networking.tcl 5.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175
  1. source tests/support/cli.tcl
  2. test {CONFIG SET port number} {
  3. start_server {} {
  4. if {$::tls} { set port_cfg tls-port} else { set port_cfg port }
  5. # available port
  6. set avail_port [find_available_port $::baseport $::portcount]
  7. set rd [redis [srv 0 host] [srv 0 port] 0 $::tls]
  8. $rd CONFIG SET $port_cfg $avail_port
  9. $rd close
  10. set rd [redis [srv 0 host] $avail_port 0 $::tls]
  11. $rd PING
  12. # already inuse port
  13. catch {$rd CONFIG SET $port_cfg $::test_server_port} e
  14. assert_match {*Unable to listen on this port*} $e
  15. $rd close
  16. # make sure server still listening on the previous port
  17. set rd [redis [srv 0 host] $avail_port 0 $::tls]
  18. $rd PING
  19. $rd close
  20. }
  21. } {} {external:skip}
  22. test {CONFIG SET bind address} {
  23. start_server {} {
  24. # non-valid address
  25. catch {r CONFIG SET bind "999.999.999.999"} e
  26. assert_match {*Failed to bind to specified addresses*} $e
  27. # make sure server still bound to the previous address
  28. set rd [redis [srv 0 host] [srv 0 port] 0 $::tls]
  29. $rd PING
  30. $rd close
  31. }
  32. } {} {external:skip}
  33. # Attempt to connect to host using a client bound to bindaddr,
  34. # and return a non-zero value if successful within specified
  35. # millisecond timeout, or zero otherwise.
  36. proc test_loopback {host bindaddr timeout} {
  37. if {[exec uname] != {Linux}} {
  38. return 0
  39. }
  40. after $timeout set ::test_loopback_state timeout
  41. if {[catch {
  42. set server_sock [socket -server accept 0]
  43. set port [lindex [fconfigure $server_sock -sockname] 2] } err]} {
  44. return 0
  45. }
  46. proc accept {channel clientaddr clientport} {
  47. set ::test_loopback_state "connected"
  48. close $channel
  49. }
  50. if {[catch {set client_sock [socket -async -myaddr $bindaddr $host $port]} err]} {
  51. puts "test_loopback: Client connect failed: $err"
  52. } else {
  53. close $client_sock
  54. }
  55. vwait ::test_loopback_state
  56. close $server_sock
  57. return [expr {$::test_loopback_state == {connected}}]
  58. }
  59. test {CONFIG SET bind-source-addr} {
  60. if {[test_loopback 127.0.0.1 127.0.0.2 1000]} {
  61. start_server {} {
  62. start_server {} {
  63. set replica [srv 0 client]
  64. set master [srv -1 client]
  65. $master config set protected-mode no
  66. $replica config set bind-source-addr 127.0.0.2
  67. $replica replicaof [srv -1 host] [srv -1 port]
  68. wait_for_condition 50 100 {
  69. [s 0 master_link_status] eq {up}
  70. } else {
  71. fail "Replication not started."
  72. }
  73. assert_match {*ip=127.0.0.2*} [s -1 slave0]
  74. }
  75. }
  76. } else {
  77. if {$::verbose} { puts "Skipping bind-source-addr test." }
  78. }
  79. } {} {external:skip}
  80. start_server {config "minimal.conf" tags {"external:skip"}} {
  81. test {Default bind address configuration handling} {
  82. # Default is explicit and sane
  83. assert_equal "* -::*" [lindex [r CONFIG GET bind] 1]
  84. # CONFIG REWRITE acknowledges this as a default
  85. r CONFIG REWRITE
  86. assert_equal 0 [count_message_lines [srv 0 config_file] bind]
  87. # Removing the bind address works
  88. r CONFIG SET bind ""
  89. assert_equal "" [lindex [r CONFIG GET bind] 1]
  90. # No additional clients can connect
  91. catch {redis_client} err
  92. assert_match {*connection refused*} $err
  93. # CONFIG REWRITE handles empty bindaddr
  94. r CONFIG REWRITE
  95. assert_equal 1 [count_message_lines [srv 0 config_file] bind]
  96. # Make sure we're able to restart
  97. restart_server 0 0 0 0
  98. # Make sure bind parameter is as expected and server handles binding
  99. # accordingly.
  100. assert_equal {bind {}} [rediscli_exec 0 config get bind]
  101. catch {reconnect 0} err
  102. assert_match {*connection refused*} $err
  103. assert_equal {OK} [rediscli_exec 0 config set bind *]
  104. reconnect 0
  105. r ping
  106. } {PONG}
  107. proc get_nonloopback_addr {} {
  108. set addrlist [list {}]
  109. catch { set addrlist [exec hostname -I] }
  110. return [lindex $addrlist 0]
  111. }
  112. proc get_nonloopback_client {} {
  113. return [redis [get_nonloopback_addr] [srv 0 "port"] 0 $::tls]
  114. }
  115. test {Protected mode works as expected} {
  116. # Get a non-loopback address of this instance for this test.
  117. set myaddr [get_nonloopback_addr]
  118. if {$myaddr != "" && ![string match {127.*} $myaddr]} {
  119. # Non-loopback client should fail by default
  120. set r2 [get_nonloopback_client]
  121. catch {$r2 ping} err
  122. assert_match {*DENIED*} $err
  123. # Bind configuration should not matter
  124. assert_equal {OK} [r config set bind "*"]
  125. set r2 [get_nonloopback_client]
  126. catch {$r2 ping} err
  127. assert_match {*DENIED*} $err
  128. # Setting a password should disable protected mode
  129. assert_equal {OK} [r config set requirepass "secret"]
  130. set r2 [redis $myaddr [srv 0 "port"] 0 $::tls]
  131. assert_equal {OK} [$r2 auth secret]
  132. assert_equal {PONG} [$r2 ping]
  133. # Clearing the password re-enables protected mode
  134. assert_equal {OK} [r config set requirepass ""]
  135. set r2 [redis $myaddr [srv 0 "port"] 0 $::tls]
  136. assert_match {*DENIED*} $err
  137. # Explicitly disabling protected-mode works
  138. assert_equal {OK} [r config set protected-mode no]
  139. set r2 [redis $myaddr [srv 0 "port"] 0 $::tls]
  140. assert_equal {PONG} [$r2 ping]
  141. }
  142. }
  143. }