upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Removed the dnscrypt_queries and dnscrypt_queries_chacha tests,

Browse source 
because dnscrypt-proxy (2.0.36) does not support the test setup
  any more, and also the config file format does not seem to have
  the appropriate keys to recreate that setup.
This commit is contained in:
W.C.A. Wijngaards 2020-01-14 14:40:44 +01:00
parent e149bc7046
commit 9b3f3101e3
28 changed files with 6 additions and 589 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
doc/Changelog
View file

@ -1,3 +1,9 @@
14 January 2020: Wouter
- Removed the dnscrypt_queries and dnscrypt_queries_chacha tests,
because dnscrypt-proxy (2.0.36) does not support the test setup
any more, and also the config file format does not seem to have
the appropriate keys to recreate that setup.
10 January 2020: Wouter
- Fix the relationship between serve-expired and prefetch options,
patch from Saksham Manchanda from Secure64.

BIN
testdata/dnscrypt_queries.tdir/1.cert vendored
View file

Binary file not shown.

1
testdata/dnscrypt_queries.tdir/1.key vendored
View file

@ -1 +0,0 @@
®öÝìK¬‡#€4ùsŽ pèÖôÁæÀx!¹»AŠ"mM

BIN
testdata/dnscrypt_queries.tdir/1_chacha.cert vendored
View file

Binary file not shown.

BIN
testdata/dnscrypt_queries.tdir/1_salsa.cert vendored
View file

Binary file not shown.

BIN
testdata/dnscrypt_queries.tdir/2.cert vendored
View file

Binary file not shown.

1
testdata/dnscrypt_queries.tdir/2.key vendored
View file

@ -1 +0,0 @@
m7÷ЯБб┐x;▒%в╦У░И*∙эR╞Дс╞╧mD╙Я

BIN
testdata/dnscrypt_queries.tdir/2_chacha.cert vendored
View file

Binary file not shown.

BIN
testdata/dnscrypt_queries.tdir/2_salsa.cert vendored
View file

Binary file not shown.

26
testdata/dnscrypt_queries.tdir/dnscrypt_queries.conf vendored
View file

@ -1,26 +0,0 @@
server:
verbosity: 2
# num-threads: 1
port: @PORT@
interface: 0.0.0.0
interface: 0.0.0.0@@DNSCRYPT_PORT@
use-syslog: no
directory: .
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: "127.0.0.1@@TOPORT@"
dnscrypt:
dnscrypt-enable: yes
dnscrypt-port: @DNSCRYPT_PORT@
dnscrypt-provider: 2.dnscrypt-cert.example.com.
dnscrypt-secret-key: 1.key
dnscrypt-secret-key: 2.key
dnscrypt-provider-cert: 1_salsa.cert
dnscrypt-provider-cert: 2_salsa.cert

16
testdata/dnscrypt_queries.tdir/dnscrypt_queries.dsc vendored
View file

@ -1,16 +0,0 @@
BaseName: dnscrypt_queries
Version: 1.0
Description: dnscrypt queries.
CreationDate: Fri Mar 03 10:08:08 CEST 2017
Maintainer: Emmanuel Bretelle
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: dnscrypt_queries.pre
Post: dnscrypt_queries.post
Test: dnscrypt_queries.test
AuxFiles:
Passed:
Failure:

20
testdata/dnscrypt_queries.tdir/dnscrypt_queries.post vendored
View file

@ -1,20 +0,0 @@
# #-- dnscrypt_queries.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
PRE="../.."
. ../common.sh
# if no dnscrypt; exit
if grep "define USE_DNSCRYPT 1" $PRE/config.h; then
echo "have dnscrypt"
else
echo "no dnscrypt"
exit 0
fi
kill_pid $FWD_PID
kill_pid $UNBOUND_PID
kill_pid $PROXY_PID

53
testdata/dnscrypt_queries.tdir/dnscrypt_queries.pre vendored
View file

@ -1,53 +0,0 @@
# #-- dnscrypt_queries.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
# if no dnscrypt; exit
if grep "define USE_DNSCRYPT 1" $PRE/config.h; then
echo "have dnscrypt"
else
echo "no dnscrypt"
exit 0
fi
get_random_port 4
UNBOUND_PORT=$RND_PORT
FWD_PORT=$(($RND_PORT + 1))
DNSCRYPT_PORT=$(($RND_PORT + 2))
PROXY_PORT=$(($RND_PORT + 3))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
echo "DNSCRYPT_PORT=$DNSCRYPT_PORT" >> .tpkg.var.test
echo "PROXY_PORT=$PROXY_PORT" >> .tpkg.var.test
# start forwarder
get_ldns_testns
$LDNS_TESTNS -p $FWD_PORT dnscrypt_queries.testns >fwd.log 2>&1 &
FWD_PID=$!
echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
dnscrypt-proxy --local-address=127.0.0.1:${PROXY_PORT} \
--resolver-address=127.0.0.1:${DNSCRYPT_PORT} \
--provider-name=2.dnscrypt-cert.example.com \
--provider-key=B85F:41A1:4F23:F7DB:C866:F397:CC6F:44B6:5F9D:65C5:B629:7C27:5403:A6E9:DCF2:4F9D \
-m 32 \
>dnscryptproxy.log 2>&1 &
PROXY_PID=$!
echo "PROXY_PID=$PROXY_PID" >> .tpkg.var.test
# make config file
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' \
-e 's/@DNSCRYPT_PORT\@/'$DNSCRYPT_PORT'/' < dnscrypt_queries.conf > ub.conf
# start unbound in the background
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_ldns_testns_up fwd.log
wait_unbound_up unbound.log
wait_server_up dnscryptproxy.log "Proxying from"

107
testdata/dnscrypt_queries.tdir/dnscrypt_queries.test vendored
View file

@ -1,107 +0,0 @@
# #-- dnscrypt_queries.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
# if no dnscrypt; exit
if grep "define USE_DNSCRYPT 1" $PRE/config.h; then
echo "have dnscrypt"
else
echo "no dnscrypt"
exit 0
fi
# do the test
for opt in '' '+tcp'
do
echo "> do queries ${opt}"
dig @127.0.0.1 ${opt} -p $PROXY_PORT www1.example.com. >outfile1 &
digpid1=$!
dig @127.0.0.1 ${opt} -p $PROXY_PORT www2.example.com. >outfile2 &
digpid2=$!
dig @127.0.0.1 ${opt} -p $PROXY_PORT www3.example.com. >outfile3 &
digpid3=$!
dig @127.0.0.1 ${opt} -p $PROXY_PORT www4.example.com. >outfile4 &
digpid4=$!
dig @127.0.0.1 ${opt} -p $PROXY_PORT www5.example.com. >outfile5 &
digpid5=$!
dig @127.0.0.1 ${opt} -p $PROXY_PORT www6.example.com. >outfile6 &
digpid6=$!
sleep 1
kill -9 $digpid1
kill -9 $digpid2
kill -9 $digpid3
kill -9 $digpid4
kill -9 $digpid5
kill -9 $digpid6
echo "> cat outfile1"
cat outfile1
echo "> cat outfile2"
cat outfile2
echo "> cat outfile3"
cat outfile3
echo "> cat outfile4"
cat outfile4
echo "> cat outfile5"
cat outfile5
echo "> cat outfile6"
cat outfile6
echo "> cat logfiles"
cat fwd.log
cat unbound.log
echo "> check for ID bit collisions"
grep "pending reply" unbound.log > ids
numsend=`cat ids | wc -l`
cat ids | awk '{print $8};' | sort -u > ids2
numuniq=`cat ids2 | wc -l`
if test $numuniq -ne $numsend; then
echo "got a ID number clash. could not do test, sorry"
exit 0
fi
echo "> check answers for queries"
if grep "10.20.30.40" outfile1; then
echo "1 is OK"
else
echo "1 is not OK"
exit 1
fi
if grep "10.20.30.50" outfile2; then
echo "2 is OK"
else
echo "2 is not OK"
exit 1
fi
if grep "10.20.30.60" outfile3; then
echo "3 is OK"
else
echo "3 is not OK"
exit 1
fi
if grep "10.20.30.70" outfile4; then
echo "4 is OK"
else
echo "4 is not OK"
exit 1
fi
if grep "10.20.30.80" outfile5; then
echo "5 is OK"
else
echo "5 is not OK"
exit 1
fi
if grep "10.20.30.90" outfile6; then
echo "6 is OK"
else
echo "6 is not OK"
exit 1
fi
done
exit 0

63
testdata/dnscrypt_queries.tdir/dnscrypt_queries.testns vendored
View file

@ -1,63 +0,0 @@
; nameserver test file
$ORIGIN example.com.
$TTL 3600
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
www1 IN A
SECTION ANSWER
www1 IN A 10.20.30.40
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
www2 IN A
SECTION ANSWER
www2 IN A 10.20.30.50
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
www3 IN A
SECTION ANSWER
www3 IN A 10.20.30.60
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
www4 IN A
SECTION ANSWER
www4 IN A 10.20.30.70
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
www5 IN A
SECTION ANSWER
www5 IN A 10.20.30.80
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
www6 IN A
SECTION ANSWER
www6 IN A 10.20.30.90
ENTRY_END

1
testdata/dnscrypt_queries_chacha.tdir/1.key vendored
View file

@ -1 +0,0 @@
®öÝìK¬‡#€4ùsŽ pèÖôÁæÀx!¹»AŠ"mM

BIN
testdata/dnscrypt_queries_chacha.tdir/1_chacha.cert vendored
View file

Binary file not shown.

BIN
testdata/dnscrypt_queries_chacha.tdir/1_salsa.cert vendored
View file

Binary file not shown.

1
testdata/dnscrypt_queries_chacha.tdir/2.key vendored
View file

@ -1 +0,0 @@
m7÷ЯБб┐x;▒%в╦У░И*∙эR╞Дс╞╧mD╙Я

BIN
testdata/dnscrypt_queries_chacha.tdir/2_chacha.cert vendored
View file

Binary file not shown.

BIN
testdata/dnscrypt_queries_chacha.tdir/2_salsa.cert vendored
View file

Binary file not shown.

24
testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.conf vendored
View file

@ -1,24 +0,0 @@
server:
verbosity: 2
# num-threads: 1
port: @PORT@
interface: 0.0.0.0
interface: 0.0.0.0@@DNSCRYPT_PORT@
use-syslog: no
directory: .
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: "127.0.0.1@@TOPORT@"
dnscrypt:
dnscrypt-enable: yes
dnscrypt-port: @DNSCRYPT_PORT@
dnscrypt-provider: 2.dnscrypt-cert.example.com.
dnscrypt-secret-key: 2.key
dnscrypt-provider-cert: 2_salsa.cert
dnscrypt-provider-cert: 2_chacha.cert

16
testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.dsc vendored
View file

@ -1,16 +0,0 @@
BaseName: dnscrypt_queries_chacha
Version: 1.0
Description: dnscrypt queries using xchacha
CreationDate: Thu Jun 01 10:08:08 CEST 2017
Maintainer: Emmanuel Bretelle
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: dnscrypt_queries_chacha.pre
Post: dnscrypt_queries_chacha.post
Test: dnscrypt_queries_chacha.test
AuxFiles:
Passed:
Failure:

17
testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.post vendored
View file

@ -1,17 +0,0 @@
# #-- dnscrypt_queries_chacha.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
PRE="../.."
. ../common.sh
# Check if we can run the test.
. ./precheck.sh
kill_pid $FWD_PID
kill_pid $UNBOUND_PID
kill_pid $PROXY_PID

52
testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.pre vendored
View file

@ -1,52 +0,0 @@
# #-- dnscrypt_queries_chacha.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
# Check if we can run the test.
. ./precheck.sh
get_random_port 4
UNBOUND_PORT=$RND_PORT
FWD_PORT=$(($RND_PORT + 1))
DNSCRYPT_PORT=$(($RND_PORT + 2))
PROXY_PORT=$(($RND_PORT + 3))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
echo "DNSCRYPT_PORT=$DNSCRYPT_PORT" >> .tpkg.var.test
echo "PROXY_PORT=$PROXY_PORT" >> .tpkg.var.test
# start forwarder
get_ldns_testns
$LDNS_TESTNS -p $FWD_PORT dnscrypt_queries_chacha.testns >fwd.log 2>&1 &
FWD_PID=$!
echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
dnscrypt-proxy --local-address=127.0.0.1:${PROXY_PORT} \
--resolver-address=127.0.0.1:${DNSCRYPT_PORT} \
--provider-name=2.dnscrypt-cert.example.com \
--provider-key=C352:1F20:F2D2:FD65:B5F4:7BF6:6C1A:88C1:4BCB:80CE:1E3A:3572:5CB1:7D4B:12D3:E783 \
-m 32 \
>dnscryptproxy.log 2>&1 &
PROXY_PID=$!
echo "PROXY_PID=$PROXY_PID" >> .tpkg.var.test
# make config file
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' \
-e 's/@DNSCRYPT_PORT\@/'$DNSCRYPT_PORT'/' < dnscrypt_queries_chacha.conf > ub.conf
# start unbound in the background
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_ldns_testns_up fwd.log
wait_unbound_up unbound.log
wait_server_up dnscryptproxy.log "Proxying from"
if ! grep 'Using version 2.0 of the DNSCrypt protocol' dnscryptproxy.log; then
echo "Failed to select xchacha cert"
exit 1
fi

101
testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.test vendored
View file

@ -1,101 +0,0 @@
# #-- dnscrypt_queries_chacha.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
# Check if we can run the test.
. ./precheck.sh
# do the test
for opt in '' '+tcp'
do
echo "> do queries ${opt}"
dig @127.0.0.1 ${opt} -p $PROXY_PORT www1.example.com. >outfile1 &
digpid1=$!
dig @127.0.0.1 ${opt} -p $PROXY_PORT www2.example.com. >outfile2 &
digpid2=$!
dig @127.0.0.1 ${opt} -p $PROXY_PORT www3.example.com. >outfile3 &
digpid3=$!
dig @127.0.0.1 ${opt} -p $PROXY_PORT www4.example.com. >outfile4 &
digpid4=$!
dig @127.0.0.1 ${opt} -p $PROXY_PORT www5.example.com. >outfile5 &
digpid5=$!
dig @127.0.0.1 ${opt} -p $PROXY_PORT www6.example.com. >outfile6 &
digpid6=$!
sleep 1
kill -9 $digpid1
kill -9 $digpid2
kill -9 $digpid3
kill -9 $digpid4
kill -9 $digpid5
kill -9 $digpid6
echo "> cat outfile1"
cat outfile1
echo "> cat outfile2"
cat outfile2
echo "> cat outfile3"
cat outfile3
echo "> cat outfile4"
cat outfile4
echo "> cat outfile5"
cat outfile5
echo "> cat outfile6"
cat outfile6
echo "> cat logfiles"
cat fwd.log
cat unbound.log
echo "> check for ID bit collisions"
grep "pending reply" unbound.log > ids
numsend=`cat ids | wc -l`
cat ids | awk '{print $8};' | sort -u > ids2
numuniq=`cat ids2 | wc -l`
if test $numuniq -ne $numsend; then
echo "got a ID number clash. could not do test, sorry"
exit 0
fi
echo "> check answers for queries"
if grep "10.20.30.40" outfile1; then
echo "1 is OK"
else
echo "1 is not OK"
exit 1
fi
if grep "10.20.30.50" outfile2; then
echo "2 is OK"
else
echo "2 is not OK"
exit 1
fi
if grep "10.20.30.60" outfile3; then
echo "3 is OK"
else
echo "3 is not OK"
exit 1
fi
if grep "10.20.30.70" outfile4; then
echo "4 is OK"
else
echo "4 is not OK"
exit 1
fi
if grep "10.20.30.80" outfile5; then
echo "5 is OK"
else
echo "5 is not OK"
exit 1
fi
if grep "10.20.30.90" outfile6; then
echo "6 is OK"
else
echo "6 is not OK"
exit 1
fi
done
exit 0

63
testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.testns vendored
View file

@ -1,63 +0,0 @@
; nameserver test file
$ORIGIN example.com.
$TTL 3600
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
www1 IN A
SECTION ANSWER
www1 IN A 10.20.30.40
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
www2 IN A
SECTION ANSWER
www2 IN A 10.20.30.50
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
www3 IN A
SECTION ANSWER
www3 IN A 10.20.30.60
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
www4 IN A
SECTION ANSWER
www4 IN A 10.20.30.70
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
www5 IN A
SECTION ANSWER
www5 IN A 10.20.30.80
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
www6 IN A
SECTION ANSWER
www6 IN A 10.20.30.90
ENTRY_END

27
testdata/dnscrypt_queries_chacha.tdir/precheck.sh vendored
View file

@ -1,27 +0,0 @@
# dnscrypt precheck.sh
# if no dnscrypt; exit
if grep "define USE_DNSCRYPT 1" $PRE/config.h; then
echo "have dnscrypt"
else
echo "no dnscrypt"
exit 0
fi
# if no xchacha20 support in unbound; exit
if grep "define USE_DNSCRYPT_XCHACHA20 1" $PRE/config.h; then
echo "have xchacha20"
xchacha20=1
else
echo "no xchacha20"
xchacha20=0
exit 0
fi
# if dnscrypt-proxy does not support xchacha20; exit
if (dnscrypt-proxy -h 2>&1 | grep -q 'XChaCha20-Poly1305 cipher: present'); then
echo "dnscrypt-proxy has xchacha20"
else
echo "dnscrypt-proxy does not have xchacha20"
exit 0
fi