[master] 5e124e994 improve acl test coverage

Nils Goroll nils.goroll at uplex.de
Thu Dec 12 11:45:06 UTC 2019


commit 5e124e99498a2be723eaea54efead55c497ad225
Author: Nils Goroll <nils.goroll at uplex.de>
Date:   Thu Dec 12 12:44:13 2019 +0100

    improve acl test coverage

diff --git a/bin/varnishtest/tests/c00005.vtc b/bin/varnishtest/tests/c00005.vtc
index b9072f8fd..5f6852d0c 100644
--- a/bin/varnishtest/tests/c00005.vtc
+++ b/bin/varnishtest/tests/c00005.vtc
@@ -1,4 +1,4 @@
-varnishtest "Test simple ACL"
+varnishtest "Test ACLs"
 
 server s1 {
 	rxreq
@@ -64,3 +64,87 @@ varnish v1 -vcl+backend {
 }
 
 client c1 -run
+
+varnish v1 -cliok "param.set vsl_mask -VCL_trace"
+
+varnish v1 -vcl {
+	import std;
+
+	backend dummy None;
+
+	acl acl1 {
+		# bad notation (confusing)
+		"1.2.3.4"/24;
+		"1.2.3.66"/26;
+
+		# more specific wins
+		"1.4.4.0"/22;
+		"1.3.4.0"/23;
+		"1.3.5.0"/26;
+		"1.3.6.0"/25;
+		"1.3.6.128"/25;
+		"1.3.0.0"/21;
+		"1.4.7.0"/24;
+		"1.4.6.0"/24;
+	}
+
+	sub vcl_recv {
+		return (synth(200));
+	}
+	sub t {
+		if (std.ip(req.http.ip) ~ acl1) { }
+	}
+	sub vcl_synth {
+		# variables would be nice, but not in core (yet?)
+		set req.http.ip = "1.2.3.0";	call t;
+		set req.http.ip = "1.2.3.63";	call t;
+		set req.http.ip = "1.2.3.64";	call t;
+
+		set req.http.ip = "1.3.4.255";	call t;
+		set req.http.ip = "1.3.5.0";	call t;
+		set req.http.ip = "1.3.5.255";	call t;
+		set req.http.ip = "1.3.6.0";	call t;
+		set req.http.ip = "1.3.6.140";	call t;
+		set req.http.ip = "1.3.7.255";	call t;
+
+		set req.http.ip = "1.4.5.255";	call t;
+		set req.http.ip = "1.4.6.64";	call t;
+		set req.http.ip = "1.4.7.64";	call t;
+	}
+}
+
+logexpect l1 -v v1 -g raw {
+	expect * 1007	ReqHeader	{^\Qip: 1.2.3.0\E$}
+	expect 0 =	VCL_acl	{^\QMATCH acl1 "1.2.3.4"/24\E}
+	expect 1 =	ReqHeader	{^\Qip: 1.2.3.63\E$}
+	expect 0 =	VCL_acl	{^\QMATCH acl1 "1.2.3.4"/24\E}
+	expect 1 =	ReqHeader	{^\Qip: 1.2.3.64\E$}
+	expect 0 =	VCL_acl	{^\QMATCH acl1 "1.2.3.66"/26\E}
+
+	expect 1 =	ReqHeader	{^\Qip: 1.3.4.255\E$}
+	expect 0 =	VCL_acl	{^\QMATCH acl1 "1.3.4.0"/23\E}
+	expect 1 =	ReqHeader	{^\Qip: 1.3.5.0\E$}
+	expect 0 =	VCL_acl	{^\QMATCH acl1 "1.3.5.0"/26\E}
+	expect 1 =	ReqHeader	{^\Qip: 1.3.5.255\E$}
+	expect 0 =	VCL_acl	{^\QMATCH acl1 "1.3.4.0"/23\E}
+	expect 1 =	ReqHeader	{^\Qip: 1.3.6.0\E$}
+	expect 0 =	VCL_acl	{^\QMATCH acl1 "1.3.6.0"/25\E}
+	expect 1 =	ReqHeader	{^\Qip: 1.3.6.140\E$}
+	expect 0 =	VCL_acl	{^\QMATCH acl1 "1.3.6.128"/25\E}
+	expect 1 =	ReqHeader	{^\Qip: 1.3.7.255\E$}
+	expect 0 =	VCL_acl	{^\QMATCH acl1 "1.3.0.0"/21\E}
+
+	expect 1 =	ReqHeader	{^\Qip: 1.4.5.255\E$}
+	expect 0 =	VCL_acl	{^\QMATCH acl1 "1.4.4.0"/22\E}
+	expect 1 =	ReqHeader	{^\Qip: 1.4.6.64\E$}
+	expect 0 =	VCL_acl	{^\QMATCH acl1 "1.4.6.0"/24\E}
+	expect 1 =	ReqHeader	{^\Qip: 1.4.7.64\E$}
+	expect 0 =	VCL_acl	{^\QMATCH acl1 "1.4.7.0"/24\E}
+} -start
+
+client c1 {
+	txreq
+	rxresp
+} -run
+
+logexpect l1 -wait


More information about the varnish-commit mailing list