Merge pull request #751 from TrekkieCoder/main

PR - Support for https2https proxy #726
loxilb-io · Aug 7, 2024 · e48906f · e48906f
2 parents 7b2d08b + 089518e
commit e48906f
Show file tree

Hide file tree

Showing 9 changed files with 153 additions and 7 deletions.
diff --git a/cicd/httpshostproxy/config.sh b/cicd/httpshostproxy/config.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+source ../common.sh
+
+echo "#########################################"
+echo "Spawning all hosts"
+echo "#########################################"
+
+spawn_docker_host --dock-type loxilb --dock-name llb1
+spawn_docker_host --dock-type host --dock-name l3h1
+spawn_docker_host --dock-type host --dock-name l3ep1
+spawn_docker_host --dock-type host --dock-name l3ep2
+spawn_docker_host --dock-type host --dock-name l3ep3
+
+echo "#########################################"
+echo "Connecting and configuring  hosts"
+echo "#########################################"
+
+
+connect_docker_hosts l3h1 llb1
+connect_docker_hosts l3ep1 llb1
+connect_docker_hosts l3ep2 llb1
+connect_docker_hosts l3ep3 llb1
+
+sleep 5
+
+#L3 config
+config_docker_host --host1 l3h1 --host2 llb1 --ptype phy --addr 10.10.10.1/24 --gw 10.10.10.254
+config_docker_host --host1 l3ep1 --host2 llb1 --ptype phy --addr 31.31.31.1/24 --gw 31.31.31.254
+config_docker_host --host1 l3ep2 --host2 llb1 --ptype phy --addr 32.32.32.1/24 --gw 32.32.32.254
+config_docker_host --host1 l3ep3 --host2 llb1 --ptype phy --addr 33.33.33.1/24 --gw 33.33.33.254
+config_docker_host --host1 llb1 --host2 l3h1 --ptype phy --addr 10.10.10.254/24
+config_docker_host --host1 llb1 --host2 l3ep1 --ptype phy --addr 31.31.31.254/24
+config_docker_host --host1 llb1 --host2 l3ep2 --ptype phy --addr 32.32.32.254/24
+config_docker_host --host1 llb1 --host2 l3ep3 --ptype phy --addr 33.33.33.254/24
+
+$dexec llb1 ip addr add 10.10.10.3/32 dev lo
+./minica -ip-addresses 10.10.10.254
+
+docker cp minica.pem llb1:/opt/loxilb/cert/rootCA.crt
+docker cp 10.10.10.254/cert.pem llb1:/opt/loxilb/cert/server.crt
+docker cp 10.10.10.254/key.pem llb1:/opt/loxilb/cert/server.key
+
+sleep 5
+create_lb_rule llb1 10.10.10.254 --tcp=2020:8080 --endpoints=31.31.31.1:1,32.32.32.1:1,33.33.33.1:1 --mode=fullproxy --security=https --host=loxilb.io
diff --git a/cicd/httpshostproxy/minica b/cicd/httpshostproxy/minica
diff --git a/cicd/httpshostproxy/rmconfig.sh b/cicd/httpshostproxy/rmconfig.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+source ../common.sh
+
+disconnect_docker_hosts l3h1 llb1
+disconnect_docker_hosts l3ep1 llb1
+disconnect_docker_hosts l3ep2 llb1
+disconnect_docker_hosts l3ep3 llb1
+
+delete_docker_host llb1
+delete_docker_host l3h1
+delete_docker_host l3ep1
+delete_docker_host l3ep2
+delete_docker_host l3ep3
+
+echo "#########################################"
+echo "Deleted testbed"
+echo "#########################################"
diff --git a/cicd/httpshostproxy/validation.sh b/cicd/httpshostproxy/validation.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+source ../common.sh
+echo SCENARIO-https-tcplb
+$hexec l3ep1 node ../common/tcp_server.js server1 &
+$hexec l3ep2 node ../common/tcp_server.js server2 &
+$hexec l3ep3 node ../common/tcp_server.js server3 &
+
+sleep 5
+code=0
+servIP=( "10.10.10.254" )
+servArr=( "server1" "server2" "server3" )
+ep=( "31.31.31.1" "32.32.32.1" "33.33.33.1" )
+j=0
+waitCount=0
+while [ $j -le 2 ]
+do
+    res=$($hexec l3h1 curl --max-time 10 -s ${ep[j]}:8080)
+    #echo $res
+    if [[ $res == "${servArr[j]}" ]]
+    then
+        echo "$res UP"
+        j=$(( $j + 1 ))
+    else
+        echo "Waiting for ${servArr[j]}(${ep[j]})"
+        waitCount=$(( $waitCount + 1 ))
+        if [[ $waitCount == 10 ]];
+        then
+            echo "All Servers are not UP"
+            echo SCENARIO-tcplb [FAILED]
+            sudo killall -9 node 2>&1 > /dev/null
+            exit 1
+        fi
+    fi
+    sleep 1
+done
+
+for k in {0..0}
+do
+echo "Testing Service IP: ${servIP[k]}"
+lcode=0
+for i in {1..4}
+do
+for j in {0..2}
+do
+    res=$($hexec l3h1 curl --max-time 10 -H "Application/json" -H "Content-type: application/json" -H "HOST: loxilb.io" --insecure -s https://${servIP[k]}:2020)
+    echo $res
+    if [[ $res != "${servArr[j]}" ]]
+    then
+        lcode=1
+    fi
+    sleep 1
+done
+done
+if [[ $lcode == 0 ]]
+then
+    echo SCENARIO-https-tcplb with ${servIP[k]} [OK]
+else
+    echo SCENARIO-https-tcplb with ${servIP[k]} [FAILED]
+    code=1
+fi
+done
+
+sudo killall -9 node 2>&1 > /dev/null
+exit $code
diff --git a/common/common.go b/common/common.go
@@ -525,8 +525,10 @@ type LBSec int32
 const (
 	// LBServPlain - Plain mode
 	LBServPlain LBSec = iota
-	// LBServHttps - HTTPS termination
-	LBServHttps
+	// LBServHTTPS - HTTPS termination
+	LBServHTTPS
+	// LBServE2EHTTPS - HTTPS proxy
+	LBServE2EHTTPS
 )
 
 // LbServiceArg - Information related to load-balancer service

diff --git a/loxilb-ebpf b/loxilb-ebpf
diff --git a/pkg/loxinet/dpbroker.go b/pkg/loxinet/dpbroker.go
@@ -276,6 +276,15 @@ type NatEP struct {
 	InActive bool
 }
 
+// SecT - type of SecT
+type SecT uint8
+
+// security type constants
+const (
+	DpTermHTTPS SecT = iota + 1
+	DpE2EHTTPS
+)
+
 // NatDpWorkQ - work queue entry for nat related operation
 type NatDpWorkQ struct {
 	Work      DpWorkT
@@ -286,7 +295,7 @@ type NatDpWorkQ struct {
 	BlockNum  uint16
 	DsrMode   bool
 	CsumDis   bool
-	TermHTTPS bool
+	SecMode   SecT
 	HostURL   string
 	Proto     uint8
 	Mark      int

diff --git a/pkg/loxinet/dpebpf_linux.go b/pkg/loxinet/dpebpf_linux.go
@@ -1052,8 +1052,10 @@ func DpNatLbRuleMod(w *NatDpWorkQ) int {
 		dat.cdis = 0
 	}
 
-	if w.TermHTTPS {
+	if w.SecMode == DpTermHTTPS {
 		dat.sec_mode = C.SEC_MODE_HTTPS
+	} else if w.SecMode == DpE2EHTTPS {
+		dat.sec_mode = C.SEC_MODE_HTTPS_E2E
 	}
 
 	hostURLStr := C.CString(w.HostURL)

diff --git a/pkg/loxinet/rules.go b/pkg/loxinet/rules.go
@@ -1523,6 +1523,10 @@ func (R *RuleH) AddNatLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg,
 			return RuleExistsErr, errors.New("lbrule-exists error")
 		}
 
+		if eRule.secMode != serv.Security {
+			return RuleExistsErr, errors.New("lbrule-exist error: cant modify rule security mode")
+		}
+
 		if len(retEps) == 0 {
 			tk.LogIt(tk.LogDebug, "nat lb-rule %s has no-endpoints: to be deleted\n", eRule.tuples.String())
 			return R.DeleteNatLbRule(serv)
@@ -2582,8 +2586,10 @@ func (r *ruleEnt) Nat2DP(work DpWorkT) int {
 	nWork.Work = work
 	nWork.Status = &r.sync
 	nWork.ZoneNum = r.zone.ZoneNum
-	if r.secMode == cmn.LBServHttps {
-		nWork.TermHTTPS = true
+	if r.secMode == cmn.LBServHTTPS {
+		nWork.SecMode = DpTermHTTPS
+	} else if r.secMode == cmn.LBServE2EHTTPS {
+		nWork.SecMode = DpE2EHTTPS
 	}
 	nWork.ServiceIP = r.tuples.l3Dst.addr.IP.Mask(r.tuples.l3Dst.addr.Mask)
 	nWork.L4Port = r.tuples.l4Dst.val
+1 −0		common/llb_dpapi.h
+133 −13		common/sockproxy.c
+1 −0		common/sockproxy.h
+6 −0		kernel/loxilb_libdp.c