Basic test for the `from' and `to' fields in protobuf when proxy protocol is used.

author Otto Moerbeek <otto.moerbeek@open-xchange.com>

Fri, 8 Oct 2021 12:36:26 +0000 (14:36 +0200)

committer Otto Moerbeek <otto.moerbeek@open-xchange.com>

Fri, 8 Oct 2021 12:41:00 +0000 (14:41 +0200)
author Otto Moerbeek <otto.moerbeek@open-xchange.com>
Fri, 8 Oct 2021 12:36:26 +0000 (14:36 +0200)
committer Otto Moerbeek <otto.moerbeek@open-xchange.com>
Fri, 8 Oct 2021 12:41:00 +0000 (14:41 +0200)
diff --git a/regression-tests.recursor-dnssec/test_Protobuf.py b/regression-tests.recursor-dnssec/test_Protobuf.py

index 9a6e54fd662c1c5e231ae1b5e4db8c28dfa40ee3..a90ca29a9d8ddec8c39b4fccc039d3bfcf7bd306 100644 (file)
--- a/regression-tests.recursor-dnssec/test_Protobuf.py
+++ b/regression-tests.recursor-dnssec/test_Protobuf.py
@@ -172,13 +172,13 @@ class TestRecursorProtobuf(RecursorTest):
            # compare inBytes with length of query/response
            self.assertEqual(msg.inBytes, len(query.to_wire()))
  
-    def checkProtobufQuery(self, msg, protocol, query, qclass, qtype, qname, initiator='127.0.0.1'):
+    def checkProtobufQuery(self, msg, protocol, query, qclass, qtype, qname, initiator='127.0.0.1', to='127.0.0.1'):
          self.assertEqual(msg.type, dnsmessage_pb2.PBDNSMessage.DNSQueryType)
          self.checkProtobufBase(msg, protocol, query, initiator)
          # dnsdist doesn't fill the responder field for responses
          # because it doesn't keep the information around.
          self.assertTrue(msg.HasField('to'))
-        self.assertEqual(socket.inet_ntop(socket.AF_INET, msg.to), '127.0.0.1')
+        self.assertEqual(socket.inet_ntop(socket.AF_INET, msg.to), to)
          self.assertTrue(msg.HasField('question'))
          self.assertTrue(msg.question.HasField('qClass'))
          self.assertEqual(msg.question.qClass, qclass)
@@ -368,6 +368,40 @@ auth-zones=example=configs/%s/example.zone""" % _confdir
          self.assertEqual(socket.inet_ntop(socket.AF_INET, rr.rdata), '192.0.2.42')
          self.checkNoRemainingMessage()
  
+class ProtobufProxyTest(TestRecursorProtobuf):
+    """
+    This test makes sure that we correctly export addresses over protobuf when the proxy protocol is used.
+    """
+
+    _confdir = 'ProtobufProxy'
+    _config_template = """
+auth-zones=example=configs/%s/example.zone
+proxy-protocol-from=127.0.0.1/32
+allow-from=127.0.0.1,6.6.6.6
+""" % _confdir
+
+    def testA(self):
+        name = 'a.example.'
+        expected = dns.rrset.from_text(name, 0, dns.rdataclass.IN, 'A', '192.0.2.42')
+        query = dns.message.make_query(name, 'A', want_dnssec=True)
+        query.flags |= dns.flags.CD
+        res = self.sendUDPQueryWithProxyProtocol(query, False, '6.6.6.6', '7.7.7.7', 666, 777)
+
+        self.assertRRsetInAnswer(res, expected)
+
+        # check the protobuf messages corresponding to the UDP query and answer
+        msg = self.getFirstProtobufMessage()
+        self.checkProtobufQuery(msg, dnsmessage_pb2.PBDNSMessage.UDP, query, dns.rdataclass.IN, dns.rdatatype.A, name, '6.6.6.6', '7.7.7.7')
+        # then the response
+        msg = self.getFirstProtobufMessage()
+        self.checkProtobufResponse(msg, dnsmessage_pb2.PBDNSMessage.UDP, res, '6.6.6.6')
+        self.assertEqual(len(msg.response.rrs), 1)
+        rr = msg.response.rrs[0]
+        # we have max-cache-ttl set to 15
+        self.checkProtobufResponseRecord(rr, dns.rdataclass.IN, dns.rdatatype.A, name, 15)
+        self.assertEqual(socket.inet_ntop(socket.AF_INET, rr.rdata), '192.0.2.42')
+        self.checkNoRemainingMessage()
+
  class OutgoingProtobufDefaultTest(TestRecursorProtobuf):
      """
      This test makes sure that we correctly export outgoing queries over protobuf.
author	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Fri, 8 Oct 2021 12:36:26 +0000 (14:36 +0200)
committer	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Fri, 8 Oct 2021 12:41:00 +0000 (14:41 +0200)