Christopher Faulet | e1f3b54 | 2021-10-26 18:12:23 +0200 | [diff] [blame] | 1 | varnishtest "Test multi-level client source and destination addresses" |
| 2 | |
Tim Duesterhus | 41922af | 2021-11-04 21:12:14 +0100 | [diff] [blame^] | 3 | feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.5-dev0)'" |
Christopher Faulet | e1f3b54 | 2021-10-26 18:12:23 +0200 | [diff] [blame] | 4 | feature ignore_unknown_macro |
| 5 | |
| 6 | haproxy h1 -conf { |
| 7 | defaults |
| 8 | mode http |
| 9 | timeout connect 1s |
| 10 | timeout client 1s |
| 11 | timeout server 1s |
| 12 | |
| 13 | frontend fe1 |
| 14 | bind "fd@${fe1}" |
| 15 | tcp-request connection set-src ipv4(10.0.0.1) |
| 16 | tcp-request connection set-dst ipv4(10.0.0.2) |
| 17 | |
| 18 | tcp-request session set-var(sess.sess_fc_src) fc_src |
| 19 | tcp-request session set-var(sess.sess_fc_dst) fc_dst |
| 20 | tcp-request session set-var(sess.sess_src) src |
| 21 | tcp-request session set-var(sess.sess_dst) dst |
| 22 | |
| 23 | tcp-request inspect-delay 100ms |
| 24 | tcp-request content set-var(txn.strm_fc_src) fc_src |
| 25 | tcp-request content set-var(txn.strm_fc_dst) fc_dst |
| 26 | tcp-request content set-var(txn.strm_src) src |
| 27 | tcp-request content set-var(txn.strm_dst) dst |
| 28 | |
| 29 | http-after-response set-header sess-fc-src %[var(sess.sess_fc_src)] |
| 30 | http-after-response set-header sess-src %[var(sess.sess_src)] |
| 31 | http-after-response set-header sess-fc-dst %[var(sess.sess_fc_dst)] |
| 32 | http-after-response set-header sess-dst %[var(sess.sess_dst)] |
| 33 | http-after-response set-header strm-fc-src %[var(txn.strm_fc_src)] |
| 34 | http-after-response set-header strm-src %[var(txn.strm_src)] |
| 35 | http-after-response set-header strm-fc-dst %[var(txn.strm_fc_dst)] |
| 36 | http-after-response set-header strm-dst %[var(txn.strm_dst)] |
| 37 | |
| 38 | default_backend be |
| 39 | |
| 40 | frontend fe2 |
| 41 | bind "fd@${fe2}" |
| 42 | tcp-request connection set-src ipv4(10.0.0.1) |
| 43 | tcp-request connection set-dst ipv4(10.0.0.2) |
| 44 | |
| 45 | tcp-request session set-src ipv4(10.1.0.1) |
| 46 | tcp-request session set-dst ipv4(10.1.0.2) |
| 47 | tcp-request session set-var(sess.sess_fc_src) fc_src |
| 48 | tcp-request session set-var(sess.sess_fc_dst) fc_dst |
| 49 | tcp-request session set-var(sess.sess_src) src |
| 50 | tcp-request session set-var(sess.sess_dst) dst |
| 51 | |
| 52 | tcp-request inspect-delay 100ms |
| 53 | tcp-request content set-var(txn.strm_fc_src) fc_src |
| 54 | tcp-request content set-var(txn.strm_fc_dst) fc_dst |
| 55 | tcp-request content set-var(txn.strm_src) src |
| 56 | tcp-request content set-var(txn.strm_dst) dst |
| 57 | |
| 58 | http-after-response set-header sess-fc-src %[var(sess.sess_fc_src)] |
| 59 | http-after-response set-header sess-src %[var(sess.sess_src)] |
| 60 | http-after-response set-header sess-fc-dst %[var(sess.sess_fc_dst)] |
| 61 | http-after-response set-header sess-dst %[var(sess.sess_dst)] |
| 62 | http-after-response set-header strm-fc-src %[var(txn.strm_fc_src)] |
| 63 | http-after-response set-header strm-src %[var(txn.strm_src)] |
| 64 | http-after-response set-header strm-fc-dst %[var(txn.strm_fc_dst)] |
| 65 | http-after-response set-header strm-dst %[var(txn.strm_dst)] |
| 66 | |
| 67 | default_backend be |
| 68 | |
| 69 | frontend fe3 |
| 70 | bind "fd@${fe3}" |
| 71 | tcp-request connection set-src ipv4(10.0.0.1) |
| 72 | tcp-request connection set-dst ipv4(10.0.0.2) |
| 73 | |
| 74 | tcp-request session set-src ipv4(10.1.0.1) |
| 75 | tcp-request session set-dst ipv4(10.1.0.2) |
| 76 | tcp-request session set-var(sess.sess_fc_src) fc_src |
| 77 | tcp-request session set-var(sess.sess_fc_dst) fc_dst |
| 78 | tcp-request session set-var(sess.sess_src) src |
| 79 | tcp-request session set-var(sess.sess_dst) dst |
| 80 | |
| 81 | tcp-request inspect-delay 100ms |
| 82 | tcp-request content set-src ipv4(10.2.0.1) |
| 83 | tcp-request content set-dst ipv4(10.2.0.2) |
| 84 | tcp-request content set-var(txn.strm_fc_src) fc_src |
| 85 | tcp-request content set-var(txn.strm_fc_dst) fc_dst |
| 86 | tcp-request content set-var(txn.strm_src) src |
| 87 | tcp-request content set-var(txn.strm_dst) dst |
| 88 | |
| 89 | http-after-response set-header sess-fc-src %[var(sess.sess_fc_src)] |
| 90 | http-after-response set-header sess-src %[var(sess.sess_src)] |
| 91 | http-after-response set-header sess-fc-dst %[var(sess.sess_fc_dst)] |
| 92 | http-after-response set-header sess-dst %[var(sess.sess_dst)] |
| 93 | http-after-response set-header strm-fc-src %[var(txn.strm_fc_src)] |
| 94 | http-after-response set-header strm-src %[var(txn.strm_src)] |
| 95 | http-after-response set-header strm-fc-dst %[var(txn.strm_fc_dst)] |
| 96 | http-after-response set-header strm-dst %[var(txn.strm_dst)] |
| 97 | |
| 98 | |
| 99 | frontend fe4 |
| 100 | bind "fd@${fe4}" |
| 101 | |
| 102 | tcp-request connection set-src ipv4(10.0.0.1) |
| 103 | tcp-request connection set-dst ipv4(10.0.0.2) |
| 104 | |
| 105 | tcp-request session set-var(sess.sess_fc_src) fc_src |
| 106 | tcp-request session set-var(sess.sess_fc_dst) fc_dst |
| 107 | tcp-request session set-var(sess.sess_src) src |
| 108 | tcp-request session set-var(sess.sess_dst) dst |
| 109 | |
| 110 | http-request set-src hdr(x-forwarded-for) |
| 111 | http-request set-dst hdr(x-original-to) |
| 112 | http-request set-var(txn.strm_fc_src) fc_src |
| 113 | http-request set-var(txn.strm_fc_dst) fc_dst |
| 114 | http-request set-var(txn.strm_src) src |
| 115 | http-request set-var(txn.strm_dst) dst |
| 116 | |
| 117 | http-after-response set-header sess-fc-src %[var(sess.sess_fc_src)] |
| 118 | http-after-response set-header sess-src %[var(sess.sess_src)] |
| 119 | http-after-response set-header sess-fc-dst %[var(sess.sess_fc_dst)] |
| 120 | http-after-response set-header sess-dst %[var(sess.sess_dst)] |
| 121 | http-after-response set-header strm-fc-src %[var(txn.strm_fc_src)] |
| 122 | http-after-response set-header strm-src %[var(txn.strm_src)] |
| 123 | http-after-response set-header strm-fc-dst %[var(txn.strm_fc_dst)] |
| 124 | http-after-response set-header strm-dst %[var(txn.strm_dst)] |
| 125 | |
| 126 | default_backend be |
| 127 | |
| 128 | backend be |
| 129 | http-request return status 200 |
| 130 | |
| 131 | listen li1 |
| 132 | bind "fd@${li1}" |
| 133 | |
| 134 | tcp-request connection set-src ipv4(10.0.0.1) |
| 135 | tcp-request connection set-dst ipv4(10.0.0.2) |
| 136 | |
| 137 | http-request set-src ipv4(192.168.0.1) |
| 138 | http-request set-dst ipv4(192.168.0.2) |
| 139 | |
| 140 | http-after-response set-header li1-fc-src %[fc_src] |
| 141 | http-after-response set-header li1-src %[src] |
| 142 | http-after-response set-header li1-fc-dst %[fc_dst] |
| 143 | http-after-response set-header li1-dst %[dst] |
| 144 | |
| 145 | |
| 146 | server srv ${h1_li3_addr}:${h1_li3_port} send-proxy |
| 147 | |
| 148 | listen li2 |
| 149 | bind "fd@${li2}" |
| 150 | |
| 151 | tcp-request connection set-src ipv4(10.0.0.1) |
| 152 | tcp-request connection set-dst ipv4(10.0.0.2) |
| 153 | |
| 154 | http-request set-src ipv4(192.168.0.1) |
| 155 | http-request set-dst ipv4(192.168.0.2) |
| 156 | |
| 157 | http-after-response set-header li2-fc-src %[fc_src] |
| 158 | http-after-response set-header li2-src %[src] |
| 159 | http-after-response set-header li2-fc-dst %[fc_dst] |
| 160 | http-after-response set-header li2-dst %[dst] |
| 161 | |
| 162 | server srv ${h1_li3_addr}:${h1_li3_port} send-proxy-v2 |
| 163 | |
| 164 | listen li3 |
| 165 | bind "fd@${li3}" accept-proxy |
| 166 | |
| 167 | tcp-request connection set-src ipv4(10.1.0.1) |
| 168 | tcp-request connection set-dst ipv4(10.1.0.2) |
| 169 | |
| 170 | http-after-response set-header li3-fc-src %[fc_src] |
| 171 | http-after-response set-header li3-src %[src] |
| 172 | http-after-response set-header li3-fc-dst %[fc_dst] |
| 173 | http-after-response set-header li3-dst %[dst] |
| 174 | |
| 175 | http-request return status 200 |
| 176 | |
| 177 | } -start |
| 178 | |
| 179 | |
| 180 | client c1 -connect ${h1_fe1_sock} { |
| 181 | txreq |
| 182 | rxresp |
| 183 | expect resp.http.sess-fc-src == 10.0.0.1 |
| 184 | expect resp.http.sess-src == 10.0.0.1 |
| 185 | expect resp.http.strm-fc-src == 10.0.0.1 |
| 186 | expect resp.http.strm-src == 10.0.0.1 |
| 187 | |
| 188 | expect resp.http.sess-fc-dst == 10.0.0.2 |
| 189 | expect resp.http.sess-dst == 10.0.0.2 |
| 190 | expect resp.http.strm-fc-dst == 10.0.0.2 |
| 191 | expect resp.http.strm-dst == 10.0.0.2 |
| 192 | } -run |
| 193 | |
| 194 | client c2 -connect ${h1_fe2_sock} { |
| 195 | txreq |
| 196 | rxresp |
| 197 | expect resp.http.sess-fc-src == 10.0.0.1 |
| 198 | expect resp.http.sess-src == 10.1.0.1 |
| 199 | expect resp.http.strm-fc-src == 10.0.0.1 |
| 200 | expect resp.http.strm-src == 10.1.0.1 |
| 201 | |
| 202 | expect resp.http.sess-fc-dst == 10.0.0.2 |
| 203 | expect resp.http.sess-dst == 10.1.0.2 |
| 204 | expect resp.http.strm-fc-dst == 10.0.0.2 |
| 205 | expect resp.http.strm-dst == 10.1.0.2 |
| 206 | } -run |
| 207 | |
| 208 | client c3 -connect ${h1_fe3_sock} { |
| 209 | txreq |
| 210 | rxresp |
| 211 | expect resp.http.sess-fc-src == 10.0.0.1 |
| 212 | expect resp.http.sess-src == 10.1.0.1 |
| 213 | expect resp.http.strm-fc-src == 10.0.0.1 |
| 214 | expect resp.http.strm-src == 10.2.0.1 |
| 215 | |
| 216 | expect resp.http.sess-fc-dst == 10.0.0.2 |
| 217 | expect resp.http.sess-dst == 10.1.0.2 |
| 218 | expect resp.http.strm-fc-dst == 10.0.0.2 |
| 219 | expect resp.http.strm-dst == 10.2.0.2 |
| 220 | } -run |
| 221 | |
| 222 | client c4 -connect ${h1_fe4_sock} { |
| 223 | txreq \ |
| 224 | -hdr "x-forwarded-for: 192.168.0.1" \ |
| 225 | -hdr "x-original-to: 192.168.0.2" |
| 226 | rxresp |
| 227 | expect resp.http.sess-fc-src == 10.0.0.1 |
| 228 | expect resp.http.sess-src == 10.0.0.1 |
| 229 | expect resp.http.strm-fc-src == 10.0.0.1 |
| 230 | expect resp.http.strm-src == 192.168.0.1 |
| 231 | |
| 232 | expect resp.http.sess-fc-dst == 10.0.0.2 |
| 233 | expect resp.http.sess-dst == 10.0.0.2 |
| 234 | expect resp.http.strm-fc-dst == 10.0.0.2 |
| 235 | expect resp.http.strm-dst == 192.168.0.2 |
| 236 | |
| 237 | txreq \ |
| 238 | -hdr "x-forwarded-for: 192.168.1.1" \ |
| 239 | -hdr "x-original-to: 192.168.1.2" |
| 240 | rxresp |
| 241 | expect resp.http.sess-fc-src == 10.0.0.1 |
| 242 | expect resp.http.sess-src == 10.0.0.1 |
| 243 | expect resp.http.strm-fc-src == 10.0.0.1 |
| 244 | expect resp.http.strm-src == 192.168.1.1 |
| 245 | |
| 246 | expect resp.http.sess-fc-dst == 10.0.0.2 |
| 247 | expect resp.http.sess-dst == 10.0.0.2 |
| 248 | expect resp.http.strm-fc-dst == 10.0.0.2 |
| 249 | expect resp.http.strm-dst == 192.168.1.2 |
| 250 | |
| 251 | txreq |
| 252 | rxresp |
| 253 | expect resp.http.sess-fc-src == 10.0.0.1 |
| 254 | expect resp.http.sess-src == 10.0.0.1 |
| 255 | expect resp.http.strm-fc-src == 10.0.0.1 |
| 256 | expect resp.http.strm-src == 10.0.0.1 |
| 257 | |
| 258 | expect resp.http.sess-fc-dst == 10.0.0.2 |
| 259 | expect resp.http.sess-dst == 10.0.0.2 |
| 260 | expect resp.http.strm-fc-dst == 10.0.0.2 |
| 261 | expect resp.http.strm-dst == 10.0.0.2 |
| 262 | } -run |
| 263 | |
| 264 | client c5 -connect ${h1_li1_sock} { |
| 265 | txreq |
| 266 | rxresp |
| 267 | expect resp.http.li1-fc-src == 10.0.0.1 |
| 268 | expect resp.http.li1-src == 192.168.0.1 |
| 269 | expect resp.http.li1-fc-dst == 10.0.0.2 |
| 270 | expect resp.http.li1-dst == 192.168.0.2 |
| 271 | |
| 272 | expect resp.http.li3-fc-src == 10.1.0.1 |
| 273 | expect resp.http.li3-src == 192.168.0.1 |
| 274 | expect resp.http.li3-fc-dst == 10.1.0.2 |
| 275 | expect resp.http.li3-dst == 192.168.0.2 |
| 276 | } -run |
| 277 | |
| 278 | client c6 -connect ${h1_li2_sock} { |
| 279 | txreq |
| 280 | rxresp |
| 281 | expect resp.http.li2-fc-src == 10.0.0.1 |
| 282 | expect resp.http.li2-src == 192.168.0.1 |
| 283 | expect resp.http.li2-fc-dst == 10.0.0.2 |
| 284 | expect resp.http.li2-dst == 192.168.0.2 |
| 285 | |
| 286 | expect resp.http.li3-fc-src == 10.1.0.1 |
| 287 | expect resp.http.li3-src == 192.168.0.1 |
| 288 | expect resp.http.li3-fc-dst == 10.1.0.2 |
| 289 | expect resp.http.li3-dst == 192.168.0.2 |
| 290 | } -run |