mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-01-03 18:52:04 +00:00
488ee7fb6e
This patch fixes PROXYv2 parsing when the payload of the TCP connection is fused with the PROXYv2 header within a single recv() call. Previously HAProxy ignored the PROXYv2 header length when attempting to parse the TLV, possibly interpreting the first byte of the payload as a TLV type. This patch adds proper validation. It ensures that: 1. TLV parsing stops when the end of the PROXYv2 header is reached. 2. TLV lengths cannot exceed the PROXYv2 header length. 3. The PROXYv2 header ends together with the last TLV, not allowing for "stray bytes" to be ignored. A reg-test was added to ensure proper behavior. This patch tries to find the sweat spot between a small and easily backportable one, and a cleaner one that's more easily adaptable to older versions, hence why it merges the "if" and "while" blocks which causes a reindent of the whole block. It should be used as-is for versions 1.9 to 2.1, the block about PP2_TYPE_AUTHORITY should be dropped for 2.0 and the block about CRC32C should be dropped for 1.8. This bug was introduced when TLV parsing was added. This happened in commit |
||
|---|---|---|
| .. | ||
| cache | ||
| checks | ||
| compression | ||
| connection | ||
| converter | ||
| http-capture | ||
| http-cookies | ||
| http-errorfiles | ||
| http-messaging | ||
| http-rules | ||
| log | ||
| lua | ||
| mailers | ||
| mcli | ||
| peers | ||
| sample_fetches | ||
| seamless-reload | ||
| server | ||
| spoe | ||
| ssl | ||
| stick-table | ||
| stickiness | ||
| stream | ||
| webstats | ||
| README | ||
* Regression testing for HAProxy with VTest *
This little README file is about how to compile and run vtest test case files (VTC files)
to test HAProxy for any regression.
To do so, you will have to compile vtest program sources which depends on
Varnish cache application sources. vtest, formerly varnishtest, is a very useful
program which has been developed to test Varnish cache application. vtest has been
modified in collaboration with Varnish cache conceptor Poul-Henning Kamp to support
HAProxy in addition to Varnish cache.
See also: doc/regression-testing.txt
* vtest compilation *
$ git clone https://github.com/vtest/VTest
$ cd VTest
$ make vtest
Then vtest program may be found at the root directory of vtest sources directory.
The Varnish cache manuals are located in 'man' directory of Varnish cache sources
directory. You will have to have a look at varnishtest(7) and vtc(7) manuals to
use vtest.
Some information may also be found in doc/regression-testing.txt in HAProxy
sources.
Note that VTC files for Varnish cache may be found in bin/varnishtest/tests directory
of Varnish cache sources directory which may be found here:
https://github.com/varnishcache/varnish-cache
* vtest execution *
You must set HAPROXY_PROGRAM environment variable to give the location
of the HAProxy program to test to vtest:
$ HAPROXY_PROGRAM=<my haproxy program> vtest [-Dno-htx=] ...
The HAProxy VTC files found in HAProxy sources may be run with the reg-tests
Makefile target. You must set the VTEST_PROGRAM environment variable to
give the location of the vtest program which has been previously compiled.
$ VTEST_PROGRAM=<my vtest program> make reg-tests
"reg-tests" Makefile target run scripts/run-regtest.sh script.
To get more information about this script run it with --help option.
Note that vtest is run with -t10 and -l option. -l option is to keep
keep vtest temporary directory in case of failed test cases. core files
may be found in this directory (if enabled by ulimit).
* vtest patches for HAProxy VTC files *
When producing a patch to add a VTC regression testing file to reg-tests directory,
please follow these simple rules:
- If your VTC file needs others files, if possible, use the same basename as that
of the VTC file,
- Put these files in a directory with the same name as the code area concerned
by the bug ('peers', 'lua', 'acl' etc).