Mercurial > hg > nginx-tests
comparison stream_proxy_protocol2_tlv.t @ 1808:6040bfd6acbd
Tests: proxy protocol v2 TLVs tests for stream module.
| author | Eugene Grebenschikov <e.grebenshchikov@f5.com> |
|---|---|
| date | Tue, 15 Nov 2022 22:01:34 -0800 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 1807:01fcc82a435a | 1808:6040bfd6acbd |
|---|---|
| 1 #!/usr/bin/perl | |
| 2 | |
| 3 # (C) Roman Arutyunyan | |
| 4 # (C) Eugene Grebenschikov | |
| 5 # (C) Nginx, Inc. | |
| 6 | |
| 7 # Tests for variables for proxy protocol v2 TLVs. | |
| 8 | |
| 9 ############################################################################### | |
| 10 | |
| 11 use warnings; | |
| 12 use strict; | |
| 13 | |
| 14 use Test::More; | |
| 15 | |
| 16 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
| 17 | |
| 18 use lib 'lib'; | |
| 19 use Test::Nginx; | |
| 20 use Test::Nginx::Stream qw/ stream /; | |
| 21 | |
| 22 ############################################################################### | |
| 23 | |
| 24 select STDERR; $| = 1; | |
| 25 select STDOUT; $| = 1; | |
| 26 | |
| 27 my $t = Test::Nginx->new()->has(qw/stream stream_return map/) | |
| 28 ->write_file_expand('nginx.conf', <<'EOF'); | |
| 29 | |
| 30 %%TEST_GLOBALS%% | |
| 31 | |
| 32 daemon off; | |
| 33 | |
| 34 events { | |
| 35 } | |
| 36 | |
| 37 stream { | |
| 38 %%TEST_GLOBALS_STREAM%% | |
| 39 | |
| 40 map $proxy_protocol_tlv_ssl $binary_present { | |
| 41 "~\\x00" "true"; | |
| 42 } | |
| 43 | |
| 44 server { | |
| 45 listen 127.0.0.1:8080 proxy_protocol; | |
| 46 return " | |
| 47 alpn:$proxy_protocol_tlv_alpn | |
| 48 authority:$proxy_protocol_tlv_authority | |
| 49 crc32c:$proxy_protocol_tlv_0x3 | |
| 50 unique-id:$proxy_protocol_tlv_unique_id | |
| 51 netns:$proxy_protocol_tlv_netns | |
| 52 ssl-verify:$proxy_protocol_tlv_ssl_verify | |
| 53 ssl-version:$proxy_protocol_tlv_ssl_version | |
| 54 ssl-cn:$proxy_protocol_tlv_ssl_cn | |
| 55 ssl-cipher:$proxy_protocol_tlv_ssl_cipher | |
| 56 ssl-sig-alg:$proxy_protocol_tlv_ssl_sig_alg | |
| 57 ssl-key-alg:$proxy_protocol_tlv_ssl_key_alg | |
| 58 custom:$proxy_protocol_tlv_0x000ae | |
| 59 x:$proxy_protocol_tlv_0x000e | |
| 60 ssl-binary:$binary_present"; | |
| 61 } | |
| 62 } | |
| 63 | |
| 64 EOF | |
| 65 | |
| 66 $t->try_run('no proxy_protocol tlv')->plan(14); | |
| 67 | |
| 68 ############################################################################### | |
| 69 | |
| 70 my $tlv = pp2_create_tlv(0x1, "ALPN1"); | |
| 71 $tlv .= pp2_create_tlv(0x2, "localhost"); | |
| 72 $tlv .= pp2_create_tlv(0x3, "4321"); | |
| 73 $tlv .= pp2_create_tlv(0x5, "UNIQQ"); | |
| 74 $tlv .= pp2_create_tlv(0x30, "NETNS"); | |
| 75 $tlv .= pp2_create_tlv(0xae, "12345"); | |
| 76 my $p = pp2_create($tlv); | |
| 77 | |
| 78 my $r = pp_get(8080, $p); | |
| 79 like($r, qr/alpn:ALPN1\x0d?$/m, 'ALPN'); | |
| 80 like($r, qr/authority:localhost\x0d?$/m, 'AUTHORITY'); | |
| 81 like($r, qr/crc32c:4321\x0d?$/m, 'CRC32C'); | |
| 82 like($r, qr/unique-id:UNIQQ\x0d?$/m, 'UNIQUE_ID'); | |
| 83 like($r, qr/netns:NETNS\x0d?$/m, 'NETNS'); | |
| 84 like($r, qr/custom:12345\x0d?$/m, 'custom'); | |
| 85 like($r, qr/x:\x0d?$/m, 'non-existent'); | |
| 86 | |
| 87 # big proxy protocol header with TLVs | |
| 88 | |
| 89 TODO: { | |
| 90 local $TODO = 'not yet' unless $t->has_version('1.23.3'); | |
| 91 | |
| 92 my $sub = pp2_create_tlv(0x21, "TLSv1.2"); | |
| 93 $sub .= pp2_create_tlv(0x22, "example.com"); | |
| 94 $sub .= pp2_create_tlv(0x23, "AES256-SHA"); | |
| 95 $sub .= pp2_create_tlv(0x24, "SHA1"); | |
| 96 $sub .= pp2_create_tlv(0x25, "RSA512"); | |
| 97 my $ssl = pp2_create_ssl(0x01, 255, $sub); | |
| 98 $tlv .= pp2_create_tlv(0x20, $ssl); | |
| 99 $p = pp2_create($tlv); | |
| 100 | |
| 101 $r = pp_get(8080, $p); | |
| 102 like($r, qr/ssl-verify:255\x0d?$/m, 'SSL_VERIFY'); | |
| 103 like($r, qr/ssl-version:TLSv1.2\x0d?$/m, 'SSL_VERSION'); | |
| 104 like($r, qr/ssl-cn:example.com\x0d?$/m, 'SSL_CN'); | |
| 105 like($r, qr/ssl-cipher:AES256-SHA\x0d?$/m, 'SSL_CIPHER'); | |
| 106 like($r, qr/ssl-sig-alg:SHA1\x0d?$/m, 'SSL_SIG_ALG'); | |
| 107 like($r, qr/ssl-key-alg:RSA512\x0d?$/m, 'SSL_KEY_ALG'); | |
| 108 like($r, qr/ssl-binary:true/, 'SSL_BINARY'); | |
| 109 | |
| 110 } | |
| 111 | |
| 112 ############################################################################### | |
| 113 | |
| 114 sub pp_get { | |
| 115 my ($port, $proxy) = @_; | |
| 116 stream(PeerPort => port($port))->io($proxy); | |
| 117 } | |
| 118 | |
| 119 sub pp2_create { | |
| 120 my ($tlv) = @_; | |
| 121 | |
| 122 my $pp2_sig = pack("N3", 0x0D0A0D0A, 0x000D0A51, 0x5549540A); | |
| 123 my $ver_cmd = pack('C', 0x21); | |
| 124 my $family = pack('C', 0x11); | |
| 125 my $packet = $pp2_sig . $ver_cmd . $family; | |
| 126 | |
| 127 my $ip1 = pack('N', 0xc0000201); # 192.0.2.1 | |
| 128 my $ip2 = pack('N', 0xc0000202); # 192.0.2.2 | |
| 129 my $port1 = pack('n', 123); | |
| 130 my $port2 = pack('n', 5678); | |
| 131 my $addrs = $ip1 . $ip2 . $port1 . $port2; | |
| 132 | |
| 133 my $len = length($addrs) + length($tlv); | |
| 134 | |
| 135 $packet .= pack('n', $len) . $addrs . $tlv; | |
| 136 | |
| 137 return $packet; | |
| 138 } | |
| 139 | |
| 140 sub pp2_create_tlv { | |
| 141 my ($type, $content) = @_; | |
| 142 | |
| 143 my $len = length($content); | |
| 144 | |
| 145 return pack("CnA*", $type, $len, $content); | |
| 146 } | |
| 147 | |
| 148 sub pp2_create_ssl { | |
| 149 my ($client, $verify, $content) = @_; | |
| 150 | |
| 151 return pack("CNA*", $client, $verify, $content); | |
| 152 } | |
| 153 | |
| 154 ############################################################################### |