[master] a79456563 Thest ACL's more comprehensively.
Poul-Henning Kamp
phk at FreeBSD.org
Wed Mar 24 12:14:04 UTC 2021
commit a79456563999de96a65b97038692386b7b1d1fb1
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Wed Mar 24 12:12:41 2021 +0000
Thest ACL's more comprehensively.
diff --git a/bin/varnishtest/tests/r01312.vtc b/bin/varnishtest/tests/r01312.vtc
index 762da43bf..0f3fc3978 100644
--- a/bin/varnishtest/tests/r01312.vtc
+++ b/bin/varnishtest/tests/r01312.vtc
@@ -1,4 +1,4 @@
-varnishtest "acl miscompile"
+varnishtest "acl functional (& historic miscompile)"
server s1 {
rxreq
@@ -7,6 +7,7 @@ server s1 {
varnish v1 -vcl+backend {
import std;
+ import debug;
acl foo {
"127.0.0.2";
@@ -16,15 +17,71 @@ varnish v1 -vcl+backend {
"127.0.1.2";
"127.0.1"/19;
}
+
+ acl block {
+ # Tests all boundary conditions
+ "192.168.8.0" / 21;
+ ! "192.168.16" / 21;
+ "192.168.8.0" / 23;
+ ! "192.168.14.0" / 23;
+ "192.168.16.0" / 23;
+ ! "192.168.22.0" / 23;
+ ! "192.168.8.0" / 24;
+ ! "192.168.11.0" / 24;
+ "192.168.15.0" / 24;
+ ! "192.168.16.0" / 24;
+ "192.168.19.0" / 24;
+ "192.168.23.0" / 24;
+
+ # Same pattern, but split across bytes
+ "::0080" / 121;
+ ! "::0100" / 121;
+ "::0080" / 123;
+ ! "::00e0" / 123;
+ "::0100" / 123;
+ ! "::0160" / 123;
+ ! "::0080" / 124;
+ ! "::00b0" / 124;
+ "::00f0" / 124;
+ ! "::0100" / 124;
+ "::0130" / 124;
+ "::0170" / 124;
+ }
+
sub vcl_deliver {
+ set resp.http.acl4 = debug.sweep_acl(
+ block,
+ std.ip("192.168.0.0"),
+ std.ip("192.168.32.255"),
+ 256
+ );
+ set resp.http.acl6 = debug.sweep_acl(
+ block,
+ std.ip("::"),
+ std.ip("::0200"),
+ 16
+ );
+
set resp.http.ACLfoo = std.ip("127.0.0.1", client.ip) ~ foo;
set resp.http.ACLbar = std.ip("127.0.0.1", client.ip) ~ bar;
}
} -start
+varnish v1 -cliok "param.set vsl_mask +Debug,-VCL_acl"
+varnish v1 -cliok "param.set debug +syncvsl"
+
+logexpect l1 -v v1 -g raw {
+ expect * 1001 Debug {Sweep: 192.168.0.0 ---------XX-XX-X-X-X---X---------}
+ expect * 1001 Debug {Sweep: :: ---------XX-XX-X-X-X---X---------}
+} -start
+
client c1 {
txreq
rxresp
expect resp.http.aclfoo == true
expect resp.http.aclbar == true
+ expect resp.http.acl4 == ":4thASR0O18ZxnoKtc4zd8KuO25rPvwvMQyAvRfilz6o=:"
+ expect resp.http.acl6 == ":NSi+7wpvQe7XJj8DPbESjpYPGnIzvjOsA5QCyCnW3kc=:"
} -run
+
+logexpect l1 -wait
More information about the varnish-commit
mailing list