mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-10-31 08:30:59 +01:00
48d5ef363d
When threads are enabled and running on a machine with multiple CCX or multiple nodes, thread groups are now enabled since 3.3-dev2, causing load-balancing algorithms to randomly fail due to incoming connections spreading over multiple groups and using different load balancing indexes. Let's just force "thread-groups 1" into all configs when threads are enabled to avoid this.
161 lines
4.4 KiB
Plaintext
161 lines
4.4 KiB
Plaintext
varnishtest "Check that the TLVs are properly validated"
|
|
|
|
feature ignore_unknown_macro
|
|
|
|
# We need one HAProxy for each test, because apparently the connection by
|
|
# the client is reused, leading to connection resets.
|
|
|
|
haproxy h1 -conf {
|
|
global
|
|
.if feature(THREAD)
|
|
thread-groups 1
|
|
.endif
|
|
|
|
defaults
|
|
mode http
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
frontend a
|
|
bind "fd@${fe1}" accept-proxy
|
|
http-after-response set-header echo %[fc_pp_authority,hex]
|
|
http-request return status 200
|
|
} -start
|
|
|
|
# Validate that a correct header passes
|
|
client c1 -connect ${h1_fe1_sock} {
|
|
# PROXY v2 signature
|
|
sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
|
|
# version + PROXY
|
|
sendhex "21"
|
|
# TCP4
|
|
sendhex "11"
|
|
# length of the address (12) + length of the TLV (8)
|
|
sendhex "00 14"
|
|
# 127.0.0.1 42 127.0.0.1 1337
|
|
sendhex "7F 00 00 01 7F 00 00 01 00 2A 05 39"
|
|
# PP2_TYPE_AUTHORITY + length of the value + "12345"
|
|
sendhex "02 00 05 31 32 33 34 35"
|
|
|
|
txreq -url "/"
|
|
rxresp
|
|
expect resp.http.echo == "3132333435"
|
|
} -run
|
|
|
|
haproxy h2 -conf {
|
|
global
|
|
.if feature(THREAD)
|
|
thread-groups 1
|
|
.endif
|
|
|
|
defaults
|
|
mode http
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
frontend a
|
|
bind "fd@${fe1}" accept-proxy
|
|
http-after-response set-header echo %[fc_pp_authority,hex]
|
|
http-request return status 200
|
|
} -start
|
|
|
|
# Validate that a TLV after the end of the PROXYv2 header is not parsed
|
|
# and handle by the HTTP parser, leading to a 400 bad request error
|
|
client c2 -connect ${h2_fe1_sock} {
|
|
# PROXY v2 signature
|
|
sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
|
|
# version + PROXY
|
|
sendhex "21"
|
|
# TCP4
|
|
sendhex "11"
|
|
# length of the address (12) + length of the TLV (8)
|
|
sendhex "00 14"
|
|
# 127.0.0.1 42 127.0.0.1 1337
|
|
sendhex "7F 00 00 01 7F 00 00 01 00 2A 05 39"
|
|
# PP2_TYPE_AUTHORITY + length of the value + "12345"
|
|
sendhex "02 00 05 31 32 33 34 35"
|
|
# after the end of the PROXYv2 header: PP2_TYPE_AUTHORITY + length of the value + "54321"
|
|
sendhex "02 00 05 35 34 33 32 31"
|
|
|
|
txreq -url "/"
|
|
rxresp
|
|
expect resp.status == 400
|
|
expect resp.http.echo == <undef>
|
|
} -run
|
|
|
|
haproxy h3 -conf {
|
|
global
|
|
.if feature(THREAD)
|
|
thread-groups 1
|
|
.endif
|
|
|
|
defaults
|
|
mode http
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
frontend a
|
|
bind "fd@${fe1}" accept-proxy
|
|
http-after-response set-header echo %[fc_pp_authority,hex]
|
|
http-request return status 200
|
|
} -start
|
|
|
|
# Validate that a TLV length exceeding the PROXYv2 length fails
|
|
client c3 -connect ${h3_fe1_sock} {
|
|
# PROXY v2 signature
|
|
sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
|
|
# version + PROXY
|
|
sendhex "21"
|
|
# TCP4
|
|
sendhex "11"
|
|
# length of the address (12) + too small length of the TLV (8)
|
|
sendhex "00 14"
|
|
# 127.0.0.1 42 127.0.0.1 1337
|
|
sendhex "7F 00 00 01 7F 00 00 01 00 2A 05 39"
|
|
# PP2_TYPE_AUTHORITY + length of the value + "1234512345"
|
|
sendhex "02 00 0A 31 32 33 34 35 31 32 33 34 35"
|
|
|
|
txreq -url "/"
|
|
expect_close
|
|
} -run
|
|
|
|
haproxy h4 -conf {
|
|
global
|
|
.if feature(THREAD)
|
|
thread-groups 1
|
|
.endif
|
|
|
|
defaults
|
|
mode http
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
frontend a
|
|
bind "fd@${fe1}" accept-proxy
|
|
http-after-response set-header echo %[fc_pp_authority,hex]
|
|
http-request return status 200
|
|
} -start
|
|
|
|
# Validate that TLVs not ending with the PROXYv2 header fail
|
|
client c4 -connect ${h4_fe1_sock} {
|
|
# PROXY v2 signature
|
|
sendhex "0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a"
|
|
# version + PROXY
|
|
sendhex "21"
|
|
# TCP4
|
|
sendhex "11"
|
|
# length of the address (12) + too big length of the TLV (8)
|
|
sendhex "00 14"
|
|
# 127.0.0.1 42 127.0.0.1 1337
|
|
sendhex "7F 00 00 01 7F 00 00 01 00 2A 05 39"
|
|
# PP2_TYPE_AUTHORITY + length of the value + "1234"
|
|
sendhex "02 00 04 31 32 33 34"
|
|
|
|
txreq -url "/"
|
|
expect_close
|
|
} -run
|