blob: 24c548f133141646505765b308c341a2bb024d1e [file] [log] [blame]
Tim Duesterhus488ee7f2020-03-05 22:55:20 +01001varnishtest "Check that the TLVs are properly validated"
2
Willy Tarreau1d52c7b2020-03-31 16:36:20 +02003#REQUIRE_VERSION=2.2
4
Tim Duesterhus488ee7f2020-03-05 22:55:20 +01005feature ignore_unknown_macro
6
7# We need one HAProxy for each test, because apparently the connection by
8# the client is reused, leading to connection resets.
9
10haproxy h1 -conf {
11 defaults
12 mode http
13 timeout connect 1s
14 timeout client 1s
15 timeout server 1s
16
17 frontend a
18 bind "fd@${fe1}" accept-proxy
19 http-after-response set-header echo %[fc_pp_authority,hex]
20 http-request return status 200
21} -start
22
23# Validate that a correct header passes
24client c1 -connect ${h1_fe1_sock} {
25 # PROXY v2 signature
26 sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
27 # version + PROXY
28 sendhex "21"
29 # TCP4
30 sendhex "11"
31 # length of the address (12) + length of the TLV (8)
32 sendhex "00 14"
33 # 127.0.0.1 42 127.0.0.1 1337
34 sendhex "7F 00 00 01 7F 00 00 01 00 2A 05 39"
35 # PP2_TYPE_AUTHORITY + length of the value + "12345"
36 sendhex "02 00 05 31 32 33 34 35"
37
38 txreq -url "/"
39 rxresp
40 expect resp.http.echo == "3132333435"
41} -run
42
43haproxy h2 -conf {
44 defaults
45 mode http
46 timeout connect 1s
47 timeout client 1s
48 timeout server 1s
49
50 frontend a
51 bind "fd@${fe1}" accept-proxy
52 http-after-response set-header echo %[fc_pp_authority,hex]
53 http-request return status 200
54} -start
55
56# Validate that a TLV after the end of the PROXYv2 header is ignored
57client c2 -connect ${h2_fe1_sock} {
58 # PROXY v2 signature
59 sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
60 # version + PROXY
61 sendhex "21"
62 # TCP4
63 sendhex "11"
64 # length of the address (12) + length of the TLV (8)
65 sendhex "00 14"
66 # 127.0.0.1 42 127.0.0.1 1337
67 sendhex "7F 00 00 01 7F 00 00 01 00 2A 05 39"
68 # PP2_TYPE_AUTHORITY + length of the value + "12345"
69 sendhex "02 00 05 31 32 33 34 35"
70 # after the end of the PROXYv2 header: PP2_TYPE_AUTHORITY + length of the value + "54321"
71 sendhex "02 00 05 35 34 33 32 31"
72
73 txreq -url "/"
74 rxresp
75 expect resp.http.echo == "3132333435"
76} -run
77
78haproxy h3 -conf {
79 defaults
80 mode http
81 timeout connect 1s
82 timeout client 1s
83 timeout server 1s
84
85 frontend a
86 bind "fd@${fe1}" accept-proxy
87 http-after-response set-header echo %[fc_pp_authority,hex]
88 http-request return status 200
89} -start
90
91# Validate that a TLV length exceeding the PROXYv2 length fails
92client c3 -connect ${h3_fe1_sock} {
93 # PROXY v2 signature
94 sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
95 # version + PROXY
96 sendhex "21"
97 # TCP4
98 sendhex "11"
99 # length of the address (12) + too small length of the TLV (8)
100 sendhex "00 14"
101 # 127.0.0.1 42 127.0.0.1 1337
102 sendhex "7F 00 00 01 7F 00 00 01 00 2A 05 39"
103 # PP2_TYPE_AUTHORITY + length of the value + "1234512345"
104 sendhex "02 00 0A 31 32 33 34 35 31 32 33 34 35"
105
106 txreq -url "/"
107 expect_close
108} -run
109
110haproxy h4 -conf {
111 defaults
112 mode http
113 timeout connect 1s
114 timeout client 1s
115 timeout server 1s
116
117 frontend a
118 bind "fd@${fe1}" accept-proxy
119 http-after-response set-header echo %[fc_pp_authority,hex]
120 http-request return status 200
121} -start
122
123# Validate that TLVs not ending with the PROXYv2 header fail
124client c4 -connect ${h4_fe1_sock} {
125 # PROXY v2 signature
126 sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
127 # version + PROXY
128 sendhex "21"
129 # TCP4
130 sendhex "11"
131 # length of the address (12) + too big length of the TLV (8)
132 sendhex "00 14"
133 # 127.0.0.1 42 127.0.0.1 1337
134 sendhex "7F 00 00 01 7F 00 00 01 00 2A 05 39"
135 # PP2_TYPE_AUTHORITY + length of the value + "1234"
136 sendhex "02 00 04 31 32 33 34"
137
138 txreq -url "/"
139 expect_close
140} -run