feature: Add shaping rate limit cases.

images_build/client/dign_client/bin/client.py

@@ -26,19 +26,19 @@ class ConfigLoader:
             'conn_timeout': 1,'max_recv_speed_large': 6553600
         },
         'test_firewallDenyDrop_dns': {
-            'conn_timeout': 1,'max_recv_speed_large': 6553600
+            'conn_timeout': 3,'max_recv_speed_large': 6553600
         },
         'test_firewallDenyRedirectA_dns': {
-            'conn_timeout': 1,'max_recv_speed_large': 6553600
+            'conn_timeout': 3,'max_recv_speed_large': 6553600
         },
         'test_firewallDenyRedirectAAAA_dns': {
-            'conn_timeout': 1,'max_recv_speed_large': 6553600
+            'conn_timeout': 3,'max_recv_speed_large': 6553600
         },
         'test_firewallDenyRedirectARangeTTL_dns': {
-            'conn_timeout': 1,'max_recv_speed_large': 6553600
+            'conn_timeout': 3,'max_recv_speed_large': 6553600
         },
         'test_firewallDenyRedirectAAAARangeTTL_dns': {
-            'conn_timeout': 1,'max_recv_speed_large': 6553600
+            'conn_timeout': 3,'max_recv_speed_large': 6553600
         },
         'test_dnsRequest_allow_rdtype_a': {
             'conn_timeout': 1,'max_recv_speed_large': 6553600
@@ -113,10 +113,10 @@ class ConfigLoader:
             'conn_timeout': 1,'max_recv_speed_large': 6553600
         },
         'test_firewallIntercept_sslDownloadSize16M': {
-            'conn_timeout': 1,'max_recv_speed_large': 6553600
+            'conn_timeout': 4,'max_recv_speed_large': 6553600
         },
         'test_firewallIntercept_sslDownloadSize64M': {
-            'conn_timeout': 1,'max_recv_speed_large': 6553600
+            'conn_timeout': 12,'max_recv_speed_large': 6553600
         },
         'test_firewallAllow_http': {
             'conn_timeout': 1,'max_recv_speed_large': 6553600
@@ -151,6 +151,18 @@ class ConfigLoader:
         'test_proxyDenyFilterURL_http': {
             'conn_timeout': 1,'max_recv_speed_large': 6553600
         },
+        'test_shaping_ratelimit_0bps_http': {
+            'conn_timeout': 4,'max_recv_speed_large': 6553600
+        },
+        'test_shaping_ratelimit_0bps_https': {
+            'conn_timeout': 4,'max_recv_speed_large': 6553600
+        },
+        'test_shaping_ratelimit_1000gbps_http': {
+            'conn_timeout': 4,'max_recv_speed_large': 6553600
+        },
+        'test_shaping_ratelimit_1000gbps_https': {
+            'conn_timeout': 4,'max_recv_speed_large': 6553600
+        },
         'start_time_random_delay_range': {
             'left_edge': 1,'right_edge': 30
         }
@@ -291,7 +303,11 @@ class ServerAddressBuilder:
         ('testing-firewall-filter-host.badssl.selftest.gdnt-cloud.website', 80),
         ('testing-firewall-filter-url.badssl.selftest.gdnt-cloud.website', 80),
         ('testing-proxy-filter-host.badssl.selftest.gdnt-cloud.website', 80),
-        ('testing-proxy-filter-url.badssl.selftest.gdnt-cloud.website', 80)
+        ('testing-proxy-filter-url.badssl.selftest.gdnt-cloud.website', 80),
+        ('testing-rate-limit-0bps.badssl.selftest.gdnt-cloud.website', 80),
+        ('testing-rate-limit-0bps.badssl.selftest.gdnt-cloud.website', 443),
+        ('testing-rate-limit-1000gbps.badssl.selftest.gdnt-cloud.website', 80),
+        ('testing-rate-limit-1000gbps.badssl.selftest.gdnt-cloud.website', 443)
     ]
 
     def __init__(self, service_function_index: int):
@@ -694,7 +710,7 @@ class ProxyCasesRunner:
         return True, None
 
     def action_deny_protocol_http_filter_host(self, url, resolves, conn_timeout, max_recv_speed_large):
-        conn = HttpsURLTransferBuilder(url, resolves, conn_timeout, max_recv_speed_large)
+        conn = HttpURLTransferBuilder(url, resolves, conn_timeout, max_recv_speed_large)
         conn.connect()
         is_error_none = self._analyzer.is_pycurl_error_none(conn.error_info)
         if not is_error_none[0]:
@@ -721,6 +737,46 @@ class ProxyCasesRunner:
             return False, is_body_matched[1]
         return True, None
 
+class ShapingCaseRunner:
+    def __init__(self) -> None:
+        self._analyzer = URLTransferResponseAnalyzer()
+        self._dns_analyzer = DNSResponseAnalyzer()
+
+    def rate_limit_0bps_protocol_http(self, url, resolves, conn_timeout, max_recv_speed_large):
+        conn = HttpURLTransferBuilder(url, resolves, conn_timeout, max_recv_speed_large)
+        conn.connect()
+        is_error_type_equal = self._analyzer.is_pycurl_error_code_equal(conn.error_info, 28)
+        if not is_error_type_equal[0]:
+            return False, is_error_type_equal[1]
+        return True, None
+
+    def rate_limit_0bps_protocol_https(self, url, resolves, conn_timeout, max_recv_speed_large):
+        conn = HttpsURLTransferBuilder(url, resolves, conn_timeout, max_recv_speed_large)
+        conn.connect()
+        is_error_type_equal = self._analyzer.is_pycurl_error_code_equal(conn.error_info, 28)
+        if not is_error_type_equal[0]:
+            return False, is_error_type_equal[1]
+        return True, None
+
+    def rate_limit_1000gbps_protocol_http(self, url, resolves, conn_timeout, max_recv_speed_large):
+        conn = HttpURLTransferBuilder(url, resolves, conn_timeout, max_recv_speed_large)
+        conn.connect()
+        is_error_none = self._analyzer.is_pycurl_error_none(conn.error_info)
+        if not is_error_none[0]:
+            return False, is_error_none[1]
+        return True, None
+
+    def rate_limit_1000gbps_protocol_https(self, url, resolves, conn_timeout, max_recv_speed_large):
+        conn = HttpsURLTransferBuilder(url, resolves, conn_timeout, max_recv_speed_large)
+        conn.connect()
+        is_error_none = self._analyzer.is_pycurl_error_none(conn.error_info)
+        if not is_error_none[0]:
+            return False, is_error_none[1]
+        is_cert_matched = self._analyzer.is_cert_issuer_matched(conn.cert_issuer, r'\bCN[\s]*=[\s]*BadSSL\b')
+        if not is_cert_matched[0]:
+            return False, is_cert_matched[1]
+        return True, None
+
 class FirewallCasesRunner:
     def __init__(self) -> None:
         self._analyzer = URLTransferResponseAnalyzer()
@@ -1014,6 +1070,7 @@ class DiagnoseCasesRunner:
 
         self._proxy_case = ProxyCasesRunner()
         self._firewall_case = FirewallCasesRunner()
+        self._shaping_case = ShapingCaseRunner()
         self._cases_info = [
             {
                 "name": "test_firewallBypass_ssl", 
@@ -1254,6 +1311,30 @@ class DiagnoseCasesRunner:
                 "protocol_type": "http",
                 "test_function": self._proxy_case.action_deny_protocol_http_filter_url,
                 "request_content": "http://testing-proxy-filter-url.badssl.selftest.gdnt-cloud.website"
+            },
+            {
+                "name": "test_shaping_ratelimit_0bps_http",
+                "protocol_type": "http",
+                "test_function": self._shaping_case.rate_limit_0bps_protocol_http,
+                "request_content": "http://testing-rate-limit-0bps.badssl.selftest.gdnt-cloud.website/resources/16M"
+            },
+            {
+                "name": "test_shaping_ratelimit_0bps_https",
+                "protocol_type": "https",
+                "test_function": self._shaping_case.rate_limit_0bps_protocol_https,
+                "request_content": "https://testing-rate-limit-0bps.badssl.selftest.gdnt-cloud.website/resources/16M"
+            },
+            {
+                "name": "test_shaping_ratelimit_1000gbps_http",
+                "protocol_type": "http",
+                "test_function": self._shaping_case.rate_limit_1000gbps_protocol_http,
+                "request_content": "http://testing-rate-limit-1000gbps.badssl.selftest.gdnt-cloud.website/resources/16M"
+            },
+            {
+                "name": "test_shaping_ratelimit_1000gbps_https",
+                "protocol_type": "https",
+                "test_function": self._shaping_case.rate_limit_1000gbps_protocol_https,
+                "request_content": "https://testing-rate-limit-1000gbps.badssl.selftest.gdnt-cloud.website/resources/16M"
             }
         ]
 

images_build/client/dign_client/etc/client.conf

@@ -217,6 +217,26 @@ enabled = 1
 conn_timeout = 1
 max_recv_speed_large = 6553600
 
+[test_shaping_ratelimit_0bps_http]
+enabled = 1
+conn_timeout = 4
+max_recv_speed_large = 6553600
+
+[test_shaping_ratelimit_0bps_https]
+enabled = 1
+conn_timeout = 4
+max_recv_speed_large = 6553600
+
+[test_shaping_ratelimit_1000gbps_http]
+enabled = 1
+conn_timeout = 4
+max_recv_speed_large = 6553600
+
+[test_shaping_ratelimit_1000gbps_https]
+enabled = 1
+conn_timeout = 4
+max_recv_speed_large = 6553600
+
 [start_time_random_delay_range]
 enabled = 0
 #Left_edge is the left edge of the randomly generated time in seconds

images_build/server_web/domains/misc/badssl.com/index.html

@@ -201,6 +201,13 @@
     <a href="https://testing-proxy-filter-url.{{ site.domain }}/" target="_blank" class="good"><span class="icon"></span>Testing proxy filter url</a>
     <a href="https://testing-proxy-filter-host.{{ site.domain }}/" target="_blank" class="good"><span class="icon"></span>Testing proxy filter host</a>
   </div>
+  <div class="group">
+    <h2 id="testing-rate-limit"><span class="emoji">🛞</span>Testing expand</h2>
+    <a href="http://testing-rate-limit-0bps.{{ site.domain }}/" target="_blank" class="good"><span class="icon"></span>Testing http connection rate limit 0 bps</a>
+    <a href="https://testing-rate-limit-0bps.{{ site.domain }}/" target="_blank" class="good"><span class="icon"></span>Testing https connection rate limit 0 bps</a>
+    <a href="http://testing-rate-limit-1000gbps.{{ site.domain }}/" target="_blank" class="good"><span class="icon"></span>Testing http connection rate limit 1000 Gbps</a>
+    <a href="https://testing-rate-limit-1000gbps.{{ site.domain }}/" target="_blank" class="good"><span class="icon"></span>Testing https connection rate limit 1000 Gbps</a>
+  </div>
   <div id="preload" style="width: 0; height: 0;">
     <!-- <link rel=preload> results in warnings in Chrome: https://crbug.com/661055 -->
     <!-- Workaround: Load the images in bogus elements. -->

images_build/server_web/domains/testing-rate-limit/rate-limit-0bps.conf

@@ -0,0 +1,16 @@
+---
+---
+server {
+  listen 80;
+  server_name testing-rate-limit-0bps.{{ site.domain }};
+  include {{ site.serving-path }}/common/common.conf;
+  root {{ site.serving-path }}/domains/testing-rate-limit/rate-limit-0bps;
+}
+
+server {
+  listen 443;
+  server_name testing-rate-limit-0bps.{{ site.domain }};
+  include {{ site.serving-path }}/nginx-includes/wildcard-normal.conf;
+  include {{ site.serving-path }}/nginx-includes/tls-defaults.conf;
+  root {{ site.serving-path }}/domains/testing-rate-limit/rate-limit-0bps;
+}

images_build/server_web/domains/testing-rate-limit/rate-limit-0bps/index.html

@@ -0,0 +1,12 @@
+---
+subdomain: testing-rate-limit-0bps
+layout: page
+favicon: green
+background: green
+---
+
+<div id="content">
+  <h1 style="font-size: 12vw;">
+    {{ page.subdomain }}.<br>{{ site.domain }}
+  </h1>
+</div>

images_build/server_web/domains/testing-rate-limit/rate-limit-1000gbps.conf

@@ -0,0 +1,18 @@
+---
+---
+server {
+  listen 80;
+  server_name testing-rate-limit-1000gbps.{{ site.domain }};
+  
+  include {{ site.serving-path }}/common/common.conf;
+  root {{ site.serving-path }}/domains/testing-rate-limit/rate-limit-1000gbps;
+}
+
+server {
+  listen 443;
+  server_name testing-rate-limit-1000gbps.{{ site.domain }};
+
+  include {{ site.serving-path }}/nginx-includes/wildcard-normal.conf;
+  include {{ site.serving-path }}/nginx-includes/tls-defaults.conf;
+  root {{ site.serving-path }}/domains/testing-rate-limit/rate-limit-1000gbps;
+}

images_build/server_web/domains/testing-rate-limit/rate-limit-1000gbps/index.html

@@ -0,0 +1,12 @@
+---
+subdomain: testing-rate-limit-1000gbps
+layout: page
+favicon: green
+background: green
+---
+
+<div id="content">
+  <h1 style="font-size: 12vw;">
+    {{ page.subdomain }}.<br>{{ site.domain }}
+  </h1>
+</div>