struct sockaddr_storage addr_any;
socklen_t addr_any_len = 0;
- struct sockaddr_storage addr_fake;
- socklen_t addr_fake_len = 0;
+ struct sockaddr_storage addr_new;
+ socklen_t addr_new_len = 0;
if (!ipstrtoaddr("0.0.0.0", 0, &addr_any, &addr_any_len)) {
/* this shouldn't fail */
return 0;
}
- // if (!ipstrtoaddr("10.10.1.1", 0, &addr_fake, &addr_fake_len)) {
- // // @TODO do something
- // }
-
log_addr(VERB_DETAIL, "!!!!! outnet->ip4_ifs->addr", &outnet->ip4_ifs->addr, bound_addrlen);
log_addr(VERB_DETAIL, "!!!!! addr_any", &addr_any, addr_any_len);
/* return the interface from the list, but substitute the
* previously used address */
memcpy(pif_return, outnet->ip4_ifs, sizeof(struct port_if));
- memcpy(&pif_return->addr, &addr_fake, addr_fake_len);
- pif_return->addrlen = addr_fake_len;
+ memcpy(&pif_return->addr, &addr_new, addr_new_len);
+ pif_return->addrlen = addr_new_len;
log_addr(VERB_DETAIL, "!!!!! get_bound_ip_if: addr from"
" ip4_ifs == 0.0.0.0, new is:", &pif_return->addr, outnet->ip4_ifs->addrlen);
--- /dev/null
+# #-- edns_upstream_cookies.pre --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+. ../common.sh
+get_random_port 2
+UNBOUND_PORT=$RND_PORT
+NSD_PORT=$(($RND_PORT + 1))
+echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
+echo "NSD_PORT=$NSD_PORT" >> .tpkg.var.test
+
+# rewrite config file with created ports
+sed -e 's/@PORT\@/'$UNBOUND_PORT'/' < edns_upstream_cookies.conf > temp.conf
+# sed -e 's/@PORT2\@/'$NSD_PORT'/' < temp.conf > ub.conf
+sed -e 's/@PORT2\@/'$NSD_PORT'/' < nsd.conf > nsd1.conf
+
+# start unbound in the background
+PRE="../.."
+$PRE/unbound -d -c ub.conf > unbound.log 2>&1 &
+UNBOUND_PID=$!
+echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
+
+# start nsd in the background (for downstream cookies)
+# TODO replace this with unbound when downstream cookies are available
+nsd -d -c nsd1.conf > nsd1.log 2>&1 &
+NSD_PID=$!
+echo "NSD_PID=$NSD_PID" >> .tpkg.var.test
+
+cat .tpkg.var.test
+wait_unbound_up unbound.log
+wait_unbound_up nsd1.log
+
--- /dev/null
+
+# The problem of this test lies in that we want to look at the connection between
+# the resolver and the upstream. I cannot think of a way for this to be done
+# without either tcpdump or looking at the logs of the upstream.
+
+# Plan of action
+# @TODO Merge upstream cookies into this branch
+
+# Create two IP addresses on 1 interface. Put one of them up and one of them down
+# Start Unbound on this interface
+# Get Unbound to send an upstream query (with a cookie)
+# check the (complete) cookie in the log of the upstream and store the outgoing interface
+# Send another query where we check that it is the same cookie
+# verify that it is the same cookie and verify that the interface is the same
+# @TODO we could do the time skip here as well. see edns_upstream_cookies.rpl
+# take the interface down, send the query again
+# Verify there is a different (client) cookie and that the interface has changed
+# @TODO There could be a logic mishap in the final step as the flow is quite difficult now
+
+
+#NSD_IP=192.128.123.120
+NSD_IP=10.0.0.1
+# UB_IP1=192.128.123.121
+# UB_IP2=192.128.123.122
+# UB_IP3=192.128.123.123
+# UB_IP4=192.128.123.124
+
+# create virtual interfaces
+ip link add veth0 type veth peer name veth1
+ip link set dev veth0 up
+ip link set dev veth1 up
+
+ip addr add $NSD_IP dev veth0
+ip addr add $UB_IP1 dev veth1
+ip addr add $UB_IP2 dev veth1
+ip addr add $UB_IP3 dev veth1
+ip addr add $UB_IP4 dev veth1
+
+# start cookie connection by sending first message
+dig @$UNBOUND -p 9999 example.nl
+
+# check Unbound logs that we got a "complete" (client+server) cookie back
+sed -n "s/^.*complete cookie: \[24:0\] *//p" unbound.log > first_query.txt
+if ! grep -e "complete cookie: [24:0] " grep_test.txt
+then
+ echo "No complete cookie in the response to the first upstream query"
+ exit 1
+fi
+# check on which interface
+IFACE=sed -n -e "s/^.*\!\!\!\!\! iterator:udp socket: *//" -e "s/ port.*//p" unbound.log
+
+# flush unbound log
+echo > unbound.log
+
+# send second query with the previous complete cookie attached
+dig @$UNBOUND -p 9999 example.nl
+
+# check logs that we get the same complete cookie back
+sed -n "s/^.*complete cookie: \[24:0\] *//p" unbound.log > second_query.txt
+if ! grep -e "complete cookie: [24:0] " grep_test.txt
+then
+ echo "No complete cookie in the response to the second upstream query"
+ exit 1
+fi
+
+if [ "$(md5sum < first_query.txt)" != "$(md5sum < second_query.txt)" ]; then
+ echo "Cookies from the first and second query do not match"
+ cat first_query.txt
+ cat second_query.txt
+ exit 1
+fi
+# check on which interface, MUST be the same as last time
+if [ "$(sed -n -e "s/^.*\!\!\!\!\! iterator:udp socket: *//" -e "s/ port.*//p" unbound.log) != $IFACE" ]
+
+# remove interface that the cookie used last time
+
+# send query (on different interface) with different (!) client cookie
+
+# verify that we get a different client cookie in the complete cookie response
+# verify that the cookie was indeed sent on a different interface
--- /dev/null
+$ORIGIN example.nl.
+$TTL 86400 ; default time-to-live for this zone
+
+example.nl. IN SOA ns.example.nl. noc.dns.icann.org. (
+ 2020080302 ;Serial
+ 7200 ;Refresh
+ 3600 ;Retry
+ 1209600 ;Expire
+ 3600 ;Negative response caching TTL
+)
+
+; The nameserver that are authoritative for this zone.
+ NS example.nl.
+
+; these A records below are equivalent
+example.nl. A 1.2.3.4
\ No newline at end of file
--- /dev/null
+server:
+ username: ""
+ database: ""
+ zonesdir: ""
+ xfrdfile: ""
+ #ip-address: 127.0.0.1
+ ip-address: 127.0.0.3
+ port: 9998
+
+ nsid: ABC1
+
+ answer-cookie: yes
+ cookie-secret: "e5e973e5a6b2a43f48e7dc849e37bfcf"
+
+zone:
+ name: example.nl
+ zonefile: example.nl.zone
projects / thirdparty / unbound.git / commitdiff
