Bug 1461466

Summary: The router does not do a case-insensitive match of a hostname
Product: OpenShift Container Platform Reporter: Ben Bennett <bbennett>
Component: NetworkingAssignee: Phil Cameron <pcameron>
Networking sub component: router QA Contact: zhaozhanqi <zzhao>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: aloughla, aos-bugs, bmeng, eparis, xtian
Version: 3.6.0   
Target Milestone: ---   
Target Release: 3.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1467006 (view as bug list) Environment:
Last Closed: 2017-11-28 21:56:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1467006    

Description Ben Bennett 2017-06-14 13:44:17 UTC
Description of problem:

If you have a route for openshift.io/foo and an HTTP request comes in for: http://OPENshift.io/foo it will not be served.  In DNS the hostnames are specified to be case insensitive, so we should support that (in both HTTP and in SNI).  BUT we need to make sure that the path matches are done in a case sensitive way.


Version-Release number of selected component (if applicable):

Definitely 3.6.  Probably forever.


How reproducible:

100%


Steps to Reproduce:
1. [Create a test endpoint, expose it, and get the hostname]
   oc create -f examples/hello-openshift/hello-pod.json
   oc expose pod hello-openshift
   oc expose svc hello-openshift
   oc get route hello-openshift
2. [Create a router and get its IP]
   oadm router
   oc get pod -o wide
3. curl http://172.17.0.3/ -H 'Host: hello-openshift-default.router.default.svc.cluster.local'  # Works
   curl http://172.17.0.3/ -H 'Host: hello-openshift-default.router.default.svc.cluster.locaL'  # Fails (note the L at the end)


Actual results:

curl http://172.17.0.3/ -H 'Host: hello-openshift-default.router.default.svc.cluster.locaL' returns a 503 error and the associated "service not found" page.


Expected results:

Hello Openshift!

(the same as the lower case hostname)

Additional info:

Note that the same needs to work for https routes terminated at the router (edge and reencrypt) and TLS w/ SNI pass-through routes.

Test with:
  oc create route edge hello-openshift-edge --service=hello-openshift
  curl -k https://hello-openshift-edge-default.router.default.svc.cluster.local/ --resolve hello-openshift-edge-default.router.default.svc.cluster.local:443:172.17.0.3
  curl -k https://hello-openshift-edge-default.router.default.svc.cluster.locaL/ --resolve hello-openshift-edge-default.router.default.svc.cluster.local:443:172.17.0.3

And we MUST differentiate between paths /foo and /FOO.  Those are two different routes, and must be treated as such.

Comment 1 Ben Bennett 2017-06-14 13:46:11 UTC
We also need to ensure that the router treats domain names of different cases as the same thing when it is handling the hostname reservations.

Comment 7 Eric Paris 2017-06-27 23:54:47 UTC
Fix:
https://github.com/openshift/origin/pull/14157
Test to merge after fix:
https://github.com/openshift/origin/pull/14858

Comment 8 Eric Paris 2017-07-01 13:10:42 UTC
marking as MODIFIED. The fix emrged. I closed this bug to track the addition of the test.

Comment 10 zhaozhanqi 2017-07-05 09:21:28 UTC
Verified this bug on v3.6.133

all kind of routes are work well with capital letter


$ oc get route
NAME               HOST/PORT                                     PATH      SERVICES           PORT      TERMINATION   WILDCARD
edge1              edge1-z2.0705-2fq.qe.rhcloud.com                        service-unsecure   http      edge          None
pass               pass-z2.0705-2fq.qe.rhcloud.com                         service-secure     https     passthrough   None
reen               reen-z2.0705-2fq.qe.rhcloud.com                         service-secure     https     reencrypt     None
service-unsecure   service-unsecure-z2.0705-2fq.qe.rhcloud.com             service-unsecure   http                    None

$ curl https://EDGE1-z2.0705-2fq.qe.rhcloUD.COM/test/ -k 
Hello-OpenShift-Path-Test http-8080
$ curl https://PASS-z2.0705-2fq.qe.rhcloUD.COM/ -k 
Hello-OpenShift-1 https-8443
$ curl https://REEN-z2.0705-2fq.qe.rhcloUD.COM/ -k 
Hello-OpenShift-1 https-8443
$ curl SERVICE-UNSecure-z2.0705-2fq.qe.rhcloud.com
Hello-OpenShift-1 http-8080

Comment 11 openshift-github-bot 2017-08-04 21:49:01 UTC
Commits pushed to master at https://github.com/openshift/origin

https://github.com/openshift/origin/commit/9b90badec96c297832df771f78fdbf0daa2589a2
Test case for mixed/uppercase host name

This is a test case for PR 14157

When a  user provides a mixed or uppercase host name the router converts
it to lower case before matching it to existing routes.

Test for:
https://github.com/openshift/origin/pull/14157

Fixes bug 1461466
https://bugzilla.redhat.com/show_bug.cgi?id=1461466

https://github.com/openshift/origin/commit/ddb26b463f4d2d6e111122c254337fdeeb3a3f2b
Merge pull request #15640 from pecameron/bz1461466u

Automatic merge from submit-queue

Test case for mixed/uppercase host name

This is a test case for PR 14157

When a  user provides a mixed or uppercase host name the router converts
it to lower case before matching it to existing routes.

Test for:
https://github.com/openshift/origin/pull/14157

Fixes bug 1461466
https://bugzilla.redhat.com/show_bug.cgi?id=1461466

Comment 15 errata-xmlrpc 2017-11-28 21:56:55 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188