mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-24 13:42:16 +00:00
f673923629
With the CI occasionally slowing down, we're starting to see again some spurious failures despite the long 1-second timeouts. This reports false positives that are disturbing and doesn't provide as much value as this could. However at this delay it already becomes a pain for developers to wait for the tests to complete. This commit adds support for the new environment variable HAPROXY_TEST_TIMEOUT that will allow anyone to modify the connect, client and server timeouts. It was set to 5 seconds by default, which should be plenty for quite some time in the CI. All relevant values that were 200ms or above were replaced by this one. A few larger values were left as they are special. One test for the set-timeout action that used to rely on a fixed 1-sec value was extended to a fixed 5-sec, as the timeout is normally not reached, but it needs to be known to compare the old and new values.
143 lines
4.1 KiB
Plaintext
143 lines
4.1 KiB
Plaintext
varnishtest "Check that the TLVs are properly validated"
|
|
|
|
#REQUIRE_VERSION=2.4
|
|
|
|
feature ignore_unknown_macro
|
|
|
|
# We need one HAProxy for each test, because apparently the connection by
|
|
# the client is reused, leading to connection resets.
|
|
|
|
haproxy h1 -conf {
|
|
defaults
|
|
mode http
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
frontend a
|
|
bind "fd@${fe1}" accept-proxy
|
|
http-after-response set-header echo %[fc_pp_authority,hex]
|
|
http-request return status 200
|
|
} -start
|
|
|
|
# Validate that a correct header passes
|
|
client c1 -connect ${h1_fe1_sock} {
|
|
# PROXY v2 signature
|
|
sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
|
|
# version + PROXY
|
|
sendhex "21"
|
|
# TCP4
|
|
sendhex "11"
|
|
# length of the address (12) + length of the TLV (8)
|
|
sendhex "00 14"
|
|
# 127.0.0.1 42 127.0.0.1 1337
|
|
sendhex "7F 00 00 01 7F 00 00 01 00 2A 05 39"
|
|
# PP2_TYPE_AUTHORITY + length of the value + "12345"
|
|
sendhex "02 00 05 31 32 33 34 35"
|
|
|
|
txreq -url "/"
|
|
rxresp
|
|
expect resp.http.echo == "3132333435"
|
|
} -run
|
|
|
|
haproxy h2 -conf {
|
|
defaults
|
|
mode http
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
frontend a
|
|
bind "fd@${fe1}" accept-proxy
|
|
http-after-response set-header echo %[fc_pp_authority,hex]
|
|
http-request return status 200
|
|
} -start
|
|
|
|
# Validate that a TLV after the end of the PROXYv2 header is not parsed
|
|
# and handle by the HTTP parser, leading to a 400 bad request error
|
|
client c2 -connect ${h2_fe1_sock} {
|
|
# PROXY v2 signature
|
|
sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
|
|
# version + PROXY
|
|
sendhex "21"
|
|
# TCP4
|
|
sendhex "11"
|
|
# length of the address (12) + length of the TLV (8)
|
|
sendhex "00 14"
|
|
# 127.0.0.1 42 127.0.0.1 1337
|
|
sendhex "7F 00 00 01 7F 00 00 01 00 2A 05 39"
|
|
# PP2_TYPE_AUTHORITY + length of the value + "12345"
|
|
sendhex "02 00 05 31 32 33 34 35"
|
|
# after the end of the PROXYv2 header: PP2_TYPE_AUTHORITY + length of the value + "54321"
|
|
sendhex "02 00 05 35 34 33 32 31"
|
|
|
|
txreq -url "/"
|
|
rxresp
|
|
expect resp.status == 400
|
|
expect resp.http.echo == <undef>
|
|
} -run
|
|
|
|
haproxy h3 -conf {
|
|
defaults
|
|
mode http
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
frontend a
|
|
bind "fd@${fe1}" accept-proxy
|
|
http-after-response set-header echo %[fc_pp_authority,hex]
|
|
http-request return status 200
|
|
} -start
|
|
|
|
# Validate that a TLV length exceeding the PROXYv2 length fails
|
|
client c3 -connect ${h3_fe1_sock} {
|
|
# PROXY v2 signature
|
|
sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
|
|
# version + PROXY
|
|
sendhex "21"
|
|
# TCP4
|
|
sendhex "11"
|
|
# length of the address (12) + too small length of the TLV (8)
|
|
sendhex "00 14"
|
|
# 127.0.0.1 42 127.0.0.1 1337
|
|
sendhex "7F 00 00 01 7F 00 00 01 00 2A 05 39"
|
|
# PP2_TYPE_AUTHORITY + length of the value + "1234512345"
|
|
sendhex "02 00 0A 31 32 33 34 35 31 32 33 34 35"
|
|
|
|
txreq -url "/"
|
|
expect_close
|
|
} -run
|
|
|
|
haproxy h4 -conf {
|
|
defaults
|
|
mode http
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
frontend a
|
|
bind "fd@${fe1}" accept-proxy
|
|
http-after-response set-header echo %[fc_pp_authority,hex]
|
|
http-request return status 200
|
|
} -start
|
|
|
|
# Validate that TLVs not ending with the PROXYv2 header fail
|
|
client c4 -connect ${h4_fe1_sock} {
|
|
# PROXY v2 signature
|
|
sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
|
|
# version + PROXY
|
|
sendhex "21"
|
|
# TCP4
|
|
sendhex "11"
|
|
# length of the address (12) + too big length of the TLV (8)
|
|
sendhex "00 14"
|
|
# 127.0.0.1 42 127.0.0.1 1337
|
|
sendhex "7F 00 00 01 7F 00 00 01 00 2A 05 39"
|
|
# PP2_TYPE_AUTHORITY + length of the value + "1234"
|
|
sendhex "02 00 04 31 32 33 34"
|
|
|
|
txreq -url "/"
|
|
expect_close
|
|
} -run
|