test/apisix
1
0
Fork 0
mirror of https://gitee.com/iresty/apisix.git synced 2024-12-04 21:17:36 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(stream): sni router is broken when session reuses (#4607)

Browse Source
This commit is contained in:
罗泽轩 2021-07-22 11:08:10 +08:00 committed by GitHub
parent 71bc27cc41
commit a461c9856d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 58 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apisix/ssl/router/radixtree_sni.lua
View File

@ -171,8 +171,6 @@ function _M.match_and_set(api_ctx)
end end
end end
api_ctx.sni_rev = sni_rev
local matched_ssl = api_ctx.matched_ssl local matched_ssl = api_ctx.matched_ssl
core.log.info("debug - matched: ", core.json.delay_encode(matched_ssl, true)) core.log.info("debug - matched: ", core.json.delay_encode(matched_ssl, true))

15
apisix/stream/router/ip_port.lua
View File

@ -19,7 +19,6 @@ local config_util = require("apisix.core.config_util")
local plugin_checker = require("apisix.plugin").stream_plugin_checker local plugin_checker = require("apisix.plugin").stream_plugin_checker
local router_new = require("apisix.utils.router").new local router_new = require("apisix.utils.router").new
local ngx_ssl = require("ngx.ssl") local ngx_ssl = require("ngx.ssl")
local ngx_lua_version = ngx.config.ngx_lua_version -- get the version of stream-lua-nginx-module
local error = error local error = error
local tonumber = tonumber local tonumber = tonumber
local ipairs = ipairs local ipairs = ipairs
@ -135,17 +134,9 @@ do
router_ver = user_routes.conf_version router_ver = user_routes.conf_version
end end
if ngx_lua_version < 9 then local sni = ngx_ssl.server_name()
-- be compatible with old OpenResty if sni and tls_router then
local sni = ngx_ssl.server_name() local sni_rev = sni:reverse()
if sni then
local sni_rev = sni:reverse()
api_ctx.sni_rev = sni_rev
end
end
if api_ctx.sni_rev and tls_router then
local sni_rev = api_ctx.sni_rev
core.table.clear(match_opts) core.table.clear(match_opts)
match_opts.vars = api_ctx.var match_opts.vars = api_ctx.var

51
t/APISIX.pm
View File

@ -258,34 +258,43 @@ _EOC_
} }
chomp $stream_tls_request; chomp $stream_tls_request;
my $repeat = "1";
if (defined $block->stream_session_reuse) {
$repeat = "2";
}
my $config = <<_EOC_; my $config = <<_EOC_;
location /stream_tls_request { location /stream_tls_request {
content_by_lua_block { content_by_lua_block {
local sock = ngx.socket.tcp() local sess
local ok, err = sock:connect("127.0.0.1", 2005) for _ = 1, $repeat do
if not ok then local sock = ngx.socket.tcp()
ngx.say("failed to connect: ", err) local ok, err = sock:connect("127.0.0.1", 2005)
return if not ok then
end ngx.say("failed to connect: ", err)
return
end
local sess, err = sock:sslhandshake(nil, $sni, false) sess, err = sock:sslhandshake(sess, $sni, false)
if not sess then if not sess then
ngx.say("failed to do SSL handshake: ", err) ngx.say("failed to do SSL handshake: ", err)
return return
end end
local bytes, err = sock:send("$stream_tls_request") local bytes, err = sock:send("$stream_tls_request")
if not bytes then if not bytes then
ngx.say("send stream request error: ", err) ngx.say("send stream request error: ", err)
return return
end end
local data, err = sock:receive("*a") local data, err = sock:receive("*a")
if not data then if not data then
sock:close()
ngx.say("receive stream response error: ", err)
return
end
ngx.print(data)
sock:close() sock:close()
ngx.say("receive stream response error: ", err)
return
end end
ngx.print(data)
} }
} }
_EOC_ _EOC_

34
t/stream-node/sni.t vendored
View File

@ -128,7 +128,23 @@ proxy request to 127.0.0.1:1995
=== TEST 3: hit route, wildcard SNI === TEST 3: hit route (session reuse)
--- stream_tls_request
mmm
--- stream_sni: a.test.com
--- stream_session_reuse
--- response_body
hello world
hello world
--- grep_error_log eval
qr/proxy request to 127.0.0.\d:1995/
--- grep_error_log_out
proxy request to 127.0.0.1:1995
proxy request to 127.0.0.1:1995
=== TEST 4: hit route, wildcard SNI
--- stream_tls_request --- stream_tls_request
mmm mmm
--- stream_sni: b.test.com --- stream_sni: b.test.com
@ -139,7 +155,7 @@ proxy request to 127.0.0.2:1995
=== TEST 4: hit route, no TLS === TEST 5: hit route, no TLS
--- stream_enable --- stream_enable
--- stream_request --- stream_request
mmm mmm
@ -150,7 +166,7 @@ proxy request to 127.0.0.3:1995
=== TEST 5: set different stream route with the same sni === TEST 6: set different stream route with the same sni
--- config --- config
location /t { location /t {
content_by_lua_block { content_by_lua_block {
@ -204,7 +220,7 @@ passed
=== TEST 6: hit route === TEST 7: hit route
--- stream_tls_request --- stream_tls_request
mmm mmm
--- stream_sni: a.test.com --- stream_sni: a.test.com
@ -215,7 +231,7 @@ proxy request to 127.0.0.4:1995
=== TEST 7: change a.test.com route to fall back to wildcard route === TEST 8: change a.test.com route to fall back to wildcard route
--- config --- config
location /t { location /t {
content_by_lua_block { content_by_lua_block {
@ -250,7 +266,7 @@ passed
=== TEST 8: hit route === TEST 9: hit route
--- stream_tls_request --- stream_tls_request
mmm mmm
--- stream_sni: a.test.com --- stream_sni: a.test.com
@ -261,7 +277,7 @@ proxy request to 127.0.0.2:1995
=== TEST 9: no sni matched, fall back to non-sni route === TEST 10: no sni matched, fall back to non-sni route
--- config --- config
location /t { location /t {
content_by_lua_block { content_by_lua_block {
@ -285,7 +301,7 @@ passed
=== TEST 10: hit route === TEST 11: hit route
--- stream_tls_request --- stream_tls_request
mmm mmm
--- stream_sni: b.test.com --- stream_sni: b.test.com
@ -296,7 +312,7 @@ proxy request to 127.0.0.3:1995
=== TEST 11: clean up routes === TEST 12: clean up routes
--- config --- config
location /t { location /t {
content_by_lua_block { content_by_lua_block {