You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@trafficserver.apache.org by "maskit (via GitHub)" <gi...@apache.org> on 2023/04/18 05:50:16 UTC
[GitHub] [trafficserver] maskit commented on pull request #9616: Add support for CONNECT method on HTTP/2 connection
maskit commented on PR #9616:
URL: https://github.com/apache/trafficserver/pull/9616#issuecomment-1512471877
It doesn't seem like Proxy Verifier supports H2 CONNECT method. It doesn't allow me to only send `:method` and `:authority` (it thinks `:scheme` and `:path` are always required).
And this might be because of my limited knowledge about ProxyVerifier, but it looks like requests and responses are tightly coupled by `uuid` header, and that makes it tricky to send a request as a request body like below. The both CONNECT request and the real request have `uuid: 1`.
```
sessions:
- protocol:
- name: http
version: 2
- name: tls
sni: www.example.com
- name: tcp
- name: ip
transactions:
- client-request:
headers:
fields:
- [ :method, CONNECT ]
- [ :authority, www.example.com:80 ]
- [ :path, x1]
- [ :scheme, x2]
- [ uuid, 1 ]
- [ test, connect-request ]
content:
encoding: plain
data: "GET /get HTTP/1.1\r\nuuid: 1\r\ntest: real-request\r\n\r\n"
# This is a response for the real request but not for the CONNECT request
server-response:
status: 200
reason: OK
# ATS returns a 200 responses to client when it establishes a tunnel
# between the client and server
# The response body should be the whole response data from the origin server
proxy-response:
status: 200
content:
verify: {value: "HTTP/1.1 200 OK", as: contains}
```
```
class ConnectViaPVTest2:
# This test also executes the CONNECT request but using proxy verifier to
# generate traffic
connectReplayFile = "replays/connect_h2.replay.yaml"
def __init__(self):
self.setupOriginServer()
self.setupTS()
def setupOriginServer(self):
self.server = Test.MakeVerifierServerProcess(
"connect-verifier-server2",
self.connectReplayFile)
# Verify server output
self.server.Streams.stdout += Testers.ExcludesExpression(
"test: connect-request",
"Verify the CONNECT request doesn't reach the server.")
self.server.Streams.stdout += Testers.ContainsExpression(
"GET /get HTTP/1.1\nuuid: 1\ntest: real-request", reflags=re.MULTILINE,
description="Verify the server gets the second request.")
def setupTS(self):
self.ts = Test.MakeATSProcess("connect-ts2", enable_tls=True)
self.ts.Disk.records_config.update({
'proxy.config.diags.debug.enabled': 1,
'proxy.config.diags.debug.tags': 'http|hpack',
'proxy.config.ssl.server.cert.path': f'{self.ts.Variables.SSLDir}',
'proxy.config.ssl.server.private_key.path': f'{self.ts.Variables.SSLDir}',
'proxy.config.http.server_ports': f"{self.ts.Variables.ssl_port}:ssl",
'proxy.config.http.connect_ports': f"{self.server.Variables.http_port}",
})
self.ts.addDefaultSSLFiles()
self.ts.Disk.ssl_multicert_config.AddLine(
'dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key'
)
self.ts.Disk.remap_config.AddLines([
f"map / http://127.0.0.1:{self.server.Variables.http_port}/",
])
# Verify ts logs
self.ts.Disk.traffic_out.Content += Testers.ContainsExpression(
f"Proxy's Request.*\n.*\nCONNECT 127.0.0.1:{self.server.Variables.http_port} HTTP/1.1", reflags=re.MULTILINE,
description="Verify that ATS recognizes the CONNECT request.")
def runTraffic(self):
tr = Test.AddTestRun("Verify correct handling of CONNECT request on HTTP/2")
tr.AddVerifierClientProcess(
"connect-client2",
self.connectReplayFile,
https_ports=[self.ts.Variables.ssl_port],
other_args='--thread-limit 1')
tr.Processes.Default.StartBefore(self.server)
tr.Processes.Default.StartBefore(self.ts)
tr.StillRunningAfter = self.server
tr.StillRunningAfter = self.ts
def run(self):
self.runTraffic()
ConnectViaPVTest2().run()
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@trafficserver.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org