From: Petr Špaček <petr.spacek@nic.cz>
Date: Mon, 10 Dec 2018 15:09:55 +0000 (+0100)
Subject: view: test new semantics
X-Git-Tag: v3.2.0~6^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=16611984bbd9ad7ec22ae6f10d29357af5884719;p=thirdparty%2Fknot-resolver.git

view: test new semantics
---

diff --git a/modules/view/addr.test.integr/kresd_config.j2 b/modules/view/addr.test.integr/kresd_config.j2
index 8ac2a5cc3..f56430a01 100644
--- a/modules/view/addr.test.integr/kresd_config.j2
+++ b/modules/view/addr.test.integr/kresd_config.j2
@@ -1,7 +1,9 @@
 {% raw %}
-modules.load('view')
-view:addr('127.0.0.0/24', policy.suffix(policy.DENY,{"\3com\0"}))
-view:addr('127.0.0.0/24', policy.suffix(policy.FORWARD('1.2.3.4'),{"\2cz\0"}))
+modules.load('view < policy')
+
+view:addr('127.0.0.0/24', policy.suffix(policy.DENY_MSG("addr 127.0.0.0/24 matched com"),{"\3com\0"}))
+view:addr('127.0.0.0/24', policy.suffix(policy.DENY_MSG("addr 127.0.0.0/24 matched net"),{"\3net\0"}))
+policy.add(policy.all(policy.FORWARD('1.2.3.4')))
 
 -- Disable RFC8145 signaling, scenario doesn't provide expected answers
 if ta_signal_query then
diff --git a/modules/view/addr.test.integr/module_view_addr.rpl b/modules/view/addr.test.integr/module_view_addr.rpl
index ef84e43c9..9e65d2806 100644
--- a/modules/view/addr.test.integr/module_view_addr.rpl
+++ b/modules/view/addr.test.integr/module_view_addr.rpl
@@ -17,18 +17,9 @@ SECTION ANSWER
 example.cz. IN A 5.6.7.8
 ENTRY_END
 
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-example.com. IN A
-SECTION ANSWER
-example.com. IN A 21.22.23.24
-ENTRY_END
 RANGE_END
 
-; allowed by view 
+; policy module loaded before view module must take precedence before view
 STEP 10 QUERY
 ENTRY_BEGIN
 REPLY RD
@@ -46,7 +37,7 @@ SECTION ANSWER
 example.cz. IN A 5.6.7.8
 ENTRY_END
 
-; blocked by view
+; blocked by view:addr + inner policy.suffix com
 ; NXDOMAIN expected
 STEP 30 QUERY
 ENTRY_BEGIN
@@ -55,13 +46,33 @@ SECTION QUESTION
 example.com. IN A
 ENTRY_END
 
-STEP 40 CHECK_ANSWER
+STEP 31 CHECK_ANSWER
 ENTRY_BEGIN
-MATCH flags rcode question answer
+MATCH opcode question rcode additional
 REPLY QR RD RA AA NXDOMAIN
 SECTION QUESTION
 example.com. IN A
-SECTION ANSWER
+SECTION ADDITIONAL
+explanation.invalid. 10800 IN TXT "addr 127.0.0.0/24 matched com"
+ENTRY_END
+
+; blocked by view:addr + inner policy.suffix net
+; second view rule gets executed if policy in preceding view rule did not match
+STEP 32 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+example.net. IN A
+ENTRY_END
+
+STEP 33 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH opcode question rcode additional
+REPLY QR RD RA AA NXDOMAIN
+SECTION QUESTION
+example.net. IN A
+SECTION ADDITIONAL
+explanation.invalid. 10800 IN TXT "addr 127.0.0.0/24 matched net"
 ENTRY_END
 
 SCENARIO_END
diff --git a/modules/view/tsig.test.integr/kresd_config.j2 b/modules/view/tsig.test.integr/kresd_config.j2
index ac7952e16..6a0952e61 100644
--- a/modules/view/tsig.test.integr/kresd_config.j2
+++ b/modules/view/tsig.test.integr/kresd_config.j2
@@ -1,7 +1,11 @@
 {% raw %}
 modules.load('view')
-view:tsig('\8testkey1\0', policy.suffix(policy.DENY,{"\3com\0"}))
-view:tsig('\7testkey\0', policy.suffix(policy.FORWARD('1.2.3.4'),{"\2cz\0"}))
+print(table_print(modules.list()))
+
+view:tsig('\8testkey1\0', policy.suffix(policy.DENY_MSG("TSIG key testkey1 matched com"),{"\3com\0"}))
+view:tsig('\8testkey1\0', policy.suffix(policy.DENY_MSG("TSIG key testkey1 matched net"),{"\3net\0"}))
+view:tsig('\7testkey\0', policy.suffix(policy.DENY_MSG("TSIG key testkey matched example"),{"\7example\0"}))
+policy.add(policy.all(policy.FORWARD('1.2.3.4')))
 
 -- Disable RFC8145 signaling, scenario doesn't provide expected answers
 if ta_signal_query then
diff --git a/modules/view/tsig.test.integr/module_view_tsig.rpl b/modules/view/tsig.test.integr/module_view_tsig.rpl
index 954977cff..8abceb5d4 100644
--- a/modules/view/tsig.test.integr/module_view_tsig.rpl
+++ b/modules/view/tsig.test.integr/module_view_tsig.rpl
@@ -2,7 +2,7 @@
 	stub-addr: 1.2.3.4
 CONFIG_END
 
-SCENARIO_BEGIN view:addr test
+SCENARIO_BEGIN view:tsig test
 
 RANGE_BEGIN 0 110
 	ADDRESS 1.2.3.4
@@ -16,18 +16,22 @@ SECTION ANSWER
 example.cz. IN A 5.6.7.8
 ENTRY_END
 
+RANGE_END
+
+RANGE_BEGIN 0 110
+	ADDRESS 192.0.2.1
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
 REPLY QR RD RA NOERROR
 SECTION QUESTION
-example.com. IN A
+example.net. IN A
 SECTION ANSWER
-example.com. IN A 21.22.23.24
+example.net. IN A 6.6.6.6
 ENTRY_END
 RANGE_END
 
-; allowed by view 
+; policy fallback (no view matched, policy is behind view module)
 STEP 10 QUERY
 ENTRY_BEGIN
 REPLY RD
@@ -46,7 +50,7 @@ SECTION ANSWER
 example.cz. IN A 5.6.7.8
 ENTRY_END
 
-; blocked by view
+; blocked by view:tsig testkey1 + inner policy.suffix com
 ; NXDOMAIN expected
 STEP 30 QUERY
 ENTRY_BEGIN
@@ -56,13 +60,54 @@ SECTION QUESTION
 example.com. IN A
 ENTRY_END
 
-STEP 40 CHECK_ANSWER
+STEP 31 CHECK_ANSWER
 ENTRY_BEGIN
-MATCH flags rcode question answer
+MATCH opcode question rcode additional
 REPLY QR RD RA AA NXDOMAIN
 SECTION QUESTION
 example.com. IN A
-SECTION ANSWER
+SECTION ADDITIONAL
+explanation.invalid. 10800 IN TXT "TSIG key testkey1 matched com"
+ENTRY_END
+
+; blocked by view:tsig testkey1 + inner policy.suffix net
+; second view rule gets executed if policy in preceding view rule did not match
+STEP 32 QUERY
+ENTRY_BEGIN
+REPLY RD
+TSIG testkey1 +Cdjlkef9ZTSeixERZ433Q==
+SECTION QUESTION
+example.net. IN A
+ENTRY_END
+
+STEP 33 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH opcode question rcode additional
+REPLY QR RD RA AA NXDOMAIN
+SECTION QUESTION
+example.net. IN A
+SECTION ADDITIONAL
+explanation.invalid. 10800 IN TXT "TSIG key testkey1 matched net"
+ENTRY_END
+
+; blocked by view:tsig testkey + inner policy.suffix example (different key)
+; third view rule gets executed if policy in preceding view rule did not match
+STEP 34 QUERY
+ENTRY_BEGIN
+REPLY RD
+TSIG testkey +Cdjlkef9ZTSeixERZ433Q==
+SECTION QUESTION
+example. IN A
+ENTRY_END
+
+STEP 35 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH opcode question rcode additional
+REPLY QR RD RA AA NXDOMAIN
+SECTION QUESTION
+example. IN A
+SECTION ADDITIONAL
+explanation.invalid. 10800 IN TXT "TSIG key testkey matched example"
 ENTRY_END
 
 SCENARIO_END