Test connection timeout and retries

tests/Makefile.am

@@ -32,6 +32,7 @@ AM_LDFLAGS += -rpath $(abs_builddir)
 
 include gold_tests/continuations/plugins/Makefile.inc
 include gold_tests/chunked_encoding/Makefile.inc
+include gold_tests/timeout/Makefile.inc
 include gold_tests/tls/Makefile.inc
 include tools/plugins/Makefile.inc
 

tests/gold_tests/timeout/Makefile.inc

@@ -0,0 +1,19 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+noinst_PROGRAMS += gold_tests/timeout/ssl-delay-server
+gold_tests_timeout_ssl_delay_server_SOURCES = gold_tests/timeout/ssl-delay-server.cc
+gold_tests_timeout_ssl_delay_server_LDADD = -lssl -lcrypto

tests/gold_tests/timeout/case1.sh

@@ -0,0 +1,23 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+# This is funky delaying and backgrounding the client request, but I just
+# could not get the command executing in the network space to go to background
+# without blocking the autest.
+
+(sleep 1; curl -i http://127.0.0.1:${1}/not-blocked ) &
+
+sudo ip netns exec testserver nc -4 -l $2 -c "sh ./delay-server.sh"

tests/gold_tests/timeout/case2.sh

@@ -0,0 +1,37 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+# This is funky delaying and backgrounding the client request, but I just
+# could not get the command executing in the network space to go to background
+# without blocking the autest.
+
+
+if [ $# == 5 ]
+then
+./ssl-delay-server $1 $2 $3 server.pem 2> server${1}post.log  &
+sleep 1
+curl -H'Connection:close' -d "bob" -i http://127.0.0.1:$4/${5} --tlsv1.2
+else
+./ssl-delay-server $1 $2 $3 server.pem 2> server${1}get.log  &
+sleep 1
+curl -H'Connection:close' -i http://127.0.0.1:$4/${5} --tlsv1.2
+fi
+
+kill $(jobs -pr)
+
+exit 0
+
+

tests/gold_tests/timeout/conn_timeout.test.py

@@ -0,0 +1,71 @@
+'''
+'''
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+Test.Summary = 'Testing ATS TCP handshake timeout'
+
+# Skipping this in the normal CI because it requires privilege.
+# Comment out to run in your privileged environment
+Test.SkipIf(Condition.true("Test requires privilege"))
+
+ts = Test.MakeATSProcess("ts")
+
+Test.ContinueOnFail = True
+Test.GetTcpPort("blocked_upstream_port")
+Test.GetTcpPort("upstream_port")
+
+ts.Disk.records_config.update({
+    'proxy.config.url_remap.remap_required': 1,
+    'proxy.config.http.connect_attempts_timeout': 2,
+    'proxy.config.http.connect_attempts_max_retries': 0,
+    'proxy.config.http.transaction_no_activity_timeout_out': 5,
+    'proxy.config.diags.debug.enabled': 0,
+    'proxy.config.diags.debug.tags': 'http',
+})
+
+ts.Disk.remap_config.AddLine('map /blocked http://10.1.1.1:{0}'.format(Test.Variables.blocked_upstream_port))
+ts.Disk.remap_config.AddLine('map /not-blocked http://10.1.1.1:{0}'.format(Test.Variables.upstream_port))
+
+# Set up the network name space.  Requires privilege
+tr = Test.AddTestRun("tr-ns-setup")
+tr.Processes.Default.StartBefore(ts)
+tr.Processes.Default.TimeOut = 2
+tr.Setup.Copy('setupnetns.sh')
+tr.Processes.Default.Command = 'echo start; sudo sh -x ./setupnetns.sh {0} {1}'.format(Test.Variables.blocked_upstream_port, Test.Variables.upstream_port)
+
+# Request to the port that is blocked in the network ns.  The SYN should never be responded to
+# and the connect timeout should trigger with a 50x return.  If the SYN handshake occurs, the
+# no activity timeout would trigger, but not before the test timeout expires
+tr = Test.AddTestRun("tr-blocking")
+tr.Processes.Default.Command = 'curl -i http://127.0.0.1:{0}/blocked {0}'.format(ts.Variables.port)
+tr.Processes.Default.TimeOut = 4
+tr.Processes.Default.Streams.All = Testers.ContainsExpression("HTTP/1.1 502 internal error - server connection terminated", "Connect failed")
+
+#  Should not catch the connect timeout.  Even though the first bytes are not sent until after the 2 second connect timeout
+#  But before the no-activity timeout
+tr = Test.AddTestRun("tr-delayed")
+tr.Setup.Copy('delay-server.sh')
+tr.Setup.Copy('case1.sh')
+tr.Processes.Default.Command = 'sh ./case1.sh {0} {1}'.format(ts.Variables.port, ts.Variables.upstream_port)
+tr.Processes.Default.TimeOut = 7
+tr.Processes.Default.Streams.All = Testers.ContainsExpression("HTTP/1.1 200", "Connect succeeded")
+
+
+# cleanup the network namespace and virtual network
+tr = Test.AddTestRun("tr-cleanup")
+tr.Processes.Default.Command = 'sudo ip netns del testserver; sudo ip link del veth0 type veth peer name veth1'
+tr.Processes.Default.TimeOut = 4

tests/gold_tests/timeout/delay-server.sh

@@ -0,0 +1,20 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+sleep 3
+printf "HTTP/1.1 200\r\nTransfer-encoding: chunked\r\n\r\n"
+printf "F\r\n1234567890"
+printf "12345\r\n0\r\n\r\n"

tests/gold_tests/timeout/setupnetns.sh

@@ -0,0 +1,30 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+ip netns del testserver
+ip link del veth0 type veth peer name veth1
+ip netns add testserver
+ip link add veth0 type veth peer name veth1
+ip addr add 10.1.1.2/24 dev veth0
+ip link set up dev veth0
+ip link set veth1 netns testserver
+ip netns exec testserver ip addr add 10.1.1.1/24 dev veth1
+ip netns exec testserver ip link set up  dev veth1
+ip netns exec testserver iptables -t filter -A INPUT -p tcp --dport $1 -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment v4-new-connections -j DROP
+ip netns exec testserver iptables -t filter -A INPUT -p tcp --dport $2 -j ACCEPT
+ip netns exec testserver iptables -t filter -A OUTPUT -p tcp  -j ACCEPT
+# Depending on your iptables policy, you may need to adjust to allow traffic to pass over the veth0 virtual connection
+