blob: 5f4b960e8eac044a0b75bb722365aee3964c1f63 [file] [log] [blame]
Amaury Denoyelle8969c322020-12-11 17:53:12 +01001# This reg-test is uses to test respect of the websocket protocol according to
2# rfc6455.
3#
4# In particular, a request/response without a websocket key must be rejected by
5# haproxy. Note that in the tested case (h1 on both sides), haproxy does not
6# validate the key of the server but only checks its presence.
7#
8# For the case h2 client/h1 server, haproxy would add the key and validates it.
9# However, there is no way to check this case quickly at the moment using vtest.
10
11varnishtest "WebSocket test"
12
13feature ignore_unknown_macro
14
Christopher Faulet85a81362020-12-15 17:13:39 +010015#REQUIRE_VERSION=2.4
16
Amaury Denoyelle8969c322020-12-11 17:53:12 +010017# valid websocket server
18server s1 {
19 rxreq
20 expect req.method == "GET"
21 expect req.http.connection == "upgrade"
22 expect req.http.upgrade == "websocket"
23 expect req.http.sec-websocket-key == "dGhlIHNhbXBsZSBub25jZQ=="
24
25 txresp \
26 -status 101 \
27 -hdr "connection: upgrade" \
28 -hdr "upgrade: websocket" \
29 -hdr "sec-websocket-accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo="
30} -repeat 2 -start
31
32# non-conformant server: no websocket key
33server s2 {
34 rxreq
35 expect req.method == "GET"
36 expect req.http.connection == "upgrade"
37 expect req.http.upgrade == "websocket"
38
39 txresp \
40 -status 101 \
41 -hdr "connection: upgrade" \
42 -hdr "upgrade: websocket"
43} -start
44
45# haproxy instance used as a server
46# generate a http/1.1 websocket response with the valid key
47haproxy hap_srv -conf {
48 defaults
49 mode http
Willy Tarreauf6739232021-11-18 17:46:22 +010050 timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
51 timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
52 timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
Amaury Denoyelle8969c322020-12-11 17:53:12 +010053
54 listen fe1
55 bind "fd@${fe1}"
56
57 # reject if the request does not contains a websocket key
58 acl ws_handshake hdr(sec-websocket-key) -m found
59 http-request reject unless ws_handshake
60
61 # return a valid websocket handshake response
62 capture request header sec-websocket-key len 128
63 http-request return status 200 hdr connection upgrade hdr upgrade websocket hdr sec-websocket-accept "%[capture.req.hdr(0),concat(258EAFA5-E914-47DA-95CA-C5AB0DC85B11,,),sha1,base64]"
64 http-after-response set-status 101 if { status eq 200 }
65} -start
66
67# haproxy instance used as a server
68# generate a http/1.1 websocket response with an invalid key
69haproxy hap_srv_bad_key -conf {
70 defaults
71 mode http
Willy Tarreauf6739232021-11-18 17:46:22 +010072 timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
73 timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
74 timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
Amaury Denoyelle8969c322020-12-11 17:53:12 +010075
76 listen fe1
77 bind "fd@${fe1}"
78
79 # reject if the request does not contains a websocket key
80 acl ws_handshake hdr(sec-websocket-key) -m found
81 http-request reject unless ws_handshake
82
83 # return an invalid websocket handshake response
84 capture request header sec-websocket-key len 128
85 http-request return status 200 hdr connection upgrade hdr upgrade websocket hdr sec-websocket-accept "invalid_key"
86 http-after-response set-status 101 if { status eq 200 }
87} -start
88
89haproxy hap -conf {
90 defaults
91 mode http
Willy Tarreauf6739232021-11-18 17:46:22 +010092 timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
93 timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
94 timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
Amaury Denoyelle8969c322020-12-11 17:53:12 +010095
96 listen fe1
97 bind "fd@${fe1}"
98 server s1 ${s1_addr}:${s1_port}
99
100 listen fe2
101 bind "fd@${fe2}"
102 server s2 ${s2_addr}:${s2_port}
103
104 listen fe3
105 bind "fd@${fe3}" proto h2
106 server hap_srv ${hap_srv_fe1_addr}:${hap_srv_fe1_port}
107
108 listen fe4
109 bind "fd@${fe4}" proto h2
110 server hap_srv_bad_key ${hap_srv_bad_key_fe1_addr}:${hap_srv_bad_key_fe1_port}
111} -start
112
113# standard request
114client c1 -connect ${hap_fe1_sock} {
115 txreq \
116 -req "GET" \
117 -url "/" \
118 -hdr "host: 127.0.0.1" \
119 -hdr "connection: upgrade" \
120 -hdr "upgrade: websocket" \
121 -hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
122 rxresp
123 expect resp.status == 101
124 expect resp.http.connection == "upgrade"
125 expect resp.http.upgrade == "websocket"
126 expect resp.http.sec-websocket-accept == "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="
127} -run
128
129# missing websocket key
130client c2 -connect ${hap_fe1_sock} {
131 txreq \
132 -req "GET" \
133 -url "/" \
134 -hdr "host: 127.0.0.1" \
135 -hdr "connection: upgrade" \
136 -hdr "upgrade: websocket"
137
138 rxresp
139 expect resp.status == 400
140} -run
141
142# missing key on server side
143client c3 -connect ${hap_fe2_sock} {
144 txreq \
145 -req "GET" \
146 -url "/" \
147 -hdr "host: 127.0.0.1" \
148 -hdr "connection: upgrade" \
149 -hdr "upgrade: websocket" \
150 -hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
151
152 rxresp
153 expect resp.status == 502
154} -run
155
156# connect with http/2 on a http/1.1 websocket server
157# the key must be provided by haproxy
158client c4 -connect ${hap_fe3_sock} {
159 txpri
160 stream 0 {
161 txsettings
162 rxsettings
163 txsettings -ack
164 rxsettings
165 expect settings.ack == true
166 } -run
167
168 stream 1 {
169 txreq \
170 -req "CONNECT" \
171 -scheme "http" \
172 -url "/" \
173 -hdr ":authority" "127.0.0.1" \
174 -hdr ":protocol" "websocket"
175
176 rxhdrs
177 expect resp.status == 200
178 } -run
179} -run
180
181# connect with http/2 on a http/1.1 websocket server
182# however, the server will respond with an invalid key
183# haproxy is responsible to reject the request and returning a 502 to the client
184client c5 -connect ${hap_fe4_sock} {
185 txpri
186 stream 0 {
187 txsettings
188 rxsettings
189 txsettings -ack
190 rxsettings
191 expect settings.ack == true
192 } -run
193
194 stream 1 {
195 txreq \
196 -req "CONNECT" \
197 -scheme "http" \
198 -url "/" \
199 -hdr ":authority" "127.0.0.1" \
200 -hdr ":protocol" "websocket"
201
202 rxhdrs
203 expect resp.status == 502
204 } -run
205} -run