blob: 576c89d68136e44027aa7d2c12c1f71683e07478 [file] [log] [blame]
Amaury Denoyelle8969c322020-12-11 17:53:12 +01001# This reg-test is uses to test respect of the websocket protocol according to
2# rfc6455.
3#
4# In particular, a request/response without a websocket key must be rejected by
5# haproxy. Note that in the tested case (h1 on both sides), haproxy does not
6# validate the key of the server but only checks its presence.
7#
8# For the case h2 client/h1 server, haproxy would add the key and validates it.
9# However, there is no way to check this case quickly at the moment using vtest.
10
11varnishtest "WebSocket test"
12
13feature ignore_unknown_macro
14
Christopher Faulet85a81362020-12-15 17:13:39 +010015#REQUIRE_VERSION=2.4
16
Amaury Denoyelle8969c322020-12-11 17:53:12 +010017# valid websocket server
18server s1 {
19 rxreq
20 expect req.method == "GET"
21 expect req.http.connection == "upgrade"
22 expect req.http.upgrade == "websocket"
23 expect req.http.sec-websocket-key == "dGhlIHNhbXBsZSBub25jZQ=="
24
25 txresp \
26 -status 101 \
27 -hdr "connection: upgrade" \
28 -hdr "upgrade: websocket" \
29 -hdr "sec-websocket-accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo="
30} -repeat 2 -start
31
32# non-conformant server: no websocket key
33server s2 {
34 rxreq
35 expect req.method == "GET"
36 expect req.http.connection == "upgrade"
37 expect req.http.upgrade == "websocket"
38
39 txresp \
40 -status 101 \
41 -hdr "connection: upgrade" \
42 -hdr "upgrade: websocket"
43} -start
44
45# haproxy instance used as a server
46# generate a http/1.1 websocket response with the valid key
47haproxy hap_srv -conf {
48 defaults
49 mode http
50 ${no-htx} option http-use-htx
51 timeout connect 1s
52 timeout client 1s
53 timeout server 1s
54
55 listen fe1
56 bind "fd@${fe1}"
57
58 # reject if the request does not contains a websocket key
59 acl ws_handshake hdr(sec-websocket-key) -m found
60 http-request reject unless ws_handshake
61
62 # return a valid websocket handshake response
63 capture request header sec-websocket-key len 128
64 http-request return status 200 hdr connection upgrade hdr upgrade websocket hdr sec-websocket-accept "%[capture.req.hdr(0),concat(258EAFA5-E914-47DA-95CA-C5AB0DC85B11,,),sha1,base64]"
65 http-after-response set-status 101 if { status eq 200 }
66} -start
67
68# haproxy instance used as a server
69# generate a http/1.1 websocket response with an invalid key
70haproxy hap_srv_bad_key -conf {
71 defaults
72 mode http
73 ${no-htx} option http-use-htx
74 timeout connect 1s
75 timeout client 1s
76 timeout server 1s
77
78 listen fe1
79 bind "fd@${fe1}"
80
81 # reject if the request does not contains a websocket key
82 acl ws_handshake hdr(sec-websocket-key) -m found
83 http-request reject unless ws_handshake
84
85 # return an invalid websocket handshake response
86 capture request header sec-websocket-key len 128
87 http-request return status 200 hdr connection upgrade hdr upgrade websocket hdr sec-websocket-accept "invalid_key"
88 http-after-response set-status 101 if { status eq 200 }
89} -start
90
91haproxy hap -conf {
92 defaults
93 mode http
94 ${no-htx} option http-use-htx
95 timeout connect 1s
96 timeout client 1s
97 timeout server 1s
98
99 listen fe1
100 bind "fd@${fe1}"
101 server s1 ${s1_addr}:${s1_port}
102
103 listen fe2
104 bind "fd@${fe2}"
105 server s2 ${s2_addr}:${s2_port}
106
107 listen fe3
108 bind "fd@${fe3}" proto h2
109 server hap_srv ${hap_srv_fe1_addr}:${hap_srv_fe1_port}
110
111 listen fe4
112 bind "fd@${fe4}" proto h2
113 server hap_srv_bad_key ${hap_srv_bad_key_fe1_addr}:${hap_srv_bad_key_fe1_port}
114} -start
115
116# standard request
117client c1 -connect ${hap_fe1_sock} {
118 txreq \
119 -req "GET" \
120 -url "/" \
121 -hdr "host: 127.0.0.1" \
122 -hdr "connection: upgrade" \
123 -hdr "upgrade: websocket" \
124 -hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
125 rxresp
126 expect resp.status == 101
127 expect resp.http.connection == "upgrade"
128 expect resp.http.upgrade == "websocket"
129 expect resp.http.sec-websocket-accept == "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="
130} -run
131
132# missing websocket key
133client c2 -connect ${hap_fe1_sock} {
134 txreq \
135 -req "GET" \
136 -url "/" \
137 -hdr "host: 127.0.0.1" \
138 -hdr "connection: upgrade" \
139 -hdr "upgrade: websocket"
140
141 rxresp
142 expect resp.status == 400
143} -run
144
145# missing key on server side
146client c3 -connect ${hap_fe2_sock} {
147 txreq \
148 -req "GET" \
149 -url "/" \
150 -hdr "host: 127.0.0.1" \
151 -hdr "connection: upgrade" \
152 -hdr "upgrade: websocket" \
153 -hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
154
155 rxresp
156 expect resp.status == 502
157} -run
158
159# connect with http/2 on a http/1.1 websocket server
160# the key must be provided by haproxy
161client c4 -connect ${hap_fe3_sock} {
162 txpri
163 stream 0 {
164 txsettings
165 rxsettings
166 txsettings -ack
167 rxsettings
168 expect settings.ack == true
169 } -run
170
171 stream 1 {
172 txreq \
173 -req "CONNECT" \
174 -scheme "http" \
175 -url "/" \
176 -hdr ":authority" "127.0.0.1" \
177 -hdr ":protocol" "websocket"
178
179 rxhdrs
180 expect resp.status == 200
181 } -run
182} -run
183
184# connect with http/2 on a http/1.1 websocket server
185# however, the server will respond with an invalid key
186# haproxy is responsible to reject the request and returning a 502 to the client
187client c5 -connect ${hap_fe4_sock} {
188 txpri
189 stream 0 {
190 txsettings
191 rxsettings
192 txsettings -ack
193 rxsettings
194 expect settings.ack == true
195 } -run
196
197 stream 1 {
198 txreq \
199 -req "CONNECT" \
200 -scheme "http" \
201 -url "/" \
202 -hdr ":authority" "127.0.0.1" \
203 -hdr ":protocol" "websocket"
204
205 rxhdrs
206 expect resp.status == 502
207 } -run
208} -run