This is an automated email from the ASF dual-hosted git repository.
bneradt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new fbdb7566c4 Allow specifying multiple port ranges in sni.yaml (#9951)
fbdb7566c4 is described below
commit fbdb7566c498049ea6aa5f2e3a21637244639310
Author: JosiahWI <[email protected]>
AuthorDate: Fri Jul 14 14:26:06 2023 -0500
Allow specifying multiple port ranges in sni.yaml (#9951)
This changes sni.yaml inbound_port_range parsing to allow multiple port
ranges.
---
doc/admin-guide/files/sni.yaml.en.rst | 22 ++--
iocore/net/SSLSNIConfig.cc | 12 ++-
iocore/net/SSLSNIConfig.h | 2 +-
iocore/net/YamlSNIConfig.cc | 60 +++++++----
iocore/net/YamlSNIConfig.h | 4 +-
iocore/net/unit_tests/sni_conf_test.yaml | 8 +-
.../net/unit_tests/sni_conf_test_bad_port_0-1.yaml | 3 +-
.../sni_conf_test_bad_port_1-yowzers2.yaml | 3 +-
...080-433.yaml => sni_conf_test_bad_port_3-.yaml} | 6 +-
.../sni_conf_test_bad_port_65535-65536.yaml | 3 +-
.../sni_conf_test_bad_port_8080-433.yaml | 3 +-
.../sni_conf_test_bad_port_yowzers-1.yaml | 3 +-
iocore/net/unit_tests/test_SSLSNIConfig.cc | 7 ++
iocore/net/unit_tests/test_YamlSNIConfig.cc | 21 +++-
tests/gold_tests/tls/tls_sni_with_port.test.py | 115 +++++++++++----------
15 files changed, 171 insertions(+), 101 deletions(-)
diff --git a/doc/admin-guide/files/sni.yaml.en.rst
b/doc/admin-guide/files/sni.yaml.en.rst
index f3928c47c5..08d137f2de 100644
--- a/doc/admin-guide/files/sni.yaml.en.rst
+++ b/doc/admin-guide/files/sni.yaml.en.rst
@@ -27,7 +27,7 @@ Description
This file is used to configure aspects of TLS connection handling for both
inbound and outbound
connections. With the exception of ``host_sni_policy`` (see the description
below), the configuration is driven by the SNI values provided by the inbound
connection. The
-file consists of a set of configuration items, each identified by an SNI value
and optionally a port range (``fqdn``, ``inbound_port_range``).
+file consists of a set of configuration items, each identified by an SNI value
and optionally one or more port ranges (``fqdn``, ``inbound_port_ranges``).
When an inbound TLS connection is made, the SNI value from the TLS negotiation
is matched against
the items specified by this file and if there is a match, the values specified
in that item override
the defaults. This is done during the inbound connection processing; some
outbound properties
@@ -59,19 +59,25 @@ Key Direction Meaning
========================= =========
========================================================================================
fqdn Both Fully Qualified Domain Name.
-inbound_port_range Inbound The port range for the inbound connection
in the form ``port`` or
+inbound_port_ranges Inbound The port ranges for the inbound connection
in the form ``port`` or
``min-max``.
For example:
- ``443``
+ .. code-block:: yaml
- would match all requests with an SNI for
example.com on port 443, and
+ sni:
+ - fqdn: example.com
+ inbound_port_ranges:
+ - 443
+ - 8080-8086
+ - fqdn: other.com
+ inbound_port_ranges: 443
- ``443-446``
-
- would match requests with an SNI for
example.com on ports 443 to 446, inclusive.
- By default this is all ports.
+ would match all requests with an SNI for
example.com on port 443, and on ports
+ 8080 through 8086 inclusive, and all
+ requests with an SNI for other.com on port
+ 443
========================= =========
========================================================================================
diff --git a/iocore/net/SSLSNIConfig.cc b/iocore/net/SSLSNIConfig.cc
index e2224a820f..1050d749fd 100644
--- a/iocore/net/SSLSNIConfig.cc
+++ b/iocore/net/SSLSNIConfig.cc
@@ -39,6 +39,7 @@
#include "tscore/ink_memory.h"
#include "tscore/I_Layout.h"
+#include "tscpp/util/ts_ip.h"
#include "tscpp/util/TextView.h"
#include <netinet/in.h>
@@ -46,6 +47,7 @@
#include <sstream>
#include <utility>
#include <pcre.h>
+#include <algorithm>
static constexpr int OVECSIZE{30};
@@ -61,8 +63,8 @@ NamedElement &
NamedElement::operator=(NamedElement &&other)
{
if (this != &other) {
- match = std::move(other.match);
- ports = std::move(other.ports);
+ match = std::move(other.match);
+ inbound_port_ranges = std::move(other.inbound_port_ranges);
}
return *this;
}
@@ -116,7 +118,7 @@ SNIConfigParams::load_sni_config()
for (auto &item : yaml_sni.items) {
auto &ai = sni_action_list.emplace_back();
ai.set_glob_name(item.fqdn);
- ai.ports = item.port_range;
+ ai.inbound_port_ranges = item.inbound_port_ranges;
Debug("ssl", "name: %s", item.fqdn.data());
item.populate_sni_actions(ai.actions);
@@ -174,7 +176,9 @@ SNIConfigParams::get(std::string_view servername, in_port_t
dest_incoming_port)
return {&retval.actions, {}};
} else if (auto offset = pcre_exec(retval.match.get(), nullptr,
servername.data(), length, 0, 0, ovector, OVECSIZE);
offset >= 0) {
- if (!retval.ports.contains(dest_incoming_port)) {
+ if (std::none_of(
+ retval.inbound_port_ranges.begin(),
retval.inbound_port_ranges.end(),
+ [dest_incoming_port](ts::port_range_t const &port_range) { return
port_range.contains(dest_incoming_port); })) {
continue;
}
if (offset == 1) {
diff --git a/iocore/net/SSLSNIConfig.h b/iocore/net/SSLSNIConfig.h
index 46890ae351..6affb09d9f 100644
--- a/iocore/net/SSLSNIConfig.h
+++ b/iocore/net/SSLSNIConfig.h
@@ -71,7 +71,7 @@ struct NamedElement {
void set_glob_name(std::string name);
void set_regex_name(const std::string ®ex_name);
- ts::port_range_t ports{1, ts::MAX_PORT_VALUE};
+ std::vector<ts::port_range_t> inbound_port_ranges;
std::unique_ptr<pcre, PcreFreer> match;
};
diff --git a/iocore/net/YamlSNIConfig.cc b/iocore/net/YamlSNIConfig.cc
index 4ee5589190..05d4a09861 100644
--- a/iocore/net/YamlSNIConfig.cc
+++ b/iocore/net/YamlSNIConfig.cc
@@ -182,7 +182,7 @@ TsEnumDescriptor TLS_PROTOCOLS_DESCRIPTOR = {
};
std::set<std::string> valid_sni_config_keys = {TS_fqdn,
- TS_inbound_port_range,
+ TS_inbound_port_ranges,
TS_verify_client,
TS_verify_client_ca_certs,
TS_tunnel_route,
@@ -233,24 +233,10 @@ template <> struct convert<YamlSNIConfig::Item> {
return false; // servername must be present
}
- if (node[TS_inbound_port_range]) {
- swoc::TextView port_view{node[TS_inbound_port_range].Scalar()};
- auto min{port_view.split_prefix_at('-')};
- if (!min) {
- min = port_view;
- }
- auto const &max{port_view};
-
- swoc::TextView parsed_min;
- long min_port{swoc::svtoi(min, &parsed_min)};
- swoc::TextView parsed_max;
- long max_port{swoc::svtoi(max, &parsed_max)};
- if (parsed_min != min || min_port < 1 || parsed_max != max || max_port >
std::numeric_limits<in_port_t>::max() ||
- max_port < min_port) {
- throw YAML::ParserException(node[TS_fqdn].Mark(),
swoc::bwprint(ts::bw_dbg, "bad port range: {}-{}", min, max));
- }
-
- item.port_range = ts::port_range_t{static_cast<in_port_t>(min_port),
static_cast<in_port_t>(max_port)};
+ if (node[TS_inbound_port_ranges]) {
+ item.inbound_port_ranges =
parse_inbound_port_ranges(node[TS_inbound_port_ranges]);
+ } else {
+ item.inbound_port_ranges.emplace_back(1, ts::MAX_PORT_VALUE);
}
if (node[TS_http2]) {
item.offer_h2 = node[TS_http2].as<bool>();
@@ -447,6 +433,42 @@ template <> struct convert<YamlSNIConfig::Item> {
return true;
}
+
+ static std::vector<ts::port_range_t>
+ parse_inbound_port_ranges(Node const &port_ranges)
+ {
+ std::vector<ts::port_range_t> result;
+ if (port_ranges.IsSequence()) {
+ for (Node const &port_range : port_ranges) {
+ result.emplace_back(parse_single_inbound_port_range(port_range,
port_range.Scalar()));
+ }
+ } else {
+ result.emplace_back(parse_single_inbound_port_range(port_ranges,
port_ranges.Scalar()));
+ }
+
+ return result;
+ }
+
+ static ts::port_range_t
+ parse_single_inbound_port_range(Node const &node, swoc::TextView port_view)
+ {
+ auto min{port_view.split_prefix_at('-')};
+ if (!min) {
+ min = port_view;
+ }
+ auto max{port_view};
+
+ swoc::TextView parsed_min;
+ auto min_port{swoc::svtoi(min, &parsed_min)};
+ swoc::TextView parsed_max;
+ auto max_port{swoc::svtoi(max, &parsed_max)};
+ if (parsed_min != min || min_port < 1 || parsed_max != max || max_port >
std::numeric_limits<in_port_t>::max() ||
+ max_port < min_port) {
+ throw YAML::ParserException(node.Mark(), swoc::bwprint(ts::bw_dbg, "bad
port range: {}-{}", min, max));
+ }
+
+ return {static_cast<in_port_t>(min_port),
static_cast<in_port_t>(max_port)};
+ }
};
} // namespace YAML
diff --git a/iocore/net/YamlSNIConfig.h b/iocore/net/YamlSNIConfig.h
index b3425c9477..510ca50a73 100644
--- a/iocore/net/YamlSNIConfig.h
+++ b/iocore/net/YamlSNIConfig.h
@@ -38,7 +38,7 @@
#define TSDECL(id) constexpr char TS_##id[] = #id
TSDECL(fqdn);
-TSDECL(inbound_port_range);
+TSDECL(inbound_port_ranges);
TSDECL(verify_client);
TSDECL(verify_client_ca_certs);
TSDECL(tunnel_route);
@@ -81,7 +81,7 @@ struct YamlSNIConfig {
struct Item {
std::string fqdn;
- ts::port_range_t port_range{1, ts::MAX_PORT_VALUE};
+ std::vector<ts::port_range_t> inbound_port_ranges;
std::optional<bool> offer_h2; // Has no value by default, so do not
initialize!
std::optional<bool> offer_quic; // Has no value by default, so do not
initialize!
diff --git a/iocore/net/unit_tests/sni_conf_test.yaml
b/iocore/net/unit_tests/sni_conf_test.yaml
index 82bc3e278d..84123c675c 100644
--- a/iocore/net/unit_tests/sni_conf_test.yaml
+++ b/iocore/net/unit_tests/sni_conf_test.yaml
@@ -17,9 +17,11 @@
sni:
- fqdn: allports.com
- fqdn: someport.com
- inbound_port_range: 1-433
+ inbound_port_ranges:
+ - 1-433
+ - 480-488
http2: true
- fqdn: someport.com
- inbound_port_range: 8080-65535
+ inbound_port_ranges: 8080-65535
- fqdn: oneport.com
- inbound_port_range: 433
+ inbound_port_ranges: 433
diff --git a/iocore/net/unit_tests/sni_conf_test_bad_port_0-1.yaml
b/iocore/net/unit_tests/sni_conf_test_bad_port_0-1.yaml
index 6cc3b07cb7..0a56a5568f 100644
--- a/iocore/net/unit_tests/sni_conf_test_bad_port_0-1.yaml
+++ b/iocore/net/unit_tests/sni_conf_test_bad_port_0-1.yaml
@@ -16,4 +16,5 @@
sni:
- fqdn: badport.com
- inbound_port_range: 0-1
+ inbound_port_ranges:
+ - 0-1
diff --git a/iocore/net/unit_tests/sni_conf_test_bad_port_1-yowzers2.yaml
b/iocore/net/unit_tests/sni_conf_test_bad_port_1-yowzers2.yaml
index eed8159566..8cbd1d19d6 100644
--- a/iocore/net/unit_tests/sni_conf_test_bad_port_1-yowzers2.yaml
+++ b/iocore/net/unit_tests/sni_conf_test_bad_port_1-yowzers2.yaml
@@ -16,4 +16,5 @@
sni:
- fqdn: badport.com
- inbound_port_range: 1-yowzers2
+ inbound_port_ranges:
+ - 1-yowzers2
diff --git a/iocore/net/unit_tests/sni_conf_test_bad_port_8080-433.yaml
b/iocore/net/unit_tests/sni_conf_test_bad_port_3-.yaml
similarity index 92%
copy from iocore/net/unit_tests/sni_conf_test_bad_port_8080-433.yaml
copy to iocore/net/unit_tests/sni_conf_test_bad_port_3-.yaml
index 118b46c6b8..913526d15f 100644
--- a/iocore/net/unit_tests/sni_conf_test_bad_port_8080-433.yaml
+++ b/iocore/net/unit_tests/sni_conf_test_bad_port_3-.yaml
@@ -15,5 +15,7 @@
# limitations under the License.
sni:
-- fqdn: badport.com
- inbound_port_range: 8080-433
+- fqdn: missingport.com
+ inbound_port_ranges:
+ - 3-
+ - 1-2
diff --git a/iocore/net/unit_tests/sni_conf_test_bad_port_65535-65536.yaml
b/iocore/net/unit_tests/sni_conf_test_bad_port_65535-65536.yaml
index 64aef61d96..c856acef6e 100644
--- a/iocore/net/unit_tests/sni_conf_test_bad_port_65535-65536.yaml
+++ b/iocore/net/unit_tests/sni_conf_test_bad_port_65535-65536.yaml
@@ -16,4 +16,5 @@
sni:
- fqdn: badport.com
- inbound_port_range: 65535-65536
+ inbound_port_ranges:
+ - 65535-65536
diff --git a/iocore/net/unit_tests/sni_conf_test_bad_port_8080-433.yaml
b/iocore/net/unit_tests/sni_conf_test_bad_port_8080-433.yaml
index 118b46c6b8..9c755efc6c 100644
--- a/iocore/net/unit_tests/sni_conf_test_bad_port_8080-433.yaml
+++ b/iocore/net/unit_tests/sni_conf_test_bad_port_8080-433.yaml
@@ -16,4 +16,5 @@
sni:
- fqdn: badport.com
- inbound_port_range: 8080-433
+ inbound_port_ranges:
+ - 8080-433
diff --git a/iocore/net/unit_tests/sni_conf_test_bad_port_yowzers-1.yaml
b/iocore/net/unit_tests/sni_conf_test_bad_port_yowzers-1.yaml
index c783cfee3d..90d9d909c8 100644
--- a/iocore/net/unit_tests/sni_conf_test_bad_port_yowzers-1.yaml
+++ b/iocore/net/unit_tests/sni_conf_test_bad_port_yowzers-1.yaml
@@ -16,4 +16,5 @@
sni:
- fqdn: notaport.com
- inbound_port_range: yowzers-1
+ inbound_port_ranges:
+ - yowzers-1
diff --git a/iocore/net/unit_tests/test_SSLSNIConfig.cc
b/iocore/net/unit_tests/test_SSLSNIConfig.cc
index c1f5672f82..7d50bf3b1b 100644
--- a/iocore/net/unit_tests/test_SSLSNIConfig.cc
+++ b/iocore/net/unit_tests/test_SSLSNIConfig.cc
@@ -98,4 +98,11 @@ TEST_CASE("Test SSLSNIConfig")
REQUIRE(actions.first);
REQUIRE(actions.first->size() == 2);
}
+
+ SECTION("The config matches an SNI for someport:482")
+ {
+ auto const &actions{params.get({"someport.com",
std::strlen("someport.com")}, 482)};
+ REQUIRE(actions.first);
+ REQUIRE(actions.first->size() == 3);
+ }
}
diff --git a/iocore/net/unit_tests/test_YamlSNIConfig.cc
b/iocore/net/unit_tests/test_YamlSNIConfig.cc
index 4d9b878203..7cefd9f273 100644
--- a/iocore/net/unit_tests/test_YamlSNIConfig.cc
+++ b/iocore/net/unit_tests/test_YamlSNIConfig.cc
@@ -41,8 +41,8 @@
static void
check_port_range(const YamlSNIConfig::Item &item, in_port_t min_expected,
in_port_t max_expected)
{
- CHECK(item.port_range.min() == min_expected);
- CHECK(item.port_range.max() == max_expected);
+ CHECK(item.inbound_port_ranges.at(0).min() == min_expected);
+ CHECK(item.inbound_port_ranges.at(0).max() == max_expected);
}
TEST_CASE("YamlSNIConfig sets port ranges appropriately")
@@ -89,13 +89,26 @@ TEST_CASE("YamlSNIConfig sets port ranges appropriately")
auto const &item{conf.items[0]};
CHECK(item.fqdn == "allports.com");
}
+
+ SECTION("If multiple port ranges were specified, all of them should be
checked.")
+ {
+ auto const &item{conf.items[1]};
+ CHECK(item.inbound_port_ranges.at(1).min() == 480);
+ CHECK(item.inbound_port_ranges.at(1).max() == 488);
+ }
+
+ SECTION("If one port range was specified, "
+ "there should only be one port range.")
+ {
+ CHECK(conf.items[2].inbound_port_ranges.size() == 1);
+ }
}
TEST_CASE("YamlConfig handles bad ports appropriately.")
{
YamlSNIConfig conf{};
- std::string port_str{GENERATE("0-1", "65535-65536", "8080-433", "yowzers-1",
"1-yowzers2")};
+ std::string port_str{GENERATE("0-1", "65535-65536", "8080-433", "yowzers-1",
"1-yowzers2", "3-")};
std::string filepath;
swoc::bwprint(filepath, "{}/sni_conf_test_bad_port_{}.yaml",
_XSTR(LIBINKNET_UNIT_TEST_DIR), port_str);
@@ -105,6 +118,6 @@ TEST_CASE("YamlConfig handles bad ports appropriately.")
errorstream << zret;
std::string expected;
- swoc::bwprint(expected, "1 [1]: yaml-cpp: error at line 18, column 9: bad
port range: {}\n", port_str);
+ swoc::bwprint(expected, "1 [1]: yaml-cpp: error at line 20, column 5: bad
port range: {}\n", port_str);
CHECK(errorstream.str() == expected);
}
diff --git a/tests/gold_tests/tls/tls_sni_with_port.test.py
b/tests/gold_tests/tls/tls_sni_with_port.test.py
index 68e2709bae..8b89c09cf2 100644
--- a/tests/gold_tests/tls/tls_sni_with_port.test.py
+++ b/tests/gold_tests/tls/tls_sni_with_port.test.py
@@ -15,12 +15,14 @@
# limitations under the License.
import functools
-from typing import Any, Callable, Optional
+from typing import Any, Callable, Dict, Optional
from ports import get_port
Test.Summary = 'Tests SNI port-based routing'
+TestParams = Dict[str, Any]
+
class TestSNIWithPort:
"""Configure a test for SNI port-based routing ."""
@@ -51,7 +53,17 @@ class TestSNIWithPort:
tr.Processes.Default.StartBefore(server_two)
tr.Processes.Default.StartBefore(self._ts)
- return tr, self._ts, server_one, server_two, server_three,
self._port_one, self._port_two, self._unspecified_port
+ return {
+ "tr": tr,
+ "ts": self._ts,
+ "server_one": server_one,
+ "server_two": server_two,
+ "server_three": server_three,
+ "port_one": self._port_one,
+ "port_two": self._port_two,
+ "port_three": self._port_three,
+ "port_unmapped": self._port_unmapped
+ }
@classmethod
def runner(cls, name: str, autorun: bool = True) -> Optional[Callable]:
@@ -68,10 +80,10 @@ class TestSNIWithPort:
:param func: The test case to set up.
"""
functools.wraps(func)
- tr, *test_run_args = self._init_run()
+ test_params = self._init_run()
def wrapper(*args, **kwargs) -> Any:
- return func(tr, *test_run_args, *args, **kwargs)
+ return func(test_params, *args, **kwargs)
if self.autorun:
wrapper()
@@ -98,11 +110,12 @@ class TestSNIWithPort:
ts.addDefaultSSLFiles()
self._port_one = get_port(ts, "PortOne")
self._port_two = get_port(ts, "PortTwo")
- self._unspecified_port = get_port(ts, "UnspecifiedPort")
+ self._port_three = get_port(ts, "PortThree")
+ self._port_unmapped = get_port(ts, "UnspecifiedPort")
ts.Disk.records_config.update({
'proxy.config.ssl.server.cert.path': f"{ts.Variables.SSLDir}",
'proxy.config.ssl.server.private_key.path':
f"{ts.Variables.SSLDir}",
- 'proxy.config.http.server_ports': f"{self._port_one}:ssl
{self._port_two}:ssl {self._unspecified_port}:ssl",
+ 'proxy.config.http.server_ports': f"{self._port_one}:ssl
{self._port_two}:ssl {self._port_three}:ssl {self._port_unmapped}:ssl",
'proxy.config.diags.debug.enabled': 1,
'proxy.config.diags.debug.tags': 'dns|http|ssl|sni',
})
@@ -112,10 +125,12 @@ class TestSNIWithPort:
ts.Disk.sni_yaml.AddLines([
"sni:",
"- fqdn: yay.example.com",
- f" inbound_port_range: {self._port_one}-{self._port_one}",
+ f" inbound_port_ranges: {self._port_one}-{self._port_one}",
f" tunnel_route: localhost:{server_one.Variables.https_port}",
"- fqdn: yay.example.com",
- f" inbound_port_range: {self._port_two}",
+ " inbound_port_ranges:",
+ f" - {self._port_two}",
+ f" - {self._port_three}",
f" tunnel_route: localhost:{server_two.Variables.https_port}"
])
@@ -129,87 +144,81 @@ class TestSNIWithPort:
# Tests start.
@TestSNIWithPort.runner("Test that a request to a port not in the SNI does not
get through.")
-def test0(
- tr: "TestRun",
- ts: "Process",
- server_one: "Process",
- server_two: "Process",
- server_three: "Process",
- port_one: int,
- port_two: int,
- unspecified_port: int):
- client = tr.AddVerifierClientProcess(
+def test0(params: TestParams) -> None:
+ client = params["tr"].AddVerifierClientProcess(
f"client0",
TestSNIWithPort.replay_filepath,
- https_ports=[unspecified_port],
+ https_ports=[params["port_unmapped"]],
keys="conn_remapped"
)
- tr.Processes.Default.ReturnCode = 0
- ts.Disk.diags_log.Content += Testers.ExcludesExpression(
+ params["tr"].Processes.Default.ReturnCode = 0
+ params["ts"].Disk.diags_log.Content += Testers.ExcludesExpression(
"unsupported key 'inbound_port_range'", "we should not warn about the
key"
)
- ts.Disk.traffic_out.Content += Testers.IncludesExpression(
+ params["ts"].Disk.traffic_out.Content += Testers.IncludesExpression(
"not available in the map", "the request should not match an SNI"
)
- server_one.Streams.All.Content += Testers.ExcludesExpression(
+ params["server_one"].Streams.All.Content += Testers.ExcludesExpression(
"Received an HTTP/1 Content-Length body of 16 bytes for key
conn_remapped", "the request should not go to server one"
)
- server_two.Streams.All.Content += Testers.ExcludesExpression(
+ params["server_two"].Streams.All.Content += Testers.ExcludesExpression(
"Received an HTTP/1 Content-Length body of 16 bytes for key
conn_remapped", "the request should not go to server two"
)
- server_three.Streams.All.Content += Testers.IncludesExpression(
+ params["server_three"].Streams.All.Content += Testers.IncludesExpression(
"Received an HTTP/1 Content-Length body of 16 bytes for key
conn_remapped", "request was remaped to server three"
)
@TestSNIWithPort.runner("Test that a request to a port one goes to server
one.")
-def test1(
- tr: "TestRun",
- ts: "Process",
- server_one: "Process",
- server_two: "Process",
- server_three: "Process",
- port_one: int,
- port_two: int,
- unspecified_port: int):
- client = tr.AddVerifierClientProcess(
+def test1(params: TestParams) -> None:
+ client = params["tr"].AddVerifierClientProcess(
f"client1",
TestSNIWithPort.replay_filepath,
- https_ports=[port_one],
+ https_ports=[params["port_one"]],
keys="conn_accepted"
)
- tr.Processes.Default.ReturnCode = 0
- server_one.Streams.All.Content += Testers.IncludesExpression(
+ params["tr"].Processes.Default.ReturnCode = 0
+ params["server_one"].Streams.All.Content += Testers.IncludesExpression(
"Received an HTTP/1 Content-Length body of 16 bytes for key
conn_accepted", "the request should go to server one"
)
- server_two.Streams.All.Content += Testers.ExcludesExpression(
+ params["server_two"].Streams.All.Content += Testers.ExcludesExpression(
"Received an HTTP/1 Content-Length body of 16 bytes for key
conn_accepted", "the request should not go to server two"
)
@TestSNIWithPort.runner("Test that a request to port two goes to server two.")
-def test2(
- tr: "TestRun",
- ts: "Process",
- server_one: "Process",
- server_two: "Process",
- server_three: "Process",
- port_one: int,
- port_two: int,
- unspecified_port: int):
- client = tr.AddVerifierClientProcess(
+def test2(params: TestParams) -> None:
+ client = params["tr"].AddVerifierClientProcess(
f"client2",
TestSNIWithPort.replay_filepath,
- https_ports=[port_two],
+ https_ports=[params["port_two"]],
+ keys="conn_accepted"
+ )
+
+ params["tr"].Processes.Default.ReturnCode = 0
+ params["server_two"].Streams.All.Content += Testers.IncludesExpression(
+ "Received an HTTP/1 Content-Length body of 16 bytes for key
conn_accepted", "the request should go to server two"
+ )
+ params["server_one"].Streams.All.Content += Testers.ExcludesExpression(
+ "Received an HTTP/1 Content-Length body of 16 bytes for key
conn_accepted", "the request should not go to server one"
+ )
+
+
[email protected]("Test that a request to port three goes to server
two.")
+def test3(params: TestParams) -> None:
+ client = params["tr"].AddVerifierClientProcess(
+ f"client3",
+ TestSNIWithPort.replay_filepath,
+ https_ports=[params["port_three"]],
keys="conn_accepted"
)
- tr.Processes.Default.ReturnCode = 0
- server_two.Streams.All.Content += Testers.IncludesExpression(
+ params["tr"].Processes.Default.ReturnCode = 0
+ params["server_two"].Streams.All.Content += Testers.IncludesExpression(
"Received an HTTP/1 Content-Length body of 16 bytes for key
conn_accepted", "the request should go to server two"
)
- server_one.Streams.All.Content += Testers.ExcludesExpression(
+ params["server_one"].Streams.All.Content += Testers.ExcludesExpression(
"Received an HTTP/1 Content-Length body of 16 bytes for key
conn_accepted", "the request should not go to server one"
)
