[test suite] add test for X-Fowarded-For header

2016-04-16 07:40:24 -07:00 · 2016-04-16 07:40:24 -07:00 · 9d92f65a03
commit 9d92f65a03
parent 84d4128812
6 changed files with 24 additions and 1 deletions
--- a/5
+++ b/5
@ -1,4 +1,7 @@
-fwknop-2.6.9 (01//2016):
+fwknop-2.6.9 (04//2016):
+    - (Vlad Glagolev) Added support for deriving the source IP from the
+      X-Forwarded-For HTTP header when SPA packets are sent over HTTP
+      connections.
    - Bug fix in command open/close cycle feature to ensure that the first
      successful match on a valid incoming SPA packet finishes all access.conf
      stanza processing. That is, no other stanzas should be looked at after
--- a/Makefile.am
+++ b/Makefile.am
@ -336,6 +336,8 @@ EXTRA_DIST = \
    test/conf/udp_server_fwknopd.conf \
    test/conf/spa_over_http_fwknopd.conf \
    test/conf/spa_over_http.pcap \
+    test/conf/spa_x_forwarded_for.pcap \
+    test/conf/spa_x_forwarded_for_fwknopd.conf \
    test/conf/ipt_snat_fwknopd.conf \
    test/conf/firewd_snat_fwknopd.conf \
    test/conf/ipt_snat_no_translate_ip_fwknopd.conf \
--- a/test/conf/spa_x_forwarded_for.pcap
+++ b/test/conf/spa_x_forwarded_for.pcap
--- a/test/conf/spa_x_forwarded_for_fwknopd.conf
+++ b/test/conf/spa_x_forwarded_for_fwknopd.conf
@ -0,0 +1,2 @@
+ENABLE_SPA_OVER_HTTP        Y;
+ENABLE_X_FORWARDED_FOR      Y;
--- a/test/test-fwknop.pl
+++ b/test/test-fwknop.pl
@ -42,6 +42,7 @@ our $replay_pcap_file     = "$conf_dir/spa_replay.pcap";
 our $multi_pkts_pcap_file = "$conf_dir/multi_pkts.pcap";
 our $fcs_pcap_file        = "$conf_dir/fcs_spa.pcap";
 our $spa_over_http_pcap_file = "$conf_dir/spa_over_http.pcap";
+our $spa_x_forwarded_for_pcap_file = "$conf_dir/spa_x_forwarded_for.pcap";

 our $lib_dir = '../lib/.libs';

@ -531,6 +532,7 @@ our %cf = (
    'tcp_server'                   => "$conf_dir/tcp_server_fwknopd.conf",
    'udp_server'                   => "$conf_dir/udp_server_fwknopd.conf",
    'spa_over_http'                => "$conf_dir/spa_over_http_fwknopd.conf",
+    'spa_x_forwarded_for'          => "$conf_dir/spa_x_forwarded_for_fwknopd.conf",
    'tcp_pcap_filter'              => "$conf_dir/tcp_pcap_filter_fwknopd.conf",
    'icmp_pcap_filter'             => "$conf_dir/icmp_pcap_filter_fwknopd.conf",
    'open_ports_access'            => "$conf_dir/open_ports_access.conf",
--- a/test/tests/rijndael_hmac.pl
+++ b/test/tests/rijndael_hmac.pl
@ -534,6 +534,20 @@
        'fw_rule_created' => $NEW_RULE_REQUIRED,
        'fw_rule_removed' => $NEW_RULE_REMOVED,
    },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'server',
+        'detail'   => '--pcap-file http X-Forwarded-For',
+        'function' => \&process_pcap_file_directly,
+        'cmdline'  => '',
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'spa_x_forwarded_for'} -a $cf{'hmac_access'} " .
+            "-d $default_digest_file -p $default_pid_file " .
+            "--pcap-file $spa_x_forwarded_for_pcap_file --foreground $verbose_str " .
+            "--pcap-filter 'port 80' " .
+            "--verbose --verbose --verbose",
+        'server_positive_output_matches' => [qr/Added access rule.*\sfor 1.2.3.4/],
+    },
+
    {
        'category' => 'Rijndael+HMAC',
        'subcategory' => 'server',