- Add functionality to skip tdir tests from the .pre file;

- Initial tests for interface-* options.

testcode/do-tests.sh

@@ -16,6 +16,7 @@ NEED_WHOAMI='07-confroot.tdir'
 NEED_IPV6='fwd_ancil.tdir fwd_tcp_tc6.tdir stub_udp6.tdir edns_cache.tdir'
 NEED_NOMINGW='tcp_sigpipe.tdir 07-confroot.tdir 08-host-lib.tdir fwd_ancil.tdir'
 NEED_DNSCRYPT_PROXY='dnscrypt_queries.tdir dnscrypt_queries_chacha.tdir'
+NEED_UNSHARE='acl_interface.tdir'
 
 # test if dig and ldns-testns are available.
 test_tool_avail "dig"
@@ -50,6 +51,7 @@ for test in `ls -d *.tdir`; do
 	skip_if_in_list $test "$NEED_NC" "nc"
 	skip_if_in_list $test "$NEED_WHOAMI" "whoami"
 	skip_if_in_list $test "$NEED_DNSCRYPT_PROXY" "dnscrypt-proxy"
+	skip_if_in_list $test "$NEED_UNSHARE" "unshare"
 
 	if echo $NEED_IPV6 | grep $test >/dev/null; then
 		if test "$HAVE_IPV6" = no; then

testcode/mini_tdir.sh

@@ -17,9 +17,9 @@ fi
 
 if test "$1" = "clean"; then
 	if test $quiet = 0; then
-		echo "rm -f result.* .done* .tdir.var.master .tdir.var.test"
+		echo "rm -f result.* .done* .skip* .tdir.var.master .tdir.var.test"
 	fi
-	rm -f result.* .done* .tdir.var.master .tdir.var.test
+	rm -f result.* .done* .skip* .tdir.var.master .tdir.var.test
 	exit 0
 fi
 if test "$1" = "fake"; then
@@ -54,12 +54,15 @@ if test "$1" = "-f" && test "$2" = "report"; then
 				echo "** PASSED ** $timelen $name: $desc"
 				pass=`expr $pass + 1`
 			fi
+		elif test -f ".skip-$name"; then
+			echo ">> SKIPPED<< $timelen $name: $desc"
+			skip=`expr $pass + 1`
 		else
 			if test -f "result.$name"; then
 				echo "!! FAILED !! $timelen $name: $desc"
 				fail=`expr $fail + 1`
 			else
-				echo ".> SKIPPED<< $timelen $name: $desc"
+				echo ">> SKIPPED<< $timelen $name: $desc"
 				skip=`expr $skip + 1`
 			fi
 		fi
@@ -81,6 +84,10 @@ if test "$1" = "report" || test "$2" = "report"; then
 			if test $quiet = 0; then
 				echo "** PASSED ** : $name"
 			fi
+		elif test -f ".skip-$name"; then
+			if test $quiet = 0; then
+				echo ">> SKIPPED<< : $name"
+			fi
 		else
 			if test -f "result.$name"; then
 				echo "!! FAILED !! : $name"
@@ -116,6 +123,7 @@ name=`basename $1 .tdir`
 dir=$name.$$
 result=result.$name
 done=.done-$name
+skip=.skip-$name
 success="no"
 if test -x "`which bash`"; then
 	shell="bash"
@@ -124,8 +132,8 @@ else
 fi
 
 # check already done
-if test -f .done-$name; then
-	echo "minitdir .done-$name exists. skip test."
+if test -f $done; then
+	echo "minitdir $done exists. skip test."
 	exit 0
 fi
 
@@ -151,11 +159,15 @@ if test -f $name.pre; then
 	fi
 	echo "minitdir exe $name.pre" >> $result
 	$shell $name.pre $args >> $result
-	if test $? -ne 0; then
+	exit_value=$?
+	if test $exit_value -eq 3; then
+		echo "$name: SKIPPED" >> $result
+		echo "$name: SKIPPED" > ../$skip
+	elif test $exit_value -ne 0; then
 		echo "Warning: $name.pre did not exit successfully"
 	fi
 fi
-if test -f $name.test; then
+if test -f $name.test -a ! -f ../$skip; then
 	if test $quiet = 0; then
 		echo "minitdir exe $name.test"
 	fi
@@ -167,14 +179,14 @@ if test -f $name.test; then
 		success="no"
 	else
 		echo "$name: PASSED" >> $result
-		echo "$name: PASSED" > ../.done-$name
+		echo "$name: PASSED" > ../$done
 		if test $quiet = 0; then
 			echo "$name: PASSED"
 		fi
 		success="yes"
 	fi
 fi
-if test -f $name.post; then
+if test -f $name.post -a ! -f ../$skip; then
 	if test $quiet = 0; then
 		echo "minitdir exe $name.post"
 	fi

testdata/acl_interface.tdir/acl_interface.conf

@@ -0,0 +1,68 @@
+server:
+	verbosity: 7
+	use-syslog: no
+	directory: ""
+	pidfile: "unbound.pid"
+	chroot: ""
+	username: ""
+	do-not-query-localhost: no
+	use-caps-for-id: yes
+
+# Interface configuration for IPv4
+	interface: @IPV4_ADDR@@@PORT_ALLOW@
+	interface: @IPV4_ADDR@@@PORT_DENY@
+	interface: @IPV4_ADDR@@@PORT_REFUSE@
+	interface: @IPV4_ADDR@@@PORT_VIEW_INT@
+	interface: @IPV4_ADDR@@@PORT_VIEW_EXT@
+	interface: @IPV4_ADDR@@@PORT_VIEW_INTEXT@
+
+	interface-action: @IPV4_ADDR@@@PORT_ALLOW@ allow
+	interface-action: @IPV4_ADDR@@@PORT_DENY@ deny
+	interface-action: @IPV4_ADDR@@@PORT_VIEW_INT@ allow
+	interface-action: @IPV4_ADDR@@@PORT_VIEW_EXT@ allow
+	interface-action: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ allow
+
+	interface-view: @IPV4_ADDR@@@PORT_VIEW_INT@ "int"
+	interface-view: @IPV4_ADDR@@@PORT_VIEW_EXT@ "ext"
+	interface-view: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ "intext"
+
+# Mirrored interface configuration for IPv6
+	interface: @IPV6_ADDR@@@PORT_ALLOW@
+	interface: @IPV6_ADDR@@@PORT_DENY@
+	interface: @IPV6_ADDR@@@PORT_REFUSE@
+	interface: @IPV6_ADDR@@@PORT_VIEW_INT@
+	interface: @IPV6_ADDR@@@PORT_VIEW_EXT@
+	interface: @IPV6_ADDR@@@PORT_VIEW_INTEXT@
+
+	interface-action: @IPV6_ADDR@@@PORT_ALLOW@ allow
+	interface-action: @IPV6_ADDR@@@PORT_DENY@ deny
+	interface-action: @IPV6_ADDR@@@PORT_VIEW_INT@ allow
+	interface-action: @IPV6_ADDR@@@PORT_VIEW_EXT@ allow
+	interface-action: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ allow
+
+	interface-view: @IPV6_ADDR@@@PORT_VIEW_INT@ "int"
+	interface-view: @IPV6_ADDR@@@PORT_VIEW_EXT@ "ext"
+	interface-view: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ "intext"
+
+# Views configuration
+view:
+	name: "int"
+	view-first: yes
+	local-zone: "." refuse
+	local-zone: "internal" transparent
+view:
+	name: "ext"
+	view-first: yes
+	local-zone: "internal" refuse
+view:
+	name: "intext"
+	view-first: yes
+
+# Stubs configuration
+forward-zone:
+	name: "."
+	forward-addr: @IPV4_ADDR@@@FORWARD_PORT@
+
+stub-zone:
+	name: "internal"
+	stub-addr: @IPV4_ADDR@@@STUB_PORT@

testdata/acl_interface.tdir/acl_interface.dsc

@@ -0,0 +1,16 @@
+BaseName: acl_interface
+Version: 1.0
+Description: Check the interface-* settings
+CreationDate: Fri 8 Oct 18:14:40 CEST 2021
+Maintainer:
+Category:
+Component:
+CmdDepends:
+Depends:
+Help:
+Pre: acl_interface.pre
+Post:
+Test: acl_interface.test
+AuxFiles:
+Passed:
+Failure:

testdata/acl_interface.tdir/acl_interface.pre

@@ -0,0 +1,54 @@
+# #-- acl_interface.pre--#
+PRE="../.."
+. ../common.sh
+
+# This test uses the unshare utility
+if test ! -x "`which unshare 2>&1`"; then
+	skip_test "no unshare (from util-linux package) available, skip test"
+fi
+
+get_random_port 8
+
+PORT_ALLOW=$RND_PORT
+PORT_DENY=$(($RND_PORT + 1))
+PORT_REFUSE=$(($RND_PORT + 2))
+PORT_VIEW_INT=$(($RND_PORT + 3))
+PORT_VIEW_EXT=$(($RND_PORT + 4))
+PORT_VIEW_INTEXT=$(($RND_PORT + 5))
+FORWARD_PORT=$(($RND_PORT + 6))
+STUB_PORT=$(($RND_PORT + 7))
+
+IPV4_ADDR=192.168.1.1
+IPV6_ADDR=2001:db8::1
+
+# make config file
+sed \
+	-e 's/@PORT_ALLOW\@/'$PORT_ALLOW'/' \
+	-e 's/@PORT_DENY\@/'$PORT_DENY'/' \
+	-e 's/@PORT_REFUSE\@/'$PORT_REFUSE'/' \
+	-e 's/@PORT_VIEW_INT\@/'$PORT_VIEW_INT'/' \
+	-e 's/@PORT_VIEW_EXT\@/'$PORT_VIEW_EXT'/' \
+	-e 's/@PORT_VIEW_INTEXT\@/'$PORT_VIEW_INTEXT'/' \
+	-e 's/@FORWARD_PORT\@/'$FORWARD_PORT'/' \
+	-e 's/@STUB_PORT\@/'$STUB_PORT'/' \
+	-e 's/@IPV4_ADDR\@/'$IPV4_ADDR'/' \
+	-e 's/@IPV6_ADDR\@/'$IPV6_ADDR'/' \
+	< acl_interface.conf > ub.conf
+
+if test -x "`which bash`"; then
+	shell="bash"
+else
+	shell="sh"
+fi
+
+echo "PORT_ALLOW=$PORT_ALLOW" >> .tpkg.var.test
+echo "PORT_DENY=$PORT_DENY" >> .tpkg.var.test
+echo "PORT_REFUSE=$PORT_REFUSE" >> .tpkg.var.test
+echo "PORT_VIEW_INT=$PORT_VIEW_INT" >> .tpkg.var.test
+echo "PORT_VIEW_EXT=$PORT_VIEW_EXT" >> .tpkg.var.test
+echo "PORT_VIEW_INTEXT=$PORT_VIEW_INTEXT" >> .tpkg.var.test
+echo "FORWARD_PORT=$FORWARD_PORT" >> .tpkg.var.test
+echo "STUB_PORT=$STUB_PORT" >> .tpkg.var.test
+echo "IPV4_ADDR=$IPV4_ADDR" >> .tpkg.var.test
+echo "IPV6_ADDR=$IPV6_ADDR" >> .tpkg.var.test
+echo "shell=$shell" >> .tpkg.var.test

testdata/acl_interface.tdir/acl_interface.test

@@ -0,0 +1,11 @@
+# #-- acl_interface.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+PRE="../.."
+. ../common.sh
+
+# Run the scenario in an unshared namespace
+unshare -rUn $shell acl_interface.test.scenario
+exit $?

testdata/acl_interface.tdir/acl_interface.test.scenario

@@ -0,0 +1,116 @@
+# #-- acl_interface.test.scenario --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+PRE="../.."
+. ../common.sh
+
+ip addr add $IPV4_ADDR dev lo
+ip addr add $IPV6_ADDR dev lo
+ip link set lo up
+
+# start the forwarder in the background
+get_ldns_testns
+$LDNS_TESTNS -p $FORWARD_PORT acl_interface.testns >fwd.log 2>&1 &
+FWD_PID=$!
+echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
+
+# start the stub in the background
+$LDNS_TESTNS -p $STUB_PORT acl_interface.testns2 >fwd2.log 2>&1 &
+STUB_PID=$!
+echo "STUB_PID=$STUB_PID" >> .tpkg.var.test
+
+# start unbound in the background
+$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
+UNBOUND_PID=$!
+echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
+
+cat .tpkg.var.test
+wait_ldns_testns_up fwd.log
+wait_ldns_testns_up fwd2.log
+wait_unbound_up unbound.log
+
+# Query for the given domain to the given port
+# $1: address family [4, 6]
+# $2: port
+# $3: dname
+query () {
+	addr=$IPV4_ADDR
+	if test "$1" -eq 6; then
+		addr=$IPV6_ADDR
+	fi
+	echo "> dig -p $2 $3"
+	dig @"$addr" -p $2 $3 | tee outfile
+}
+
+expect_refused () {
+	echo "> check answer for REFUSED"
+	if grep "REFUSED" outfile; then
+		echo "OK"
+	else
+		echo "Not OK"
+		exit 1
+	fi
+}
+
+expect_external_answer () {
+	echo "> check external answer"
+	if grep "1.2.3.4" outfile; then
+		echo "OK"
+	else
+		echo "Not OK"
+		exit 1
+	fi
+}
+
+expect_internal_answer () {
+	echo "> check internal answer"
+	if grep "10.20.30.40" outfile; then
+		echo "OK"
+	else
+		echo "Not OK"
+		exit 1
+	fi
+}
+
+
+# do the test
+
+for i in 4 6; do
+	query $i $PORT_REFUSE "www.external"
+	expect_refused
+
+	query $i $PORT_REFUSE "www.internal"
+	expect_refused
+
+	query $i $PORT_ALLOW "www.external"
+	expect_external_answer
+
+	query $i $PORT_ALLOW "www.internal"
+	expect_internal_answer
+
+	query $i $PORT_VIEW_INT "www.internal"
+	expect_internal_answer
+
+	query $i $PORT_VIEW_INT "www.external"
+	expect_refused
+
+	query $i $PORT_VIEW_EXT "www.internal"
+	expect_refused
+
+	query $i $PORT_VIEW_EXT "www.external"
+	expect_external_answer
+
+	query $i $PORT_VIEW_INTEXT "www.internal"
+	expect_internal_answer
+
+	query $i $PORT_VIEW_INTEXT "www.external"
+	expect_external_answer
+done
+
+echo "> cat logfiles"
+cat fwd.log
+cat fwd2.log
+cat unbound.log
+exit 0

testdata/acl_interface.tdir/acl_interface.testns

@@ -0,0 +1,13 @@
+; nameserver test file
+$ORIGIN external.
+$TTL 3600
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id
+SECTION QUESTION
+www	IN	A
+SECTION ANSWER
+www	IN	A	1.2.3.4
+ENTRY_END

testdata/acl_interface.tdir/acl_interface.testns2

@@ -0,0 +1,13 @@
+; nameserver test file
+$ORIGIN internal.
+$TTL 3600
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id
+SECTION QUESTION
+www	IN	A
+SECTION ANSWER
+www	IN	A	10.20.30.40
+ENTRY_END

testdata/common.sh

@@ -27,6 +27,7 @@
 # wait_petal_up		: wait for petal to come up.
 # wait_nsd_up		: wait for nsd to come up.
 # wait_server_up_or_fail: wait for server to come up or print a failure string
+# skip_test x		: print message and skip test (must be called in .pre)
 # kill_pid		: kill a server, make sure and wait for it to go down.
 
 
@@ -109,6 +110,13 @@ skip_if_in_list () {
 	fi
 }
 
+# Print a message and skip the test. Must be called in the .pre file.
+# $1: message to print.
+skip_test () {
+	echo "$1"
+	exit 3
+}
+
 # function to get a number of random port numbers.
 # $1: number of random ports.
 # RND_PORT is returned as the starting port number