext: (&Dialer{
 		QuicConfig: nil,
+		Policy:     nil,
 	}).DialContext,
 	ForceAttemptHTTP2:     true,
 	MaxIdleConns:          100,
@@ -44,28 +47,56 @@ var DefaultTransport = &http.Transport{
 	ExpectContinueTimeout: 1 * time.Second,
 }
 
+// NewTransport creates a new RoundTripper that can be used for HTTP over
+// SCION/QUIC, providing a custom QuicConfig and Policy to the Dialer.
+// This equivalent to net/http.DefaultTransport with an overridden DialContext.
+// Both the Transport and the Dialer are returned, as the Dialer is not otherwise
+// accessible from the Transport.
+func NewTransport(quicCfg *quic.Config, policy pan.Policy) (*http.Transport, *Dialer) {
+	dialer := &Dialer{
+		QuicConfig: quicCfg,
+		Policy:     policy,
+	}
+	transport := DefaultTransport.Clone()
+	transport.DialContext = dialer.DialContext
+	return transport, dialer
+}
+
 // Dialer dials an insecure, single-stream QUIC connection over SCION (just pretend it's TCP).
 // This is the Dialer used for shttp.DefaultTransport.
 type Dialer struct {
+	Local      netaddr.IPPort
 	QuicConfig *quic.Config
+	Policy     pan.Policy
+	sessions   []*pan.QUICSession
 }
 
 // DialContext dials an insecure, single-stream QUIC connection over SCION. This can be used
 // as the DialContext function in net/http.Transport.
 func (d *Dialer) DialContext(ctx context.Context, network, addr string) (net.Conn, error) {
 	tlsCfg := &tls.Config{
-		NextProtos:         []string{nextProtoRaw},
+		NextProtos:         []string{quicutil.SingleStreamProto},
 		InsecureSkipVerify: true,
 	}
-	sess, err := appquic.Dial(appnet.UnmangleSCIONAddr(addr), tlsCfg, d.QuicConfig)
+
+	remote, err := pan.ResolveUDPAddr(pan.UnmangleSCIONAddr(addr))
 	if err != nil {
 		return nil, err
 	}
-	stream, err := sess.OpenStreamSync(ctx)
+
+	session, err := pan.DialQUIC(ctx, d.Local, remote, d.Policy, nil, addr, tlsCfg, d.QuicConfig)
 	if err != nil {
 		return nil, err
 	}
-	return singleStreamSession{sess, stream}, nil
+	d.sessions = append(d.sessions, session)
+	return quicutil.NewSingleStream(session)
+}
+
+func (d *Dialer) SetPolicy(policy pan.Policy) {
+	d.Policy = policy
+	for _, s := range d.sessions {
+		s.Conn.SetPolicy(policy)
+	}
 }
 
 var scionAddrURLRegexp = regexp.MustCompile(
@@ -84,5 +115,5 @@ func MangleSCIONAddrURL(url string) string {
 	userInfoPart := match[2]
 	hostPart := match[3]
 	tail := match[4]
-	return schemePart + userInfoPart + appnet.MangleSCIONAddr(hostPart) + tail
+	return schemePart + userInfoPart + pan.MangleSCIONAddr(hostPart) + tail
 }

pkg/shttp/transport_test.go

@@ -21,12 +21,15 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"strconv"
 	"strings"
 	"testing"
 
-	"github.com/netsec-ethz/scion-apps/pkg/appnet"
-	"github.com/scionproto/scion/go/lib/addr"
-	"github.com/scionproto/scion/go/lib/snet"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"inet.af/netaddr"
+
+	"github.com/netsec-ethz/scion-apps/pkg/pan"
 )
 
 func TestMangleSCIONAddrURL(t *testing.T) {
@@ -63,35 +66,15 @@ func TestMangleSCIONAddrURL(t *testing.T) {
 			if _, _, err := net.SplitHostPort(u.Host); err != nil {
 				continue
 			}
-			unmangled := appnet.UnmangleSCIONAddr(u.Host)
+			unmangled := pan.UnmangleSCIONAddr(u.Host)
 			if unmangled != tc.HostPort {
 				t.Fatalf("UnmangleSCIONAddr('%s') returned different result, actual='%s', expected='%s'", u.Host, unmangled, tc.HostPort)
 			}
 		}
 	}
 }
 
-type mockResolver struct {
-	table map[string]string
-}
-
-func (r *mockResolver) Resolve(name string) (*snet.SCIONAddress, error) {
-	address, ok := r.table[name]
-	if !ok {
-		return nil, &appnet.HostNotFoundError{Host: name}
-	} else {
-		a, err := snet.ParseUDPAddr(address)
-		if err != nil {
-			panic(fmt.Sprintf("test input must parse %s", err))
-		}
-		return &snet.SCIONAddress{IA: a.IA, Host: addr.HostFromIP(a.Host.IP)}, nil
-	}
-}
-
 func TestRoundTripper(t *testing.T) {
-
-	resolver := &mockResolver{map[string]string{"host": "1-ff00:0:1,[192.0.2.1]"}}
-
 	testCases := []struct {
 		HostPort string
 		Expected string
@@ -106,22 +89,37 @@ func TestRoundTripper(t *testing.T) {
 	}
 
 	urlPatterns := hostURLPatterns()
+	errJustATest := errors.New("just a test")
 
 	// We replace the actual dial function of the roundtripper with this function that only
 	// checks wether the address can be successfully unmangled and resolved.
 	// expected will be set in the test loop, below
 	var expected string
 	testDial := func(ctx context.Context, network, addr string) (net.Conn, error) {
-		unmangled := appnet.UnmangleSCIONAddr(addr)
-		resolvedAddr, err := appnet.ResolveUDPAddrAt(unmangled, resolver)
-		if err != nil {
-			t.Fatalf("unexpected error when resolving address '%s' in roundtripper: %s", unmangled, err)
+		// The actual Dialer.DialContext does
+		//  remote, err := pan.ResolveUDPAddr(pan.UnmangleSCIONAddr(addr))
+		// We mock pan.ResolveUDPAddr here; don't want to rely on hosts files etc
+		// for this test.
+		unmangled := pan.UnmangleSCIONAddr(addr)
+		if strings.HasPrefix(unmangled, "host") {
+			_, err := pan.ParseUDPAddr(unmangled)
+			require.Error(t, err)
+			hostStr, portStr, err := net.SplitHostPort(unmangled)
+			require.NoError(t, err)
+			port, err := strconv.Atoi(portStr)
+			require.NoError(t, err)
+			require.Equal(t, hostStr, "host")
+			hostIA, err := pan.ParseIA("1-ff00:0:1")
+			require.NoError(t, err)
+			hostIP := netaddr.MustParseIP("192.0.2.1")
+			remote := pan.UDPAddr{IA: hostIA, IP: hostIP, Port: uint16(port)}
+			assert.Equal(t, expected, remote.String())
+		} else {
+			remote, err := pan.ParseUDPAddr(unmangled)
+			require.NoError(t, err)
+			assert.Equal(t, expected, remote.String())
 		}
-		actual := resolvedAddr.String()
-		if actual != expected {
-			t.Fatalf("unexpected address resolved in roundtripper, actual='%s', expected='%s'", actual, expected)
-		}
-		return nil, errors.New("just a test")
+		return nil, errJustATest
 	}
 
 	c := &http.Client{
@@ -136,11 +134,7 @@ func TestRoundTripper(t *testing.T) {
 
 			url := fmt.Sprintf(urlPattern, tc.HostPort)
 			_, err := c.Get(MangleSCIONAddrURL(url))
-			if err == nil {
-				panic("unexpected success!")
-			} else if !strings.Contains(err.Error(), "just a test") {
-				t.Fatalf("unexpected error: %s", err)
-			}
+			assert.ErrorIs(t, err, errJustATest)
 		}
 	}
 }

pkg/shttp3/server.go

@@ -15,12 +15,14 @@
 package shttp3
 
 import (
+	"context"
 	"crypto/tls"
 	"net"
 	"net/http"
 
 	"github.com/lucas-clemente/quic-go/http3"
-	"github.com/netsec-ethz/scion-apps/pkg/appnet"
+
+	"github.com/netsec-ethz/scion-apps/pkg/pan"
 )
 
 // Server wraps a http3.Server making it work with SCION
@@ -55,11 +57,11 @@ func ListenAndServe(addr string, certFile, keyFile string, handler http.Handler)
 // ListenAndServe listens on the UDP address s.Addr and calls s.Handler to
 // handle HTTP/3 requests on incoming connections.
 func (s *Server) ListenAndServe() error {
-	laddr, err := net.ResolveUDPAddr("udp", s.Addr)
+	laddr, err := pan.ParseOptionalIPPort(s.Addr)
 	if err != nil {
 		return err
 	}
-	sconn, err := appnet.Listen(laddr)
+	sconn, err := pan.ListenUDP(context.Background(), laddr, nil)
 	if err != nil {
 		return err
 	}

pkg/shttp3/transport.go

@@ -17,21 +17,51 @@
 package shttp3
 
 import (
+	"context"
 	"crypto/tls"
 
 	"github.com/lucas-clemente/quic-go"
 	"github.com/lucas-clemente/quic-go/http3"
-	"github.com/netsec-ethz/scion-apps/pkg/appnet"
-	"github.com/netsec-ethz/scion-apps/pkg/appnet/appquic"
+	"inet.af/netaddr"
+
+	"github.com/netsec-ethz/scion-apps/pkg/pan"
 )
 
 // DefaultTransport is the default RoundTripper that can be used for HTTP/3
 // over SCION.
 var DefaultTransport = &http3.RoundTripper{
-	Dial: Dial,
+	Dial: (&Dialer{
+		Policy: nil,
+	}).Dial,
+}
+
+// Dialer dials a QUIC connection over SCION.
+// This is the Dialer used for shttp3.DefaultTransport.
+type Dialer struct {
+	Local    netaddr.IPPort
+	Policy   pan.Policy
+	sessions []*pan.QUICEarlySession
+}
+
+// Dial dials a QUIC connection over SCION.
+func (d *Dialer) Dial(network, addr string, tlsCfg *tls.Config,
+	cfg *quic.Config) (quic.EarlySession, error) {
+
+	remote, err := pan.ResolveUDPAddr(pan.UnmangleSCIONAddr(addr))
+	if err != nil {
+		return nil, err
+	}
+	session, err := pan.DialQUICEarly(context.TODO(), d.Local, remote, d.Policy, nil, addr, tlsCfg, cfg)
+	if err != nil {
+		return nil, err
+	}
+	d.sessions = append(d.sessions, session)
+	return session, nil
 }
 
-// Dial is the Dial function used in RoundTripper
-func Dial(network, address string, tlsCfg *tls.Config, cfg *quic.Config) (quic.EarlySession, error) {
-	return appquic.DialEarly(appnet.UnmangleSCIONAddr(address), tlsCfg, cfg)
+func (d *Dialer) SetPolicy(policy pan.Policy) {
+	d.Policy = policy
+	for _, s := range d.sessions {
+		s.Conn.SetPolicy(policy)
+	}
 }