dnsdist: Test both incoming DoH implementations in ProxyProtocol tests

author Remi Gacogne <remi.gacogne@powerdns.com>

Mon, 27 Mar 2023 12:30:57 +0000 (14:30 +0200)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Thu, 7 Sep 2023 08:22:01 +0000 (10:22 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Mon, 27 Mar 2023 12:30:57 +0000 (14:30 +0200)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Thu, 7 Sep 2023 08:22:01 +0000 (10:22 +0200)
diff --git a/regression-tests.dnsdist/dnsdisttests.py b/regression-tests.dnsdist/dnsdisttests.py

index 6bc56cdb7a71a5f8ff0a4539f0b9c34229f57695..1e7968aa3d2d98a78cb65a8209f1113c8f6444cb 100644 (file)
--- a/regression-tests.dnsdist/dnsdisttests.py
+++ b/regression-tests.dnsdist/dnsdisttests.py
@@ -1079,5 +1079,11 @@ class DNSDistTest(AssertEqualDNSMessageMixin, unittest.TestCase):
      def sendDOHQueryWrapper(self, query, response, useQueue=True):
          return self.sendDOHQuery(self._dohServerPort, self._serverName, self._dohBaseURL, query, response=response, caFile=self._caCert, useQueue=useQueue)
  
+    def sendDOHWithNGHTTP2QueryWrapper(self, query, response, useQueue=True):
+        return self.sendDOHQuery(self._dohWithNGHTTP2ServerPort, self._serverName, self._dohWithNGHTTP2BaseURL, query, response=response, caFile=self._caCert, useQueue=useQueue)
+
+    def sendDOHWithH2OQueryWrapper(self, query, response, useQueue=True):
+        return self.sendDOHQuery(self._dohWithH2OServerPort, self._serverName, self._dohWithH2OBaseURL, query, response=response, caFile=self._caCert, useQueue=useQueue)
+
      def sendDOTQueryWrapper(self, query, response, useQueue=True):
          return self.sendDOTQuery(self._tlsServerPort, self._serverName, query, response, self._caCert, useQueue=useQueue)
diff --git a/regression-tests.dnsdist/test_Async.py b/regression-tests.dnsdist/test_Async.py

index 057bee47e9a7e04921df37c5065c1ffcbcae8c37..8856df30f59aa3ef34ab7cdfbba172df98515f7f 100644 (file)
--- a/regression-tests.dnsdist/test_Async.py
+++ b/regression-tests.dnsdist/test_Async.py
@@ -96,12 +96,6 @@ class AsyncTests(object):
      _dohWithNGHTTP2BaseURL = ("https://%s:%d/" % (_serverName, _dohWithNGHTTP2ServerPort))
      _dohWithH2OBaseURL = ("https://%s:%d/" % (_serverName, _dohWithH2OServerPort))
  
-    def sendDOHWithNGHTTP2QueryWrapper(self, query, response, useQueue=True):
-        return self.sendDOHQuery(self._dohWithNGHTTP2ServerPort, self._serverName, self._dohWithNGHTTP2BaseURL, query, response=response, caFile=self._caCert, useQueue=useQueue)
-
-    def sendDOHWithH2OQueryWrapper(self, query, response, useQueue=True):
-        return self.sendDOHQuery(self._dohWithH2OServerPort, self._serverName, self._dohWithH2OBaseURL, query, response=response, caFile=self._caCert, useQueue=useQueue)
-
      def testPass(self):
          """
          Async: Accept
diff --git a/regression-tests.dnsdist/test_Protobuf.py b/regression-tests.dnsdist/test_Protobuf.py

index 8a5aac6b2e38f789d42183e51e5259d5c58b006d..99a97183de7a20ac6259931133aeb56cb646067c 100644 (file)
--- a/regression-tests.dnsdist/test_Protobuf.py
+++ b/regression-tests.dnsdist/test_Protobuf.py
@@ -510,12 +510,6 @@ class TestProtobufMetaDOH(DNSDistProtobufTest):
      """
      _config_params = ['_testServerPort', '_protobufServerPort', '_tlsServerPort', '_serverCert', '_serverKey', '_dohWithNGHTTP2ServerPort', '_serverCert', '_serverKey', '_dohWithH2OServerPort', '_serverCert', '_serverKey']
  
-    def sendDOHWithNGHTTP2QueryWrapper(self, query, response, useQueue=True):
-        return self.sendDOHQuery(self._dohWithNGHTTP2ServerPort, self._serverName, self._dohWithNGHTTP2BaseURL, query, response=response, caFile=self._caCert, useQueue=useQueue)
-
-    def sendDOHWithH2OQueryWrapper(self, query, response, useQueue=True):
-        return self.sendDOHQuery(self._dohWithH2OServerPort, self._serverName, self._dohWithH2OBaseURL, query, response=response, caFile=self._caCert, useQueue=useQueue)
-
      def testProtobufMetaDoH(self):
          """
          Protobuf: Meta values - DoH
diff --git a/regression-tests.dnsdist/test_ProxyProtocol.py b/regression-tests.dnsdist/test_ProxyProtocol.py

index 1d7aa5c5c900f8a0b80a01cd373188260a4217b2..2ff4a2d741003bfb2a0a6031a35c62d1db188971 100644 (file)
--- a/regression-tests.dnsdist/test_ProxyProtocol.py
+++ b/regression-tests.dnsdist/test_ProxyProtocol.py
@@ -729,23 +729,27 @@ class TestDOHWithOutgoingProxyProtocol(DNSDistDOHTest):
      _serverCert = 'server.chain'
      _serverName = 'tls.tests.dnsdist.org'
      _caCert = 'ca.pem'
-    _dohServerPort = pickAvailablePort()
-    _dohBaseURL = ("https://%s:%d/dns-query" % (_serverName, _dohServerPort))
+    _dohWithNGHTTP2ServerPort = pickAvailablePort()
+    _dohWithNGHTTP2BaseURL = ("https://%s:%d/dns-query" % (_serverName, _dohWithNGHTTP2ServerPort))
+    _dohWithH2OServerPort = pickAvailablePort()
+    _dohWithH2OBaseURL = ("https://%s:%d/dns-query" % (_serverName, _dohWithH2OServerPort))
      _proxyResponderPort = proxyResponderPort
      _config_template = """
      newServer{address="127.0.0.1:%s", useProxyProtocol=true}
-    addDOHLocal("127.0.0.1:%s", "%s", "%s", { '/dns-query' }, { trustForwardedForHeader=true })
+    addDOHLocal("127.0.0.1:%d", "%s", "%s", { '/dns-query' }, { trustForwardedForHeader=true, library='nghttp2' })
+    addDOHLocal("127.0.0.1:%d", "%s", "%s", { '/dns-query' }, { trustForwardedForHeader=true, library='h2o' })
      setACL( { "::1/128", "127.0.0.0/8" } )
      """
-    _config_params = ['_proxyResponderPort', '_dohServerPort', '_serverCert', '_serverKey']
+    _config_params = ['_proxyResponderPort', '_dohWithNGHTTP2ServerPort', '_serverCert', '_serverKey', '_dohWithH2OServerPort', '_serverCert', '_serverKey']
+    _verboseMode = True
  
      def testTruncation(self):
          """
-        DOH: Truncation over UDP (with cache)
+        DOH: Truncation over UDP
          """
          # the query is first forwarded over UDP, leading to a TC=1 answer from the
          # backend, then over TCP
-        name = 'truncated-udp.doh-with-cache.tests.powerdns.com.'
+        name = 'truncated-udp.doh.proxy-protocol.tests.powerdns.com.'
          query = dns.message.make_query(name, 'A', 'IN')
          query.id = 42
          expectedQuery = dns.message.make_query(name, 'A', 'IN', use_edns=True, payload=4096)
@@ -758,39 +762,40 @@ class TestDOHWithOutgoingProxyProtocol(DNSDistDOHTest):
                                      '127.0.0.1')
          response.answer.append(rrset)
  
-        # first response is a TC=1
-        tcResponse = dns.message.make_response(query)
-        tcResponse.flags |= dns.flags.TC
-        toProxyQueue.put(tcResponse, True, 2.0)
+        for (port,url) in [(self._dohWithNGHTTP2ServerPort, self._dohWithNGHTTP2BaseURL), (self._dohWithH2OServerPort, self._dohWithH2OBaseURL)]:
+          # first response is a TC=1
+          tcResponse = dns.message.make_response(query)
+          tcResponse.flags |= dns.flags.TC
+          toProxyQueue.put(tcResponse, True, 2.0)
  
-        ((receivedProxyPayload, receivedDNSData), receivedResponse) = self.sendDOHQuery(self._dohServerPort, self._serverName, self._dohBaseURL, query, caFile=self._caCert, response=response, fromQueue=fromProxyQueue, toQueue=toProxyQueue)
-        # first query, received by the responder over UDP
-        self.assertTrue(receivedProxyPayload)
-        self.assertTrue(receivedDNSData)
-        receivedQuery = dns.message.from_wire(receivedDNSData)
-        self.assertTrue(receivedQuery)
-        receivedQuery.id = expectedQuery.id
-        self.assertEqual(expectedQuery, receivedQuery)
-        self.checkQueryEDNSWithoutECS(expectedQuery, receivedQuery)
-        self.checkMessageProxyProtocol(receivedProxyPayload, '127.0.0.1', '127.0.0.1', True, destinationPort=self._dohServerPort)
+          ((receivedProxyPayload, receivedDNSData), receivedResponse) = self.sendDOHQuery(port, self._serverName, url, query, caFile=self._caCert, response=response, fromQueue=fromProxyQueue, toQueue=toProxyQueue)
+          # first query, received by the responder over UDP
+          self.assertTrue(receivedProxyPayload)
+          self.assertTrue(receivedDNSData)
+          receivedQuery = dns.message.from_wire(receivedDNSData)
+          self.assertTrue(receivedQuery)
+          receivedQuery.id = expectedQuery.id
+          self.assertEqual(expectedQuery, receivedQuery)
+          self.checkQueryEDNSWithoutECS(expectedQuery, receivedQuery)
+          self.checkMessageProxyProtocol(receivedProxyPayload, '127.0.0.1', '127.0.0.1', True, destinationPort=port)
  
-        # check the response
-        self.assertTrue(receivedResponse)
-        self.assertEqual(response, receivedResponse)
+          # check the response
+          self.assertTrue(receivedResponse)
+          self.assertEqual(response, receivedResponse)
  
-        # check the second query, received by the responder over TCP
-        (receivedProxyPayload, receivedDNSData) = fromProxyQueue.get(True, 2.0)
-        self.assertTrue(receivedDNSData)
-        receivedQuery = dns.message.from_wire(receivedDNSData)
-        self.assertTrue(receivedQuery)
-        receivedQuery.id = expectedQuery.id
-        self.assertEqual(expectedQuery, receivedQuery)
-        self.checkQueryEDNSWithoutECS(expectedQuery, receivedQuery)
-        self.checkMessageProxyProtocol(receivedProxyPayload, '127.0.0.1', '127.0.0.1', True, destinationPort=self._dohServerPort)
+          # check the second query, received by the responder over TCP
+          (receivedProxyPayload, receivedDNSData) = fromProxyQueue.get(True, 2.0)
+          self.assertTrue(receivedDNSData)
+          receivedQuery = dns.message.from_wire(receivedDNSData)
+          self.assertTrue(receivedQuery)
+          receivedQuery.id = expectedQuery.id
+          self.assertEqual(expectedQuery, receivedQuery)
+          self.checkQueryEDNSWithoutECS(expectedQuery, receivedQuery)
+          self.checkMessageProxyProtocol(receivedProxyPayload, '127.0.0.1', '127.0.0.1', True, destinationPort=port)
  
-        # make sure we consumed everything
-        self.assertTrue(toProxyQueue.empty())
-        self.assertTrue(fromProxyQueue.empty())
+          # make sure we consumed everything
+          self.assertTrue(toProxyQueue.empty())
+          self.assertTrue(fromProxyQueue.empty())
  
      def testAddressFamilyMismatch(self):
          """
@@ -809,25 +814,26 @@ class TestDOHWithOutgoingProxyProtocol(DNSDistDOHTest):
                                      '127.0.0.1')
          response.answer.append(rrset)
  
-        # the query should be dropped
-        (receivedQuery, receivedResponse) = self.sendDOHQuery(self._dohServerPort, self._serverName, self._dohBaseURL, query, caFile=self._caCert, customHeaders=['x-forwarded-for: [::1]:8080'], useQueue=False)
-        self.assertFalse(receivedQuery)
-        self.assertFalse(receivedResponse)
+        for (port,url) in [(self._dohWithNGHTTP2ServerPort, self._dohWithNGHTTP2BaseURL), (self._dohWithH2OServerPort, self._dohWithH2OBaseURL)]:
+          # the query should be dropped
+          (receivedQuery, receivedResponse) = self.sendDOHQuery(port, self._serverName, url, query, caFile=self._caCert, customHeaders=['x-forwarded-for: [::1]:8080'], useQueue=False)
+          self.assertFalse(receivedQuery)
+          self.assertFalse(receivedResponse)
  
-        # make sure the timeout is detected, if any
-        time.sleep(4)
+          # make sure the timeout is detected, if any
+          time.sleep(4)
  
-        # this one should not
-        ((receivedProxyPayload, receivedDNSData), receivedResponse) = self.sendDOHQuery(self._dohServerPort, self._serverName, self._dohBaseURL, query, caFile=self._caCert, customHeaders=['x-forwarded-for: 127.0.0.42:8080'], response=response, fromQueue=fromProxyQueue, toQueue=toProxyQueue)
-        self.assertTrue(receivedProxyPayload)
-        self.assertTrue(receivedDNSData)
-        receivedQuery = dns.message.from_wire(receivedDNSData)
-        self.assertTrue(receivedQuery)
-        receivedQuery.id = expectedQuery.id
-        self.assertEqual(expectedQuery, receivedQuery)
-        self.checkQueryEDNSWithoutECS(expectedQuery, receivedQuery)
-        self.checkMessageProxyProtocol(receivedProxyPayload, '127.0.0.42', '127.0.0.1', True, destinationPort=self._dohServerPort)
-        # check the response
-        self.assertTrue(receivedResponse)
-        receivedResponse.id = response.id
-        self.assertEqual(response, receivedResponse)
+          # this one should not
+          ((receivedProxyPayload, receivedDNSData), receivedResponse) = self.sendDOHQuery(port, self._serverName, url, query, caFile=self._caCert, customHeaders=['x-forwarded-for: 127.0.0.42:8080'], response=response, fromQueue=fromProxyQueue, toQueue=toProxyQueue)
+          self.assertTrue(receivedProxyPayload)
+          self.assertTrue(receivedDNSData)
+          receivedQuery = dns.message.from_wire(receivedDNSData)
+          self.assertTrue(receivedQuery)
+          receivedQuery.id = expectedQuery.id
+          self.assertEqual(expectedQuery, receivedQuery)
+          self.checkQueryEDNSWithoutECS(expectedQuery, receivedQuery)
+          self.checkMessageProxyProtocol(receivedProxyPayload, '127.0.0.42', '127.0.0.1', True, destinationPort=port)
+          # check the response
+          self.assertTrue(receivedResponse)
+          receivedResponse.id = response.id
+          self.assertEqual(response, receivedResponse)
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Mon, 27 Mar 2023 12:30:57 +0000 (14:30 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 7 Sep 2023 08:22:01 +0000 (10:22 +0200)
regression-tests.dnsdist/dnsdisttests.py		patch \| blob \| blame \| history
regression-tests.dnsdist/test_Async.py		patch \| blob \| blame \| history
regression-tests.dnsdist/test_Protobuf.py		patch \| blob \| blame \| history
regression-tests.dnsdist/test_ProxyProtocol.py		patch \| blob \| blame \| history