From da76459dc21b5af2449af2d36eb95226cb186ce2 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 11:35:11 +0200 Subject: Adding upstream version 2.6.12. Signed-off-by: Daniel Baumann --- .../stick-table/converteers_ref_cnt_never_dec.vtc | 75 ++++++++++++++++++++++ reg-tests/stick-table/src_conn_rate.vtc | 43 +++++++++++++ reg-tests/stick-table/unknown_key.vtc | 32 +++++++++ 3 files changed, 150 insertions(+) create mode 100644 reg-tests/stick-table/converteers_ref_cnt_never_dec.vtc create mode 100644 reg-tests/stick-table/src_conn_rate.vtc create mode 100644 reg-tests/stick-table/unknown_key.vtc (limited to 'reg-tests/stick-table') diff --git a/reg-tests/stick-table/converteers_ref_cnt_never_dec.vtc b/reg-tests/stick-table/converteers_ref_cnt_never_dec.vtc new file mode 100644 index 0000000..e571810 --- /dev/null +++ b/reg-tests/stick-table/converteers_ref_cnt_never_dec.vtc @@ -0,0 +1,75 @@ +# commit 3e60b11 +# BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters +# +# When using table_* converters ref_cnt was incremented +# and never decremented causing entries to not expire. +# +# The root cause appears to be that stktable_lookup_key() +# was called within all sample_conv_table_* functions which was +# incrementing ref_cnt and not decrementing after completion. +# +# Added stktable_release() to the end of each sample_conv_table_* +# function and reworked the end logic to ensure that ref_cnt is +# always decremented after use. +# +# This should be backported to 1.8 + +#REGTEST_TYPE=bug +#REQUIRE_VERSION=2.4 + +varnishtest "stick-tables: Test expirations when used with table_*" + +# As some macros for haproxy are used in this file, this line is mandatory. +feature ignore_unknown_macro + +# Do nothing. +server s1 { +} -start + +haproxy h1 -conf { + # Configuration file of 'h1' haproxy instance. + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend http1 + bind "fd@${my_frontend_fd}" + stick-table size 1k expire 1ms type ip store conn_rate(10s),http_req_cnt,http_err_cnt,http_fail_cnt,http_req_rate(10s),http_err_rate(10s),http_fail_rate(10s),gpc0,gpc0_rate(10s),gpt0 + http-request track-sc0 req.hdr(X-Forwarded-For) + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_http_req_cnt(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_trackers(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),in_table(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_bytes_in_rate(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_bytes_out_rate(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_conn_cnt(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_conn_cur(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_conn_rate(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_gpt0(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_gpc0(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_gpc0_rate(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_http_err_cnt(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_http_err_rate(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_http_fail_cnt(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_http_fail_rate(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_http_req_cnt(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_http_req_rate(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_kbytes_in(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_kbytes_out(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_server_id(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_sess_cnt(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_sess_rate(http1) -m int lt 0 } + http-request redirect location https://${s1_addr}:${s1_port}/ if { req.hdr(X-Forwarded-For),table_trackers(http1) -m int lt 0 } +} -start + +client c1 -connect ${h1_my_frontend_fd_sock} { + txreq -url "/" -hdr "X-Forwarded-For: 127.0.0.1" + rxresp + expect resp.status == 503 +} -run + +haproxy h1 -cli { + send "show table http1" + expect ~ "table: http1, type: ip, size:1024, used:(0|1\\n0x[0-9a-f]*: key=127\\.0\\.0\\.1 use=0 exp=[0-9]* gpt0=0 gpc0=0 gpc0_rate\\(10000\\)=0 conn_rate\\(10000\\)=1 http_req_cnt=1 http_req_rate\\(10000\\)=1 http_err_cnt=0 http_err_rate\\(10000\\)=0 http_fail_cnt=0 http_fail_rate\\(10000\\)=0)\\n$" +} -wait diff --git a/reg-tests/stick-table/src_conn_rate.vtc b/reg-tests/stick-table/src_conn_rate.vtc new file mode 100644 index 0000000..bdf8869 --- /dev/null +++ b/reg-tests/stick-table/src_conn_rate.vtc @@ -0,0 +1,43 @@ +varnishtest "stick table: src_conn_rate" +feature ignore_unknown_macro + +haproxy h0 -conf { + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + listen li + bind "fd@${fe1}" + http-request track-sc0 src table conn_rate_table + http-request deny if { src_conn_rate(conn_rate_table) gt 3 } + http-request return status 200 + + backend conn_rate_table + stick-table type ip size 1m expire 1m store conn_rate(1m) +} -start + +client c0 -connect ${h0_fe1_addr}:${h0_fe1_port} { + txreq + rxresp + expect resp.status == 200 +} -run + +client c1 -connect ${h0_fe1_addr}:${h0_fe1_port} { + txreq + rxresp + expect resp.status == 200 +} -run + +client c2 -connect ${h0_fe1_addr}:${h0_fe1_port} { + txreq + rxresp + expect resp.status == 200 +} -run + +client c3 -connect ${h0_fe1_addr}:${h0_fe1_port} { + txreq + rxresp + expect resp.status == 403 +} -run diff --git a/reg-tests/stick-table/unknown_key.vtc b/reg-tests/stick-table/unknown_key.vtc new file mode 100644 index 0000000..f0307cb --- /dev/null +++ b/reg-tests/stick-table/unknown_key.vtc @@ -0,0 +1,32 @@ +# Shipped with the commit fixing the bug. + +#REGTEST_TYPE=bug + +varnishtest "Stick Table: Crash when accessing unknown key." +feature ignore_unknown_macro + +server s0 { + rxreq + txresp +} -start + +haproxy h0 -conf { + defaults + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend test + mode http + bind "fd@${fe1}" + stick-table type ip size 1m expire 1h store gpc0 + http-request deny if { src,table_trackers(test) eq 1 } + http-request deny if { src,in_table(test) } + http-request deny deny_status 200 +} -start + +client c0 -connect ${h0_fe1_sock} { + txreq -url "/" + rxresp + expect resp.status == 200 +} -run -- cgit v1.2.3