diff options
| author |   reyk <reyk@openbsd.org> | 2014-07-09 16:48:55 +0000 |
|---|---|---|
| committer | reyk <reyk@openbsd.org> | 2014-07-09 16:48:55 +0000 |
| commit | e49fb92248b7fee55235de814b44c079d098005a (patch) | |
| tree | a4808be7f1384d6efe902c43b014ce02fdcd89b0 | |
| parent | Update the default relayd.conf with the new filtering grammar. (diff) | |
| download | wireguard-openbsd-e49fb92248b7fee55235de814b44c079d098005a.tar.xz wireguard-openbsd-e49fb92248b7fee55235de814b44c079d098005a.zip | |
Update and extend the regress tests to use the new grammar of the
filtering rules. Some of the filenames are based on the old grammar,
we keep them for now and just update the contents to have a
before/after comparison of the features.
Most of the work was done by Andre de Oliveira (andre@)
OK bluhm@ benno@
35 files changed, 279 insertions, 118 deletions
diff --git a/regress/usr.sbin/relayd/Client.pm b/regress/usr.sbin/relayd/Client.pm index 5736f459ed2..37cfa40b130 100644 --- a/regress/usr.sbin/relayd/Client.pm +++ b/regress/usr.sbin/relayd/Client.pm @@ -1,4 +1,4 @@ -# $OpenBSD: Client.pm,v 1.5 2013/07/20 10:30:55 bluhm Exp $ +# $OpenBSD: Client.pm,v 1.6 2014/07/09 16:48:55 reyk Exp $ # Copyright (c) 2010-2012 Alexander Bluhm <bluhm@openbsd.org> # @@ -44,6 +44,10 @@ sub new { sub child { my $self = shift; + if ($self->{mreqs}) { + print STDERR "connection per request\n"; + return; + } $SSL_ERROR = ""; my $iosocket = $self->{ssl} ? "IO::Socket::SSL" : "IO::Socket::INET6"; my $cs = $iosocket->new( @@ -55,6 +59,7 @@ sub child { ) or die ref($self), " $iosocket socket connect failed: $!,$SSL_ERROR"; print STDERR "connect sock: ",$cs->sockhost()," ",$cs->sockport(),"\n"; print STDERR "connect peer: ",$cs->peerhost()," ",$cs->peerport(),"\n"; + print STDERR "single connection\n"; *STDIN = *STDOUT = $self->{cs} = $cs; } diff --git a/regress/usr.sbin/relayd/Server.pm b/regress/usr.sbin/relayd/Server.pm index 76d849a94a4..7bb2923f25a 100644 --- a/regress/usr.sbin/relayd/Server.pm +++ b/regress/usr.sbin/relayd/Server.pm @@ -1,4 +1,4 @@ -# $OpenBSD: Server.pm,v 1.4 2013/07/20 10:30:55 bluhm Exp $ +# $OpenBSD: Server.pm,v 1.5 2014/07/09 16:48:55 reyk Exp $ # Copyright (c) 2010-2012 Alexander Bluhm <bluhm@openbsd.org> # @@ -58,11 +58,16 @@ sub new { sub child { my $self = shift; + if ($self->{mreqs}) { + print STDERR "connection per request\n"; + return; + } my $iosocket = $self->{ssl} ? "IO::Socket::SSL" : "IO::Socket::INET6"; my $as = $self->{ls}->accept() or die ref($self), " $iosocket socket accept failed: $!"; print STDERR "accept sock: ",$as->sockhost()," ",$as->sockport(),"\n"; print STDERR "accept peer: ",$as->peerhost()," ",$as->peerport(),"\n"; + print STDERR "single connection\n"; *STDIN = *STDOUT = $self->{as} = $as; } diff --git a/regress/usr.sbin/relayd/args-http-append.pl b/regress/usr.sbin/relayd/args-http-append.pl index f6c00de4093..bc6727c749a 100644 --- a/regress/usr.sbin/relayd/args-http-append.pl +++ b/regress/usr.sbin/relayd/args-http-append.pl @@ -5,12 +5,17 @@ our %args = ( client => { func => \&http_client, len => 1, - loggrep => { 'X-Server-Append: \d+\.\d+\.\d+\.\d+:\d+$' => 1 }, + loggrep => { 'X-Server-Append: \d+\.\d+\.\d+\.\d+:\d+$' => 1, + 'Set-Cookie: a=b\;' => 1, + }, }, relayd => { protocol => [ "http", - 'request header append "$REMOTE_ADDR:$REMOTE_PORT" to X-Client-Append', - 'response header append "$SERVER_ADDR:$SERVER_PORT" to X-Server-Append', + 'match request header append X-Client-Append value \ + "$REMOTE_ADDR:$REMOTE_PORT"', + 'match response header append X-Server-Append value \ + "$SERVER_ADDR:$SERVER_PORT" \ + cookie set "a" value "b"', ], }, server => { diff --git a/regress/usr.sbin/relayd/args-http-change-path.pl b/regress/usr.sbin/relayd/args-http-change-path.pl index 23205c3941d..2596d438858 100644 --- a/regress/usr.sbin/relayd/args-http-change-path.pl +++ b/regress/usr.sbin/relayd/args-http-change-path.pl @@ -3,21 +3,23 @@ use warnings; our %args = ( client => { - noclient => 1, - nocheck => 1, + func => \&http_client, + loggrep => { + qr/GET \/251 HTTP\/1\.0/ => 1, + }, }, relayd => { protocol => [ "http", - 'request path change "path" to "foobarchangedpath" marked 55', + 'match request path set "*" value "/foopath" \ + url log "*"', ], - loggrep => { - qr/relayd.conf\:.*action only supported for headers/ => 1 - }, - dryrun => "relayd.conf:4: action only supported for headers", + loggrep => { qr/\, done\, \[foo.bar\/foopath\]/ => 1 }, }, server => { - noserver => 1, - nocheck => 1, + func => \&http_server, + loggrep => { + qr/GET \/foopath HTTP\/1\.0/ => 1, + }, }, ); diff --git a/regress/usr.sbin/relayd/args-http-change.pl b/regress/usr.sbin/relayd/args-http-change.pl index 941a2f62185..54286c53579 100644 --- a/regress/usr.sbin/relayd/args-http-change.pl +++ b/regress/usr.sbin/relayd/args-http-change.pl @@ -13,8 +13,8 @@ our %args = ( }, relayd => { protocol => [ "http", - 'request header change "Host" to "foobar.changed"', - 'response header change "X-Test-Header" to "XChangedValue"', + 'match request header set "Host" value "foobar.changed"', + 'match response header set "X-Test-Header" value "XChangedValue"', ], }, server => { diff --git a/regress/usr.sbin/relayd/args-http-chunked.pl b/regress/usr.sbin/relayd/args-http-chunked.pl index 839de14032a..2fdcb98978e 100644 --- a/regress/usr.sbin/relayd/args-http-chunked.pl +++ b/regress/usr.sbin/relayd/args-http-chunked.pl @@ -8,16 +8,21 @@ our %args = ( client => { func => \&http_client, lengths => \@lengths, + mreqs => 1, }, relayd => { protocol => [ "http", - "request header log foo", - "response header log Transfer-Encoding", + "match request header log foo", + "match response header log Transfer-Encoding", ], - loggrep => { "log 'Transfer-Encoding: chunked'" => 2 }, + loggrep => { + "Transfer-Encoding: chunked" => 2, + qr/\[\(null\)\]/ => 0, + }, }, server => { func => \&http_server, + mreqs => scalar(@lengths), }, lengths => \@lengths, md5 => "bc3a3f39af35fe5b1687903da2b00c7f", diff --git a/regress/usr.sbin/relayd/args-http-contentlength.pl b/regress/usr.sbin/relayd/args-http-contentlength.pl index fc36cd96556..17db74b1de7 100644 --- a/regress/usr.sbin/relayd/args-http-contentlength.pl +++ b/regress/usr.sbin/relayd/args-http-contentlength.pl @@ -8,18 +8,19 @@ our %args = ( client => { func => \&http_client, lengths => \@lengths, + mreqs => 1, }, relayd => { protocol => [ "http", - "request header log foo", - "response header log Content-Length", + "match request header log foo", + "match response header log Content-Length", ], - loggrep => [ map { "log 'Content-Length: $_'" } @lengths ], + loggrep => [ map { "Content-Length: $_" } @lengths ], }, server => { func => \&http_server, + mreqs => scalar(@lengths), }, - lengths => \@lengths, ); 1; diff --git a/regress/usr.sbin/relayd/args-http-expect.pl b/regress/usr.sbin/relayd/args-http-expect.pl index c9fb482894b..8a8c7dd39ad 100644 --- a/regress/usr.sbin/relayd/args-http-expect.pl +++ b/regress/usr.sbin/relayd/args-http-expect.pl @@ -6,12 +6,18 @@ our %args = ( client => { func => \&http_client, lengths => \@lengths, - path => "query?foo=bar&ok=yes" + path => "query?foo=bar&ok=yes", }, relayd => { protocol => [ "http", - 'request query expect "bar" from "foo" log', + 'block request', + 'block request query log "ok"', + 'pass query log "foo" value "bar"', ], + loggrep => { + qr/\[foo: bar\]/ => 1, + qr/\[ok: yes\]/ => 0, + }, }, server => { func => \&http_server, diff --git a/regress/usr.sbin/relayd/args-http-filter-block.pl b/regress/usr.sbin/relayd/args-http-filter-block.pl index 10c6d437fd5..a3bf1ec66c2 100644 --- a/regress/usr.sbin/relayd/args-http-filter-block.pl +++ b/regress/usr.sbin/relayd/args-http-filter-block.pl @@ -1,4 +1,4 @@ -# test http connection with request block filter, tests lateconnect +# test http block use strict; use warnings; @@ -8,17 +8,19 @@ our %args = ( client => { func => sub { eval { http_client(@_) }; warn $@ }, loggrep => qr/Client missing http 3 response/, - lengths => \@lengths, + lengths => \@lengths, + mreqs => 1, }, relayd => { protocol => [ "http", - 'request path filter "/3"', + 'block request path "/3"', ], - loggrep => qr/rejecting request/, + loggrep => qr/Forbidden/, }, server => { func => \&http_server, lengths => (1, 2, 0), + mreqs => 3, }, ); diff --git a/regress/usr.sbin/relayd/args-http-filter-contentlength.pl b/regress/usr.sbin/relayd/args-http-filter-contentlength.pl index 70450528041..d72f99ddb4d 100644 --- a/regress/usr.sbin/relayd/args-http-filter-contentlength.pl +++ b/regress/usr.sbin/relayd/args-http-filter-contentlength.pl @@ -13,7 +13,7 @@ our %args = ( }, relayd => { protocol => [ "http", - 'request path filter "/2"', + 'block request path "/2"', ], loggrep => qr/done/, }, diff --git a/regress/usr.sbin/relayd/args-http-filter-cookie.pl b/regress/usr.sbin/relayd/args-http-filter-cookie.pl index e53f4ca9233..1bb6cd5c921 100644 --- a/regress/usr.sbin/relayd/args-http-filter-cookie.pl +++ b/regress/usr.sbin/relayd/args-http-filter-cookie.pl @@ -1,24 +1,33 @@ -# test http block +# test http block cookies use strict; use warnings; +my @lengths = (1, 2, 3, 4); +my @cookies = ("med=thx; domain=.foo.bar; path=/; expires=Mon, 27-Oct-2014 04:11:56 GMT;", "", "", ""); our %args = ( client => { - func => sub { eval { http_client(@_) }; warn $@ }, - loggrep => qr/Client missing http 251 response/, - cookie => "med=thx; domain=.foo.bar; path=/; expires=Mon, 27-Oct-2014 04:11:56 GMT;", - path => "anypath", - nocheck => 1, + func => \&http_client, + loggrep => { + qr/Client missing http 1 response/ => 1, + qr/Set-Cookie: a\=b\;/ => 3, + }, + cookies => \@cookies, + lengths => \@lengths, + httpnok => 1, + mreqs => 1, }, relayd => { protocol => [ "http", - 'request cookie filter "thx" from "med" log', + 'block request cookie log "med" value "thx"', + 'match response cookie append "a" value "b" tag "cookie"', + 'pass tagged "cookie"', ], - loggrep => qr/rejecting request, \[med: thx\]/, + loggrep => qr/Forbidden, \[Cookie: med=thx.*/, }, server => { - noserver => 1, + func => \&http_server, + mreqs => 3, nocheck => 1, }, ); diff --git a/regress/usr.sbin/relayd/args-http-filter-persistent.pl b/regress/usr.sbin/relayd/args-http-filter-persistent.pl index e906de1581e..e16c4f05028 100644 --- a/regress/usr.sbin/relayd/args-http-filter-persistent.pl +++ b/regress/usr.sbin/relayd/args-http-filter-persistent.pl @@ -10,15 +10,19 @@ our %args = ( func => sub { eval { http_client(@_) }; warn $@ }, lengths => \@lengths, loggrep => qr/Client missing http 2 response/, + mreqs => 1, + httpnok => 1, }, relayd => { protocol => [ "http", - 'request path filter "/2"', + 'block request path "/2"', ], - loggrep => qr/rejecting request/, + loggrep => qr/Forbidden/, }, server => { func => \&http_server, + mreqs => 7, + nocheck => 1, }, lengths => [251, 16384, 0, 1], md5 => "bc3a3f39af35fe5b1687903da2b00c7f", diff --git a/regress/usr.sbin/relayd/args-http-filter-put-contentlength.pl b/regress/usr.sbin/relayd/args-http-filter-put-contentlength.pl index 62a234943bb..691beb7d27f 100644 --- a/regress/usr.sbin/relayd/args-http-filter-put-contentlength.pl +++ b/regress/usr.sbin/relayd/args-http-filter-put-contentlength.pl @@ -14,7 +14,7 @@ our %args = ( }, relayd => { protocol => [ "http", - 'request path filter "/2"', + 'match request path "/2"', ], loggrep => qr/done/, }, diff --git a/regress/usr.sbin/relayd/args-http-filter-put.pl b/regress/usr.sbin/relayd/args-http-filter-put.pl index b988b793ea9..e1e57543b39 100644 --- a/regress/usr.sbin/relayd/args-http-filter-put.pl +++ b/regress/usr.sbin/relayd/args-http-filter-put.pl @@ -11,7 +11,7 @@ our %args = ( }, relayd => { protocol => [ "http", - 'request path filter "/2"', + 'block request path "/2"', ], loggrep => qr/done/, }, diff --git a/regress/usr.sbin/relayd/args-http-filter-url-digest.pl b/regress/usr.sbin/relayd/args-http-filter-url-digest.pl index c3739a80178..7bfd8af02fe 100644 --- a/regress/usr.sbin/relayd/args-http-filter-url-digest.pl +++ b/regress/usr.sbin/relayd/args-http-filter-url-digest.pl @@ -15,11 +15,11 @@ our %args = ( relayd => { protocol => [ "http", 'return error', - 'url filter digest 0ac8ccfc03317891ae2820de10ee2167d31ebd16 log', + 'block request url log digest 0ac8ccfc03317891ae2820de10ee2167d31ebd16', ], loggrep => { - qr/rejecting request \(403 Forbidden\)/ => 1, - qr/\[0ac8ccfc03317891ae2820de10ee2167d31ebd16:/ => 1, + qr/Forbidden \(403 Forbidden\)/ => 1, + qr/\[0ac8ccfc03317891ae2820de10ee2167d31ebd16\]/ => 1, }, }, server => { diff --git a/regress/usr.sbin/relayd/args-http-filter-url-file.pl b/regress/usr.sbin/relayd/args-http-filter-url-file.pl index 823794dd365..363769555e9 100644 --- a/regress/usr.sbin/relayd/args-http-filter-url-file.pl +++ b/regress/usr.sbin/relayd/args-http-filter-url-file.pl @@ -1,28 +1,38 @@ use strict; use warnings; -my @lengths = (1, 2, 4, 0, 3); +my @lengths = (1, 2, 4, 0, 3, 5); our %args = ( client => { - func => sub { eval { http_client(@_) }; warn $@ }, + func => \&http_client, lengths => \@lengths, - loggrep => qr/Forbidden/, + loggrep => { + qr/403 Forbidden/ => 2, + qr/Server: OpenBSD relayd/ => 2, + qr/Connection: close/ => 2, + qr/Content-Length\: 3/ => 0, + qr/Content-Length\: 4/ => 1, + }, + mreqs => 1, + httpnok => 1, }, relayd => { protocol => [ "http", 'return error', - 'label test_reject_label', - 'url filter file "$curdir/args-http-filter-url-file.in" log', - 'no label', + 'pass', + 'block request url log file "$curdir/args-http-filter-url-file.in" value "*" label "test_reject_label"', ], loggrep => { - qr/rejecting request/ => 1, - qr/\[test_reject_label\, foo\.bar\/0\:/ => 1 + qr/Forbidden/ => 2, + qr/\[test_reject_label\, foo\.bar\/0\]/ => 1, + qr/\[test_reject_label\, foo\.bar\/3\]/ => 1, }, }, server => { func => \&http_server, lengths => (1, 2, 4), + mreqs => 4, + nocheck => 1, }, ); diff --git a/regress/usr.sbin/relayd/args-http-filter-url.pl b/regress/usr.sbin/relayd/args-http-filter-url.pl index 534be4c7597..c50ec56ed00 100644 --- a/regress/usr.sbin/relayd/args-http-filter-url.pl +++ b/regress/usr.sbin/relayd/args-http-filter-url.pl @@ -15,11 +15,11 @@ our %args = ( relayd => { protocol => [ "http", 'return error', - 'request url filter "foo.bar/a/b/" log', + 'block request url log "foo.bar/a/b/"', ], loggrep => { - qr/rejecting request \(403 Forbidden\)/ => 1, - qr/\[foo.bar\/a\/b\/:/ => 1, + qr/Forbidden \(403 Forbidden\)/ => 1, + qr/\[foo.bar\/a\/b\// => 1, }, }, server => { diff --git a/regress/usr.sbin/relayd/args-http-filter.pl b/regress/usr.sbin/relayd/args-http-filter.pl index db71a52a8fa..bf282f7b998 100644 --- a/regress/usr.sbin/relayd/args-http-filter.pl +++ b/regress/usr.sbin/relayd/args-http-filter.pl @@ -10,7 +10,7 @@ our %args = ( }, relayd => { protocol => [ "http", - 'request path filter "/2"', + 'match request path "/2"', ], loggrep => qr/done/, }, diff --git a/regress/usr.sbin/relayd/args-http-hash.pl b/regress/usr.sbin/relayd/args-http-hash.pl index da557eaae84..08c070244f2 100644 --- a/regress/usr.sbin/relayd/args-http-hash.pl +++ b/regress/usr.sbin/relayd/args-http-hash.pl @@ -11,12 +11,13 @@ our %args = ( relayd => { table => 1, protocol => [ "http", - 'path hash "/query" log', + 'match request path hash "/query"', + 'match request path log "/query"', ], relay => 'forward to <table-$test> port $connectport', loggrep => { qr/ (?:done|last write \(done\)), \[\/query: foobar\]/ => 1, - qr/relay_handle_http: hash 0xfde460be/ => 1, + qr/hashkey 0x7dc0306a/ => 1, }, }, server => { diff --git a/regress/usr.sbin/relayd/args-http-label.pl b/regress/usr.sbin/relayd/args-http-label.pl index 5185d73f529..94a7a4ff697 100644 --- a/regress/usr.sbin/relayd/args-http-label.pl +++ b/regress/usr.sbin/relayd/args-http-label.pl @@ -4,18 +4,20 @@ use warnings; our %args = ( client => { func => \&http_client, - loggrep => qr/403 Forbidden/, + loggrep => { + qr/403 Forbidden/ => 1, + qr/Content-Type: text\/html/ => 1 + }, path => "query?foo=bar&ok=yes", httpnok => 1, }, relayd => { protocol => [ "http", 'return error', - 'label "expect_foobar_label"', - 'request query filter "bar" from "foo" log', - 'no label', + 'block', + 'match request query log "foo" value "bar" label "expect_foobar_label"', ], - loggrep => qr/.*403 Forbidden.*expect_foobar_label.*foo: bar/, + loggrep => qr/Forbidden.*403 Forbidden.*expect_foobar_label.*foo: bar/, }, server => { noserver => 1, diff --git a/regress/usr.sbin/relayd/args-http-log.pl b/regress/usr.sbin/relayd/args-http-log.pl index 00f0180fdd5..887c6c7651d 100644 --- a/regress/usr.sbin/relayd/args-http-log.pl +++ b/regress/usr.sbin/relayd/args-http-log.pl @@ -9,9 +9,13 @@ our %args = ( }, relayd => { protocol => [ "http", - "request header log foo", - "response header log bar", + "match request header log Host", + "match response header log Server", ], + loggrep => { + qr/\[Host: foo.bar\]/ => 1, + qr/\[Server: Perl\/[^\s]+\s*\]/ => 1, + }, }, server => { func => \&http_server, diff --git a/regress/usr.sbin/relayd/args-http-mark-marked.pl b/regress/usr.sbin/relayd/args-http-mark-marked.pl index 6aadeb6ac24..b5a3752a1b7 100644 --- a/regress/usr.sbin/relayd/args-http-mark-marked.pl +++ b/regress/usr.sbin/relayd/args-http-mark-marked.pl @@ -3,19 +3,18 @@ use warnings; our %args = ( client => { - noclient => 1, - nocheck => 1, + func => \&http_client, + len => 33, }, relayd => { protocol => [ "http", - 'request path mark "*" with 99 marked 55', + 'match request path "/3*" value "*" tag RING0', + 'match request tagged RING0 tag RINGX', ], - loggrep => { "either mark or marked" => 1 }, - dryrun => "relayd.conf:4: either mark or marked", + loggrep => { ", RINGX,.*done" => 1 }, }, server => { - noserver => 1, - nocheck => 1, + func => \&http_server, }, ); diff --git a/regress/usr.sbin/relayd/args-http-mark.pl b/regress/usr.sbin/relayd/args-http-mark.pl index 84a6345b01a..960bf9031b9 100644 --- a/regress/usr.sbin/relayd/args-http-mark.pl +++ b/regress/usr.sbin/relayd/args-http-mark.pl @@ -8,14 +8,14 @@ our %args = ( }, relayd => { protocol => [ "http", - 'request path mark "*" from "/foobar" with 55', - 'request header append "bar" to "foo" marked 55', + 'match request path "/foobar" value "*" tag RING0', + 'block request', + 'pass request quick tagged RING0', ], - loggrep => { ", 55,.*done" => 1 }, + loggrep => { ", RING0,.*done" => 1 }, }, server => { func => \&http_server, - loggrep => { "foo: bar" => 1 }, }, ); diff --git a/regress/usr.sbin/relayd/args-http-persistent.pl b/regress/usr.sbin/relayd/args-http-persistent.pl index 59362bc8ad5..9e38dbb5f14 100644 --- a/regress/usr.sbin/relayd/args-http-persistent.pl +++ b/regress/usr.sbin/relayd/args-http-persistent.pl @@ -8,15 +8,18 @@ our %args = ( client => { func => \&http_client, lengths => \@lengths, + mreqs => 1, }, relayd => { protocol => [ "http", - "request header log foo", - "response header log bar", + "match request header log foo", + "match response header log bar", ], + loggrep => qr/\, done/, }, server => { func => \&http_server, + mreqs => scalar(@lengths), }, lengths => \@lengths, md5 => "bc3a3f39af35fe5b1687903da2b00c7f", diff --git a/regress/usr.sbin/relayd/args-http-put.pl b/regress/usr.sbin/relayd/args-http-put.pl index 302fe483596..32a95e25bcd 100644 --- a/regress/usr.sbin/relayd/args-http-put.pl +++ b/regress/usr.sbin/relayd/args-http-put.pl @@ -9,15 +9,18 @@ our %args = ( func => \&http_client, lengths => \@lengths, method => "PUT", + mreqs => 1, }, relayd => { protocol => [ "http", - "request header log foo", - "response header log bar", + "match request header log foo", + "match response header log bar", ], + loggrep => qr/\, done/, }, server => { func => \&http_server, + mreqs => scalar(@lengths), }, lengths => \@lengths, md5 => "bc3a3f39af35fe5b1687903da2b00c7f", diff --git a/regress/usr.sbin/relayd/args-http-remove.pl b/regress/usr.sbin/relayd/args-http-remove.pl index 3a87684dd8e..cee6e5ae9c4 100644 --- a/regress/usr.sbin/relayd/args-http-remove.pl +++ b/regress/usr.sbin/relayd/args-http-remove.pl @@ -8,6 +8,7 @@ my %header = ( our %args = ( client => { func => \&http_client, + nocheck => 1, loggrep => { "X-Header-Foo: foo" => 0, "X-Header-Bar: bar" => 1, @@ -15,9 +16,10 @@ our %args = ( }, relayd => { protocol => [ "http", - 'response header remove X-Header-Foo log', + 'match response header remove X-Header-Foo', + 'match response header log "*"', ], - loggrep => { qr/ (?:done|last write \(done\)), \[X-Header-Foo: foo\s*\]/ => 1 }, + loggrep => { qr/ (?:done|last write \(done\)), \[X-Header-Foo: foo \*removed\*\s*\]/ => 1 }, }, server => { func => \&http_server, diff --git a/regress/usr.sbin/relayd/args-http-return.pl b/regress/usr.sbin/relayd/args-http-return.pl index 3d06bd7588d..686729f1291 100644 --- a/regress/usr.sbin/relayd/args-http-return.pl +++ b/regress/usr.sbin/relayd/args-http-return.pl @@ -12,13 +12,11 @@ our %args = ( relayd => { protocol => [ "http", 'return error', - 'label "expect_foobar_return_test"', - 'request query expect "baz" from "foo" log', - 'no label', + 'pass', + 'block request query log "foo" value "bar" label \ + "expect_foobar_return_test"', ], - loggrep => { - ' \(403 Forbidden\), \[expect_foobar_return_test, foo: bar\]' => 1 - }, + loggrep => { 'Forbidden \(403 Forbidden\), \[expect_foobar_return_test, foo: bar\]' => 1 }, }, server => { noserver => 1, diff --git a/regress/usr.sbin/relayd/args-https-chunked.pl b/regress/usr.sbin/relayd/args-https-chunked.pl index fb8d58238d6..af66cf4e1d2 100644 --- a/regress/usr.sbin/relayd/args-https-chunked.pl +++ b/regress/usr.sbin/relayd/args-https-chunked.pl @@ -9,19 +9,24 @@ our %args = ( func => \&http_client, lengths => \@lengths, ssl => 1, + mreqs => 1, }, relayd => { protocol => [ "http", - "request header log foo", - "response header log Transfer-Encoding", + "match request header log foo", + "match response header log Transfer-Encoding", ], - loggrep => { "log 'Transfer-Encoding: chunked'" => 2 }, + loggrep => { + "Transfer-Encoding: chunked" => 2, + qr/\[\(null\)\]/ => 0, + }, forwardssl => 1, listenssl => 1, }, server => { func => \&http_server, ssl => 1, + mreqs => scalar(@lengths), }, lengths => \@lengths, md5 => "bc3a3f39af35fe5b1687903da2b00c7f", diff --git a/regress/usr.sbin/relayd/args-https-contentlength.pl b/regress/usr.sbin/relayd/args-https-contentlength.pl index 33d1bff9906..611c2877fa9 100644 --- a/regress/usr.sbin/relayd/args-https-contentlength.pl +++ b/regress/usr.sbin/relayd/args-https-contentlength.pl @@ -9,19 +9,21 @@ our %args = ( func => \&http_client, lengths => \@lengths, ssl => 1, + mreqs => 1 }, relayd => { protocol => [ "http", - "request header log foo", - "response header log Content-Length", + "match request header log foo", + "match response header log Content-Length", ], - loggrep => [ map { "log 'Content-Length: $_'" } @lengths ], + loggrep => [ map { "Content-Length: $_" } @lengths ], forwardssl => 1, listenssl => 1, }, server => { func => \&http_server, ssl => 1, + mreqs => scalar(@lengths), }, lengths => \@lengths, ); diff --git a/regress/usr.sbin/relayd/args-https-filter-persistent.pl b/regress/usr.sbin/relayd/args-https-filter-persistent.pl index 157834c825d..d087182f6e5 100644 --- a/regress/usr.sbin/relayd/args-https-filter-persistent.pl +++ b/regress/usr.sbin/relayd/args-https-filter-persistent.pl @@ -11,14 +11,16 @@ our %args = ( lengths => \@lengths, loggrep => qr/Client missing http 2 response/, ssl => 1, + mreqs => 1, + httpnok => 1, }, relayd => { protocol => [ "http", - 'request path filter "/2"', + 'block request path "/2"', ], loggrep => [ - qr/ssl, ssl client/, - qr/rejecting request/, + qr/ssl, ssl client/ => 1, + qr/Forbidden/ => 1, ], forwardssl => 1, listenssl => 1, @@ -26,6 +28,8 @@ our %args = ( server => { func => \&http_server, ssl => 1, + mreqs => 7, + nocheck => 1, }, lengths => [251, 16384, 0, 1], md5 => "bc3a3f39af35fe5b1687903da2b00c7f", diff --git a/regress/usr.sbin/relayd/args-https-persistent.pl b/regress/usr.sbin/relayd/args-https-persistent.pl index b53985b0783..44ace4ef395 100644 --- a/regress/usr.sbin/relayd/args-https-persistent.pl +++ b/regress/usr.sbin/relayd/args-https-persistent.pl @@ -9,18 +9,21 @@ our %args = ( func => \&http_client, lengths => \@lengths, ssl => 1, + mreqs => 1, }, relayd => { protocol => [ "http", - "request header log foo", - "response header log bar", + "match request header log foo", + "match response header log bar", ], + loggrep => qr/\, done/, forwardssl => 1, listenssl => 1, }, server => { func => \&http_server, ssl => 1, + mreqs => scalar(@lengths), }, lengths => \@lengths, md5 => "bc3a3f39af35fe5b1687903da2b00c7f", diff --git a/regress/usr.sbin/relayd/args-https-put.pl b/regress/usr.sbin/relayd/args-https-put.pl index c8a8cef328e..e393dc3210b 100644 --- a/regress/usr.sbin/relayd/args-https-put.pl +++ b/regress/usr.sbin/relayd/args-https-put.pl @@ -10,18 +10,21 @@ our %args = ( lengths => \@lengths, method => "PUT", ssl => 1, + mreqs => 1, }, relayd => { protocol => [ "http", - "request header log foo", - "response header log bar", + "match request header log foo", + "match response header log bar", ], forwardssl => 1, listenssl => 1, + loggrep => qr/\, done/, }, server => { func => \&http_server, ssl => 1, + mreqs => scalar(@lengths), }, lengths => \@lengths, md5 => "bc3a3f39af35fe5b1687903da2b00c7f", diff --git a/regress/usr.sbin/relayd/args-https.pl b/regress/usr.sbin/relayd/args-https.pl index 90f1141a3e1..ed2c9212406 100644 --- a/regress/usr.sbin/relayd/args-https.pl +++ b/regress/usr.sbin/relayd/args-https.pl @@ -10,8 +10,8 @@ our %args = ( }, relayd => { protocol => [ "http", - "request header log foo", - "response header log bar", + "match request header log foo", + "match response header log bar", ], forwardssl => 1, listenssl => 1, diff --git a/regress/usr.sbin/relayd/args-timeout-http.pl b/regress/usr.sbin/relayd/args-timeout-http.pl index 6cc33be4712..b1899206f2c 100644 --- a/regress/usr.sbin/relayd/args-timeout-http.pl +++ b/regress/usr.sbin/relayd/args-timeout-http.pl @@ -16,8 +16,8 @@ our %args = ( func => sub { errignore(); http_server(@_); - sleep 4; - write_char(@_, 4); + sleep 5; + write_char(@_, 5); }, sleep => 1, down => "Broken pipe", diff --git a/regress/usr.sbin/relayd/funcs.pl b/regress/usr.sbin/relayd/funcs.pl index 01c24ce9ba7..b0cfffca67c 100644 --- a/regress/usr.sbin/relayd/funcs.pl +++ b/regress/usr.sbin/relayd/funcs.pl @@ -1,4 +1,4 @@ -# $OpenBSD: funcs.pl,v 1.11 2014/06/22 14:18:01 bluhm Exp $ +# $OpenBSD: funcs.pl,v 1.12 2014/07/09 16:48:55 reyk Exp $ # Copyright (c) 2010-2013 Alexander Bluhm <bluhm@openbsd.org> # @@ -24,6 +24,7 @@ use Socket; use Socket6; use IO::Socket; use IO::Socket::INET6; +use IO::Socket::SSL; sub find_ports { my %args = @_; @@ -44,6 +45,41 @@ sub find_ports { return @ports; } +sub client_connect { + my $self = shift; + + $SSL_ERROR = ""; + my $iosocket = $self->{ssl} ? "IO::Socket::SSL" : "IO::Socket::INET6"; + my $cs = $iosocket->new( + Proto => "tcp", + Domain => $self->{connectdomain}, + PeerAddr => $self->{connectaddr}, + PeerPort => $self->{connectport}, + SSL_verify_mode => SSL_VERIFY_NONE, + ) or die ref($self), " $iosocket socket connect failed: $!,$SSL_ERROR"; + print STDERR "connect sock: ",$cs->sockhost()," ",$cs->sockport(),"\n"; + print STDERR "connect peer: ",$cs->peerhost()," ",$cs->peerport(),"\n"; + + $self->{stdout} = *STDOUT; + $self->{stdin} = *STDIN; + *STDIN = *STDOUT = $self->{cs} = $cs; +} + +sub client_disconnect { + my $self = shift; + my $cs = $self->{cs}; + + *STDOUT = $self->{stdout}; + *STDIN = $self->{stdin}; + + print STDERR "shutdown sock: ",$cs->sockhost()," ",$cs->sockport(),"\n"; + print STDERR "shutdown peer: ",$cs->peerhost()," ",$cs->peerport(),"\n"; + + IO::Handle::flush(\*STDOUT); + IO::Handle::flush($cs); + $cs->shutdown(SHUT_RDWR); +} + ######################################################################## # Client funcs ######################################################################## @@ -90,9 +126,15 @@ sub http_client { my $vers = $self->{lengths} ? "1.1" : "1.0"; my $method = $self->{method} || "GET"; my %header = %{$self->{header} || {}}; - my $cookie = $self->{cookie} || ""; + my @cookies = $self->{cookies} ? @{$self->{cookies}} : + ($self->{cookie} ? @{$self->{cookie}} : ()); + my $c = 0; foreach my $len (@lengths) { + my $cookie = ($c < scalar(@cookies) && length($cookies[$c])) ? + $cookies[$c] : ""; + ++$c; + $self->{mreqs} && client_connect($self); # encode the requested length or chunks into the url my $path = ref($len) eq 'ARRAY' ? join("/", @$len) : $len; # overwrite path with custom path @@ -105,8 +147,7 @@ sub http_client { if $vers eq "1.1" && $method eq "PUT" && !defined $header{'Content-Length'}; push @request, "$_: $header{$_}" foreach sort keys %header; - push @request, "Cookie: $cookie" - if $cookie ne ""; + push @request, "Cookie: $cookie" if $cookie ne ""; push @request, ""; print STDERR map { ">>> $_\n" } @request; print map { "$_\r\n" } @request; @@ -122,16 +163,18 @@ sub http_client { local $/ = "\r\n"; local $_ = <STDIN>; defined - or die ref($self), " missing http $len response"; - chomp; - print STDERR "<<< $_\n"; - m{^HTTP/$vers 200 OK$} - or die ref($self), " http response not ok" - unless $self->{httpnok}; + or print STDERR ref($self), + " missing http $len response\n"; + chomp if defined; + print STDERR "<<< $_\n" if defined; + die ref($self), " http response not ok" + if (!defined or !m{^HTTP/$vers 200 OK$}) && + !$self->{httpnok}; while (<STDIN>) { chomp; print STDERR "<<< $_\n"; last if /^$/; + last if /^X-Chunk-Trailer:.*/; if (/^Content-Length: (.*)/) { $1 == $len or die ref($self), " bad content length $1"; @@ -147,6 +190,7 @@ sub http_client { read_char($self, $vers eq "1.1" ? $len : undef) if $method eq "GET"; } + $self->{mreqs} && client_disconnect($self); } } @@ -227,13 +271,43 @@ sub read_char { print STDERR "MD5: ", $ctx->hexdigest, "\n"; } +sub server_accept { + my $self = shift; + my $iosocket = $self->{ssl} ? "IO::Socket::SSL" : "IO::Socket::INET6"; + my $as = $self->{ls}->accept() + or die ref($self), " $iosocket socket accept failed: $!"; + print STDERR "accept sock: ",$as->sockhost()," ",$as->sockport(),"\n"; + print STDERR "accept peer: ",$as->peerhost()," ",$as->peerport(),"\n"; + + $self->{stdout} = *STDOUT; + $self->{stdin} = *STDIN; + *STDIN = *STDOUT = $self->{as} = $as; +} + +sub server_disconnect { + my $self = shift; + my $as = $self->{as}; + *STDOUT = $self->{stdout}; + *STDIN = $self->{stdin}; + + print STDERR "shutdown sock: ",$as->sockhost()," ",$as->sockport(),"\n"; + print STDERR "shutdown peer: ",$as->peerhost()," ",$as->peerport(),"\n"; + + IO::Handle::flush(\*STDOUT); + IO::Handle::flush($as); +# $as->shutdown(SHUT_RDWR); + IO::Handle::close($as); +} + sub http_server { my $self = shift; - my %header = %{$self->{header} || {}}; + my %header = %{$self->{header} || { Server => "Perl/".$^V }}; my $cookie = $self->{cookie} || ""; + my $reqsc = $self->{mreqs} || 0; my($method, $url, $vers); do { + $self->{mreqs} && server_accept($self); my $len; { local $/ = "\r\n"; @@ -290,6 +364,10 @@ sub http_server { write_char($self, $len) if $method eq "GET"; } IO::Handle::flush(\*STDOUT); + if ($self->{mreqs}) { + server_disconnect($self); + --$reqsc > 0 or return; + } } while ($vers eq "1.1"); } |