From 9b53b4cd1f50b770aaf711d50fea3fadf58b7ef6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Wed, 20 Jun 2018 07:26:44 +0200 Subject: [PATCH] MINOR: reg-tests: Add a few regression testing files. --- reg-tests/log/h00000.vtc | 62 ++++++++++++++++++++++++++ reg-tests/seamless-reload/h00000.vtc | 43 ++++++++++++++++++ reg-tests/spoe/h00000.vtc | 18 ++++++++ reg-tests/ssl/README | 2 + reg-tests/ssl/common.pem | 65 ++++++++++++++++++++++++++++ reg-tests/ssl/h00000.vtc | 48 ++++++++++++++++++++ 6 files changed, 238 insertions(+) create mode 100644 reg-tests/log/h00000.vtc create mode 100644 reg-tests/seamless-reload/h00000.vtc create mode 100644 reg-tests/spoe/h00000.vtc create mode 100644 reg-tests/ssl/README create mode 100644 reg-tests/ssl/common.pem create mode 100644 reg-tests/ssl/h00000.vtc diff --git a/reg-tests/log/h00000.vtc b/reg-tests/log/h00000.vtc new file mode 100644 index 000000000..f0ab7ea18 --- /dev/null +++ b/reg-tests/log/h00000.vtc @@ -0,0 +1,62 @@ +# commit d02286d +# BUG/MINOR: log: pin the front connection when front ip/ports are logged +# +# Mathias Weiersmueller reported an interesting issue with logs which Lukas +# diagnosed as dating back from commit 9b061e332 (1.5-dev9). When front +# connection information (ip, port) are logged in TCP mode and the log is +# emitted at the end of the connection (eg: because %B or any log tag +# requiring LW_BYTES is set), the log is emitted after the connection is +# closed, so the address and ports cannot be retrieved anymore. +# +# It could be argued that we'd make a special case of these to immediatly +# retrieve the source and destination addresses from the connection, but it +# seems cleaner to simply pin the front connection, marking it "tracked" by +# adding the LW_XPRT flag to mention that we'll need some of these elements +# at the last moment. Only LW_FRTIP and LW_CLIP are affected. Note that after +# this change, LW_FRTIP could simply be removed as it's not used anywhere. +# +# Note that the problem doesn't happen when using %[src] or %[dst] since +# all sample expressions set LW_XPRT. + +varnishtest "Wrong ip/port logging" +feature ignore_unknown_macro + +server s1 { + rxreq + txresp +} -start + +syslog Slg_1 -level notice { + recv + recv + recv info + expect ~ \"dip\":\"${h1_fe_1_addr}\",\"dport\":\"${h1_fe_1_port}.*\"ts\":\"cD\",\" +} -start + +haproxy h1 -conf { + global + log ${Slg_1_addr}:${Slg_1_port} local0 + +defaults + log global + timeout connect 3000 + timeout client 5 + timeout server 10000 + +frontend fe1 + bind "fd@${fe_1}" + mode tcp + log-format {\"dip\":\"%fi\",\"dport\":\"%fp\",\"c_ip\":\"%ci\",\"c_port\":\"%cp\",\"fe_name\":\"%ft\",\"be_name\":\"%b\",\"s_name\":\"%s\",\"ts\":\"%ts\",\"bytes_read\":\"%B\"} + default_backend be_app + +backend be_app + server app1 ${s1_addr}:${s1_port} check +} -start + +client c1 -connect ${h1_fe_1_sock} { + txreq -url "/" + delay 0.02 +} -run + +syslog Slg_1 -wait + diff --git a/reg-tests/seamless-reload/h00000.vtc b/reg-tests/seamless-reload/h00000.vtc new file mode 100644 index 000000000..498e0c61a --- /dev/null +++ b/reg-tests/seamless-reload/h00000.vtc @@ -0,0 +1,43 @@ +# commit b4dd15b +# BUG/MINOR: unix: Make sure we can transfer abns sockets on seamless reload. +# +# When checking if a socket we got from the parent is suitable for a listener, +# we just checked that the path matched sockname.tmp, however this is +# unsuitable for abns sockets, where we don't have to create a temporary +# file and rename it later. +# To detect that, check that the first character of the sun_path is 0 for +# both, and if so, that &sun_path[1] is the same too. + +varnishtest "Seamless reload issue with abns sockets" +feature ignore_unknown_macro + +haproxy h1 -W -conf { + global + stats socket ${tmpdir}/h1/stats level admin expose-fd listeners + + defaults + mode http + log global + option httplog + timeout connect 15ms + timeout client 20ms + timeout server 20ms + + listen testme + bind "fd@${testme}" + server test_abns_server abns@wpproc1 send-proxy-v2 + + frontend test_abns + bind abns@wpproc1 accept-proxy + http-request deny deny_status 200 +} -start + +shell { + kill -USR2 $(cat ${tmpdir}/h1/pid) +} + +client c1 -connect ${h1_testme_sock} { + txreq -url "/" + rxresp +} -repeat 50 -run + diff --git a/reg-tests/spoe/h00000.vtc b/reg-tests/spoe/h00000.vtc new file mode 100644 index 000000000..b4ac87745 --- /dev/null +++ b/reg-tests/spoe/h00000.vtc @@ -0,0 +1,18 @@ +# commit 84c844eb12b250aa86f2aadaff77c42dfc3cb619 +# BUG/MINOR: spoe: Initialize variables used during conf parsing before any check +# +# Some initializations must be done at the beginning of parse_spoe_flt to avoid +# segmentaion fault when first errors are catched, when the "filter spoe" line is +# parsed. + +varnishtest "SPOE bug: missing configuration file" + +haproxy h1 -conf-BAD {} { + defaults + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + + frontend my-front + filter spoe +} diff --git a/reg-tests/ssl/README b/reg-tests/ssl/README new file mode 100644 index 000000000..f2fc534f5 --- /dev/null +++ b/reg-tests/ssl/README @@ -0,0 +1,2 @@ +File list: + - common.pem: PEM file which may be used by most of the VTC files. diff --git a/reg-tests/ssl/common.pem b/reg-tests/ssl/common.pem new file mode 100644 index 000000000..ca8778e4f --- /dev/null +++ b/reg-tests/ssl/common.pem @@ -0,0 +1,65 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAnb0BDF7FsqzslakNg7u/n/JQkq6nheuKwvyTqECfpc9y7uSB +e/vrEFqBaDSLQagJxuZdL5geFeVtRbdAoB97N1/LZa6vecjjgGSP0Aag/gS/ocnM +RIyvlVWWT9MrD46OG3qZY1ORU1ltrVL0NKttJP8xME7j3bTwIDElx/hNI0n7L+yS +kAe2xb/7CbZRfoOhjTVAcGv4aSLVc/Hi8k6VkIzdOEtH6TcghXmuGcuqvLNH9Buo +syngKTcQ8zg6J+e64aVvC+e7vi94uil9Qu+JHm0pkDzAZ2WluNsuXlrJToPirWyj +6/YdN6xgSI1hbZkBmUPAebgYuxBt6huvfyQd3wIDAQABAoIBABojc8UE/2W4WgwC +04Z82ig7Ezb7Ui9S9M+S4zUCYHItijIkE4DkIfO3y7Hk4x6iJdyb191HK9UdC5p9 +32upS9XFPgM/izx3GZvxDhO+xXbSep7ovbyuQ3pPkHTx3TTavpm3GyvmcTKKoy4R +jP4dWhzDXPdQW1ol3ZS4EDau4rlyClY6oi1mq9aBEX3MqVjB/nO7s2AbdgclAgP2 +OZMhTzWYR1k5tYySHCXh3ggGMCikyvHU0+SsGyrstYzP1VYi/n3f0VgqW/5ZjG8x +6SHpe04unErPF3HuSun2ZMCFdBxaTFZ8FENb8evrSXe3nQOc9W21RQdRRrNNUbjl +JYI4veECgYEA0ATYKMS1VCUYRZoQ49b5GTg7avUYqfW4bEo4fSfBue8NrnKR3Wu8 +PPBiCTuIYq1vSF+60B7Vu+hW0A8OuQ2UuMxLpYcQ7lKfNad/+yAfoWWafIqCqNU9 +at0QMdbW6A69d6jZt7OrXtleBsphCnN58jTz4ch4PIa2Oyq46NUXCvUCgYEAwh8t +G6BOHOs3yRNI2s9Y9EEfwoil2uIKrZhqiL3AwdIpu5uNIMuPnbaEpXvRX6jv/qtL +321i8vZLc31aM7zfxQ6B4ReQFJfYC80FJsWvcLwT9hB9mTJpLS4sIu5tzQc87O6w +RtjFMom+5ns5hfPB4Eccy0EtbQWVY4nCzUeO6QMCgYBSvqqRRPXwG7VU8lznlHqP +upuABzChYrnScY+Y0TixUlL54l79Wb6N6vzEOWceAWkzu8iewrU4QspNhr/PgoR3 +IeSxWlG0yy7Dc/ZnmTabx8O06I/iwrfkizzG5nOj6UEamRLJjPGNEB/jyZriQl7u +pnugg1K4mMliLbNSAnlhBQKBgQCmYepbv260Qrex1KGhSg9Ia3k5V74weYYFfJnz +UhChD+1NK+ourcsOtp3C6PlwMHBjq5aAjlU9QfUxq8NgjQaO8/xGXdfUjsFSfAtq +TA4vZkUFpuTAJgEYBHc4CXx7OzTxLzRPxQRgaMgC7KNFOMR34vu/CsJQq3R7uFwL +bsYC2QKBgQCtEmg1uDZVdByX9zyUMuRxz5Tq/vDcp+A5lJj2mha1+bUMaKX2+lxQ +vPxY55Vaw/ukWkJirRrpGv6IytBn0dLAFSlKZworZGBaxsm8OGTFJ5Oe9+kZTjI9 +hvjpClOA1otbmj2F2uZAbuIjxQGDNUkLoifN5yDYCC8JPujHuHmULw== +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIGeTCCBGGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJGUjEW +MBQGA1UECBMNSWxlLWRlLUZyYW5jZTEOMAwGA1UEBxMFUGFyaXMxEDAOBgNVBAoT +B296b24uaW8xFTATBgNVBAMTDE96b24gVGVzdCBDQTEeMBwGCSqGSIb3DQEJARYP +c3VwcG9ydEBvem9uLmlvMB4XDTE2MDExNzIzMDIzOFoXDTE4MDExNjIzMDIzOFow +gb4xCzAJBgNVBAYTAkZSMRYwFAYDVQQIEw1JbGUtZGUtRnJhbmNlMRowGAYDVQQH +ExFOZXVpbGx5LXN1ci1TZWluZTEYMBYGA1UEChMPVE9BRCBDb25zdWx0aW5nMRcw +FQYDVQQLEw5lUGFyYXBoZXIgVGVhbTEWMBQGA1UEAxMNd3d3LnRlc3QxLmNvbTEw +MC4GCSqGSIb3DQEJARYhYXJuYXVsdC5taWNoZWxAdG9hZC1jb25zdWx0aW5nLmZy +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnb0BDF7FsqzslakNg7u/ +n/JQkq6nheuKwvyTqECfpc9y7uSBe/vrEFqBaDSLQagJxuZdL5geFeVtRbdAoB97 +N1/LZa6vecjjgGSP0Aag/gS/ocnMRIyvlVWWT9MrD46OG3qZY1ORU1ltrVL0NKtt +JP8xME7j3bTwIDElx/hNI0n7L+ySkAe2xb/7CbZRfoOhjTVAcGv4aSLVc/Hi8k6V +kIzdOEtH6TcghXmuGcuqvLNH9BuosyngKTcQ8zg6J+e64aVvC+e7vi94uil9Qu+J +Hm0pkDzAZ2WluNsuXlrJToPirWyj6/YdN6xgSI1hbZkBmUPAebgYuxBt6huvfyQd +3wIDAQABo4IBvzCCAbswCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMB +MB0GA1UdDgQWBBTIihFNVNgOseQnsWEcAQxAbIKE4TCBsgYDVR0jBIGqMIGngBRv +G9At9gzk2MW5Z7JVey1LtPIZ8KGBg6SBgDB+MQswCQYDVQQGEwJGUjEWMBQGA1UE +CBMNSWxlLWRlLUZyYW5jZTEOMAwGA1UEBxMFUGFyaXMxEDAOBgNVBAoTB296b24u +aW8xFTATBgNVBAMTDE96b24gVGVzdCBDQTEeMBwGCSqGSIb3DQEJARYPc3VwcG9y +dEBvem9uLmlvggkA15FtIaGcrk8wDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg9j +b21tb25OYW1lOmNvcHkwCQYDVR0SBAIwADBIBgNVHR8EQTA/MD2gO6A5hjdodHRw +Oi8vb3BlbnNzbGNhLnRvYWQtY29uc3VsdGluZy5jb20vb3BlbnZwbi9MYXRlc3Qu +Y3JsMBEGCWCGSAGG+EIBAQQEAwIGQDAxBglghkgBhvhCAQ0EJBYiVE9BRC1Db25z +dWx0aW5nIHNlcnZlciBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEAewDa +9BukGNJMex8gsXmmdaczTr8yh9Uvw4NJcZS38I+26o//2g+d6i7wxcQg8hIm62Hj +0TblGU3+RsJo4uzcWxxA5YUYlVszbHNBRpQengEE5pjwHvoXVMNES6Bt8xP04+Vj +0qVnA8gUaDMk9lN5anK7tF/mbHOIJwHJZYCa2t3y95dIOVEXFwOIzzbSbaprjkLN +w0BgR5paJz7NZWNqo4sZHUUz94uH2bPEd01SqHO0dJwEVxadgxuPnD05I9gqGpGX +Zf3Rn7EQylvUtX9mpPaulQPXc3emefewLUSSAdnZrVikZK2J/B4lSi9FpUwl4iQH +pZoE0QLQHtB1SBKacnOAddGSTLSdFvpzjErjjWSpMukF0vutmrP86GG3xtshWVhI +u+yLfDJVm/pXfaeDtWMXpxIT/U1i0avpk5MZtFMRC0MTaxEWBTnnJm+/yiaAXQYg +E1ZIP0mkZkiUojIawTR7JTjHGhIraP9UVPNceVy0DLfETHEou3vhwBn7PFOz7piJ +wjp3A47DStJD4fapaX6B1fqM+n34CMD9ZAiJFgQEIQfObAWC9hyr4m+pqkp1Qfuw +vsAP/ZoS1CBirJfm3i+Gshh+VeH+TAmO/NBBYCfzBdgkNz4tJCkOc7CUT/NQTR/L +N2OskR/Fkge149RJi7hHvE3gk/mtGtNmHJPuQ+s= +-----END CERTIFICATE----- + diff --git a/reg-tests/ssl/h00000.vtc b/reg-tests/ssl/h00000.vtc new file mode 100644 index 000000000..5b0a3913e --- /dev/null +++ b/reg-tests/ssl/h00000.vtc @@ -0,0 +1,48 @@ +# commit 28962c9 +# BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot +# +# We never saw unexplicated crash with SSL, so I suppose that we are +# luck, or the slot 0 is always reserved. Anyway the usage of the macro +# SSL_get_app_data() and SSL_set_app_data() seem wrong. This patch change +# the deprecated functions SSL_get_app_data() and SSL_set_app_data() +# by the new functions SSL_get_ex_data() and SSL_set_ex_data(), and +# it reserves the slot in the SSL memory space. +# +# For information, this is the two declaration which seems wrong or +# incomplete in the OpenSSL ssl.h file. We can see the usage of the +# slot 0 whoch is hardcoded, but never reserved. +# +# #define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) +# #define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) + + +varnishtest "OpenSSL bug: Random crashes" +feature ignore_unknown_macro + + +haproxy h1 -conf { + global + tune.ssl.default-dh-param 2048 + tune.ssl.capture-cipherlist-size 1 + + listen frt + mode http + bind "fd@${frt}" ssl crt ${testdir}/common.pem + http-request redirect location / +} -start + + +# Note that with such a HAProxy configuration and curl status is 52 +# (Empty reply from server). + +process p1 "curl -i -k http://${h1_frt_addr}:${h1_frt_port}" -expect-exit 52 -start +process p2 "curl -i -k http://${h1_frt_addr}:${h1_frt_port}" -expect-exit 52 -start +process p3 "curl -i -k http://${h1_frt_addr}:${h1_frt_port}" -expect-exit 52 -start +process p4 "curl -i -k http://${h1_frt_addr}:${h1_frt_port}" -expect-exit 52 -start +process p5 "curl -i -k http://${h1_frt_addr}:${h1_frt_port}" -expect-exit 52 -start + +process p1 -wait +process p2 -wait +process p3 -wait +process p4 -wait +process p5 -wait