github.com/datadog/cilium@v1.6.12/proxylib/proxylib_test.go (about) 1 // Copyright 2018 Authors of Cilium 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // +build !privileged_tests 16 17 package main 18 19 import ( 20 "fmt" 21 "testing" 22 "time" 23 24 _ "gopkg.in/check.v1" 25 26 "github.com/cilium/cilium/proxylib/proxylib" 27 "github.com/cilium/cilium/proxylib/test" 28 _ "github.com/cilium/cilium/proxylib/testparsers" 29 30 "github.com/cilium/proxy/go/cilium/api" 31 log "github.com/sirupsen/logrus" 32 ) 33 34 const debug = false 35 36 func TestOpenModule(t *testing.T) { 37 mod1 := OpenModule([][2]string{}, debug) 38 if mod1 == 0 { 39 t.Error("OpenModule() with empty params failed") 40 } else { 41 defer CloseModule(mod1) 42 } 43 mod2 := OpenModule([][2]string{}, debug) 44 if mod2 == 0 { 45 t.Error("OpenModule() with empty params failed") 46 } else { 47 defer CloseModule(mod2) 48 } 49 if mod2 != mod1 { 50 t.Error("OpenModule() with empty params called again opened a new module") 51 } 52 53 mod3 := OpenModule([][2]string{{"dummy-key", "dummy-value"}, {"key2", "value2"}}, debug) 54 if mod3 != 0 { 55 t.Error("OpenModule() with unknown params accepted") 56 defer CloseModule(mod3) 57 } 58 59 logServer := test.StartAccessLogServer("access_log.sock", 10) 60 defer logServer.Close() 61 62 mod4 := OpenModule([][2]string{{"access-log-path", logServer.Path}}, debug) 63 if mod4 == 0 { 64 t.Errorf("OpenModule() with access log path %s failed", logServer.Path) 65 } else { 66 defer CloseModule(mod4) 67 } 68 if mod4 == mod1 { 69 t.Error("OpenModule() should have returned a different module") 70 } 71 72 mod5 := OpenModule([][2]string{{"access-log-path", logServer.Path}, {"node-id", "host~127.0.0.1~libcilium~localdomain"}}, debug) 73 if mod5 == 0 { 74 t.Errorf("OpenModule() with access log path %s failed", logServer.Path) 75 } else { 76 defer CloseModule(mod5) 77 } 78 if mod5 == mod1 || mod5 == mod2 || mod5 == mod3 || mod5 == mod4 { 79 t.Error("OpenModule() should have returned a different module") 80 } 81 } 82 83 func TestOnNewConnection(t *testing.T) { 84 mod := OpenModule([][2]string{}, debug) 85 if mod == 0 { 86 t.Error("OpenModule() with empty params failed") 87 } else { 88 defer CloseModule(mod) 89 } 90 91 // Unkhown parser 92 CheckOnNewConnection(t, mod, "invalid-parser-should-not-exist", 1, true, 1, 2, "1.1.1.1:34567", "2.2.2.2:80", "policy-1", 80, proxylib.UNKNOWN_PARSER, 0) 93 94 // Non-numeric destination port 95 CheckOnNewConnection(t, mod, "test.passer", 1, true, 1, 2, "1.1.1.1:34567", "2.2.2.2:XYZ", "policy-1", 96 80, proxylib.INVALID_ADDRESS, 0) 97 98 // Missing Destination port 99 CheckOnNewConnection(t, mod, "test.passer", 1, true, 1, 2, "1.1.1.1:34567", "2.2.2.2", "policy-1", 100 80, proxylib.INVALID_ADDRESS, 0) 101 102 // Zero Destination port is reserved for wildcarding 103 CheckOnNewConnection(t, mod, "test.passer", 1, true, 1, 2, "1.1.1.1:34567", "2.2.2.2:0", "policy-1", 104 80, proxylib.INVALID_ADDRESS, 0) 105 106 // L7 parser rejecting the connection based on connection metadata 107 CheckOnNewConnection(t, mod, "test.passer", 1, true, 1, 2, "1.1.1.1:34567", "2.2.2.2:80", "invalid-policy", 108 80, proxylib.POLICY_DROP, 0) 109 110 // Using test parser 111 CheckOnNewConnection(t, mod, "test.passer", 1, true, 1, 2, "1.1.1.1:34567", "2.2.2.2:80", "policy-1", 112 80, proxylib.OK, 1) 113 114 // 2nd connection 115 CheckOnNewConnection(t, mod, "test.passer", 12345678901234567890, false, 2, 1, "2.2.2.2:80", "1.1.1.1:34567", "policy-2", 116 80, proxylib.OK, 2) 117 118 CheckClose(t, 1, nil, 2) 119 120 CheckClose(t, 12345678901234567890, nil, 1) 121 } 122 123 func checkAccessLogs(t *testing.T, logServer *test.AccessLogServer, expPasses, expDrops int) { 124 t.Helper() 125 passes, drops := 0, 0 126 nWaits := 0 127 done := false 128 // Loop until done or when the timeout has ticked 100 times without any logs being received 129 for !done && nWaits < 100 { 130 select { 131 case pblog := <-logServer.Logs: 132 if pblog.EntryType == cilium.EntryType_Denied { 133 drops++ 134 } else { 135 passes++ 136 } 137 // Start the timeout again (for upto 5 seconds) 138 nWaits = 0 139 case <-time.After(50 * time.Millisecond): 140 // Count the number of times we have waited since the last log was received 141 nWaits++ 142 // Finish when expected number of passes and drops have been collected 143 // and there are no more logs in the channel for 50 milliseconds 144 if passes == expPasses && drops == expDrops { 145 done = true 146 } 147 } 148 } 149 150 if !(passes == expPasses && drops == expDrops) { 151 t.Errorf("OnData: Unexpected access log entries, expected %d passes (got %d) and %d drops (got %d).", expPasses, passes, expDrops, drops) 152 } 153 } 154 155 func TestOnDataNoPolicy(t *testing.T) { 156 logServer := test.StartAccessLogServer("access_log.sock", 10) 157 defer logServer.Close() 158 159 mod := OpenModule([][2]string{{"access-log-path", logServer.Path}}, debug) 160 if mod == 0 { 161 t.Errorf("OpenModule() with access log path %s failed", logServer.Path) 162 } else { 163 defer CloseModule(mod) 164 } 165 166 // Using headertester parser 167 buf := CheckOnNewConnection(t, mod, "test.headerparser", 1, true, 1, 2, "1.1.1.1:34567", "2.2.2.2:80", "policy-1", 168 30, proxylib.OK, 1) 169 170 // Original direction data, drops with remaining data 171 line1, line2, line3 := "No policy\n", "Dropped\n", "foo" 172 CheckOnData(t, 1, false, false, &[][]byte{[]byte(line1), []byte(line2 + line3)}, []ExpFilterOp{ 173 {proxylib.DROP, len(line1)}, 174 {proxylib.DROP, len(line2)}, 175 {proxylib.MORE, 1}, 176 }, proxylib.OK, "Line dropped: "+line1+"Line dropped: "+line2) 177 178 // No new input 179 CheckOnData(t, 1, false, false, &[][]byte{[]byte(line3)}, []ExpFilterOp{ 180 {proxylib.MORE, 1}, 181 }, proxylib.OK, "") 182 183 // Empty 184 CheckOnData(t, 1, false, false, &[][]byte{}, []ExpFilterOp{}, proxylib.OK, "") 185 186 expPasses, expDrops := 0, 2 187 checkAccessLogs(t, logServer, expPasses, expDrops) 188 189 CheckClose(t, 1, buf, 1) 190 } 191 192 type PanicParserFactory struct{} 193 194 var panicParserFactory *PanicParserFactory 195 196 type PanicParser struct { 197 connection *proxylib.Connection 198 } 199 200 func (p *PanicParserFactory) Create(connection *proxylib.Connection) proxylib.Parser { 201 log.Debugf("PanicParserFactory: Create: %v", connection) 202 return &PanicParser{connection: connection} 203 } 204 205 // 206 // Parses individual lines and verifies them against the policy 207 // 208 func (p *PanicParser) OnData(reply, endStream bool, data [][]byte) (proxylib.OpType, int) { 209 if !reply { 210 panic(fmt.Errorf("PanicParser OnData(reply=%t, endStream=%t, data=%v) panicing...", reply, endStream, data)) 211 } 212 return proxylib.NOP, 0 213 } 214 215 func TestOnDataPanic(t *testing.T) { 216 logServer := test.StartAccessLogServer("access_log.sock", 10) 217 defer logServer.Close() 218 219 mod := OpenModule([][2]string{{"access-log-path", logServer.Path}}, debug) 220 if mod == 0 { 221 t.Errorf("OpenModule() with access log path %s failed", logServer.Path) 222 } else { 223 defer CloseModule(mod) 224 } 225 226 // This registation will remain after this test. 227 proxylib.RegisterParserFactory("test.panicparser", panicParserFactory) 228 229 // Using headertester parser 230 buf := CheckOnNewConnection(t, mod, "test.panicparser", 11, true, 1, 2, "1.1.1.1:34567", "2.2.2.2:80", "policy-1", 231 30, proxylib.OK, 1) 232 233 // Original direction data, drops with remaining data 234 CheckOnData(t, 11, false, false, &[][]byte{[]byte("foo")}, []ExpFilterOp{}, proxylib.PARSER_ERROR, "") 235 236 expPasses, expDrops := 0, 1 237 checkAccessLogs(t, logServer, expPasses, expDrops) 238 239 CheckClose(t, 11, buf, 1) 240 } 241 242 func insertPolicyText(t *testing.T, mod uint64, version string, policies []string) bool { 243 return insertPolicyTextRaw(t, mod, version, policies, "") == nil 244 } 245 246 func insertPolicyTextRaw(t *testing.T, mod uint64, version string, policies []string, expectFail string) error { 247 instance := proxylib.FindInstance(mod) 248 if instance == nil { 249 t.Errorf("Policy Update failed to get the library instance.") 250 } else { 251 return instance.InsertPolicyText(version, policies, expectFail) 252 } 253 return nil 254 } 255 256 func TestUnsupportedL7Drops(t *testing.T) { 257 logServer := test.StartAccessLogServer("access_log.sock", 10) 258 defer logServer.Close() 259 260 mod := OpenModule([][2]string{{"access-log-path", logServer.Path}}, debug) 261 if mod == 0 { 262 t.Errorf("OpenModule() with access log path %s failed", logServer.Path) 263 } else { 264 defer CloseModule(mod) 265 } 266 267 insertPolicyText(t, mod, "1", []string{` 268 name: "FooBar" 269 policy: 2 270 ingress_per_port_policies: < 271 port: 80 272 rules: < 273 remote_policies: 1 274 remote_policies: 3 275 remote_policies: 4 276 kafka_rules: < 277 kafka_rules: < 278 topic: "Topic" 279 > 280 > 281 > 282 > 283 `}) 284 285 // Using headertester parser 286 buf := CheckOnNewConnection(t, mod, "test.headerparser", 1, true, 1, 2, "1.1.1.1:34567", "2.2.2.2:80", "FooBar", 287 256, proxylib.OK, 1) 288 289 // Original direction data, drops with remaining data 290 line1, line2, line3, line4 := "Beginning----\n", "foo\n", "----End\n", "\n" 291 data := line1 + line2 + line3 + line4 292 CheckOnData(t, 1, false, false, &[][]byte{[]byte(data)}, []ExpFilterOp{ 293 {proxylib.DROP, len(line1)}, 294 {proxylib.DROP, len(line2)}, 295 {proxylib.DROP, len(line3)}, 296 {proxylib.DROP, len(line4)}, 297 }, proxylib.OK, "Line dropped: "+line1+"Line dropped: "+line2+"Line dropped: "+line3+"Line dropped: "+line4) 298 299 expPasses, expDrops := 0, 4 300 checkAccessLogs(t, logServer, expPasses, expDrops) 301 302 CheckClose(t, 1, buf, 1) 303 } 304 305 func TestUnsupportedL7DropsGeneric(t *testing.T) { 306 logServer := test.StartAccessLogServer("access_log.sock", 10) 307 defer logServer.Close() 308 309 mod := OpenModule([][2]string{{"access-log-path", logServer.Path}}, debug) 310 if mod == 0 { 311 t.Errorf("OpenModule() with access log path %s failed", logServer.Path) 312 } else { 313 defer CloseModule(mod) 314 } 315 316 insertPolicyText(t, mod, "1", []string{` 317 name: "FooBar" 318 policy: 2 319 ingress_per_port_policies: < 320 port: 80 321 rules: < 322 remote_policies: 1 323 remote_policies: 3 324 remote_policies: 4 325 l7_proto: "this-parser-does-not-exist" 326 l7_rules: < 327 l7_rules: < 328 rule: < 329 key: "prefix" 330 value: "Beginning" 331 > 332 > 333 > 334 > 335 > 336 `}) 337 338 // Using headertester parser 339 buf := CheckOnNewConnection(t, mod, "test.headerparser", 1, true, 1, 2, "1.1.1.1:34567", "2.2.2.2:80", "FooBar", 340 256, proxylib.OK, 1) 341 342 // Original direction data, drops with remaining data 343 line1, line2, line3, line4 := "Beginning----\n", "foo\n", "----End\n", "\n" 344 data := line1 + line2 + line3 + line4 345 CheckOnData(t, 1, false, false, &[][]byte{[]byte(data)}, []ExpFilterOp{ 346 {proxylib.DROP, len(line1)}, 347 {proxylib.DROP, len(line2)}, 348 {proxylib.DROP, len(line3)}, 349 {proxylib.DROP, len(line4)}, 350 }, proxylib.OK, "Line dropped: "+line1+"Line dropped: "+line2+"Line dropped: "+line3+"Line dropped: "+line4) 351 352 expPasses, expDrops := 0, 4 353 checkAccessLogs(t, logServer, expPasses, expDrops) 354 355 CheckClose(t, 1, buf, 1) 356 } 357 358 func TestTwoRulesOnSamePortFirstNoL7(t *testing.T) { 359 logServer := test.StartAccessLogServer("access_log.sock", 10) 360 defer logServer.Close() 361 362 mod := OpenModule([][2]string{{"access-log-path", logServer.Path}}, debug) 363 if mod == 0 { 364 t.Errorf("OpenModule() with access log path %s failed", logServer.Path) 365 } else { 366 defer CloseModule(mod) 367 } 368 369 insertPolicyText(t, mod, "1", []string{` 370 name: "FooBar" 371 policy: 2 372 ingress_per_port_policies: < 373 port: 80 374 rules: < 375 remote_policies: 11 376 > 377 rules: < 378 remote_policies: 11 379 http_rules: < 380 http_rules: < 381 headers: < 382 name: ":path" 383 exact_match: "/allowed" 384 > 385 > 386 > 387 > 388 > 389 `}) 390 } 391 392 func TestTwoRulesOnSamePortFirstNoL7Generic(t *testing.T) { 393 logServer := test.StartAccessLogServer("access_log.sock", 10) 394 defer logServer.Close() 395 396 mod := OpenModule([][2]string{{"access-log-path", logServer.Path}}, debug) 397 if mod == 0 { 398 t.Errorf("OpenModule() with access log path %s failed", logServer.Path) 399 } else { 400 defer CloseModule(mod) 401 } 402 403 insertPolicyText(t, mod, "1", []string{` 404 name: "FooBar" 405 policy: 2 406 ingress_per_port_policies: < 407 port: 80 408 rules: < 409 remote_policies: 11 410 > 411 rules: < 412 remote_policies: 1 413 remote_policies: 3 414 remote_policies: 4 415 l7_proto: "test.headerparser" 416 l7_rules: < 417 l7_rules: < 418 rule: < 419 key: "prefix" 420 value: "Beginning" 421 > 422 > 423 l7_rules: < 424 rule: < 425 key: "suffix" 426 value: "End" 427 > 428 > 429 > 430 > 431 > 432 `}) 433 } 434 435 func TestTwoRulesOnSamePortMismatchingL7(t *testing.T) { 436 logServer := test.StartAccessLogServer("access_log.sock", 10) 437 defer logServer.Close() 438 439 mod := OpenModule([][2]string{{"access-log-path", logServer.Path}}, debug) 440 if mod == 0 { 441 t.Errorf("OpenModule() with access log path %s failed", logServer.Path) 442 } else { 443 defer CloseModule(mod) 444 } 445 446 // This registation will remain after this test. 447 proxylib.RegisterL7RuleParser("PortNetworkPolicyRule_HttpRules", func(*cilium.PortNetworkPolicyRule) []proxylib.L7NetworkPolicyRule { 448 return nil 449 }) 450 451 err := insertPolicyTextRaw(t, mod, "1", []string{` 452 name: "FooBar" 453 policy: 2 454 ingress_per_port_policies: < 455 port: 80 456 rules: < 457 remote_policies: 11 458 http_rules: < 459 http_rules: < 460 headers: < 461 name: ":path" 462 exact_match: "/allowed" 463 > 464 > 465 > 466 > 467 rules: < 468 remote_policies: 1 469 remote_policies: 3 470 remote_policies: 4 471 l7_proto: "test.headerparser" 472 l7_rules: < 473 l7_rules: < 474 rule: < 475 key: "prefix" 476 value: "Beginning" 477 > 478 > 479 l7_rules: < 480 rule: < 481 key: "suffix" 482 value: "End" 483 > 484 > 485 > 486 > 487 > 488 `}, "update") 489 if err == nil { 490 t.Errorf("Expected Policy Update to fail due to mismatching L7 protocols on the same port, but it succeeded") 491 } else { 492 log.Debugf("Expected error: %s", err) 493 } 494 } 495 496 func TestSimplePolicy(t *testing.T) { 497 logServer := test.StartAccessLogServer("access_log.sock", 10) 498 defer logServer.Close() 499 500 mod := OpenModule([][2]string{{"access-log-path", logServer.Path}}, debug) 501 if mod == 0 { 502 t.Errorf("OpenModule() with access log path %s failed", logServer.Path) 503 } else { 504 defer CloseModule(mod) 505 } 506 507 insertPolicyText(t, mod, "1", []string{` 508 name: "FooBar" 509 policy: 2 510 ingress_per_port_policies: < 511 port: 80 512 rules: < 513 remote_policies: 1 514 remote_policies: 3 515 remote_policies: 4 516 l7_proto: "test.headerparser" 517 l7_rules: < 518 l7_rules: < 519 rule: < 520 key: "prefix" 521 value: "Beginning" 522 > 523 > 524 l7_rules: < 525 rule: < 526 key: "suffix" 527 value: "End" 528 > 529 > 530 > 531 > 532 > 533 `}) 534 535 // Using headertester parser 536 buf := CheckOnNewConnection(t, mod, "test.headerparser", 1, true, 1, 2, "1.1.1.1:34567", "2.2.2.2:80", "FooBar", 537 80, proxylib.OK, 1) 538 539 // Original direction data, drops with remaining data 540 line1, line2, line3, line4 := "Beginning----\n", "foo\n", "----End\n", "\n" 541 data := line1 + line2 + line3 + line4 542 CheckOnData(t, 1, false, false, &[][]byte{[]byte(data)}, []ExpFilterOp{ 543 {proxylib.PASS, len(line1)}, 544 {proxylib.DROP, len(line2)}, 545 {proxylib.PASS, len(line3)}, 546 {proxylib.DROP, len(line4)}, 547 }, proxylib.OK, "Line dropped: "+line2+"Line dropped: "+line4) 548 549 expPasses, expDrops := 2, 2 550 checkAccessLogs(t, logServer, expPasses, expDrops) 551 552 CheckClose(t, 1, buf, 1) 553 } 554 555 func TestAllowAllPolicy(t *testing.T) { 556 logServer := test.StartAccessLogServer("access_log.sock", 10) 557 defer logServer.Close() 558 559 mod := OpenModule([][2]string{{"access-log-path", logServer.Path}}, debug) 560 if mod == 0 { 561 t.Errorf("OpenModule() with access log path %s failed", logServer.Path) 562 } else { 563 defer CloseModule(mod) 564 } 565 566 insertPolicyText(t, mod, "1", []string{` 567 name: "FooBar" 568 policy: 2 569 ingress_per_port_policies: < 570 port: 80 571 rules: < 572 l7_proto: "test.headerparser" 573 l7_rules: < 574 l7_rules: <> 575 > 576 > 577 > 578 `}) 579 580 // Using headertester parser 581 buf := CheckOnNewConnection(t, mod, "test.headerparser", 1, true, 1, 2, "1.1.1.1:34567", "2.2.2.2:80", "FooBar", 582 80, proxylib.OK, 1) 583 584 // Original direction data, drops with remaining data 585 line1, line2, line3, line4 := "Beginning----\n", "foo\n", "----End\n", "\n" 586 data := line1 + line2 + line3 + line4 587 CheckOnData(t, 1, false, false, &[][]byte{[]byte(data)}, []ExpFilterOp{ 588 {proxylib.PASS, len(line1)}, 589 {proxylib.PASS, len(line2)}, 590 {proxylib.PASS, len(line3)}, 591 {proxylib.PASS, len(line4)}, 592 }, proxylib.OK, "") 593 594 expPasses, expDrops := 4, 0 595 checkAccessLogs(t, logServer, expPasses, expDrops) 596 597 CheckClose(t, 1, buf, 1) 598 } 599 600 func TestAllowEmptyPolicy(t *testing.T) { 601 logServer := test.StartAccessLogServer("access_log.sock", 10) 602 defer logServer.Close() 603 604 mod := OpenModule([][2]string{{"access-log-path", logServer.Path}}, debug) 605 if mod == 0 { 606 t.Errorf("OpenModule() with access log path %s failed", logServer.Path) 607 } else { 608 defer CloseModule(mod) 609 } 610 611 insertPolicyText(t, mod, "1", []string{` 612 name: "FooBar" 613 policy: 2 614 ingress_per_port_policies: < 615 port: 80 616 rules: < 617 l7_proto: "test.headerparser" 618 > 619 > 620 `}) 621 622 // Using headertester parser, policy name matches the policy 623 buf := CheckOnNewConnection(t, mod, "test.headerparser", 1, true, 1, 2, "1.1.1.1:34567", "2.2.2.2:80", "FooBar", 624 80, proxylib.OK, 1) 625 626 // Original direction data, drops with remaining data 627 line1, line2, line3, line4 := "Beginning----\n", "foo\n", "----End\n", "\n" 628 CheckOnData(t, 1, false, false, &[][]byte{[]byte(line1), []byte(line2), []byte(line3), []byte(line4)}, []ExpFilterOp{ 629 {proxylib.PASS, len(line1)}, 630 {proxylib.PASS, len(line2)}, 631 {proxylib.PASS, len(line3)}, 632 {proxylib.PASS, len(line4)}, 633 }, proxylib.OK, "") 634 635 // Connection using a different policy name still drops 636 CheckOnNewConnection(t, mod, "test.headerparser", 2, true, 1, 2, "1.1.1.1:34567", "2.2.2.2:80", "FooBar2", 637 80, proxylib.OK, 2) 638 CheckOnData(t, 2, false, false, &[][]byte{[]byte(line1)}, []ExpFilterOp{ 639 {proxylib.DROP, len(line1)}, 640 }, proxylib.OK, "Line dropped: "+line1) 641 642 expPasses, expDrops := 4, 1 643 checkAccessLogs(t, logServer, expPasses, expDrops) 644 645 CheckClose(t, 2, buf, 2) 646 CheckClose(t, 1, buf, 1) 647 } 648 649 func TestAllowAllPolicyL3Egress(t *testing.T) { 650 logServer := test.StartAccessLogServer("access_log.sock", 10) 651 defer logServer.Close() 652 653 mod := OpenModule([][2]string{{"access-log-path", logServer.Path}}, debug) 654 if mod == 0 { 655 t.Errorf("OpenModule() with access log path %s failed", logServer.Path) 656 } else { 657 defer CloseModule(mod) 658 } 659 660 //logging.ToggleDebugLogs(true) 661 //log.SetLevel(log.DebugLevel) 662 663 insertPolicyText(t, mod, "1", []string{` 664 name: "FooBar" 665 policy: 42 666 egress_per_port_policies: < 667 port: 80 668 rules: < 669 remote_policies: 2 670 l7_proto: "test.headerparser" 671 l7_rules: < 672 l7_rules: <> 673 > 674 > 675 > 676 `}) 677 678 // Using headertester parser 679 buf := CheckOnNewConnection(t, mod, "test.headerparser", 1, false, 42, 2, "1.1.1.1:34567", "2.2.2.2:80", "FooBar", 680 80, proxylib.OK, 1) 681 682 // Original direction data, drops with remaining data 683 line1, line2, line3, line4 := "Beginning----\n", "foo\n", "----End\n", "\n" 684 data := line1 + line2 + line3 + line4 685 CheckOnData(t, 1, false, false, &[][]byte{[]byte(data)}, []ExpFilterOp{ 686 {proxylib.PASS, len(line1)}, 687 {proxylib.PASS, len(line2)}, 688 {proxylib.PASS, len(line3)}, 689 {proxylib.PASS, len(line4)}, 690 }, proxylib.OK, "") 691 692 expPasses, expDrops := 4, 0 693 checkAccessLogs(t, logServer, expPasses, expDrops) 694 695 CheckClose(t, 1, buf, 1) 696 }