add `h2` static responses tests

[nickzaev]

These tests aim to ensure that Tempesta generates correct static responses in most common use-cases using h2 protocol.

[nickzaev]

I've encountered 2 Tempesta bugs during poking around these tests: 1) http_rules.test_http_tables.H2Redirects fails with

[Tue Aug  9 14:03:04 2022] [tempesta fw] Warning: request dropped: cannot find appropriate virtual host: 127.0.0.1

If you uncomment #-> redirection_chain; line in the main chain, the test passes. Just to make sure that this behavior is not caused by poorly formed configuration, I've provided 2 additional temporary tests (that will be deleted after we resolve corresponding Tempesta issues) that have pretty much the same configurations (except for the TLS part): http_rules.test_http_tables.HttpRedirects and http_rules.test_http_tables.HttpsRedirects. They both pass. Note that both of them don't have -> redirection_chain; in the main chain, so this h2 case is isolated. From my understanding, what happens is that Tempesta cannot match the request to any vhost because it simply doesn't have Host field within the request. I haven't digged deep enough into Tempesta code yet, so I added checks for:

            hdr "Authority" == "tempesta-tech.com" -> redirection_chain;
            hdr ":authority" == "tempesta-tech.com" -> redirection_chain;
            hdr "authority" == "tempesta-tech.com" -> redirection_chain;

as well in case if that would help, but it didn't — the test still fails.

2) cache.test_cache.H2Cache fails with:

[Tue Aug  9 14:31:49 2022] [tempesta fw] Warning: Unable to transform HTTP/1.1 data into HTTP/2 format: free space exhausted (accumulated length: 78
[Tue Aug  9 14:31:49 2022] [tempesta tls] Warning: [::ffff:127.0.0.1] Bad TLS alert

This is a known Tempesta issue (#261, #1669). Note that:

test (cache.test_cache.H2Cache) ... Amount of requests passed to the backend: 2
FAIL

basically means that requests get to the backend and Tempesta fails to return them back to the client. Regarding that tempesta tls warning, I'm not aware of it's meaning at the moment, but [::ffff:127.0.0.1] is definitely not a valid IPv6 address, so that might be a separate issue.

[krizhanovsky]

Issue (1) looks like about https://github.com/tempesta-tech/tempesta/issues/1630 - could you please disable the test pointing out the issue. I think just using authority in the rules should work, but it'd be good to leave the host rule pointing out to another chain/redirection to make sure that we process Host and authority in correct way (in terms of the cited issue).

I added comment 7 about Bad TLS alert message - this is some separate issue. ::ffff:127.0.0.1 is just a IPv4-mapped IPv6 address: Tempesta FW handles all addressed in IPv6 internally and if you use IPv4, then it maps the address(es) to IPv6.

[const-t]

Issue (1) looks like about tempesta-tech/tempesta#1630 - could you please disable the test pointing out the issue. I think just using authority in the rules should work, but it'd be good to leave the host rule pointing out to another chain/redirection to make sure that we process Host and authority in correct way (in terms of the cited issue).

I added comment 7 about Bad TLS alert message - this is some separate issue. ::ffff:127.0.0.1 is just a IPv4-mapped IPv6 address: Tempesta FW handles all addressed in IPv6 internally and if you use IPv4, then it maps the address(es) to IPv6.

No, it's not tempesta-tech/tempesta#1630, it's about matching pseudo-headers by http tables. Now we can't match any pseudo-headers by using hdr keyword in http chain. To match :authority we can use only Host keyword in http chain block.

[krizhanovsky]

With the slack discussion it's worth testing configuration like:

hdr "authority" == "tempesta-tech.com" -> one_chain;
host == "tempesta-tech.com" -> some_other_chain;