Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 8969c32d7ef2b64a4ee4f0a3d1f7e1da58ecb4f1 / . / reg-tests / http-messaging / websocket.vtc
blob: 82f5e8b0350657bbde39d62641e7aebcfd663fa7 [file] [log] [blame]
Amaury Denoyelle8969c322020-12-11 17:53:12 +0100[diff] [blame^]1# This reg-test is uses to test respect of the websocket protocol according to
2# rfc6455.
3#
4# In particular, a request/response without a websocket key must be rejected by
5# haproxy. Note that in the tested case (h1 on both sides), haproxy does not
6# validate the key of the server but only checks its presence.
7#
8# For the case h2 client/h1 server, haproxy would add the key and validates it.
9# However, there is no way to check this case quickly at the moment using vtest.
10
11varnishtest "WebSocket test"
12
13feature ignore_unknown_macro
14
15# valid websocket server
16server s1 {
17 rxreq
18 expect req.method == "GET"
19 expect req.http.connection == "upgrade"
20 expect req.http.upgrade == "websocket"
21 expect req.http.sec-websocket-key == "dGhlIHNhbXBsZSBub25jZQ=="
22
23 txresp \
24 -status 101 \
25 -hdr "connection: upgrade" \
26 -hdr "upgrade: websocket" \
27 -hdr "sec-websocket-accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo="
28} -repeat 2 -start
29
30# non-conformant server: no websocket key
31server s2 {
32 rxreq
33 expect req.method == "GET"
34 expect req.http.connection == "upgrade"
35 expect req.http.upgrade == "websocket"
36
37 txresp \
38 -status 101 \
39 -hdr "connection: upgrade" \
40 -hdr "upgrade: websocket"
41} -start
42
43# haproxy instance used as a server
44# generate a http/1.1 websocket response with the valid key
45haproxy hap_srv -conf {
46 defaults
47 mode http
48 ${no-htx} option http-use-htx
49 timeout connect 1s
50 timeout client 1s
51 timeout server 1s
52
53 listen fe1
54 bind "fd@${fe1}"
55
56 # reject if the request does not contains a websocket key
57 acl ws_handshake hdr(sec-websocket-key) -m found
58 http-request reject unless ws_handshake
59
60 # return a valid websocket handshake response
61 capture request header sec-websocket-key len 128
62 http-request return status 200 hdr connection upgrade hdr upgrade websocket hdr sec-websocket-accept "%[capture.req.hdr(0),concat(258EAFA5-E914-47DA-95CA-C5AB0DC85B11,,),sha1,base64]"
63 http-after-response set-status 101 if { status eq 200 }
64} -start
65
66# haproxy instance used as a server
67# generate a http/1.1 websocket response with an invalid key
68haproxy hap_srv_bad_key -conf {
69 defaults
70 mode http
71 ${no-htx} option http-use-htx
72 timeout connect 1s
73 timeout client 1s
74 timeout server 1s
75
76 listen fe1
77 bind "fd@${fe1}"
78
79 # reject if the request does not contains a websocket key
80 acl ws_handshake hdr(sec-websocket-key) -m found
81 http-request reject unless ws_handshake
82
83 # return an invalid websocket handshake response
84 capture request header sec-websocket-key len 128
85 http-request return status 200 hdr connection upgrade hdr upgrade websocket hdr sec-websocket-accept "invalid_key"
86 http-after-response set-status 101 if { status eq 200 }
87} -start
88
89haproxy hap -conf {
90 defaults
91 mode http
92 ${no-htx} option http-use-htx
93 timeout connect 1s
94 timeout client 1s
95 timeout server 1s
96
97 listen fe1
98 bind "fd@${fe1}"
99 server s1 ${s1_addr}:${s1_port}
100
101 listen fe2
102 bind "fd@${fe2}"
103 server s2 ${s2_addr}:${s2_port}
104
105 listen fe3
106 bind "fd@${fe3}" proto h2
107 server hap_srv ${hap_srv_fe1_addr}:${hap_srv_fe1_port}
108
109 listen fe4
110 bind "fd@${fe4}" proto h2
111 server hap_srv_bad_key ${hap_srv_bad_key_fe1_addr}:${hap_srv_bad_key_fe1_port}
112} -start
113
114# standard request
115client c1 -connect ${hap_fe1_sock} {
116 txreq \
117 -req "GET" \
118 -url "/" \
119 -hdr "host: 127.0.0.1" \
120 -hdr "connection: upgrade" \
121 -hdr "upgrade: websocket" \
122 -hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
123 rxresp
124 expect resp.status == 101
125 expect resp.http.connection == "upgrade"
126 expect resp.http.upgrade == "websocket"
127 expect resp.http.sec-websocket-accept == "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="
128} -run
129
130# missing websocket key
131client c2 -connect ${hap_fe1_sock} {
132 txreq \
133 -req "GET" \
134 -url "/" \
135 -hdr "host: 127.0.0.1" \
136 -hdr "connection: upgrade" \
137 -hdr "upgrade: websocket"
138
139 rxresp
140 expect resp.status == 400
141} -run
142
143# missing key on server side
144client c3 -connect ${hap_fe2_sock} {
145 txreq \
146 -req "GET" \
147 -url "/" \
148 -hdr "host: 127.0.0.1" \
149 -hdr "connection: upgrade" \
150 -hdr "upgrade: websocket" \
151 -hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
152
153 rxresp
154 expect resp.status == 502
155} -run
156
157# connect with http/2 on a http/1.1 websocket server
158# the key must be provided by haproxy
159client c4 -connect ${hap_fe3_sock} {
160 txpri
161 stream 0 {
162 txsettings
163 rxsettings
164 txsettings -ack
165 rxsettings
166 expect settings.ack == true
167 } -run
168
169 stream 1 {
170 txreq \
171 -req "CONNECT" \
172 -scheme "http" \
173 -url "/" \
174 -hdr ":authority" "127.0.0.1" \
175 -hdr ":protocol" "websocket"
176
177 rxhdrs
178 expect resp.status == 200
179 } -run
180} -run
181
182# connect with http/2 on a http/1.1 websocket server
183# however, the server will respond with an invalid key
184# haproxy is responsible to reject the request and returning a 502 to the client
185client c5 -connect ${hap_fe4_sock} {
186 txpri
187 stream 0 {
188 txsettings
189 rxsettings
190 txsettings -ack
191 rxsettings
192 expect settings.ack == true
193 } -run
194
195 stream 1 {
196 txreq \
197 -req "CONNECT" \
198 -scheme "http" \
199 -url "/" \
200 -hdr ":authority" "127.0.0.1" \
201 -hdr ":protocol" "websocket"
202
203 rxhdrs
204 expect resp.status == 502
205 } -run
206} -run