Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] Tests: proxy protocol v2 TLVs tests for stream module

Sergey Kandaurov
November 17, 2022 12:34PM
> On 16 Nov 2022, at 10:04, Eugene Grebenschikov via nginx-devel <nginx-devel@nginx.org> wrote:
>
> # HG changeset patch
> # User Eugene Grebenschikov <e.grebenshchikov@f5.com>
> # Date 1668578494 28800
> # Tue Nov 15 22:01:34 2022 -0800
> # Node ID 6040bfd6acbd8492730dee6ffe1bc9e89f70a3cb
> # Parent 01fcc82a435aedd41ed3c23dbf7252371652cc7a
> Tests: proxy protocol v2 TLVs tests for stream module.
>
> diff -r 01fcc82a435a -r 6040bfd6acbd stream_proxy_protocol2_tlv.t
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/stream_proxy_protocol2_tlv.t Tue Nov 15 22:01:34 2022 -0800
> @@ -0,0 +1,154 @@
> +#!/usr/bin/perl
> +
> +# (C) Roman Arutyunyan
> +# (C) Eugene Grebenschikov
> +# (C) Nginx, Inc.
> +
> +# Tests for variables for proxy protocol v2 TLVs.
> +
> +###############################################################################
> +
> +use warnings;
> +use strict;
> +
> +use Test::More;
> +
> +BEGIN { use FindBin; chdir($FindBin::Bin); }
> +
> +use lib 'lib';
> +use Test::Nginx;
> +use Test::Nginx::Stream qw/ stream /;
> +
> +###############################################################################
> +
> +select STDERR; $| = 1;
> +select STDOUT; $| = 1;
> +
> +my $t = Test::Nginx->new()->has(qw/stream stream_return map/)
> + ->write_file_expand('nginx.conf', <<'EOF');
> +
> +%%TEST_GLOBALS%%
> +
> +daemon off;
> +
> +events {
> +}
> +
> +stream {
> + %%TEST_GLOBALS_STREAM%%
> +
> + map $proxy_protocol_tlv_ssl $binary_present {
> + "~\\x00" "true";
> + }
> +
> + server {
> + listen 127.0.0.1:8080 proxy_protocol;
> + return "
> + alpn:$proxy_protocol_tlv_alpn
> + authority:$proxy_protocol_tlv_authority
> + crc32c:$proxy_protocol_tlv_0x3
> + unique-id:$proxy_protocol_tlv_unique_id
> + netns:$proxy_protocol_tlv_netns
> + ssl-verify:$proxy_protocol_tlv_ssl_verify
> + ssl-version:$proxy_protocol_tlv_ssl_version
> + ssl-cn:$proxy_protocol_tlv_ssl_cn
> + ssl-cipher:$proxy_protocol_tlv_ssl_cipher
> + ssl-sig-alg:$proxy_protocol_tlv_ssl_sig_alg
> + ssl-key-alg:$proxy_protocol_tlv_ssl_key_alg
> + custom:$proxy_protocol_tlv_0x000ae
> + x:$proxy_protocol_tlv_0x000e
> + ssl-binary:$binary_present";
> + }
> +}
> +
> +EOF
> +
> +$t->try_run('no proxy_protocol tlv')->plan(14);
> +
> +###############################################################################
> +
> +my $tlv = pp2_create_tlv(0x1, "ALPN1");
> +$tlv .= pp2_create_tlv(0x2, "localhost");
> +$tlv .= pp2_create_tlv(0x3, "4321");
> +$tlv .= pp2_create_tlv(0x5, "UNIQQ");
> +$tlv .= pp2_create_tlv(0x30, "NETNS");
> +$tlv .= pp2_create_tlv(0xae, "12345");
> +my $p = pp2_create($tlv);
> +
> +my $r = pp_get(8080, $p);
> +like($r, qr/alpn:ALPN1\x0d?$/m, 'ALPN');
> +like($r, qr/authority:localhost\x0d?$/m, 'AUTHORITY');
> +like($r, qr/crc32c:4321\x0d?$/m, 'CRC32C');
> +like($r, qr/unique-id:UNIQQ\x0d?$/m, 'UNIQUE_ID');
> +like($r, qr/netns:NETNS\x0d?$/m, 'NETNS');
> +like($r, qr/custom:12345\x0d?$/m, 'custom');
> +like($r, qr/x:\x0d?$/m, 'non-existent');
> +
> +# big proxy protocol header with TLVs
> +
> +TODO: {
> +local $TODO = 'not yet' unless $t->has_version('1.23.3');
> +
> +my $sub = pp2_create_tlv(0x21, "TLSv1.2");
> +$sub .= pp2_create_tlv(0x22, "example.com");
> +$sub .= pp2_create_tlv(0x23, "AES256-SHA");
> +$sub .= pp2_create_tlv(0x24, "SHA1");
> +$sub .= pp2_create_tlv(0x25, "RSA512");
> +my $ssl = pp2_create_ssl(0x01, 255, $sub);
> +$tlv .= pp2_create_tlv(0x20, $ssl);
> +$p = pp2_create($tlv);
> +
> +$r = pp_get(8080, $p);
> +like($r, qr/ssl-verify:255\x0d?$/m, 'SSL_VERIFY');
> +like($r, qr/ssl-version:TLSv1.2\x0d?$/m, 'SSL_VERSION');
> +like($r, qr/ssl-cn:example.com\x0d?$/m, 'SSL_CN');
> +like($r, qr/ssl-cipher:AES256-SHA\x0d?$/m, 'SSL_CIPHER');
> +like($r, qr/ssl-sig-alg:SHA1\x0d?$/m, 'SSL_SIG_ALG');
> +like($r, qr/ssl-key-alg:RSA512\x0d?$/m, 'SSL_KEY_ALG');
> +like($r, qr/ssl-binary:true/, 'SSL_BINARY');
> +
> +}
> +
> +###############################################################################
> +
> +sub pp_get {
> + my ($port, $proxy) = @_;
> + stream(PeerPort => port($port))->io($proxy);
> +}
> +
> +sub pp2_create {
> + my ($tlv) = @_;
> +
> + my $pp2_sig = pack("N3", 0x0D0A0D0A, 0x000D0A51, 0x5549540A);
> + my $ver_cmd = pack('C', 0x21);
> + my $family = pack('C', 0x11);
> + my $packet = $pp2_sig . $ver_cmd . $family;
> +
> + my $ip1 = pack('N', 0xc0000201); # 192.0.2.1
> + my $ip2 = pack('N', 0xc0000202); # 192.0.2.2
> + my $port1 = pack('n', 123);
> + my $port2 = pack('n', 5678);
> + my $addrs = $ip1 . $ip2 . $port1 . $port2;
> +
> + my $len = length($addrs) + length($tlv);
> +
> + $packet .= pack('n', $len) . $addrs . $tlv;
> +
> + return $packet;
> +}
> +
> +sub pp2_create_tlv {
> + my ($type, $content) = @_;
> +
> + my $len = length($content);
> +
> + return pack("CnA*", $type, $len, $content);
> +}
> +
> +sub pp2_create_ssl {
> + my ($client, $verify, $content) = @_;
> +
> + return pack("CNA*", $client, $verify, $content);
> +}
> +
> +###############################################################################
>

Looks good.

--
Sergey Kandaurov

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Subject Author Views Posted

[PATCH] Tests: proxy protocol v2 TLVs tests for stream module

Eugene Grebenschikov via nginx-devel 149 November 16, 2022 01:06AM

Re: [PATCH] Tests: proxy protocol v2 TLVs tests for stream module

Sergey Kandaurov 23 November 17, 2022 12:34PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 87
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready