Fix where the new go module needed by echo-basic resides, but keep the

original as well.
See https://github.com/kubernetes-sigs/gateway-api/pull/2745/files#diff-cf5b4a9b433acc91f8c7cc2dc802e29aa712c8d820887742f3bc5ae45b7a9d0fR24-R28

Author: candita

conformance/base/manifests.yaml

@@ -740,9 +740,9 @@ spec:
   selector:
     app: backendtlspolicy-test
   ports:
-    - protocol: TCP
-      port: 443
-      targetPort: 8443
+  - protocol: TCP
+    port: 443
+    targetPort: 8443
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -762,34 +762,33 @@ spec:
         app: backendtlspolicy-test
     spec:
       containers:
-        - name: backendtlspolicy-test
-          image: gcr.io/k8s-staging-gateway-api/echo-basic:v20240412-v1.0.0-394-g40c666fd
-          volumeMounts:
-            - name: secret-volume
-              mountPath: /etc/secret-volume
-          env:
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: CA_CERT
-              value: /etc/secret-volume/crt
-            - name: CA_CERT_KEY
-              value: /etc/secret-volume/key
-          resources:
-            requests:
-              cpu: 10m
-      volumes:
+      - name: backendtlspolicy-test
+        image: gcr.io/k8s-staging-gateway-api/echo-basic:v20240412-v1.0.0-394-g40c666fd
+        volumeMounts:
         - name: secret-volume
-          secret:
-            secretName: backend-tls-checks-certificate
-            items:
-              - key: tls.crt
-                path: crt
-              - key: tls.key
-                path: key
----
+          mountPath: /etc/secret-volume
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: CA_CERT
+          value: /etc/secret-volume/crt
+        - name: CA_CERT_KEY
+          value: /etc/secret-volume/key
+        resources:
+          requests:
+            cpu: 10m
+      volumes:
+      - name: secret-volume
+        secret:
+          secretName: backend-tls-checks-certificate
+          items:
+          - key: tls.crt
+            path: crt
+          - key: tls.key
+            path: key

conformance/echo-basic/.go.mod

@@ -3,6 +3,7 @@ module sigs.k8s.io/gateway-api/conformance/echo-basic
 go 1.21
 
 require (
+	github.com/paultag/sniff v0.0.0-20200207005214-cf7e4d167732
 	golang.org/x/net v0.21.0
 	google.golang.org/grpc v1.53.0
 	google.golang.org/protobuf v1.28.1

conformance/echo-basic/.go.sum

@@ -4,6 +4,8 @@ github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/paultag/sniff v0.0.0-20200207005214-cf7e4d167732 h1:nkseUkzjazCNyGhkRwnJ1OiHSwMXazsJQx+Ci+oVLEM=
+github.com/paultag/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:J3XXNGJINXLa4yIivdUT0Ad/srv2q0pSOWbbm6El2EY=
 golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=

conformance/echo-basic/echo-basic.go

@@ -226,7 +226,9 @@ func echoHandler(w http.ResponseWriter, r *http.Request) {
 	if strings.Contains(r.RequestURI, "backendTLS") {
 		sni, err = sniffForSNI(r.RemoteAddr)
 		if err != nil {
-			// Todo: research if for some test cases there won't be one
+			// TODO: research if for some test cases there won't be SNI available.
+			processError(w, err, http.StatusBadRequest)
+			return
 		}
 	}
 
@@ -340,14 +342,15 @@ func sniffForSNI(addr string) (string, error) {
 			return "", fmt.Errorf("could not read socket: %v", err)
 		}
 		// Take an incoming TLS Client Hello and return the SNI name.
-		sni, err = parser.GetHostname(data[:])
+		sni, err = parser.GetHostname(data)
 		if err != nil {
 			return "", fmt.Errorf("error getting SNI: %v", err)
 		}
 		if sni == "" {
 			return "", fmt.Errorf("no server name indication found")
+		} else { //nolint:revive
+			return sni, nil
 		}
-		return sni, nil
 	}
 }
 

conformance/tests/backendtlspolicy-normative.yaml

@@ -23,12 +23,12 @@ metadata:
   namespace: gateway-conformance-infra
 spec:
   targetRefs:
-    - group: ""
-      kind: Service
-      name: "backendtlspolicy-test"
+  - group: ""
+    kind: Service
+    name: "backendtlspolicy-test"
   validation:
     caCertificateRefs:
       group: ""
       kind: Secret
       name: "backend-tls-checks-certificate"
-    hostname: "abc.example.com"
+    hostname: "abc.example.com"