1
0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-24 05:32:21 +00:00
haproxy/reg-tests/http-rules/forwarded-header-7239.vtc
Aurelien DARRAGON db1cd8f881 OPTIM: http_ext: avoid useless copy in http_7239_extract_{ipv4,ipv6}
In http_7239_extract_{ipv4,ipv6}, we declare a local buffer in order to
use inet_pton() since it requires a valid destination argument (cannot be
NULL). Then, if the caller provided <ip> argument, we copy inet_pton()
result (from local buffer to <ip>).

In fact when the caller provides <ip>, we may directly use <ip> as
inet_pton() dst argument to avoid an useless copy. Thus the local buffer
is only relevant when the user doesn't provide <ip>.

While at it, let's add a missing testcase for the rfc7239_n2nn converter
(to check that http_7239_extract_ipv4() with <ip> provided works properly)

This could be backported in 2.8 with b2bb925 ("MINOR: proxy/http_ext:
introduce proxy forwarded option")
2024-03-25 16:24:15 +01:00

178 lines
4.9 KiB
Plaintext

varnishtest "Test RFC 7239 forwarded header support (forwarded option and related converters)"
feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.8-dev0)'"
# This config tests the HTTP forwarded option and RFC7239 related converters.
feature ignore_unknown_macro
#test: converters, parsing and header injection logic
haproxy h1 -conf {
global
# WT: limit false-positives causing "HTTP header incomplete" due to
# idle server connections being randomly used and randomly expiring
# under us.
tune.idle-pool.shared off
defaults
mode http
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
frontend fe1
bind "fd@${fe1}"
http-request set-src hdr(x-src)
http-request set-dst hdr(x-dst)
http-request set-header host %[str(vtest)]
use_backend be1 if { path /req1 }
use_backend be2 if { path /req2 }
use_backend be3 if { path /req3 }
use_backend be4 if { path /req4 }
frontend fe2
bind "fd@${fe2}"
http-request return status 200 hdr forwarded "%[req.hdr(forwarded)]"
backend be1
option forwarded
server s1 ${h1_fe2_addr}:${h1_fe2_port}
backend be2
option forwarded for-expr src for_port-expr str(id) by by_port-expr int(10)
server s1 ${h1_fe2_addr}:${h1_fe2_port}
backend be3
acl valid req.hdr(forwarded),rfc7239_is_valid
http-request return status 200 if valid
http-request return status 400
backend be4
http-request set-var(req.fnode) req.hdr(forwarded),rfc7239_field(for)
http-request return status 200 hdr nodename "%[var(req.fnode),rfc7239_n2nn]" hdr nodeport "%[var(req.fnode),rfc7239_n2np]"
} -start
#test: "default" and "no option forwarded"
haproxy h2 -conf {
global
# WT: limit false-positives causing "HTTP header incomplete" due to
# idle server connections being randomly used and randomly expiring
# under us.
tune.idle-pool.shared off
defaults
mode http
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
option forwarded
frontend fe1
bind "fd@${fe1h2}"
use_backend default if { path /default }
use_backend override if { path /override }
use_backend disabled if { path /disabled }
backend default
server s1 ${h1_fe2_addr}:${h1_fe2_port}
backend override
option forwarded host-expr str(override)
server s1 ${h1_fe2_addr}:${h1_fe2_port}
backend disabled
no option forwarded
server s1 ${h1_fe2_addr}:${h1_fe2_port}
} -start
client c1 -connect ${h1_fe1_sock} {
txreq -req GET -url /req1 \
-hdr "x-src: 127.0.0.1"
rxresp
expect resp.status == 200
expect resp.http.forwarded == "proto=http;for=127.0.0.1"
txreq -req GET -url /req2 \
-hdr "x-src: 127.0.0.2" \
-hdr "x-dst: 127.0.0.3"
rxresp
expect resp.status == 200
expect resp.http.forwarded == "by=\"127.0.0.3:10\";for=\"127.0.0.2:_id\""
txreq -req GET -url /req3 \
-hdr "forwarded: for=\"unknown:132\";host=\"[::1]:65535\";by=\"_obfs:_port\";proto=https"
rxresp
expect resp.status == 200
txreq -req GET -url /req3 \
-hdr "forwarded: for=\"127.0.0.1\";host=v.test"
rxresp
expect resp.status == 200
txreq -req GET -url /req3 \
-hdr "forwarded: fore=\"unknown:132\""
rxresp
expect resp.status == 400
txreq -req GET -url /req3 \
-hdr "forwarded: proto=http;proto=http"
rxresp
expect resp.status == 400
txreq -req GET -url /req3 \
-hdr "forwarded: \""
rxresp
expect resp.status == 400
txreq -req GET -url /req3 \
-hdr "forwarded: by=[::1]"
rxresp
expect resp.status == 400
txreq -req GET -url /req3 \
-hdr "forwarded: by=\"[::1]\""
rxresp
expect resp.status == 200
txreq -req GET -url /req3 \
-hdr "forwarded: by=\"[::1]:\""
rxresp
expect resp.status == 400
txreq -req GET -url /req3 \
-hdr "forwarded: by=\"[::1]:3\""
rxresp
expect resp.status == 200
txreq -req GET -url /req4 \
-hdr "forwarded: proto=http;for=\"[::1]:_id\""
rxresp
expect resp.status == 200
expect resp.http.nodename == "::1"
expect resp.http.nodeport == "_id"
txreq -req GET -url /req4 \
-hdr "forwarded: for=127.9.0.1"
rxresp
expect resp.status == 200
expect resp.http.nodename == "127.9.0.1"
} -run
client c2 -connect ${h2_fe1h2_sock} {
txreq -req GET -url /default
rxresp
expect resp.status == 200
expect resp.http.forwarded != <undef>
txreq -req GET -url /override
rxresp
expect resp.status == 200
expect resp.http.forwarded == "host=\"override\""
txreq -req GET -url /disabled
rxresp
expect resp.status == 200
expect resp.http.forwarded == <undef>
} -run