proxyproto: add UDP session tracking for Spectrum PPv2 (#7967)

2026-04-05 11:45:33 -04:00 · 2026-03-28 15:06:36 -07:00
parent 12d9457e71
commit 34acf8353f
10 changed files with 398 additions and 19 deletions
--- a/plugin/proxyproto/setup_test.go
+++ b/plugin/proxyproto/setup_test.go
@@ -3,6 +3,7 @@ package proxyproto
 import (
 	"strings"
 	"testing"
+	"time"

 	"github.com/coredns/caddy"
 	"github.com/coredns/coredns/core/dnsserver"
@@ -10,23 +11,41 @@ import (

 func TestSetup(t *testing.T) {
 	tests := []struct {
-		input              string
-		shouldErr          bool
-		expectedRoot       string // expected root, set to the controller. Empty for negative cases.
-		expectedErrContent string // substring from the expected error. Empty for positive cases.
-		config             bool
+		input                      string
+		shouldErr                  bool
+		expectedRoot               string // expected root, set to the controller. Empty for negative cases.
+		expectedErrContent         string // substring from the expected error. Empty for positive cases.
+		config                     bool
+		sessionTrackingTTL         time.Duration
+		sessionTrackingMaxSessions int
 	}{
 		// positive
-		{"proxyproto", false, "", "", true},
-		{"proxyproto {\nallow 127.0.0.1/8 ::1/128\n}", false, "", "", true},
-		{"proxyproto {\nallow 127.0.0.1/8 ::1/128\ndefault ignore\n}", false, "", "", true},
+		{"proxyproto", false, "", "", true, 0, 0},
+		{"proxyproto {\nallow 127.0.0.1/8 ::1/128\n}", false, "", "", true, 0, 0},
+		{"proxyproto {\nallow 127.0.0.1/8 ::1/128\ndefault ignore\n}", false, "", "", true, 0, 0},
 		// Allow without any IPs is also valid
-		{"proxyproto {\nallow\n}", false, "", "", true},
+		{"proxyproto {\nallow\n}", false, "", "", true, 0, 0},
+		// udp_session_tracking with TTL only (max sessions gonna use package default)
+		{"proxyproto {\nudp_session_tracking 28s\n}", false, "", "", true, 28 * time.Second, 0},
+		{"proxyproto {\nallow 10.0.0.0/8\nudp_session_tracking 1m\n}", false, "", "", true, time.Minute, 0},
+		// udp_session_tracking with explicit max sessions
+		{"proxyproto {\nudp_session_tracking 28s 20000\n}", false, "", "", true, 28 * time.Second, 20000},
+		{"proxyproto {\nallow 10.0.0.0/8\nudp_session_tracking 1m 500\n}", false, "", "", true, time.Minute, 500},
 		// negative
-		{"proxyproto {\nunknown\n}", true, "", "unknown option", false},
-		{"proxyproto extra_arg", true, "", "Wrong argument", false},
-		{"proxyproto {\nallow invalid_ip\n}", true, "", "invalid CIDR address", false},
-		{"proxyproto {\nallow 127.0.0.1/8\ndefault invalid_policy\n}", true, "", "Wrong argument", false},
+		{"proxyproto {\nunknown\n}", true, "", "unknown option", false, 0, 0},
+		{"proxyproto extra_arg", true, "", "Wrong argument", false, 0, 0},
+		{"proxyproto {\nallow invalid_ip\n}", true, "", "invalid CIDR address", false, 0, 0},
+		{"proxyproto {\nallow 127.0.0.1/8\ndefault invalid_policy\n}", true, "", "Wrong argument", false, 0, 0},
+		// udp_session_tracking: missing TTL
+		{"proxyproto {\nudp_session_tracking\n}", true, "", "Wrong argument", false, 0, 0},
+		// udp_session_tracking: too many arguments
+		{"proxyproto {\nudp_session_tracking 28s 100 extra\n}", true, "", "Wrong argument", false, 0, 0},
+		// udp_session_tracking: bad TTL
+		{"proxyproto {\nudp_session_tracking notaduration\n}", true, "", "invalid duration", false, 0, 0},
+		// udp_session_tracking: bad max sessions
+		{"proxyproto {\nudp_session_tracking 28s notanumber\n}", true, "", "invalid max sessions", false, 0, 0},
+		{"proxyproto {\nudp_session_tracking 28s 0\n}", true, "", "invalid max sessions", false, 0, 0},
+		{"proxyproto {\nudp_session_tracking 28s -1\n}", true, "", "invalid max sessions", false, 0, 0},
 	}
 	for i, test := range tests {
 		c := caddy.NewTestController("dns", test.input)
@@ -40,6 +59,16 @@ func TestSetup(t *testing.T) {
 			t.Errorf("Test %d: Expected ProxyProtoConnPolicy to NOT be configured for input %s", i, test.input)
 		}

+		if cfg.ProxyProtoUDPSessionTrackingTTL != test.sessionTrackingTTL {
+			t.Errorf("Test %d: Expected ProxyProtoUDPSessionTrackingTTL %v, got %v for input %s",
+				i, test.sessionTrackingTTL, cfg.ProxyProtoUDPSessionTrackingTTL, test.input)
+		}
+
+		if cfg.ProxyProtoUDPSessionTrackingMaxSessions != test.sessionTrackingMaxSessions {
+			t.Errorf("Test %d: Expected ProxyProtoUDPSessionTrackingMaxSessions %d, got %d for input %s",
+				i, test.sessionTrackingMaxSessions, cfg.ProxyProtoUDPSessionTrackingMaxSessions, test.input)
+		}
+
 		if test.shouldErr && err == nil {
 			t.Errorf("Test %d: Expected error but found %s for input %s", i, err, test.input)
 		}