mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
253 lines
4.8 KiB
Text
253 lines
4.8 KiB
Text
# #-- acl_interface.test.scenario --#
|
|
# source the master var file when it's there
|
|
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
|
# use .tpkg.var.test for in test variable passing
|
|
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
|
PRE="../.."
|
|
. ../common.sh
|
|
|
|
ip addr add $IPV4_ADDR dev lo
|
|
ip addr add $IPV6_ADDR dev lo
|
|
ip link set lo up
|
|
|
|
ip link add $INTERFACE type dummy
|
|
ip addr add $INTERFACE_ADDR_1 dev $INTERFACE
|
|
ip addr add $INTERFACE_ADDR_2 dev $INTERFACE
|
|
ip addr add $INTERFACE_ADDR_3 dev $INTERFACE
|
|
ip addr add $INTERFACE_ADDR_4 dev $INTERFACE
|
|
ip link set $INTERFACE up
|
|
|
|
# start the forwarder in the background
|
|
get_ldns_testns
|
|
$LDNS_TESTNS -p $FORWARD_PORT acl_interface.testns >fwd.log 2>&1 &
|
|
FWD_PID=$!
|
|
echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
|
|
|
|
# start the stub in the background
|
|
$LDNS_TESTNS -p $STUB_PORT acl_interface.testns2 >fwd2.log 2>&1 &
|
|
STUB_PID=$!
|
|
echo "STUB_PID=$STUB_PID" >> .tpkg.var.test
|
|
|
|
# start unbound in the background
|
|
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
|
|
UNBOUND_PID=$!
|
|
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
|
|
|
|
cat .tpkg.var.test
|
|
wait_ldns_testns_up fwd.log
|
|
wait_ldns_testns_up fwd2.log
|
|
wait_unbound_up unbound.log
|
|
|
|
end () {
|
|
echo "> cat logfiles"
|
|
cat fwd.log
|
|
cat fwd2.log
|
|
cat unbound.log
|
|
exit $1
|
|
}
|
|
|
|
# Query for the given domain to the given port
|
|
# $1: address family [4, 6]
|
|
# $2: port
|
|
# $3: dname
|
|
query () {
|
|
addr=$IPV4_ADDR
|
|
if test "$1" -eq 6; then
|
|
addr=$IPV6_ADDR
|
|
fi
|
|
echo "> dig -p $2 $3"
|
|
dig @"$addr" -p $2 $3 | tee outfile
|
|
}
|
|
|
|
# Query for the given domain to the given port
|
|
# $1: address
|
|
# $2: port
|
|
# $3: dname
|
|
query_addr () {
|
|
echo "> dig @$1 -p $2 $3"
|
|
dig @"$1" -p $2 $3 | tee outfile
|
|
}
|
|
|
|
expect_refused () {
|
|
echo "> check answer for REFUSED"
|
|
if grep "REFUSED" outfile; then
|
|
echo "OK"
|
|
else
|
|
echo "Not OK"
|
|
end 1
|
|
fi
|
|
}
|
|
|
|
expect_nx_answer () {
|
|
echo "> check answer for NXDOMAIN"
|
|
if grep "NXDOMAIN" outfile; then
|
|
echo "OK"
|
|
else
|
|
echo "Not OK"
|
|
end 1
|
|
fi
|
|
}
|
|
|
|
expect_external_answer () {
|
|
echo "> check external answer"
|
|
if grep "1.2.3.4" outfile; then
|
|
echo "OK"
|
|
else
|
|
echo "Not OK"
|
|
end 1
|
|
fi
|
|
}
|
|
|
|
expect_internal_answer () {
|
|
echo "> check internal answer"
|
|
if grep "10.20.30.40" outfile; then
|
|
echo "OK"
|
|
else
|
|
echo "Not OK"
|
|
end 1
|
|
fi
|
|
}
|
|
|
|
expect_tag_one_answer () {
|
|
echo "> check tag 'one' answer"
|
|
if grep "1.1.1.1" outfile; then
|
|
echo "OK"
|
|
else
|
|
echo "Not OK"
|
|
end 1
|
|
fi
|
|
}
|
|
|
|
expect_tag_two_answer () {
|
|
echo "> check tag 'two' answer"
|
|
if grep "2.2.2.2" outfile; then
|
|
echo "OK"
|
|
else
|
|
echo "Not OK"
|
|
end 1
|
|
fi
|
|
}
|
|
|
|
expect_rpz_one_answer () {
|
|
echo "> check tag 'one' answer"
|
|
if grep "11.11.11.11" outfile; then
|
|
echo "OK"
|
|
else
|
|
echo "Not OK"
|
|
end 1
|
|
fi
|
|
}
|
|
|
|
expect_rpz_two_answer () {
|
|
echo "> check tag 'two' answer"
|
|
if grep "22.22.22.22" outfile; then
|
|
echo "OK"
|
|
else
|
|
echo "Not OK"
|
|
end 1
|
|
fi
|
|
}
|
|
|
|
# do the test
|
|
|
|
for i in 4 6; do
|
|
query $i $PORT_REFUSE "www.external"
|
|
expect_refused
|
|
|
|
query $i $PORT_REFUSE "www.internal"
|
|
expect_refused
|
|
|
|
query $i $PORT_ALLOW "www.external"
|
|
expect_external_answer
|
|
|
|
query $i $PORT_ALLOW "www.internal"
|
|
expect_internal_answer
|
|
|
|
query $i $PORT_TAG_1 "local"
|
|
expect_tag_one_answer
|
|
|
|
query $i $PORT_TAG_2 "local"
|
|
expect_tag_two_answer
|
|
|
|
query $i $PORT_TAG_3 "local"
|
|
expect_refused
|
|
|
|
query $i $PORT_RPZ_1 "local"
|
|
expect_rpz_one_answer
|
|
|
|
query $i $PORT_RPZ_2 "local"
|
|
expect_rpz_two_answer
|
|
|
|
query $i $PORT_RPZ_NX "local"
|
|
expect_nx_answer
|
|
|
|
query $i $PORT_VIEW_INT "www.internal"
|
|
expect_internal_answer
|
|
|
|
query $i $PORT_VIEW_INT "www.external"
|
|
expect_refused
|
|
|
|
query $i $PORT_VIEW_EXT "www.internal"
|
|
expect_refused
|
|
|
|
query $i $PORT_VIEW_EXT "www.external"
|
|
expect_external_answer
|
|
|
|
query $i $PORT_VIEW_INTEXT "www.internal"
|
|
expect_internal_answer
|
|
|
|
query $i $PORT_VIEW_INTEXT "www.external"
|
|
expect_external_answer
|
|
done
|
|
|
|
for addr in $INTERFACE_ADDR_1 $INTERFACE_ADDR_2 $INTERFACE_ADDR_3 $INTERFACE_ADDR_4; do
|
|
query_addr $addr $PORT_REFUSE "www.external"
|
|
expect_refused
|
|
|
|
query_addr $addr $PORT_REFUSE "www.internal"
|
|
expect_refused
|
|
|
|
query_addr $addr $PORT_ALLOW "www.external"
|
|
expect_external_answer
|
|
|
|
query_addr $addr $PORT_ALLOW "www.internal"
|
|
expect_internal_answer
|
|
|
|
query_addr $addr $PORT_TAG_1 "local"
|
|
expect_tag_one_answer
|
|
|
|
query_addr $addr $PORT_TAG_2 "local"
|
|
expect_tag_two_answer
|
|
|
|
query_addr $addr $PORT_TAG_3 "local"
|
|
expect_refused
|
|
|
|
query_addr $addr $PORT_RPZ_1 "local"
|
|
expect_rpz_one_answer
|
|
|
|
query_addr $addr $PORT_RPZ_2 "local"
|
|
expect_rpz_two_answer
|
|
|
|
query_addr $addr $PORT_RPZ_NX "local"
|
|
expect_nx_answer
|
|
|
|
query_addr $addr $PORT_VIEW_INT "www.internal"
|
|
expect_internal_answer
|
|
|
|
query_addr $addr $PORT_VIEW_INT "www.external"
|
|
expect_refused
|
|
|
|
query_addr $addr $PORT_VIEW_EXT "www.internal"
|
|
expect_refused
|
|
|
|
query_addr $addr $PORT_VIEW_EXT "www.external"
|
|
expect_external_answer
|
|
|
|
query_addr $addr $PORT_VIEW_INTEXT "www.internal"
|
|
expect_internal_answer
|
|
|
|
query_addr $addr $PORT_VIEW_INTEXT "www.external"
|
|
expect_external_answer
|
|
done
|
|
|
|
end 0
|