Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / f30d6ac885abe6503bc6d3e207b8753fd2ae8b2b / . / reg-tests / connection / proxy_protocol_tlv_validation.vtc
blob: 65a251cb896771bd188d4a68891dcd5b7e9ebeda [file] [log] [blame]
Tim Duesterhusf30d6ac2020-03-05 22:55:20 +0100[diff] [blame^]1varnishtest "Check that the TLVs are properly validated"
2
3feature ignore_unknown_macro
4
5# We need one HAProxy for each test, because apparently the connection by
6# the client is reused, leading to connection resets.
7
8haproxy h1 -conf {
9 defaults
10 mode http
11 timeout connect 1s
12 timeout client 1s
13 timeout server 1s
14
15 frontend a
16 bind "fd@${fe1}" accept-proxy
17 http-after-response set-header echo %[fc_pp_authority,hex]
18 http-request return status 200
19} -start
20
21# Validate that a correct header passes
22client c1 -connect ${h1_fe1_sock} {
23 # PROXY v2 signature
24 sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
25 # version + PROXY
26 sendhex "21"
27 # TCP4
28 sendhex "11"
29 # length of the address (12) + length of the TLV (8)
30 sendhex "00 14"
31 # 127.0.0.1 42 127.0.0.1 1337
32 sendhex "7F 00 00 01 7F 00 00 01 00 2A 05 39"
33 # PP2_TYPE_AUTHORITY + length of the value + "12345"
34 sendhex "02 00 05 31 32 33 34 35"
35
36 txreq -url "/"
37 rxresp
38 expect resp.http.echo == "3132333435"
39} -run
40
41haproxy h2 -conf {
42 defaults
43 mode http
44 timeout connect 1s
45 timeout client 1s
46 timeout server 1s
47
48 frontend a
49 bind "fd@${fe1}" accept-proxy
50 http-after-response set-header echo %[fc_pp_authority,hex]
51 http-request return status 200
52} -start
53
54# Validate that a TLV after the end of the PROXYv2 header is ignored
55client c2 -connect ${h2_fe1_sock} {
56 # PROXY v2 signature
57 sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
58 # version + PROXY
59 sendhex "21"
60 # TCP4
61 sendhex "11"
62 # length of the address (12) + length of the TLV (8)
63 sendhex "00 14"
64 # 127.0.0.1 42 127.0.0.1 1337
65 sendhex "7F 00 00 01 7F 00 00 01 00 2A 05 39"
66 # PP2_TYPE_AUTHORITY + length of the value + "12345"
67 sendhex "02 00 05 31 32 33 34 35"
68 # after the end of the PROXYv2 header: PP2_TYPE_AUTHORITY + length of the value + "54321"
69 sendhex "02 00 05 35 34 33 32 31"
70
71 txreq -url "/"
72 rxresp
73 expect resp.http.echo == "3132333435"
74} -run
75
76haproxy h3 -conf {
77 defaults
78 mode http
79 timeout connect 1s
80 timeout client 1s
81 timeout server 1s
82
83 frontend a
84 bind "fd@${fe1}" accept-proxy
85 http-after-response set-header echo %[fc_pp_authority,hex]
86 http-request return status 200
87} -start
88
89# Validate that a TLV length exceeding the PROXYv2 length fails
90client c3 -connect ${h3_fe1_sock} {
91 # PROXY v2 signature
92 sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
93 # version + PROXY
94 sendhex "21"
95 # TCP4
96 sendhex "11"
97 # length of the address (12) + too small length of the TLV (8)
98 sendhex "00 14"
99 # 127.0.0.1 42 127.0.0.1 1337
100 sendhex "7F 00 00 01 7F 00 00 01 00 2A 05 39"
101 # PP2_TYPE_AUTHORITY + length of the value + "1234512345"
102 sendhex "02 00 0A 31 32 33 34 35 31 32 33 34 35"
103
104 txreq -url "/"
105 expect_close
106} -run
107
108haproxy h4 -conf {
109 defaults
110 mode http
111 timeout connect 1s
112 timeout client 1s
113 timeout server 1s
114
115 frontend a
116 bind "fd@${fe1}" accept-proxy
117 http-after-response set-header echo %[fc_pp_authority,hex]
118 http-request return status 200
119} -start
120
121# Validate that TLVs not ending with the PROXYv2 header fail
122client c4 -connect ${h4_fe1_sock} {
123 # PROXY v2 signature
124 sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
125 # version + PROXY
126 sendhex "21"
127 # TCP4
128 sendhex "11"
129 # length of the address (12) + too big length of the TLV (8)
130 sendhex "00 14"
131 # 127.0.0.1 42 127.0.0.1 1337
132 sendhex "7F 00 00 01 7F 00 00 01 00 2A 05 39"
133 # PP2_TYPE_AUTHORITY + length of the value + "1234"
134 sendhex "02 00 04 31 32 33 34"
135
136 txreq -url "/"
137 expect_close
138} -run