From: Matus Fabian Date: Wed, 28 May 2025 13:58:59 +0000 (-0400) Subject: hsa: https support in proxy app X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F51%2F43051%2F2;p=vpp.git hsa: https support in proxy app Type: improvement Change-Id: Id777b4e9b30c496d702ae31b5d628815f6f3b59d Signed-off-by: Matus Fabian --- diff --git a/extras/hs-test/infra/suite_vpp_proxy.go b/extras/hs-test/infra/suite_vpp_proxy.go index ec08a630d26..92ca24c9d9e 100644 --- a/extras/hs-test/infra/suite_vpp_proxy.go +++ b/extras/hs-test/infra/suite_vpp_proxy.go @@ -164,7 +164,7 @@ func (s *VppProxySuite) CurlUploadResource(uri, file string) { } func (s *VppProxySuite) CurlDownloadResourceViaTunnel(uri string, proxyUri string) { - args := fmt.Sprintf("-w @/tmp/write_out_download_connect --max-time %d --insecure -p -x %s --remote-name --output-dir /tmp %s", s.maxTimeout, proxyUri, uri) + args := fmt.Sprintf("-w @/tmp/write_out_download_connect --max-time %d --insecure --proxy-insecure -p -x %s --remote-name --output-dir /tmp %s", s.maxTimeout, proxyUri, uri) writeOut, log := s.RunCurlContainer(s.Containers.Curl, args) s.AssertContains(writeOut, "CONNECT response code: 200") s.AssertContains(writeOut, "GET response code: 200") @@ -174,7 +174,7 @@ func (s *VppProxySuite) CurlDownloadResourceViaTunnel(uri string, proxyUri strin } func (s *VppProxySuite) CurlUploadResourceViaTunnel(uri, proxyUri, file string) { - args := fmt.Sprintf("-w @/tmp/write_out_upload_connect --max-time %d --insecure -p -x %s -T %s %s", s.maxTimeout, proxyUri, file, uri) + args := fmt.Sprintf("-w @/tmp/write_out_upload_connect --max-time %d --insecure --proxy-insecure -p -x %s -T %s %s", s.maxTimeout, proxyUri, file, uri) writeOut, log := s.RunCurlContainer(s.Containers.Curl, args) s.AssertContains(writeOut, "CONNECT response code: 200") s.AssertContains(writeOut, "PUT response code: 201") diff --git a/extras/hs-test/proxy_test.go b/extras/hs-test/proxy_test.go index 0e82bf3117b..9e107b5127e 100644 --- a/extras/hs-test/proxy_test.go +++ b/extras/hs-test/proxy_test.go @@ -22,7 +22,7 @@ import ( func init() { RegisterVppProxyTests(VppProxyHttpGetTcpTest, VppProxyHttpGetTlsTest, VppProxyHttpPutTcpTest, VppProxyHttpPutTlsTest, - VppConnectProxyGetTest, VppConnectProxyPutTest) + VppConnectProxyGetTest, VppConnectProxyPutTest, VppHttpsConnectProxyGetTest) RegisterVppProxySoloTests(VppProxyHttpGetTcpMTTest, VppProxyHttpPutTcpMTTest, VppProxyTcpIperfMTTest, VppProxyUdpIperfMTTest, VppConnectProxyStressTest, VppConnectProxyStressMTTest, VppConnectProxyConnectionFailedMTTest) RegisterVppUdpProxyTests(VppProxyUdpTest, VppConnectUdpProxyTest, VppConnectUdpInvalidCapsuleTest, @@ -34,12 +34,12 @@ func init() { func configureVppProxy(s *VppProxySuite, proto string, proxyPort uint16) { vppProxy := s.Containers.VppProxy.VppInstance - cmd := fmt.Sprintf("test proxy server fifo-size 512k server-uri %s://%s/%d", proto, s.VppProxyAddr(), proxyPort) - if proto != "http" && proto != "udp" { + cmd := fmt.Sprintf("test proxy server fifo-size 512k server-uri %s://%s:%d", proto, s.VppProxyAddr(), proxyPort) + if proto != "http" && proto != "https" && proto != "udp" { proto = "tcp" } - if proto != "http" { - cmd += fmt.Sprintf(" client-uri %s://%s/%d", proto, s.ServerAddr(), s.Ports.Server) + if proto != "http" && proto != "https" { + cmd += fmt.Sprintf(" client-uri %s://%s:%d", proto, s.ServerAddr(), s.Ports.Server) } output := vppProxy.Vppctl(cmd) @@ -180,6 +180,15 @@ func VppConnectProxyGetTest(s *VppProxySuite) { s.CurlDownloadResourceViaTunnel(targetUri, proxyUri) } +func VppHttpsConnectProxyGetTest(s *VppProxySuite) { + s.SetupNginxServer() + configureVppProxy(s, "https", s.Ports.Proxy) + + targetUri := fmt.Sprintf("http://%s:%d/httpTestFile", s.ServerAddr(), s.Ports.Server) + proxyUri := fmt.Sprintf("https://%s:%d", s.VppProxyAddr(), s.Ports.Proxy) + s.CurlDownloadResourceViaTunnel(targetUri, proxyUri) +} + func VppConnectProxyConnectionFailedMTTest(s *VppProxySuite) { s.SetupNginxServer() configureVppProxy(s, "http", s.Ports.Proxy) diff --git a/src/plugins/hs_apps/proxy.c b/src/plugins/hs_apps/proxy.c index 140183d5f59..c8bdc73a418 100644 --- a/src/plugins/hs_apps/proxy.c +++ b/src/plugins/hs_apps/proxy.c @@ -20,6 +20,7 @@ #include #include #include +#include proxy_main_t proxy_main; @@ -1266,22 +1267,35 @@ proxy_server_listen () clib_memcpy (&a->sep_ext, &pm->server_sep, sizeof (pm->server_sep)); /* Make sure listener is marked connected for transports like udp */ a->sep_ext.transport_flags = TRANSPORT_CFG_F_CONNECTED; - need_crypto = proxy_transport_needs_crypto (a->sep.transport_proto); - if (need_crypto) - { - transport_endpt_ext_cfg_t *ext_cfg = session_endpoint_add_ext_cfg ( - &a->sep_ext, TRANSPORT_ENDPT_EXT_CFG_CRYPTO, - sizeof (transport_endpt_crypto_cfg_t)); - ext_cfg->crypto.ckpair_index = pm->ckpair_index; - } - /* set http timeout for connect-proxy */ + if (pm->server_sep.transport_proto == TRANSPORT_PROTO_HTTP) { + /* set http timeout for connect-proxy */ transport_endpt_cfg_http_t http_cfg = { pm->idle_timeout, HTTP_UDP_TUNNEL_DGRAM }; transport_endpt_ext_cfg_t *ext_cfg = session_endpoint_add_ext_cfg ( &a->sep_ext, TRANSPORT_ENDPT_EXT_CFG_HTTP, sizeof (http_cfg)); clib_memcpy (ext_cfg->data, &http_cfg, sizeof (http_cfg)); + if (pm->server_sep.flags & SESSION_ENDPT_CFG_F_SECURE) + { + transport_endpt_ext_cfg_t *ext_cfg = session_endpoint_add_ext_cfg ( + &a->sep_ext, TRANSPORT_ENDPT_EXT_CFG_CRYPTO, + sizeof (transport_endpt_crypto_cfg_t)); + ext_cfg->crypto.ckpair_index = pm->ckpair_index; + /* TODO: remove when http/2 connect done */ + ext_cfg->crypto.alpn_protos[0] = TLS_ALPN_PROTO_HTTP_1_1; + } + } + else + { + need_crypto = proxy_transport_needs_crypto (a->sep.transport_proto); + if (need_crypto) + { + transport_endpt_ext_cfg_t *ext_cfg = session_endpoint_add_ext_cfg ( + &a->sep_ext, TRANSPORT_ENDPT_EXT_CFG_CRYPTO, + sizeof (transport_endpt_crypto_cfg_t)); + ext_cfg->crypto.ckpair_index = pm->ckpair_index; + } } rv = vnet_listen (a);