Mercurial > hg > nginx-tests
comparison stream_proxy_protocol2_tlv.t @ 1808:6040bfd6acbd
Tests: proxy protocol v2 TLVs tests for stream module.
author | Eugene Grebenschikov <e.grebenshchikov@f5.com> |
---|---|
date | Tue, 15 Nov 2022 22:01:34 -0800 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
1807:01fcc82a435a | 1808:6040bfd6acbd |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Roman Arutyunyan | |
4 # (C) Eugene Grebenschikov | |
5 # (C) Nginx, Inc. | |
6 | |
7 # Tests for variables for proxy protocol v2 TLVs. | |
8 | |
9 ############################################################################### | |
10 | |
11 use warnings; | |
12 use strict; | |
13 | |
14 use Test::More; | |
15 | |
16 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
17 | |
18 use lib 'lib'; | |
19 use Test::Nginx; | |
20 use Test::Nginx::Stream qw/ stream /; | |
21 | |
22 ############################################################################### | |
23 | |
24 select STDERR; $| = 1; | |
25 select STDOUT; $| = 1; | |
26 | |
27 my $t = Test::Nginx->new()->has(qw/stream stream_return map/) | |
28 ->write_file_expand('nginx.conf', <<'EOF'); | |
29 | |
30 %%TEST_GLOBALS%% | |
31 | |
32 daemon off; | |
33 | |
34 events { | |
35 } | |
36 | |
37 stream { | |
38 %%TEST_GLOBALS_STREAM%% | |
39 | |
40 map $proxy_protocol_tlv_ssl $binary_present { | |
41 "~\\x00" "true"; | |
42 } | |
43 | |
44 server { | |
45 listen 127.0.0.1:8080 proxy_protocol; | |
46 return " | |
47 alpn:$proxy_protocol_tlv_alpn | |
48 authority:$proxy_protocol_tlv_authority | |
49 crc32c:$proxy_protocol_tlv_0x3 | |
50 unique-id:$proxy_protocol_tlv_unique_id | |
51 netns:$proxy_protocol_tlv_netns | |
52 ssl-verify:$proxy_protocol_tlv_ssl_verify | |
53 ssl-version:$proxy_protocol_tlv_ssl_version | |
54 ssl-cn:$proxy_protocol_tlv_ssl_cn | |
55 ssl-cipher:$proxy_protocol_tlv_ssl_cipher | |
56 ssl-sig-alg:$proxy_protocol_tlv_ssl_sig_alg | |
57 ssl-key-alg:$proxy_protocol_tlv_ssl_key_alg | |
58 custom:$proxy_protocol_tlv_0x000ae | |
59 x:$proxy_protocol_tlv_0x000e | |
60 ssl-binary:$binary_present"; | |
61 } | |
62 } | |
63 | |
64 EOF | |
65 | |
66 $t->try_run('no proxy_protocol tlv')->plan(14); | |
67 | |
68 ############################################################################### | |
69 | |
70 my $tlv = pp2_create_tlv(0x1, "ALPN1"); | |
71 $tlv .= pp2_create_tlv(0x2, "localhost"); | |
72 $tlv .= pp2_create_tlv(0x3, "4321"); | |
73 $tlv .= pp2_create_tlv(0x5, "UNIQQ"); | |
74 $tlv .= pp2_create_tlv(0x30, "NETNS"); | |
75 $tlv .= pp2_create_tlv(0xae, "12345"); | |
76 my $p = pp2_create($tlv); | |
77 | |
78 my $r = pp_get(8080, $p); | |
79 like($r, qr/alpn:ALPN1\x0d?$/m, 'ALPN'); | |
80 like($r, qr/authority:localhost\x0d?$/m, 'AUTHORITY'); | |
81 like($r, qr/crc32c:4321\x0d?$/m, 'CRC32C'); | |
82 like($r, qr/unique-id:UNIQQ\x0d?$/m, 'UNIQUE_ID'); | |
83 like($r, qr/netns:NETNS\x0d?$/m, 'NETNS'); | |
84 like($r, qr/custom:12345\x0d?$/m, 'custom'); | |
85 like($r, qr/x:\x0d?$/m, 'non-existent'); | |
86 | |
87 # big proxy protocol header with TLVs | |
88 | |
89 TODO: { | |
90 local $TODO = 'not yet' unless $t->has_version('1.23.3'); | |
91 | |
92 my $sub = pp2_create_tlv(0x21, "TLSv1.2"); | |
93 $sub .= pp2_create_tlv(0x22, "example.com"); | |
94 $sub .= pp2_create_tlv(0x23, "AES256-SHA"); | |
95 $sub .= pp2_create_tlv(0x24, "SHA1"); | |
96 $sub .= pp2_create_tlv(0x25, "RSA512"); | |
97 my $ssl = pp2_create_ssl(0x01, 255, $sub); | |
98 $tlv .= pp2_create_tlv(0x20, $ssl); | |
99 $p = pp2_create($tlv); | |
100 | |
101 $r = pp_get(8080, $p); | |
102 like($r, qr/ssl-verify:255\x0d?$/m, 'SSL_VERIFY'); | |
103 like($r, qr/ssl-version:TLSv1.2\x0d?$/m, 'SSL_VERSION'); | |
104 like($r, qr/ssl-cn:example.com\x0d?$/m, 'SSL_CN'); | |
105 like($r, qr/ssl-cipher:AES256-SHA\x0d?$/m, 'SSL_CIPHER'); | |
106 like($r, qr/ssl-sig-alg:SHA1\x0d?$/m, 'SSL_SIG_ALG'); | |
107 like($r, qr/ssl-key-alg:RSA512\x0d?$/m, 'SSL_KEY_ALG'); | |
108 like($r, qr/ssl-binary:true/, 'SSL_BINARY'); | |
109 | |
110 } | |
111 | |
112 ############################################################################### | |
113 | |
114 sub pp_get { | |
115 my ($port, $proxy) = @_; | |
116 stream(PeerPort => port($port))->io($proxy); | |
117 } | |
118 | |
119 sub pp2_create { | |
120 my ($tlv) = @_; | |
121 | |
122 my $pp2_sig = pack("N3", 0x0D0A0D0A, 0x000D0A51, 0x5549540A); | |
123 my $ver_cmd = pack('C', 0x21); | |
124 my $family = pack('C', 0x11); | |
125 my $packet = $pp2_sig . $ver_cmd . $family; | |
126 | |
127 my $ip1 = pack('N', 0xc0000201); # 192.0.2.1 | |
128 my $ip2 = pack('N', 0xc0000202); # 192.0.2.2 | |
129 my $port1 = pack('n', 123); | |
130 my $port2 = pack('n', 5678); | |
131 my $addrs = $ip1 . $ip2 . $port1 . $port2; | |
132 | |
133 my $len = length($addrs) + length($tlv); | |
134 | |
135 $packet .= pack('n', $len) . $addrs . $tlv; | |
136 | |
137 return $packet; | |
138 } | |
139 | |
140 sub pp2_create_tlv { | |
141 my ($type, $content) = @_; | |
142 | |
143 my $len = length($content); | |
144 | |
145 return pack("CnA*", $type, $len, $content); | |
146 } | |
147 | |
148 sub pp2_create_ssl { | |
149 my ($client, $verify, $content) = @_; | |
150 | |
151 return pack("CNA*", $client, $verify, $content); | |
152 } | |
153 | |
154 ############################################################################### |