Add --proxy-auth flag for SOCKS authentication in e2e tests

Allows passing user:pass credentials to the SOCKS proxy via curl
--proxy-user for dnstt, slipstream, and DoH e2e tunnel tests.

Author: SamNet-dev

cmd/chain.go

@@ -101,7 +101,8 @@ func buildStep(cfg stepConfig, defaultTimeout, defaultCount int, ports chan int,
 		if v, ok := cfg.params["test-url"]; ok {
 			testURL = v
 		}
-		return scanner.Step{Name: "e2e/dnstt", Timeout: dur, Check: scanner.DnsttCheckBin(binPaths["dnstt-client"], domain, pubkey, testURL, ports), SortBy: "e2e_ms"}, nil
+		proxyAuth := cfg.params["proxy-auth"]
+		return scanner.Step{Name: "e2e/dnstt", Timeout: dur, Check: scanner.DnsttCheckBin(binPaths["dnstt-client"], domain, pubkey, testURL, proxyAuth, ports), SortBy: "e2e_ms"}, nil
 
 	case "e2e/slipstream":
 		domain, ok := cfg.params["domain"]
@@ -113,7 +114,8 @@ func buildStep(cfg stepConfig, defaultTimeout, defaultCount int, ports chan int,
 		if v, ok := cfg.params["test-url"]; ok {
 			testURL = v
 		}
-		return scanner.Step{Name: "e2e/slipstream", Timeout: dur, Check: scanner.SlipstreamCheckBin(binPaths["slipstream-client"], domain, cert, testURL, ports), SortBy: "e2e_ms"}, nil
+		proxyAuth := cfg.params["proxy-auth"]
+		return scanner.Step{Name: "e2e/slipstream", Timeout: dur, Check: scanner.SlipstreamCheckBin(binPaths["slipstream-client"], domain, cert, testURL, proxyAuth, ports), SortBy: "e2e_ms"}, nil
 
 	case "nxdomain":
 		return scanner.Step{Name: "nxdomain", Timeout: dur, Check: scanner.NXDomainCheck(stepCount), SortBy: "hijack"}, nil
@@ -152,7 +154,8 @@ func buildStep(cfg stepConfig, defaultTimeout, defaultCount int, ports chan int,
 		if v, ok := cfg.params["test-url"]; ok {
 			testURL = v
 		}
-		return scanner.Step{Name: "doh/e2e", Timeout: dur, Check: scanner.DoHDnsttCheckBin(binPaths["dnstt-client"], domain, pubkey, testURL, ports), SortBy: "e2e_ms"}, nil
+		proxyAuth := cfg.params["proxy-auth"]
+		return scanner.Step{Name: "doh/e2e", Timeout: dur, Check: scanner.DoHDnsttCheckBin(binPaths["dnstt-client"], domain, pubkey, testURL, proxyAuth, ports), SortBy: "e2e_ms"}, nil
 
 	default:
 		return scanner.Step{}, fmt.Errorf("unknown step type %q", cfg.name)

cmd/doh_e2e.go

@@ -17,6 +17,7 @@ func init() {
 	dohE2ECmd.Flags().String("domain", "", "DNSTT tunnel domain")
 	dohE2ECmd.Flags().String("pubkey", "", "DNSTT server public key")
 	dohE2ECmd.Flags().String("test-url", "https://httpbin.org/ip", "URL to fetch through tunnel")
+	dohE2ECmd.Flags().String("proxy-auth", "", "SOCKS proxy auth as user:pass")
 	dohE2ECmd.MarkFlagRequired("domain")
 	dohE2ECmd.MarkFlagRequired("pubkey")
 	dohCmd.AddCommand(dohE2ECmd)
@@ -26,6 +27,7 @@ func runDoHE2E(cmd *cobra.Command, args []string) error {
 	domain, _ := cmd.Flags().GetString("domain")
 	pubkey, _ := cmd.Flags().GetString("pubkey")
 	testURL, _ := cmd.Flags().GetString("test-url")
+	proxyAuth, _ := cmd.Flags().GetString("proxy-auth")
 
 	bin, err := findBinary("dnstt-client")
 	if err != nil {
@@ -39,7 +41,7 @@ func runDoHE2E(cmd *cobra.Command, args []string) error {
 
 	dur := time.Duration(e2eTimeout) * time.Second
 	ports := scanner.PortPool(30000, workers)
-	check := scanner.DoHDnsttCheckBin(bin, domain, pubkey, testURL, ports)
+	check := scanner.DoHDnsttCheckBin(bin, domain, pubkey, testURL, proxyAuth, ports)
 
 	start := time.Now()
 	results := scanner.RunPool(urls, workers, dur, check, newProgress("doh/e2e"))

cmd/e2e_dnstt.go

@@ -17,6 +17,7 @@ func init() {
 	e2eDnsttCmd.Flags().String("domain", "", "DNSTT tunnel domain")
 	e2eDnsttCmd.Flags().String("pubkey", "", "DNSTT server public key")
 	e2eDnsttCmd.Flags().String("test-url", "https://httpbin.org/ip", "URL to fetch through tunnel")
+	e2eDnsttCmd.Flags().String("proxy-auth", "", "SOCKS proxy auth as user:pass")
 	e2eDnsttCmd.MarkFlagRequired("domain")
 	e2eDnsttCmd.MarkFlagRequired("pubkey")
 	e2eCmd.AddCommand(e2eDnsttCmd)
@@ -26,6 +27,7 @@ func runE2EDnstt(cmd *cobra.Command, args []string) error {
 	domain, _ := cmd.Flags().GetString("domain")
 	pubkey, _ := cmd.Flags().GetString("pubkey")
 	testURL, _ := cmd.Flags().GetString("test-url")
+	proxyAuth, _ := cmd.Flags().GetString("proxy-auth")
 
 	bin, err := findBinary("dnstt-client")
 	if err != nil {
@@ -39,7 +41,7 @@ func runE2EDnstt(cmd *cobra.Command, args []string) error {
 
 	dur := time.Duration(e2eTimeout) * time.Second
 	ports := scanner.PortPool(30000, workers)
-	check := scanner.DnsttCheckBin(bin, domain, pubkey, testURL, ports)
+	check := scanner.DnsttCheckBin(bin, domain, pubkey, testURL, proxyAuth, ports)
 
 	start := time.Now()
 	results := scanner.RunPool(ips, workers, dur, check, newProgress("e2e/dnstt"))

cmd/e2e_slipstream.go

@@ -17,6 +17,7 @@ func init() {
 	e2eSlipstreamCmd.Flags().String("domain", "", "Slipstream tunnel domain")
 	e2eSlipstreamCmd.Flags().String("cert", "", "path to Slipstream certificate for cert pinning (optional)")
 	e2eSlipstreamCmd.Flags().String("test-url", "https://httpbin.org/ip", "URL to fetch through tunnel")
+	e2eSlipstreamCmd.Flags().String("proxy-auth", "", "SOCKS proxy auth as user:pass")
 	e2eSlipstreamCmd.MarkFlagRequired("domain")
 	e2eCmd.AddCommand(e2eSlipstreamCmd)
 }
@@ -25,6 +26,7 @@ func runE2ESlipstream(cmd *cobra.Command, args []string) error {
 	domain, _ := cmd.Flags().GetString("domain")
 	certPath, _ := cmd.Flags().GetString("cert")
 	testURL, _ := cmd.Flags().GetString("test-url")
+	proxyAuth, _ := cmd.Flags().GetString("proxy-auth")
 
 	bin, err := findBinary("slipstream-client")
 	if err != nil {
@@ -38,7 +40,7 @@ func runE2ESlipstream(cmd *cobra.Command, args []string) error {
 
 	dur := time.Duration(e2eTimeout) * time.Second
 	ports := scanner.PortPool(30000, workers)
-	check := scanner.SlipstreamCheckBin(bin, domain, certPath, testURL, ports)
+	check := scanner.SlipstreamCheckBin(bin, domain, certPath, testURL, proxyAuth, ports)
 
 	start := time.Now()
 	results := scanner.RunPool(ips, workers, dur, check, newProgress("e2e/slipstream"))

cmd/scan.go

@@ -44,6 +44,7 @@ func init() {
 	scanCmd.Flags().String("pubkey", "", "DNSTT public key (enables e2e test)")
 	scanCmd.Flags().String("cert", "", "Slipstream cert path (enables slipstream e2e test)")
 	scanCmd.Flags().String("test-url", "https://httpbin.org/ip", "URL to test through tunnel")
+	scanCmd.Flags().String("proxy-auth", "", "SOCKS proxy auth as user:pass (for e2e tests)")
 	scanCmd.Flags().Bool("doh", false, "scan DoH resolvers instead of UDP")
 	scanCmd.Flags().Bool("skip-ping", false, "skip ICMP ping step")
 	scanCmd.Flags().Bool("skip-nxdomain", false, "skip NXDOMAIN hijack check")
@@ -56,6 +57,7 @@ func runScan(cmd *cobra.Command, args []string) error {
 	pubkey, _ := cmd.Flags().GetString("pubkey")
 	certPath, _ := cmd.Flags().GetString("cert")
 	testURL, _ := cmd.Flags().GetString("test-url")
+	proxyAuth, _ := cmd.Flags().GetString("proxy-auth")
 	dohMode, _ := cmd.Flags().GetBool("doh")
 	skipPing, _ := cmd.Flags().GetBool("skip-ping")
 	skipNXD, _ := cmd.Flags().GetBool("skip-nxdomain")
@@ -115,7 +117,7 @@ func runScan(cmd *cobra.Command, args []string) error {
 		if domain != "" && pubkey != "" {
 			steps = append(steps, scanner.Step{
 				Name: "doh/e2e", Timeout: time.Duration(e2eTimeout) * time.Second,
-				Check: scanner.DoHDnsttCheckBin(dnsttBin, domain, pubkey, testURL, ports), SortBy: "e2e_ms",
+				Check: scanner.DoHDnsttCheckBin(dnsttBin, domain, pubkey, testURL, proxyAuth, ports), SortBy: "e2e_ms",
 			})
 		}
 	} else {
@@ -148,13 +150,13 @@ func runScan(cmd *cobra.Command, args []string) error {
 		if domain != "" && pubkey != "" {
 			steps = append(steps, scanner.Step{
 				Name: "e2e/dnstt", Timeout: time.Duration(e2eTimeout) * time.Second,
-				Check: scanner.DnsttCheckBin(dnsttBin, domain, pubkey, testURL, ports), SortBy: "e2e_ms",
+				Check: scanner.DnsttCheckBin(dnsttBin, domain, pubkey, testURL, proxyAuth, ports), SortBy: "e2e_ms",
 			})
 		}
 		if domain != "" && certPath != "" {
 			steps = append(steps, scanner.Step{
 				Name: "e2e/slipstream", Timeout: time.Duration(e2eTimeout) * time.Second,
-				Check: scanner.SlipstreamCheckBin(slipstreamBin, domain, certPath, testURL, ports), SortBy: "e2e_ms",
+				Check: scanner.SlipstreamCheckBin(slipstreamBin, domain, certPath, testURL, proxyAuth, ports), SortBy: "e2e_ms",
 			})
 		}
 	}

internal/scanner/doh.go

@@ -175,16 +175,16 @@ func DoHTunnelCheck(domain string, count int) CheckFunc {
 }
 
 // DoHDnsttCheckBin is like DoHDnsttCheck but uses an explicit binary path.
-func DoHDnsttCheckBin(bin, domain, pubkey, testURL string, ports chan int) CheckFunc {
-	return dohDnsttCheck(bin, domain, pubkey, testURL, ports)
+func DoHDnsttCheckBin(bin, domain, pubkey, testURL, proxyAuth string, ports chan int) CheckFunc {
+	return dohDnsttCheck(bin, domain, pubkey, testURL, proxyAuth, ports)
 }
 
 // DoHDnsttCheck runs an e2e test using dnstt-client in DoH mode.
 func DoHDnsttCheck(domain, pubkey, testURL string, ports chan int) CheckFunc {
-	return dohDnsttCheck("dnstt-client", domain, pubkey, testURL, ports)
+	return dohDnsttCheck("dnstt-client", domain, pubkey, testURL, "", ports)
 }
 
-func dohDnsttCheck(bin, domain, pubkey, testURL string, ports chan int) CheckFunc {
+func dohDnsttCheck(bin, domain, pubkey, testURL, proxyAuth string, ports chan int) CheckFunc {
 	return func(url string, timeout time.Duration) (bool, Metrics) {
 		ctx, cancel := context.WithTimeout(context.Background(), timeout)
 		defer cancel()
@@ -226,7 +226,7 @@ func dohDnsttCheck(bin, domain, pubkey, testURL string, ports chan int) CheckFun
 			return false, nil
 		}
 
-		if !testSOCKS(ctx, port, testURL) {
+		if !testSOCKS(ctx, port, testURL, proxyAuth) {
 			return false, nil
 		}
 		ms := roundMs(float64(time.Since(start).Microseconds()) / 1000.0)

internal/scanner/e2e.go

@@ -23,15 +23,15 @@ func execCommandContext(ctx context.Context, name string, args ...string) *exec.
 }
 
 // DnsttCheckBin is like DnsttCheck but uses an explicit binary path.
-func DnsttCheckBin(bin, domain, pubkey, testURL string, ports chan int) CheckFunc {
-	return dnsttCheck(bin, domain, pubkey, testURL, ports)
+func DnsttCheckBin(bin, domain, pubkey, testURL, proxyAuth string, ports chan int) CheckFunc {
+	return dnsttCheck(bin, domain, pubkey, testURL, proxyAuth, ports)
 }
 
 func DnsttCheck(domain, pubkey, testURL string, ports chan int) CheckFunc {
-	return dnsttCheck("dnstt-client", domain, pubkey, testURL, ports)
+	return dnsttCheck("dnstt-client", domain, pubkey, testURL, "", ports)
 }
 
-func dnsttCheck(bin, domain, pubkey, testURL string, ports chan int) CheckFunc {
+func dnsttCheck(bin, domain, pubkey, testURL, proxyAuth string, ports chan int) CheckFunc {
 	return func(ip string, timeout time.Duration) (bool, Metrics) {
 		ctx, cancel := context.WithTimeout(context.Background(), timeout)
 		defer cancel()
@@ -74,7 +74,7 @@ func dnsttCheck(bin, domain, pubkey, testURL string, ports chan int) CheckFunc {
 			return false, nil
 		}
 
-		if !testSOCKS(ctx, port, testURL) {
+		if !testSOCKS(ctx, port, testURL, proxyAuth) {
 			return false, nil
 		}
 		ms := roundMs(float64(time.Since(start).Microseconds()) / 1000.0)
@@ -83,15 +83,15 @@ func dnsttCheck(bin, domain, pubkey, testURL string, ports chan int) CheckFunc {
 }
 
 // SlipstreamCheckBin is like SlipstreamCheck but uses an explicit binary path.
-func SlipstreamCheckBin(bin, domain, certPath, testURL string, ports chan int) CheckFunc {
-	return slipstreamCheck(bin, domain, certPath, testURL, ports)
+func SlipstreamCheckBin(bin, domain, certPath, testURL, proxyAuth string, ports chan int) CheckFunc {
+	return slipstreamCheck(bin, domain, certPath, testURL, proxyAuth, ports)
 }
 
 func SlipstreamCheck(domain, certPath, testURL string, ports chan int) CheckFunc {
-	return slipstreamCheck("slipstream-client", domain, certPath, testURL, ports)
+	return slipstreamCheck("slipstream-client", domain, certPath, testURL, "", ports)
 }
 
-func slipstreamCheck(bin, domain, certPath, testURL string, ports chan int) CheckFunc {
+func slipstreamCheck(bin, domain, certPath, testURL, proxyAuth string, ports chan int) CheckFunc {
 	return func(ip string, timeout time.Duration) (bool, Metrics) {
 		ctx, cancel := context.WithTimeout(context.Background(), timeout)
 		defer cancel()
@@ -137,7 +137,7 @@ func slipstreamCheck(bin, domain, certPath, testURL string, ports chan int) Chec
 			return false, nil
 		}
 
-		if !testSOCKS(ctx, port, testURL) {
+		if !testSOCKS(ctx, port, testURL, proxyAuth) {
 			return false, nil
 		}
 		ms := roundMs(float64(time.Since(start).Microseconds()) / 1000.0)
@@ -152,11 +152,16 @@ func nullDevice() string {
 	return "/dev/null"
 }
 
-func testSOCKS(ctx context.Context, port int, testURL string) bool {
-	cmd := execCommandContext(ctx, "curl",
+func testSOCKS(ctx context.Context, port int, testURL, proxyAuth string) bool {
+	args := []string{
 		"-x", fmt.Sprintf("socks5h://127.0.0.1:%d", port),
 		"-s", "-o", nullDevice(), "-w", "%{http_code}",
-		testURL)
+	}
+	if proxyAuth != "" {
+		args = append(args, "--proxy-user", proxyAuth)
+	}
+	args = append(args, testURL)
+	cmd := execCommandContext(ctx, "curl", args...)
 	output, err := cmd.Output()
 	if err != nil {
 		return false