}
func (s *VppProxySuite) CurlDownloadResourceViaTunnel(uri string, proxyUri string) {
- args := fmt.Sprintf("-w @/tmp/write_out_download_connect --max-time %d --insecure -p -x %s --remote-name --output-dir /tmp %s", s.maxTimeout, proxyUri, uri)
+ args := fmt.Sprintf("-w @/tmp/write_out_download_connect --max-time %d --insecure --proxy-insecure -p -x %s --remote-name --output-dir /tmp %s", s.maxTimeout, proxyUri, uri)
writeOut, log := s.RunCurlContainer(s.Containers.Curl, args)
s.AssertContains(writeOut, "CONNECT response code: 200")
s.AssertContains(writeOut, "GET response code: 200")
}
func (s *VppProxySuite) CurlUploadResourceViaTunnel(uri, proxyUri, file string) {
- args := fmt.Sprintf("-w @/tmp/write_out_upload_connect --max-time %d --insecure -p -x %s -T %s %s", s.maxTimeout, proxyUri, file, uri)
+ args := fmt.Sprintf("-w @/tmp/write_out_upload_connect --max-time %d --insecure --proxy-insecure -p -x %s -T %s %s", s.maxTimeout, proxyUri, file, uri)
writeOut, log := s.RunCurlContainer(s.Containers.Curl, args)
s.AssertContains(writeOut, "CONNECT response code: 200")
s.AssertContains(writeOut, "PUT response code: 201")
func init() {
RegisterVppProxyTests(VppProxyHttpGetTcpTest, VppProxyHttpGetTlsTest, VppProxyHttpPutTcpTest, VppProxyHttpPutTlsTest,
- VppConnectProxyGetTest, VppConnectProxyPutTest)
+ VppConnectProxyGetTest, VppConnectProxyPutTest, VppHttpsConnectProxyGetTest)
RegisterVppProxySoloTests(VppProxyHttpGetTcpMTTest, VppProxyHttpPutTcpMTTest, VppProxyTcpIperfMTTest,
VppProxyUdpIperfMTTest, VppConnectProxyStressTest, VppConnectProxyStressMTTest, VppConnectProxyConnectionFailedMTTest)
RegisterVppUdpProxyTests(VppProxyUdpTest, VppConnectUdpProxyTest, VppConnectUdpInvalidCapsuleTest,
func configureVppProxy(s *VppProxySuite, proto string, proxyPort uint16) {
vppProxy := s.Containers.VppProxy.VppInstance
- cmd := fmt.Sprintf("test proxy server fifo-size 512k server-uri %s://%s/%d", proto, s.VppProxyAddr(), proxyPort)
- if proto != "http" && proto != "udp" {
+ cmd := fmt.Sprintf("test proxy server fifo-size 512k server-uri %s://%s:%d", proto, s.VppProxyAddr(), proxyPort)
+ if proto != "http" && proto != "https" && proto != "udp" {
proto = "tcp"
}
- if proto != "http" {
- cmd += fmt.Sprintf(" client-uri %s://%s/%d", proto, s.ServerAddr(), s.Ports.Server)
+ if proto != "http" && proto != "https" {
+ cmd += fmt.Sprintf(" client-uri %s://%s:%d", proto, s.ServerAddr(), s.Ports.Server)
}
output := vppProxy.Vppctl(cmd)
s.CurlDownloadResourceViaTunnel(targetUri, proxyUri)
}
+func VppHttpsConnectProxyGetTest(s *VppProxySuite) {
+ s.SetupNginxServer()
+ configureVppProxy(s, "https", s.Ports.Proxy)
+
+ targetUri := fmt.Sprintf("http://%s:%d/httpTestFile", s.ServerAddr(), s.Ports.Server)
+ proxyUri := fmt.Sprintf("https://%s:%d", s.VppProxyAddr(), s.Ports.Proxy)
+ s.CurlDownloadResourceViaTunnel(targetUri, proxyUri)
+}
+
func VppConnectProxyConnectionFailedMTTest(s *VppProxySuite) {
s.SetupNginxServer()
configureVppProxy(s, "http", s.Ports.Proxy)
#include <hs_apps/proxy.h>
#include <vnet/tcp/tcp.h>
#include <http/http_header_names.h>
+#include <vnet/tls/tls_types.h>
proxy_main_t proxy_main;
clib_memcpy (&a->sep_ext, &pm->server_sep, sizeof (pm->server_sep));
/* Make sure listener is marked connected for transports like udp */
a->sep_ext.transport_flags = TRANSPORT_CFG_F_CONNECTED;
- need_crypto = proxy_transport_needs_crypto (a->sep.transport_proto);
- if (need_crypto)
- {
- transport_endpt_ext_cfg_t *ext_cfg = session_endpoint_add_ext_cfg (
- &a->sep_ext, TRANSPORT_ENDPT_EXT_CFG_CRYPTO,
- sizeof (transport_endpt_crypto_cfg_t));
- ext_cfg->crypto.ckpair_index = pm->ckpair_index;
- }
- /* set http timeout for connect-proxy */
+
if (pm->server_sep.transport_proto == TRANSPORT_PROTO_HTTP)
{
+ /* set http timeout for connect-proxy */
transport_endpt_cfg_http_t http_cfg = { pm->idle_timeout,
HTTP_UDP_TUNNEL_DGRAM };
transport_endpt_ext_cfg_t *ext_cfg = session_endpoint_add_ext_cfg (
&a->sep_ext, TRANSPORT_ENDPT_EXT_CFG_HTTP, sizeof (http_cfg));
clib_memcpy (ext_cfg->data, &http_cfg, sizeof (http_cfg));
+ if (pm->server_sep.flags & SESSION_ENDPT_CFG_F_SECURE)
+ {
+ transport_endpt_ext_cfg_t *ext_cfg = session_endpoint_add_ext_cfg (
+ &a->sep_ext, TRANSPORT_ENDPT_EXT_CFG_CRYPTO,
+ sizeof (transport_endpt_crypto_cfg_t));
+ ext_cfg->crypto.ckpair_index = pm->ckpair_index;
+ /* TODO: remove when http/2 connect done */
+ ext_cfg->crypto.alpn_protos[0] = TLS_ALPN_PROTO_HTTP_1_1;
+ }
+ }
+ else
+ {
+ need_crypto = proxy_transport_needs_crypto (a->sep.transport_proto);
+ if (need_crypto)
+ {
+ transport_endpt_ext_cfg_t *ext_cfg = session_endpoint_add_ext_cfg (
+ &a->sep_ext, TRANSPORT_ENDPT_EXT_CFG_CRYPTO,
+ sizeof (transport_endpt_crypto_cfg_t));
+ ext_cfg->crypto.ckpair_index = pm->ckpair_index;
+ }
}
rv = vnet_listen (a);
Code Review / vpp.git / commitdiff