nginxinc · eufinco · Apr 6, 2022 · Apr 4, 2022 · Apr 6, 2022 · Apr 6, 2022
@@ -4,4 +4,4 @@ metadata:
   name: nginx-config
   namespace: nginx-ingress
 data:
-  set-real-ip-from: "0.0.0.0/0"
+  set-real-ip-from: "0.0.0.0/0,::/0"
@@ -85,6 +85,7 @@ data:
   app.conf: |-
     server {
       listen 443 ssl;
+      listen [::]:443 ssl;
 
       server_name app.example.com;
 

@@ -55,6 +55,7 @@ data:
   app.conf: |-
     server {
       listen 443 ssl;
+      listen [::]:443 ssl;
 
       server_name app.example.com;
 

@@ -6,7 +6,7 @@ metadata:
 data:
   real-ip-header: "X-Forwarded-For"
   real-ip-recursive: "True"
-  set-real-ip-from: "0.0.0.0/0"
+  set-real-ip-from: "0.0.0.0/0,::/0"
   worker-connections: "30000"
   worker-rlimit-nofile: "65535"
-  worker-rlimit-core: "500M"
+  worker-rlimit-core: "500M"
@@ -52,6 +52,7 @@ data:
   app.conf: |-
     server {
       listen 8443 ssl;
+      listen [::]:8443 ssl;
 
       server_name app.example.com;
 

@@ -20,6 +20,7 @@ def get_certificate(ip_address, host, port, timeout=10) -> str:
     context = ssl.create_default_context()
     context.check_hostname = False
     context.verify_mode = ssl.CERT_NONE
+    ip_address = ip_address.strip("[]")
     conn = socket.create_connection((ip_address, port))
     server_hostname = host if ssl.HAS_SNI else None
     sock = context.wrap_socket(conn, server_hostname=server_hostname)

@@ -120,8 +120,8 @@ def test_tcp_request_load_balanced(
         retry = 0
         while(len(endpoints) is not 3 and retry <= 30):
             for i in range(20):
-                client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-                client.connect((host, port))
+                host = host.strip("[]")
+                client = socket.create_connection((host,port))
                 client.sendall(b'connect')
                 response = client.recv(4096)
                 endpoint = response.decode()
@@ -165,8 +165,8 @@ def test_tcp_request_load_balanced_multiple(
 
         # Step 1, confirm load balancing is working.
         print(f"sending tcp requests to: {host}:{port}")
-        client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        client.connect((host, port))
+        host = host.strip("[]")
+        client = socket.create_connection((host,port))
         client.sendall(b'connect')
         response = client.recv(4096)
         endpoint = response.decode()
@@ -212,8 +212,8 @@ def test_tcp_request_load_balanced_multiple(
 
         # Step 4, confirm load balancing is still working.
         print(f"sending tcp requests to: {host}:{port}")
-        client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        client.connect((host, port))
+        host = host.strip("[]")
+        client = socket.create_connection((host,port))
         client.sendall(b'connect')
         response = client.recv(4096)
         endpoint = response.decode()
@@ -252,8 +252,8 @@ def test_tcp_request_load_balanced_wrong_port(
         print(f"sending tcp requests to: {host}:{port}")
         for i in range(3):
             try:
-                client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-                client.connect((host, port))
+                host = host.strip("[]")
+                client = socket.create_connection((host,port))
                 client.sendall(b'connect')
             except ConnectionResetError as E:
                 print("The expected exception occurred:", E)
@@ -283,8 +283,8 @@ def test_tcp_request_load_balanced_missing_service(
         print(f"sending tcp requests to: {host}:{port}")
         for i in range(3):
             try:
-                client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-                client.connect((host, port))
+                host = host.strip("[]")
+                client = socket.create_connection((host,port))
                 client.sendall(b'connect')
             except ConnectionResetError as E:
                 print("The expected exception occurred:", E)
@@ -293,8 +293,8 @@ def test_tcp_request_load_balanced_missing_service(
 
     def make_holding_connection(self, host, port):
         print(f"sending tcp requests to: {host}:{port}")
-        client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        client.connect((host, port))
+        host = host.strip("[]")
+        client = socket.create_connection((host,port))
         client.sendall(b'hold')
         response = client.recv(4096)
         endpoint = response.decode()
@@ -421,8 +421,8 @@ def test_tcp_request_load_balanced_method(
         retry = 0
         while(len(endpoints) is not 1 and retry <= 30):
             for i in range(20):
-                client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-                client.connect((host, port))
+                host = host.strip("[]")
+                client = socket.create_connection((host,port))
                 client.sendall(b'connect')
                 response = client.recv(4096)
                 endpoint = response.decode()
@@ -447,8 +447,8 @@ def test_tcp_request_load_balanced_method(
         retry = 0
         while(len(endpoints) is not 3 and retry <= 30):
             for i in range(20):
-                client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-                client.connect((host, port))
+                host = host.strip("[]")
+                client = socket.create_connection((host,port))
                 client.sendall(b'connect')
                 response = client.recv(4096)
                 endpoint = response.decode()
@@ -509,8 +509,8 @@ def test_tcp_passing_healthcheck_with_match(
         retry = 0
         while(len(endpoints) is not 3 and retry <= 30):
             for i in range(20):
-                client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-                client.connect((host, port))
+                host = host.strip("[]")
+                client = socket.create_connection((host,port))
                 client.sendall(b'connect')
                 response = client.recv(4096)
                 endpoint = response.decode()
@@ -570,8 +570,8 @@ def test_tcp_failing_healthcheck_with_match(
         port = transport_server_setup.public_endpoint.tcp_server_port
         host = transport_server_setup.public_endpoint.public_ip
 
-        client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        client.connect((host, port))
+        host = host.strip("[]")
+        client = socket.create_connection((host,port))
         client.sendall(b'connect')
 
         try:

@@ -1,6 +1,7 @@
 import pytest
 import re
 import socket
+import ipaddress
 
 from suite.resources_utils import (
     wait_before_test,
@@ -17,6 +18,30 @@
 )
 from settings import TEST_DATA
 
+# Helper functions
+def chk_endpoint(endp):
+    """
+    If an endpoint is IPv6, return a formatted [ip]:port
+    endpoint. Otherwise, return unmodified endpoint.
+    """
+    ip = endp[:endp.rfind(":")]
+    address = ipaddress.ip_address(ip)
+    if address.version == 6:
+        port = endp[endp.rfind(":"):]
+        return f"[{ip}]{port}"
+    else:
+        return endp
+
+def ipfamily_from_host(host):
+    """
+    Return socket type (AF_INET or AF_INET6) based on
+    IP address type from host
+    """
+    address = ipaddress.ip_address(host)
+    if address.version == 6:
+        return socket.AF_INET6
+    else:
+        return socket.AF_INET
 
 @pytest.mark.ts
 @pytest.mark.skip_for_loadbalancer
@@ -115,7 +140,8 @@ def test_udp_request_load_balanced(
         retry = 0
         while(len(endpoints) is not 3 and retry <= 30):
             for i in range(20):
-                client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0)
+                host = host.strip("[]")
+                client = socket.socket(ipfamily_from_host(host), socket.SOCK_DGRAM, 0)
                 client.sendto("ping".encode('utf-8'), (host, port))
                 data, address = client.recvfrom(4096)
                 endpoint = data.decode()
@@ -144,7 +170,7 @@ def test_udp_request_load_balanced(
         for key in endpoints.keys():
             found = False
             for server in servers:
-                if key in server:
+                if chk_endpoint(key) in server:
                     found = True
             assert found
 
@@ -159,7 +185,8 @@ def test_udp_request_load_balanced_multiple(
 
         # Step 1, confirm load balancing is working.
         print(f"sending udp requests to: {host}:{port}")
-        client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0)
+        host = host.strip("[]")
+        client = socket.socket(ipfamily_from_host(host), socket.SOCK_DGRAM, 0)
         client.sendto("ping".encode('utf-8'), (host, port))
         data, address = client.recvfrom(4096)
         endpoint = data.decode()
@@ -203,7 +230,7 @@ def test_udp_request_load_balanced_multiple(
         )
 
         # Step 4, confirm load balancing is still working.
-        client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0)
+        client = socket.socket(ipfamily_from_host(host), socket.SOCK_DGRAM, 0)
         client.sendto("ping".encode('utf-8'), (host, port))
         data, address = client.recvfrom(4096)
         endpoint = data.decode()
@@ -239,7 +266,8 @@ def test_udp_request_fails(
 
         print(f"sending udp requests to: {host}:{port}")
         for i in range(3):
-            client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0)
+            host = host.strip("[]")
+            client = socket.socket(ipfamily_from_host(host), socket.SOCK_DGRAM, 0)
             client.settimeout(2)
             client.sendto("ping".encode('utf-8'), (host, port))
             try:
@@ -301,7 +329,8 @@ def test_udp_passing_healthcheck_with_match(
         endpoints = {}
         while(len(endpoints) is not 3 and retry <= 30):
             for i in range(20):
-                client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0)
+                host = host.strip("[]")
+                client = socket.socket(ipfamily_from_host(host), socket.SOCK_DGRAM, 0)
                 client.sendto("ping".encode('utf-8'), (host, port))
                 data, address = client.recvfrom(4096)
                 endpoint = data.decode()
@@ -361,7 +390,8 @@ def test_udp_failing_healthcheck_with_match(
         port = transport_server_setup.public_endpoint.udp_server_port
         host = transport_server_setup.public_endpoint.public_ip
 
-        client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0)
+        host = host.strip("[]")
+        client = socket.socket(ipfamily_from_host(host), socket.SOCK_DGRAM, 0)
         client.settimeout(2)
         client.sendto("ping".encode('utf-8'), (host, port))
         try:

@@ -12,7 +12,7 @@
 @pytest.mark.skip_for_nginx_oss
 @pytest.mark.parametrize('crd_ingress_controller, v_s_route_setup',
                          [({"type": "complete", "extra_args": ["-enable-custom-resources",
-                                                               "-nginx-status-allow-cidrs=0.0.0.0/0"]},
+                                                               "-nginx-status-allow-cidrs=0.0.0.0/0,::/0"]},
                            {"example": "virtual-server-route-dynamic-configuration"})],
                          indirect=True)
 class TestVSRNginxPlusApi:

@@ -12,7 +12,7 @@
 @pytest.mark.skip_for_nginx_oss
 @pytest.mark.parametrize('crd_ingress_controller, virtual_server_setup',
                          [({"type": "complete", "extra_args": ["-enable-custom-resources",
-                                                               "-nginx-status-allow-cidrs=0.0.0.0/0"]},
+                                                               "-nginx-status-allow-cidrs=0.0.0.0/0,::/0"]},
                            {"example": "virtual-server-dynamic-configuration", "app_type": "simple"})],
                          indirect=True)
 class TestVSNginxPlusApi: