mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
193 lines
4 KiB
Text
193 lines
4 KiB
Text
# #-- proxy_protocol.test.scenario --#
|
|
# source the master var file when it's there
|
|
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
|
# use .tpkg.var.test for in test variable passing
|
|
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
|
|
|
PRE="../.."
|
|
. ../common.sh
|
|
|
|
ip addr add 127.0.0.1 dev lo
|
|
ip link set lo up
|
|
|
|
ip link add $INTERFACE_ALLOW type dummy
|
|
ip addr add $INTERFACE_ALLOW_ADDR dev $INTERFACE_ALLOW
|
|
ip link set $INTERFACE_ALLOW up
|
|
|
|
ip link add $INTERFACE_REFUSE type dummy
|
|
ip addr add $INTERFACE_REFUSE_ADDR dev $INTERFACE_REFUSE
|
|
ip link set $INTERFACE_REFUSE up
|
|
|
|
# start forwarder in the background
|
|
get_ldns_testns
|
|
$LDNS_TESTNS -p $FWD_PORT proxy_protocol.testns >fwd.log 2>&1 &
|
|
FWD_PID=$!
|
|
echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
|
|
|
|
# start unbound in the background
|
|
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
|
|
UNBOUND_PID=$!
|
|
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
|
|
|
|
wait_ldns_testns_up fwd.log
|
|
wait_unbound_up unbound.log
|
|
|
|
# call streamtcp and check return value
|
|
do_streamtcp () {
|
|
$PRE/streamtcp $* A IN >outfile 2>&1
|
|
if test "$?" -ne 0; then
|
|
echo "exit status not OK"
|
|
echo "> cat logfiles"
|
|
cat outfile
|
|
cat unbound.log
|
|
echo "Not OK"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
send_query () {
|
|
server=$1
|
|
client=$2
|
|
prot=$3
|
|
query=$4
|
|
echo -n "> query $query to $server"
|
|
port=$UNBOUND_PORT
|
|
if test ! -z "$client"; then
|
|
port=$PROXY_PORT
|
|
fi
|
|
case $prot in
|
|
-u)
|
|
echo -n " (over UDP)"
|
|
;;
|
|
-s)
|
|
echo -n " (over TLS)"
|
|
port=$PROXY_TLS_PORT
|
|
;;
|
|
*)
|
|
echo -n " (over TCP)"
|
|
esac
|
|
if test ! -z "$client"; then
|
|
echo -n " ($client proxied)"
|
|
fi
|
|
echo
|
|
do_streamtcp $prot -f $server@$port $client $query
|
|
#cat outfile
|
|
}
|
|
|
|
expect_answer () {
|
|
#query=$1
|
|
#answer=$2
|
|
if grep "$query" outfile | grep "$answer"; then
|
|
echo "content OK"
|
|
echo
|
|
else
|
|
echo "> cat logfiles"
|
|
cat outfile
|
|
cat unbound.log
|
|
echo "result contents not OK"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
expect_refuse () {
|
|
if grep "rcode: REFUSE" outfile; then
|
|
echo "content OK"
|
|
echo
|
|
else
|
|
echo "> cat logfiles"
|
|
cat outfile
|
|
cat unbound.log
|
|
echo "result contents not OK"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# Start the test
|
|
|
|
# Query without PROXYv2
|
|
# Client localhost
|
|
# Expect the result back
|
|
server=127.0.0.1
|
|
client=""
|
|
query="two.example.net."
|
|
answer="2.2.2.2"
|
|
for prot in "-u" ""; do
|
|
send_query "$server" "$client" "$prot" "$query"
|
|
expect_answer
|
|
done
|
|
|
|
# Query with PROXYv2
|
|
# Client $CLIENT_ADDR_ALLOW should be allowed
|
|
# Expect the result back
|
|
server=127.0.0.1
|
|
client="-p $CLIENT_ADDR_ALLOW@1234"
|
|
query="one.example.net."
|
|
answer="1.1.1.1"
|
|
for prot in "-u" "" "-s"; do
|
|
send_query "$server" "$client" "$prot" "$query"
|
|
expect_answer
|
|
done
|
|
|
|
# Query with PROXYv2
|
|
# Client $CLIENT_ADDR_ALLOW6 should be allowed
|
|
# Expect the result back
|
|
server=127.0.0.1
|
|
client="-p $CLIENT_ADDR_ALLOW6@1234"
|
|
query="one.example.net."
|
|
answer="1.1.1.1"
|
|
for prot in "-u" "" "-s"; do
|
|
send_query "$server" "$client" "$prot" "$query"
|
|
expect_answer
|
|
done
|
|
|
|
# Query with PROXYv2
|
|
# Client $CLIENT_ADDR_REFUSE should be refused
|
|
# Expect the REFUSE back
|
|
server=127.0.0.1
|
|
client="-p $CLIENT_ADDR_REFUSE"
|
|
query="one.example.net."
|
|
answer=""
|
|
for prot in "-u" "" "-s"; do
|
|
send_query "$server" "$client" "$prot" "$query"
|
|
expect_refuse
|
|
done
|
|
|
|
# Query with PROXYv2
|
|
# Client $CLIENT_ADDR_REFUSE6 should be refused
|
|
# Expect the REFUSE back
|
|
server=127.0.0.1
|
|
client="-p $CLIENT_ADDR_REFUSE6"
|
|
query="one.example.net."
|
|
answer=""
|
|
for prot in "-u" "" "-s"; do
|
|
send_query "$server" "$client" "$prot" "$query"
|
|
expect_refuse
|
|
done
|
|
|
|
# Query with PROXYv2
|
|
# Client $CLIENT_ADDR_ALLOW should be allowed; proxy source address should be allowed
|
|
# Expect the result back
|
|
server=$INTERFACE_ALLOW_ADDR
|
|
client="-p $CLIENT_ADDR_ALLOW@1234"
|
|
query="one.example.net."
|
|
answer="1.1.1.1"
|
|
for prot in "-u" "" "-s"; do
|
|
send_query "$server" "$client" "$prot" "$query"
|
|
expect_answer
|
|
done
|
|
|
|
# Query with PROXYv2
|
|
# Client $CLIENT_ADDR_ALLOW should be allowed; proxy source address should be refused
|
|
# Expect the REFUSE back
|
|
server=$INTERFACE_REFUSE_ADDR
|
|
client="-p $CLIENT_ADDR_ALLOW@1234"
|
|
query="one.example.net."
|
|
answer=""
|
|
for prot in "-u" "" "-s"; do
|
|
send_query "$server" "$client" "$prot" "$query"
|
|
expect_refuse
|
|
done
|
|
|
|
echo "OK"
|
|
exit 0
|
|
|