+14 January 2020: Wouter
+ - Removed the dnscrypt_queries and dnscrypt_queries_chacha tests,
+ because dnscrypt-proxy (2.0.36) does not support the test setup
+ any more, and also the config file format does not seem to have
+ the appropriate keys to recreate that setup.
+
10 January 2020: Wouter
- Fix the relationship between serve-expired and prefetch options,
patch from Saksham Manchanda from Secure64.
+++ /dev/null
-®öÝìK¬\87#\91\804ùs\8e pèÖôÁæÀx!¹»\13A\8a"mM
\ No newline at end of file
+++ /dev/null
-m7\12\9fñâÂ\ 3\83x;\91%׸õ\90é*\95ÜR¯\13äÓ¯¹mDªñ
\ No newline at end of file
+++ /dev/null
-server:
- verbosity: 2
- # num-threads: 1
- port: @PORT@
- interface: 0.0.0.0
- interface: 0.0.0.0@@DNSCRYPT_PORT@
- use-syslog: no
- directory: .
- pidfile: "unbound.pid"
- chroot: ""
- username: ""
- do-not-query-localhost: no
-
-forward-zone:
- name: "."
- forward-addr: "127.0.0.1@@TOPORT@"
-
-dnscrypt:
- dnscrypt-enable: yes
- dnscrypt-port: @DNSCRYPT_PORT@
- dnscrypt-provider: 2.dnscrypt-cert.example.com.
- dnscrypt-secret-key: 1.key
- dnscrypt-secret-key: 2.key
- dnscrypt-provider-cert: 1_salsa.cert
- dnscrypt-provider-cert: 2_salsa.cert
-
+++ /dev/null
-BaseName: dnscrypt_queries
-Version: 1.0
-Description: dnscrypt queries.
-CreationDate: Fri Mar 03 10:08:08 CEST 2017
-Maintainer: Emmanuel Bretelle
-Category:
-Component:
-CmdDepends:
-Depends:
-Help:
-Pre: dnscrypt_queries.pre
-Post: dnscrypt_queries.post
-Test: dnscrypt_queries.test
-AuxFiles:
-Passed:
-Failure:
+++ /dev/null
-# #-- dnscrypt_queries.post --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# source the test var file when it's there
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-#
-# do your teardown here
-PRE="../.."
-. ../common.sh
-# if no dnscrypt; exit
-if grep "define USE_DNSCRYPT 1" $PRE/config.h; then
- echo "have dnscrypt"
-else
- echo "no dnscrypt"
- exit 0
-fi
-
-kill_pid $FWD_PID
-kill_pid $UNBOUND_PID
-kill_pid $PROXY_PID
+++ /dev/null
-# #-- dnscrypt_queries.pre--#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-PRE="../.."
-. ../common.sh
-# if no dnscrypt; exit
-if grep "define USE_DNSCRYPT 1" $PRE/config.h; then
- echo "have dnscrypt"
-else
- echo "no dnscrypt"
- exit 0
-fi
-
-get_random_port 4
-UNBOUND_PORT=$RND_PORT
-FWD_PORT=$(($RND_PORT + 1))
-DNSCRYPT_PORT=$(($RND_PORT + 2))
-PROXY_PORT=$(($RND_PORT + 3))
-echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
-echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
-echo "DNSCRYPT_PORT=$DNSCRYPT_PORT" >> .tpkg.var.test
-echo "PROXY_PORT=$PROXY_PORT" >> .tpkg.var.test
-
-# start forwarder
-get_ldns_testns
-$LDNS_TESTNS -p $FWD_PORT dnscrypt_queries.testns >fwd.log 2>&1 &
-FWD_PID=$!
-echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
-
-dnscrypt-proxy --local-address=127.0.0.1:${PROXY_PORT} \
- --resolver-address=127.0.0.1:${DNSCRYPT_PORT} \
- --provider-name=2.dnscrypt-cert.example.com \
- --provider-key=B85F:41A1:4F23:F7DB:C866:F397:CC6F:44B6:5F9D:65C5:B629:7C27:5403:A6E9:DCF2:4F9D \
- -m 32 \
- >dnscryptproxy.log 2>&1 &
-PROXY_PID=$!
-echo "PROXY_PID=$PROXY_PID" >> .tpkg.var.test
-
-# make config file
-sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' \
- -e 's/@DNSCRYPT_PORT\@/'$DNSCRYPT_PORT'/' < dnscrypt_queries.conf > ub.conf
-# start unbound in the background
-$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
-UNBOUND_PID=$!
-echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
-
-cat .tpkg.var.test
-wait_ldns_testns_up fwd.log
-wait_unbound_up unbound.log
-wait_server_up dnscryptproxy.log "Proxying from"
+++ /dev/null
-# #-- dnscrypt_queries.test --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-PRE="../.."
-. ../common.sh
-# if no dnscrypt; exit
-if grep "define USE_DNSCRYPT 1" $PRE/config.h; then
- echo "have dnscrypt"
-else
- echo "no dnscrypt"
- exit 0
-fi
-
-
-# do the test
-for opt in '' '+tcp'
-do
- echo "> do queries ${opt}"
- dig @127.0.0.1 ${opt} -p $PROXY_PORT www1.example.com. >outfile1 &
- digpid1=$!
- dig @127.0.0.1 ${opt} -p $PROXY_PORT www2.example.com. >outfile2 &
- digpid2=$!
- dig @127.0.0.1 ${opt} -p $PROXY_PORT www3.example.com. >outfile3 &
- digpid3=$!
- dig @127.0.0.1 ${opt} -p $PROXY_PORT www4.example.com. >outfile4 &
- digpid4=$!
- dig @127.0.0.1 ${opt} -p $PROXY_PORT www5.example.com. >outfile5 &
- digpid5=$!
- dig @127.0.0.1 ${opt} -p $PROXY_PORT www6.example.com. >outfile6 &
- digpid6=$!
- sleep 1
- kill -9 $digpid1
- kill -9 $digpid2
- kill -9 $digpid3
- kill -9 $digpid4
- kill -9 $digpid5
- kill -9 $digpid6
-
- echo "> cat outfile1"
- cat outfile1
- echo "> cat outfile2"
- cat outfile2
- echo "> cat outfile3"
- cat outfile3
- echo "> cat outfile4"
- cat outfile4
- echo "> cat outfile5"
- cat outfile5
- echo "> cat outfile6"
- cat outfile6
- echo "> cat logfiles"
- cat fwd.log
- cat unbound.log
-
- echo "> check for ID bit collisions"
- grep "pending reply" unbound.log > ids
- numsend=`cat ids | wc -l`
- cat ids | awk '{print $8};' | sort -u > ids2
- numuniq=`cat ids2 | wc -l`
- if test $numuniq -ne $numsend; then
- echo "got a ID number clash. could not do test, sorry"
- exit 0
- fi
-
- echo "> check answers for queries"
- if grep "10.20.30.40" outfile1; then
- echo "1 is OK"
- else
- echo "1 is not OK"
- exit 1
- fi
- if grep "10.20.30.50" outfile2; then
- echo "2 is OK"
- else
- echo "2 is not OK"
- exit 1
- fi
- if grep "10.20.30.60" outfile3; then
- echo "3 is OK"
- else
- echo "3 is not OK"
- exit 1
- fi
- if grep "10.20.30.70" outfile4; then
- echo "4 is OK"
- else
- echo "4 is not OK"
- exit 1
- fi
- if grep "10.20.30.80" outfile5; then
- echo "5 is OK"
- else
- echo "5 is not OK"
- exit 1
- fi
- if grep "10.20.30.90" outfile6; then
- echo "6 is OK"
- else
- echo "6 is not OK"
- exit 1
- fi
-done
-
-exit 0
+++ /dev/null
-; nameserver test file
-$ORIGIN example.com.
-$TTL 3600
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-www1 IN A
-SECTION ANSWER
-www1 IN A 10.20.30.40
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-www2 IN A
-SECTION ANSWER
-www2 IN A 10.20.30.50
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-www3 IN A
-SECTION ANSWER
-www3 IN A 10.20.30.60
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-www4 IN A
-SECTION ANSWER
-www4 IN A 10.20.30.70
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-www5 IN A
-SECTION ANSWER
-www5 IN A 10.20.30.80
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-www6 IN A
-SECTION ANSWER
-www6 IN A 10.20.30.90
-ENTRY_END
+++ /dev/null
-®öÝìK¬\87#\91\804ùs\8e pèÖôÁæÀx!¹»\13A\8a"mM
\ No newline at end of file
+++ /dev/null
-m7\12\9fñâÂ\ 3\83x;\91%׸õ\90é*\95ÜR¯\13äÓ¯¹mDªñ
\ No newline at end of file
+++ /dev/null
-server:
- verbosity: 2
- # num-threads: 1
- port: @PORT@
- interface: 0.0.0.0
- interface: 0.0.0.0@@DNSCRYPT_PORT@
- use-syslog: no
- directory: .
- pidfile: "unbound.pid"
- chroot: ""
- username: ""
- do-not-query-localhost: no
-
-forward-zone:
- name: "."
- forward-addr: "127.0.0.1@@TOPORT@"
-
-dnscrypt:
- dnscrypt-enable: yes
- dnscrypt-port: @DNSCRYPT_PORT@
- dnscrypt-provider: 2.dnscrypt-cert.example.com.
- dnscrypt-secret-key: 2.key
- dnscrypt-provider-cert: 2_salsa.cert
- dnscrypt-provider-cert: 2_chacha.cert
+++ /dev/null
-BaseName: dnscrypt_queries_chacha
-Version: 1.0
-Description: dnscrypt queries using xchacha
-CreationDate: Thu Jun 01 10:08:08 CEST 2017
-Maintainer: Emmanuel Bretelle
-Category:
-Component:
-CmdDepends:
-Depends:
-Help:
-Pre: dnscrypt_queries_chacha.pre
-Post: dnscrypt_queries_chacha.post
-Test: dnscrypt_queries_chacha.test
-AuxFiles:
-Passed:
-Failure:
+++ /dev/null
-# #-- dnscrypt_queries_chacha.post --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# source the test var file when it's there
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-#
-# do your teardown here
-PRE="../.."
-. ../common.sh
-
-# Check if we can run the test.
-. ./precheck.sh
-
-
-kill_pid $FWD_PID
-kill_pid $UNBOUND_PID
-kill_pid $PROXY_PID
+++ /dev/null
-# #-- dnscrypt_queries_chacha.pre--#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-PRE="../.."
-. ../common.sh
-# Check if we can run the test.
-. ./precheck.sh
-
-get_random_port 4
-UNBOUND_PORT=$RND_PORT
-FWD_PORT=$(($RND_PORT + 1))
-DNSCRYPT_PORT=$(($RND_PORT + 2))
-PROXY_PORT=$(($RND_PORT + 3))
-echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
-echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
-echo "DNSCRYPT_PORT=$DNSCRYPT_PORT" >> .tpkg.var.test
-echo "PROXY_PORT=$PROXY_PORT" >> .tpkg.var.test
-
-# start forwarder
-get_ldns_testns
-$LDNS_TESTNS -p $FWD_PORT dnscrypt_queries_chacha.testns >fwd.log 2>&1 &
-FWD_PID=$!
-echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
-
-dnscrypt-proxy --local-address=127.0.0.1:${PROXY_PORT} \
- --resolver-address=127.0.0.1:${DNSCRYPT_PORT} \
- --provider-name=2.dnscrypt-cert.example.com \
- --provider-key=C352:1F20:F2D2:FD65:B5F4:7BF6:6C1A:88C1:4BCB:80CE:1E3A:3572:5CB1:7D4B:12D3:E783 \
- -m 32 \
- >dnscryptproxy.log 2>&1 &
-PROXY_PID=$!
-echo "PROXY_PID=$PROXY_PID" >> .tpkg.var.test
-
-# make config file
-sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' \
- -e 's/@DNSCRYPT_PORT\@/'$DNSCRYPT_PORT'/' < dnscrypt_queries_chacha.conf > ub.conf
-# start unbound in the background
-$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
-UNBOUND_PID=$!
-echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
-
-cat .tpkg.var.test
-wait_ldns_testns_up fwd.log
-wait_unbound_up unbound.log
-wait_server_up dnscryptproxy.log "Proxying from"
-if ! grep 'Using version 2.0 of the DNSCrypt protocol' dnscryptproxy.log; then
- echo "Failed to select xchacha cert"
- exit 1
-fi
+++ /dev/null
-# #-- dnscrypt_queries_chacha.test --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-PRE="../.."
-. ../common.sh
-# Check if we can run the test.
-. ./precheck.sh
-
-# do the test
-for opt in '' '+tcp'
-do
- echo "> do queries ${opt}"
- dig @127.0.0.1 ${opt} -p $PROXY_PORT www1.example.com. >outfile1 &
- digpid1=$!
- dig @127.0.0.1 ${opt} -p $PROXY_PORT www2.example.com. >outfile2 &
- digpid2=$!
- dig @127.0.0.1 ${opt} -p $PROXY_PORT www3.example.com. >outfile3 &
- digpid3=$!
- dig @127.0.0.1 ${opt} -p $PROXY_PORT www4.example.com. >outfile4 &
- digpid4=$!
- dig @127.0.0.1 ${opt} -p $PROXY_PORT www5.example.com. >outfile5 &
- digpid5=$!
- dig @127.0.0.1 ${opt} -p $PROXY_PORT www6.example.com. >outfile6 &
- digpid6=$!
- sleep 1
- kill -9 $digpid1
- kill -9 $digpid2
- kill -9 $digpid3
- kill -9 $digpid4
- kill -9 $digpid5
- kill -9 $digpid6
-
- echo "> cat outfile1"
- cat outfile1
- echo "> cat outfile2"
- cat outfile2
- echo "> cat outfile3"
- cat outfile3
- echo "> cat outfile4"
- cat outfile4
- echo "> cat outfile5"
- cat outfile5
- echo "> cat outfile6"
- cat outfile6
- echo "> cat logfiles"
- cat fwd.log
- cat unbound.log
-
- echo "> check for ID bit collisions"
- grep "pending reply" unbound.log > ids
- numsend=`cat ids | wc -l`
- cat ids | awk '{print $8};' | sort -u > ids2
- numuniq=`cat ids2 | wc -l`
- if test $numuniq -ne $numsend; then
- echo "got a ID number clash. could not do test, sorry"
- exit 0
- fi
-
- echo "> check answers for queries"
- if grep "10.20.30.40" outfile1; then
- echo "1 is OK"
- else
- echo "1 is not OK"
- exit 1
- fi
- if grep "10.20.30.50" outfile2; then
- echo "2 is OK"
- else
- echo "2 is not OK"
- exit 1
- fi
- if grep "10.20.30.60" outfile3; then
- echo "3 is OK"
- else
- echo "3 is not OK"
- exit 1
- fi
- if grep "10.20.30.70" outfile4; then
- echo "4 is OK"
- else
- echo "4 is not OK"
- exit 1
- fi
- if grep "10.20.30.80" outfile5; then
- echo "5 is OK"
- else
- echo "5 is not OK"
- exit 1
- fi
- if grep "10.20.30.90" outfile6; then
- echo "6 is OK"
- else
- echo "6 is not OK"
- exit 1
- fi
-done
-
-exit 0
+++ /dev/null
-; nameserver test file
-$ORIGIN example.com.
-$TTL 3600
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-www1 IN A
-SECTION ANSWER
-www1 IN A 10.20.30.40
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-www2 IN A
-SECTION ANSWER
-www2 IN A 10.20.30.50
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-www3 IN A
-SECTION ANSWER
-www3 IN A 10.20.30.60
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-www4 IN A
-SECTION ANSWER
-www4 IN A 10.20.30.70
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-www5 IN A
-SECTION ANSWER
-www5 IN A 10.20.30.80
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-www6 IN A
-SECTION ANSWER
-www6 IN A 10.20.30.90
-ENTRY_END
+++ /dev/null
-# dnscrypt precheck.sh
-
-# if no dnscrypt; exit
-if grep "define USE_DNSCRYPT 1" $PRE/config.h; then
- echo "have dnscrypt"
-else
- echo "no dnscrypt"
- exit 0
-fi
-
-# if no xchacha20 support in unbound; exit
-if grep "define USE_DNSCRYPT_XCHACHA20 1" $PRE/config.h; then
- echo "have xchacha20"
- xchacha20=1
-else
- echo "no xchacha20"
- xchacha20=0
- exit 0
-fi
-
-# if dnscrypt-proxy does not support xchacha20; exit
-if (dnscrypt-proxy -h 2>&1 | grep -q 'XChaCha20-Poly1305 cipher: present'); then
- echo "dnscrypt-proxy has xchacha20"
-else
- echo "dnscrypt-proxy does not have xchacha20"
- exit 0
-fi
projects / thirdparty / unbound.git / commitdiff
