if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 10; fi
if grep "www.example.com" tap.log; then echo "yes it is in tap.log";
else
dig @127.0.0.1 -p $UNBOUND_PORT q9.example.net.
dig @127.0.0.1 -p $UNBOUND_PORT q10.example.net.
for x in q1 q2 q3 q4 5 q6 q7 q8 q9 q10; do
+ if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi
+ if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi
if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi
if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi
if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 10; fi
if grep "www.example.com" tap.log; then echo "yes it is in tap.log";
else
dig @127.0.0.1 -p $UNBOUND_PORT up2.example.net.
for x in down up up2; do
+ if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi
+ if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi
if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi
if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi
if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 10; fi
if grep "www.example.com" tap.log; then echo "yes it is in tap.log";
else
dig @127.0.0.1 -p $UNBOUND_PORT up2.example.net.
for x in down up up2; do
+ if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi
+ if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi
if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi
if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi
if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi
--- /dev/null
+server:
+ verbosity: 4
+ num-threads: 1
+ outgoing-range: 16
+ interface: 127.0.0.1
+ port: @PORT@
+ use-syslog: no
+ directory: ""
+ pidfile: "unbound.pid"
+ chroot: ""
+ username: ""
+ do-not-query-localhost: no
+ local-zone: "example.net." redirect
+ local-data: "example.net. IN A 10.20.30.41"
+remote-control:
+ control-enable: yes
+ control-interface: 127.0.0.1
+ # control-interface: ::1
+ control-port: @CONTROL_PORT@
+ server-key-file: "unbound_server.key"
+ server-cert-file: "unbound_server.pem"
+ control-key-file: "unbound_control.key"
+ control-cert-file: "unbound_control.pem"
+forward-zone:
+ name: "."
+ forward-addr: "127.0.0.1@@TOPORT@"
+dnstap:
+ dnstap-enable: yes
+ dnstap-socket-path: "dnstap.socket"
+ dnstap-ip: "127.0.0.1@@TAPPORT@"
+ dnstap-tls: yes
+ dnstap-tls-server-name: "unbound"
+ # the actual tls cert bundle that authenticates the server
+ # is the unbound_server.pem bundle.
+ # we pass the wrong bundle. (of another key we also use in the client
+ # authentication test)
+ dnstap-tls-cert-bundle: "unbound_control.pem"
+ dnstap-send-identity: yes
+ dnstap-send-version: yes
+ #dnstap-identity
+ #dnstap-version
+ dnstap-log-resolver-query-messages: yes
+ dnstap-log-resolver-response-messages: yes
+ dnstap-log-client-query-messages: yes
+ dnstap-log-client-response-messages: yes
+ dnstap-log-forwarder-query-messages: yes
+ dnstap-log-forwarder-response-messages: yes
+
--- /dev/null
+BaseName: dnstap_tls_badcert
+Version: 1.0
+Description: test dnstap tls with bad cert for authentication
+CreationDate: Tue Feb 14 14:00:38 CET 2020
+Maintainer: dr. W.C.A. Wijngaards
+Category:
+Component:
+CmdDepends:
+Depends:
+Help:
+Pre: dnstap_tls_badcert.pre
+Post: dnstap_tls_badcert.post
+Test: dnstap_tls_badcert.test
+AuxFiles:
+Passed:
+Failure:
--- /dev/null
+# #-- dnstap_tls_badcert.post --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# source the test var file when it's there
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+#
+# do your teardown here
+. ../common.sh
+PRE="../.."
+if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi
+kill_pid $DNSTAP_SOCKET_PID
+kill_pid $FWD_PID
+kill $UNBOUND_PID
+kill $UNBOUND_PID >/dev/null 2>&1
+cat unbound.log
+echo "> tap logfiles"
+cat tap.log
+cat tap.errlog
+cat fwd.log
+exit 0
--- /dev/null
+# #-- dnstap_tls_badcert.pre--#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+. ../common.sh
+
+PRE="../.."
+if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi
+
+get_random_port 4
+UNBOUND_PORT=$RND_PORT
+FWD_PORT=$(($RND_PORT + 1))
+CONTROL_PORT=$(($RND_PORT + 2))
+TAP_PORT=$(($RND_PORT + 3))
+echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
+echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
+echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test
+echo "TAP_PORT=$TAP_PORT" >> .tpkg.var.test
+
+# start forwarder
+get_ldns_testns
+$LDNS_TESTNS -p $FWD_PORT dnstap_tls_badcert.testns >fwd.log 2>&1 &
+FWD_PID=$!
+echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
+
+# start the dnstap log server
+# the -vvvv flag prints protocol and connection information from the
+# unbound-dnstap-socket server.
+# the -l flag prints the DNS info in the DNSTAP packet in multiline output.
+# stderr is the '-vvvv' server logs and errors.
+# stdout is the one-line packet logs (or with -l, multiline).
+$PRE/unbound-dnstap-socket -t "127.0.0.1@$TAP_PORT" -x unbound_server.key -y unbound_server.pem -l -vvvv 2>tap.errlog >tap.log &
+if test $? -ne 0; then
+ echo "could not start unbound-dnstap-socket server"
+ exit 1
+fi
+DNSTAP_SOCKET_PID=$!
+echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test
+# wait for the server to go up
+wait_server_up "tap.errlog" "start of service"
+
+# make config file
+sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' -e 's/@TAPPORT\@/'$TAP_PORT'/' < dnstap_tls_badcert.conf > ub.conf
+# start unbound in the background
+$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
+UNBOUND_PID=$!
+echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
+
+cat .tpkg.var.test
+wait_ldns_testns_up fwd.log
+wait_unbound_up unbound.log
+
--- /dev/null
+# #-- dnstap_tls_badcert.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+. ../common.sh
+PRE="../.."
+if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi
+
+# test if the server is up.
+echo "> dig www.example.com."
+dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+echo "> check answer"
+if grep "10.20.30.40" outfile; then
+ echo "OK"
+else
+ echo "> cat logfiles"
+ cat tap.log
+ cat tap.errlog
+ cat fwd.log
+ cat unbound.log
+ echo "Not OK"
+ exit 1
+fi
+
+echo "> check tap.log for dnstap info"
+# see if it logged the information in tap.log
+# wait for a moment for filesystem to catch up.
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log; then
+ echo "it is in tap.log";
+ echo "but there should not be a connection"
+ echo "failed"
+ echo "> cat logfiles"
+ cat tap.log
+ cat tap.errlog
+ cat fwd.log
+ cat unbound.log
+ echo "Not OK"
+ exit 1
+else
+ echo "information not in tap.log"
+fi
+
+echo "> OK"
+exit 0
--- /dev/null
+; nameserver test file
+$ORIGIN example.com.
+$TTL 3600
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id
+SECTION QUESTION
+www IN A
+SECTION ANSWER
+www IN A 10.20.30.40
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA SERVFAIL
+ADJUST copy_id
+SECTION QUESTION
+www.example.net. IN A
+ENTRY_END
+
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa
+rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH
+ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB
+AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z
+WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG
+DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr
+4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m
+Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr
+p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg
+P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+
+aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe
+YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9
+DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
+bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE
+AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD
+6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3
+qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US
+J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB
+BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B
+9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC
+iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA
+3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s
+RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB
+AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS
+6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds
+sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi
+XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3
+fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL
+CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP
+0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2
+oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l
+In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S
+LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
+bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE
+AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS
+y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/
+/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu
+g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ
+9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG
+l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH
+Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg==
+-----END CERTIFICATE-----
--- /dev/null
+server:
+ verbosity: 4
+ num-threads: 1
+ outgoing-range: 16
+ interface: 127.0.0.1
+ port: @PORT@
+ use-syslog: no
+ directory: ""
+ pidfile: "unbound.pid"
+ chroot: ""
+ username: ""
+ do-not-query-localhost: no
+ local-zone: "example.net." redirect
+ local-data: "example.net. IN A 10.20.30.41"
+remote-control:
+ control-enable: yes
+ control-interface: 127.0.0.1
+ # control-interface: ::1
+ control-port: @CONTROL_PORT@
+ server-key-file: "unbound_server.key"
+ server-cert-file: "unbound_server.pem"
+ control-key-file: "unbound_control.key"
+ control-cert-file: "unbound_control.pem"
+forward-zone:
+ name: "."
+ forward-addr: "127.0.0.1@@TOPORT@"
+dnstap:
+ dnstap-enable: yes
+ dnstap-socket-path: "dnstap.socket"
+ dnstap-ip: "127.0.0.1@@TAPPORT@"
+ dnstap-tls: yes
+ # actual certificate name: "unbound"
+ # we enter another name here.
+ dnstap-tls-server-name: "anothername"
+ dnstap-tls-cert-bundle: "unbound_server.pem"
+ dnstap-send-identity: yes
+ dnstap-send-version: yes
+ #dnstap-identity
+ #dnstap-version
+ dnstap-log-resolver-query-messages: yes
+ dnstap-log-resolver-response-messages: yes
+ dnstap-log-client-query-messages: yes
+ dnstap-log-client-response-messages: yes
+ dnstap-log-forwarder-query-messages: yes
+ dnstap-log-forwarder-response-messages: yes
+
--- /dev/null
+BaseName: dnstap_tls_badname
+Version: 1.0
+Description: test dnstap tls test bad peer name for authentication
+CreationDate: Tue Feb 14 14:00:38 CET 2020
+Maintainer: dr. W.C.A. Wijngaards
+Category:
+Component:
+CmdDepends:
+Depends:
+Help:
+Pre: dnstap_tls_badname.pre
+Post: dnstap_tls_badname.post
+Test: dnstap_tls_badname.test
+AuxFiles:
+Passed:
+Failure:
--- /dev/null
+# #-- dnstap_tls_badname.post --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# source the test var file when it's there
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+#
+# do your teardown here
+. ../common.sh
+PRE="../.."
+if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi
+kill_pid $DNSTAP_SOCKET_PID
+kill_pid $FWD_PID
+kill $UNBOUND_PID
+kill $UNBOUND_PID >/dev/null 2>&1
+cat unbound.log
+echo "> tap logfiles"
+cat tap.log
+cat tap.errlog
+cat fwd.log
+exit 0
--- /dev/null
+# #-- dnstap_tls_badname.pre--#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+. ../common.sh
+
+PRE="../.."
+if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi
+
+get_random_port 4
+UNBOUND_PORT=$RND_PORT
+FWD_PORT=$(($RND_PORT + 1))
+CONTROL_PORT=$(($RND_PORT + 2))
+TAP_PORT=$(($RND_PORT + 3))
+echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
+echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
+echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test
+echo "TAP_PORT=$TAP_PORT" >> .tpkg.var.test
+
+# start forwarder
+get_ldns_testns
+$LDNS_TESTNS -p $FWD_PORT dnstap_tls_badname.testns >fwd.log 2>&1 &
+FWD_PID=$!
+echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
+
+# start the dnstap log server
+# the -vvvv flag prints protocol and connection information from the
+# unbound-dnstap-socket server.
+# the -l flag prints the DNS info in the DNSTAP packet in multiline output.
+# stderr is the '-vvvv' server logs and errors.
+# stdout is the one-line packet logs (or with -l, multiline).
+$PRE/unbound-dnstap-socket -t "127.0.0.1@$TAP_PORT" -x unbound_server.key -y unbound_server.pem -l -vvvv 2>tap.errlog >tap.log &
+if test $? -ne 0; then
+ echo "could not start unbound-dnstap-socket server"
+ exit 1
+fi
+DNSTAP_SOCKET_PID=$!
+echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test
+# wait for the server to go up
+wait_server_up "tap.errlog" "start of service"
+
+# make config file
+sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' -e 's/@TAPPORT\@/'$TAP_PORT'/' < dnstap_tls_badname.conf > ub.conf
+# start unbound in the background
+$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
+UNBOUND_PID=$!
+echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
+
+cat .tpkg.var.test
+wait_ldns_testns_up fwd.log
+wait_unbound_up unbound.log
+
--- /dev/null
+# #-- dnstap_tls_badname.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+. ../common.sh
+PRE="../.."
+if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi
+
+# test if the server is up.
+echo "> dig www.example.com."
+dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+echo "> check answer"
+if grep "10.20.30.40" outfile; then
+ echo "OK"
+else
+ echo "> cat logfiles"
+ cat tap.log
+ cat tap.errlog
+ cat fwd.log
+ cat unbound.log
+ echo "Not OK"
+ exit 1
+fi
+
+echo "> check tap.log for dnstap info"
+# see if it logged the information in tap.log
+# wait for a moment for filesystem to catch up.
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log; then
+ echo "it is in tap.log";
+ echo "but there should not be a connection"
+ echo "failed"
+ echo "> cat logfiles"
+ cat tap.log
+ cat tap.errlog
+ cat fwd.log
+ cat unbound.log
+ echo "Not OK"
+ exit 1
+else
+ echo "information not in tap.log"
+fi
+
+echo "> OK"
+exit 0
--- /dev/null
+; nameserver test file
+$ORIGIN example.com.
+$TTL 3600
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id
+SECTION QUESTION
+www IN A
+SECTION ANSWER
+www IN A 10.20.30.40
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA SERVFAIL
+ADJUST copy_id
+SECTION QUESTION
+www.example.net. IN A
+ENTRY_END
+
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa
+rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH
+ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB
+AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z
+WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG
+DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr
+4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m
+Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr
+p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg
+P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+
+aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe
+YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9
+DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
+bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE
+AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD
+6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3
+qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US
+J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB
+BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B
+9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC
+iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA
+3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s
+RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB
+AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS
+6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds
+sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi
+XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3
+fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL
+CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP
+0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2
+oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l
+In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S
+LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
+bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE
+AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS
+y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/
+/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu
+g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ
+9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG
+l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH
+Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg==
+-----END CERTIFICATE-----
BaseName: dnstap_tls_peername
Version: 1.0
-Description: test dnstap tls and reconnect
+Description: test dnstap tls with auth name and tls authentication
CreationDate: Tue Feb 14 14:00:38 CET 2020
Maintainer: dr. W.C.A. Wijngaards
Category:
echo "> tap logfiles"
cat tap.log
cat tap.errlog
-echo "> tap2 logfiles"
-if test -f tap2.log; then cat tap2.log; fi
-if test -f tap2.errlog; then cat tap2.errlog; fi
cat fwd.log
exit 0
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 10; fi
if grep "www.example.com" tap.log; then echo "yes it is in tap.log";
else
exit 1
fi
-echo ""
-echo "> test disconnect from the upstream server"
-
-kill_pid $DNSTAP_SOCKET_PID
-dig @127.0.0.1 -p $UNBOUND_PORT down.example.net.
-
-# bring log socket back up
-$PRE/unbound-dnstap-socket -t "127.0.0.1@$TAP_PORT" -x unbound_server.key -y unbound_server.pem -l -vvvv 2>tap2.errlog >tap2.log &
-if test $? -ne 0; then
- echo "could not start (again) unbound-dnstap-socket server"
- exit 1
-fi
-DNSTAP_SOCKET_PID=$!
-echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test
-# wait for the server to go up
-wait_server_up "tap2.errlog" "start of service"
-
-dig @127.0.0.1 -p $UNBOUND_PORT up.example.net.
-sleep 2
-dig @127.0.0.1 -p $UNBOUND_PORT up2.example.net.
-
-for x in down up up2; do
- if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi
- if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi
- if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi
- if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 10; fi
- if grep "$x.example.net" tap2.log; then echo "yes it is in tap2.log";
- else
- echo "$x.example.net. information not in tap2.log"
- echo "failed"
- echo "> cat logfiles"
- cat tap.log
- cat tap.errlog
- echo "> tap2 logfiles"
- cat tap2.log
- cat tap2.errlog
- cat fwd.log
- cat unbound.log
- echo "Not OK"
- exit 1
- fi
-done
-
echo "> OK"
exit 0
projects / thirdparty / unbound.git / commitdiff
