[master] b3ec626b9 test client -> haproxy -> [UDS|TCP], proxy-v2 -> varnish

Nils Goroll nils.goroll at uplex.de
Thu May 21 10:43:08 UTC 2020 

commit b3ec626b975152b607d85d58d1790d3c064436ae
Author: Nils Goroll <nils.goroll at uplex.de>
Date:   Thu May 21 12:41:36 2020 +0200

    test client -> haproxy -> [UDS|TCP],proxy-v2 -> varnish
    
    and, in particular, matching client.ip against a vcl
    
    Ref #3334

diff --git a/bin/varnishtest/tests/h00006.vtc b/bin/varnishtest/tests/h00006.vtc
new file mode 100644
index 000000000..1844b7b19
--- /dev/null
+++ b/bin/varnishtest/tests/h00006.vtc
@@ -0,0 +1,55 @@
+varnishtest "haproxy tcp-mode, uds, send-proxy-v2, client ip and acl"
+
+# same as h00007.vtc, but usinguds for haproxy->varnish
+
+feature ignore_unknown_macro
+
+feature cmd {haproxy --version 2>&1 | grep -q 'HA-Proxy version'}
+
+server s1 {
+    rxreq
+    txresp -body "s1 >>> Hello world!"
+} -start
+
+varnish v1 -arg "-a ${tmpdir}/v1.sock,PROXY" -vcl+backend {
+	import std;
+
+	acl localhost {
+		"localhost";
+		"127.0.0.1";
+		"::1";
+	}
+
+	sub vcl_deliver {
+		set resp.http.cip = client.ip ~ localhost;
+		set resp.http.stdip =
+		    std.ip("" + client.ip, resolve = false) ~ localhost;
+
+		set resp.http.notcip = client.ip !~ localhost;
+		set resp.http.notstdip =
+		    std.ip("" + client.ip, resolve = false) !~ localhost;
+	}
+} -start
+
+haproxy h1 -D -conf {
+    defaults
+	mode   tcp
+	timeout connect         5s
+	timeout server          30s
+	timeout client          30s
+
+    listen ssloff
+	bind "fd@${fe1}"
+	server v1 ${tmpdir}/v1.sock send-proxy-v2
+} -start
+
+client c1 -connect ${h1_fe1_sock} {
+    txreq -url "/"
+    rxresp
+    expect resp.status == 200
+    expect resp.http.cip == true
+    expect resp.http.stdip == true
+    expect resp.http.notcip == false
+    expect resp.http.notstdip == false
+    expect resp.body == "s1 >>> Hello world!"
+} -run
diff --git a/bin/varnishtest/tests/h00007.vtc b/bin/varnishtest/tests/h00007.vtc
new file mode 100644
index 000000000..2e42472ad
--- /dev/null
+++ b/bin/varnishtest/tests/h00007.vtc
@@ -0,0 +1,55 @@
+varnishtest "haproxy tcp-mode, tcp, send-proxy-v2, client ip and acl"
+
+# same as h00006.vtc, but using tcp for haproxy->varnish
+
+feature ignore_unknown_macro
+
+feature cmd {haproxy --version 2>&1 | grep -q 'HA-Proxy version'}
+
+server s1 {
+    rxreq
+    txresp -body "s1 >>> Hello world!"
+} -start
+
+varnish v1 -proto "PROXY" -vcl+backend {
+	import std;
+
+	acl localhost {
+		"localhost";
+		"127.0.0.1";
+		"::1";
+	}
+
+	sub vcl_deliver {
+		set resp.http.cip = client.ip ~ localhost;
+		set resp.http.stdip =
+		    std.ip("" + client.ip, resolve = false) ~ localhost;
+
+		set resp.http.notcip = client.ip !~ localhost;
+		set resp.http.notstdip =
+		    std.ip("" + client.ip, resolve = false) !~ localhost;
+	}
+} -start
+
+haproxy h1 -D -conf {
+    defaults
+	mode   tcp
+	timeout connect         5s
+	timeout server          30s
+	timeout client          30s
+
+    listen ssloff
+	bind "fd@${fe1}"
+	server v1 ${v1_addr}:${v1_port} send-proxy-v2
+} -start
+
+client c1 -connect ${h1_fe1_sock} {
+    txreq -url "/"
+    rxresp
+    expect resp.status == 200
+    expect resp.http.cip == true
+    expect resp.http.stdip == true
+    expect resp.http.notcip == false
+    expect resp.http.notstdip == false
+    expect resp.body == "s1 >>> Hello world!"
+} -run

More information about the varnish-commit mailing list