> On 16 Nov 2022, at 10:04, Eugene Grebenschikov via nginx-devel > <nginx-devel@nginx.org> wrote: > > # HG changeset patch > # User Eugene Grebenschikov <e.grebenshchi...@f5.com> > # Date 1668578494 28800 > # Tue Nov 15 22:01:34 2022 -0800 > # Node ID 6040bfd6acbd8492730dee6ffe1bc9e89f70a3cb > # Parent 01fcc82a435aedd41ed3c23dbf7252371652cc7a > Tests: proxy protocol v2 TLVs tests for stream module. > > diff -r 01fcc82a435a -r 6040bfd6acbd stream_proxy_protocol2_tlv.t > --- /dev/null Thu Jan 01 00:00:00 1970 +0000 > +++ b/stream_proxy_protocol2_tlv.t Tue Nov 15 22:01:34 2022 -0800 > @@ -0,0 +1,154 @@ > +#!/usr/bin/perl > + > +# (C) Roman Arutyunyan > +# (C) Eugene Grebenschikov > +# (C) Nginx, Inc. > + > +# Tests for variables for proxy protocol v2 TLVs. > + > +############################################################################### > + > +use warnings; > +use strict; > + > +use Test::More; > + > +BEGIN { use FindBin; chdir($FindBin::Bin); } > + > +use lib 'lib'; > +use Test::Nginx; > +use Test::Nginx::Stream qw/ stream /; > + > +############################################################################### > + > +select STDERR; $| = 1; > +select STDOUT; $| = 1; > + > +my $t = Test::Nginx->new()->has(qw/stream stream_return map/) > + ->write_file_expand('nginx.conf', <<'EOF'); > + > +%%TEST_GLOBALS%% > + > +daemon off; > + > +events { > +} > + > +stream { > + %%TEST_GLOBALS_STREAM%% > + > + map $proxy_protocol_tlv_ssl $binary_present { > + "~\\x00" "true"; > + } > + > + server { > + listen 127.0.0.1:8080 proxy_protocol; > + return " > + alpn:$proxy_protocol_tlv_alpn > + authority:$proxy_protocol_tlv_authority > + crc32c:$proxy_protocol_tlv_0x3 > + unique-id:$proxy_protocol_tlv_unique_id > + netns:$proxy_protocol_tlv_netns > + ssl-verify:$proxy_protocol_tlv_ssl_verify > + ssl-version:$proxy_protocol_tlv_ssl_version > + ssl-cn:$proxy_protocol_tlv_ssl_cn > + ssl-cipher:$proxy_protocol_tlv_ssl_cipher > + ssl-sig-alg:$proxy_protocol_tlv_ssl_sig_alg > + ssl-key-alg:$proxy_protocol_tlv_ssl_key_alg > + custom:$proxy_protocol_tlv_0x000ae > + x:$proxy_protocol_tlv_0x000e > + ssl-binary:$binary_present"; > + } > +} > + > +EOF > + > +$t->try_run('no proxy_protocol tlv')->plan(14); > + > +############################################################################### > + > +my $tlv = pp2_create_tlv(0x1, "ALPN1"); > +$tlv .= pp2_create_tlv(0x2, "localhost"); > +$tlv .= pp2_create_tlv(0x3, "4321"); > +$tlv .= pp2_create_tlv(0x5, "UNIQQ"); > +$tlv .= pp2_create_tlv(0x30, "NETNS"); > +$tlv .= pp2_create_tlv(0xae, "12345"); > +my $p = pp2_create($tlv); > + > +my $r = pp_get(8080, $p); > +like($r, qr/alpn:ALPN1\x0d?$/m, 'ALPN'); > +like($r, qr/authority:localhost\x0d?$/m, 'AUTHORITY'); > +like($r, qr/crc32c:4321\x0d?$/m, 'CRC32C'); > +like($r, qr/unique-id:UNIQQ\x0d?$/m, 'UNIQUE_ID'); > +like($r, qr/netns:NETNS\x0d?$/m, 'NETNS'); > +like($r, qr/custom:12345\x0d?$/m, 'custom'); > +like($r, qr/x:\x0d?$/m, 'non-existent'); > + > +# big proxy protocol header with TLVs > + > +TODO: { > +local $TODO = 'not yet' unless $t->has_version('1.23.3'); > + > +my $sub = pp2_create_tlv(0x21, "TLSv1.2"); > +$sub .= pp2_create_tlv(0x22, "example.com"); > +$sub .= pp2_create_tlv(0x23, "AES256-SHA"); > +$sub .= pp2_create_tlv(0x24, "SHA1"); > +$sub .= pp2_create_tlv(0x25, "RSA512"); > +my $ssl = pp2_create_ssl(0x01, 255, $sub); > +$tlv .= pp2_create_tlv(0x20, $ssl); > +$p = pp2_create($tlv); > + > +$r = pp_get(8080, $p); > +like($r, qr/ssl-verify:255\x0d?$/m, 'SSL_VERIFY'); > +like($r, qr/ssl-version:TLSv1.2\x0d?$/m, 'SSL_VERSION'); > +like($r, qr/ssl-cn:example.com\x0d?$/m, 'SSL_CN'); > +like($r, qr/ssl-cipher:AES256-SHA\x0d?$/m, 'SSL_CIPHER'); > +like($r, qr/ssl-sig-alg:SHA1\x0d?$/m, 'SSL_SIG_ALG'); > +like($r, qr/ssl-key-alg:RSA512\x0d?$/m, 'SSL_KEY_ALG'); > +like($r, qr/ssl-binary:true/, 'SSL_BINARY'); > + > +} > + > +############################################################################### > + > +sub pp_get { > + my ($port, $proxy) = @_; > + stream(PeerPort => port($port))->io($proxy); > +} > + > +sub pp2_create { > + my ($tlv) = @_; > + > + my $pp2_sig = pack("N3", 0x0D0A0D0A, 0x000D0A51, 0x5549540A); > + my $ver_cmd = pack('C', 0x21); > + my $family = pack('C', 0x11); > + my $packet = $pp2_sig . $ver_cmd . $family; > + > + my $ip1 = pack('N', 0xc0000201); # 192.0.2.1 > + my $ip2 = pack('N', 0xc0000202); # 192.0.2.2 > + my $port1 = pack('n', 123); > + my $port2 = pack('n', 5678); > + my $addrs = $ip1 . $ip2 . $port1 . $port2; > + > + my $len = length($addrs) + length($tlv); > + > + $packet .= pack('n', $len) . $addrs . $tlv; > + > + return $packet; > +} > + > +sub pp2_create_tlv { > + my ($type, $content) = @_; > + > + my $len = length($content); > + > + return pack("CnA*", $type, $len, $content); > +} > + > +sub pp2_create_ssl { > + my ($client, $verify, $content) = @_; > + > + return pack("CNA*", $client, $verify, $content); > +} > + > +############################################################################### >
Looks good. -- Sergey Kandaurov _______________________________________________ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org