- Add functionality to skip tdir tests from the .pre file;

- Initial tests for interface-* options.

diff --git a/testcode/do-tests.sh b/testcode/do-tests.sh
index 2a1cfc4c96e81a39a13cb87610b12afedc1d75cd..1669d6c33d5b22919e205ec5992f580c42dbe92e 100755 (executable)
--- a/testcode/do-tests.sh
+++ b/testcode/do-tests.sh
@@ -16,6 +16,7 @@ NEED_WHOAMI='07-confroot.tdir'
 NEED_IPV6='fwd_ancil.tdir fwd_tcp_tc6.tdir stub_udp6.tdir edns_cache.tdir'
 NEED_NOMINGW='tcp_sigpipe.tdir 07-confroot.tdir 08-host-lib.tdir fwd_ancil.tdir'
 NEED_DNSCRYPT_PROXY='dnscrypt_queries.tdir dnscrypt_queries_chacha.tdir'
+NEED_UNSHARE='acl_interface.tdir'
 
 # test if dig and ldns-testns are available.
 test_tool_avail "dig"
@@ -50,6 +51,7 @@ for test in `ls -d *.tdir`; do
        skip_if_in_list $test "$NEED_NC" "nc"
        skip_if_in_list $test "$NEED_WHOAMI" "whoami"
        skip_if_in_list $test "$NEED_DNSCRYPT_PROXY" "dnscrypt-proxy"
+       skip_if_in_list $test "$NEED_UNSHARE" "unshare"
 
        if echo $NEED_IPV6 | grep $test >/dev/null; then
                if test "$HAVE_IPV6" = no; then

diff --git a/testcode/mini_tdir.sh b/testcode/mini_tdir.sh
index 6bbece8d9368e9d11093f38b87d722f6d62dce7c..46a930f41b0b320a0df791c78489908c12771cef 100755 (executable)
--- a/testcode/mini_tdir.sh
+++ b/testcode/mini_tdir.sh
@@ -17,9 +17,9 @@ fi
 
 if test "$1" = "clean"; then
        if test $quiet = 0; then
-               echo "rm -f result.* .done* .tdir.var.master .tdir.var.test"
+               echo "rm -f result.* .done* .skip* .tdir.var.master .tdir.var.test"
        fi
-       rm -f result.* .done* .tdir.var.master .tdir.var.test
+       rm -f result.* .done* .skip* .tdir.var.master .tdir.var.test
        exit 0
 fi
 if test "$1" = "fake"; then
@@ -54,12 +54,15 @@ if test "$1" = "-f" && test "$2" = "report"; then
                                echo "** PASSED ** $timelen $name: $desc"
                                pass=`expr $pass + 1`
                        fi
+               elif test -f ".skip-$name"; then
+                       echo ">> SKIPPED<< $timelen $name: $desc"
+                       skip=`expr $pass + 1`
                else
                        if test -f "result.$name"; then
                                echo "!! FAILED !! $timelen $name: $desc"
                                fail=`expr $fail + 1`
                        else
-                               echo ".> SKIPPED<< $timelen $name: $desc"
+                               echo ">> SKIPPED<< $timelen $name: $desc"
                                skip=`expr $skip + 1`
                        fi
                fi
@@ -81,6 +84,10 @@ if test "$1" = "report" || test "$2" = "report"; then
                        if test $quiet = 0; then
                                echo "** PASSED ** : $name"
                        fi
+               elif test -f ".skip-$name"; then
+                       if test $quiet = 0; then
+                               echo ">> SKIPPED<< : $name"
+                       fi
                else
                        if test -f "result.$name"; then
                                echo "!! FAILED !! : $name"
@@ -116,6 +123,7 @@ name=`basename $1 .tdir`
 dir=$name.$$
 result=result.$name
 done=.done-$name
+skip=.skip-$name
 success="no"
 if test -x "`which bash`"; then
        shell="bash"
@@ -124,8 +132,8 @@ else
 fi
 
 # check already done
-if test -f .done-$name; then
-       echo "minitdir .done-$name exists. skip test."
+if test -f $done; then
+       echo "minitdir $done exists. skip test."
        exit 0
 fi
 
@@ -151,11 +159,15 @@ if test -f $name.pre; then
        fi
        echo "minitdir exe $name.pre" >> $result
        $shell $name.pre $args >> $result
-       if test $? -ne 0; then
+       exit_value=$?
+       if test $exit_value -eq 3; then
+               echo "$name: SKIPPED" >> $result
+               echo "$name: SKIPPED" > ../$skip
+       elif test $exit_value -ne 0; then
                echo "Warning: $name.pre did not exit successfully"
        fi
 fi
-if test -f $name.test; then
+if test -f $name.test -a ! -f ../$skip; then
        if test $quiet = 0; then
                echo "minitdir exe $name.test"
        fi
@@ -167,14 +179,14 @@ if test -f $name.test; then
                success="no"
        else
                echo "$name: PASSED" >> $result
-               echo "$name: PASSED" > ../.done-$name
+               echo "$name: PASSED" > ../$done
                if test $quiet = 0; then
                        echo "$name: PASSED"
                fi
                success="yes"
        fi
 fi
-if test -f $name.post; then
+if test -f $name.post -a ! -f ../$skip; then
        if test $quiet = 0; then
                echo "minitdir exe $name.post"
        fi

diff --git a/testdata/acl_interface.tdir/acl_interface.conf b/testdata/acl_interface.tdir/acl_interface.conf
new file mode 100644 (file)
index 0000000..0c23147
--- /dev/null
+++ b/testdata/acl_interface.tdir/acl_interface.conf
@@ -0,0 +1,68 @@
+server:
+       verbosity: 7
+       use-syslog: no
+       directory: ""
+       pidfile: "unbound.pid"
+       chroot: ""
+       username: ""
+       do-not-query-localhost: no
+       use-caps-for-id: yes
+
+# Interface configuration for IPv4
+       interface: @IPV4_ADDR@@@PORT_ALLOW@
+       interface: @IPV4_ADDR@@@PORT_DENY@
+       interface: @IPV4_ADDR@@@PORT_REFUSE@
+       interface: @IPV4_ADDR@@@PORT_VIEW_INT@
+       interface: @IPV4_ADDR@@@PORT_VIEW_EXT@
+       interface: @IPV4_ADDR@@@PORT_VIEW_INTEXT@
+
+       interface-action: @IPV4_ADDR@@@PORT_ALLOW@ allow
+       interface-action: @IPV4_ADDR@@@PORT_DENY@ deny
+       interface-action: @IPV4_ADDR@@@PORT_VIEW_INT@ allow
+       interface-action: @IPV4_ADDR@@@PORT_VIEW_EXT@ allow
+       interface-action: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ allow
+
+       interface-view: @IPV4_ADDR@@@PORT_VIEW_INT@ "int"
+       interface-view: @IPV4_ADDR@@@PORT_VIEW_EXT@ "ext"
+       interface-view: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ "intext"
+
+# Mirrored interface configuration for IPv6
+       interface: @IPV6_ADDR@@@PORT_ALLOW@
+       interface: @IPV6_ADDR@@@PORT_DENY@
+       interface: @IPV6_ADDR@@@PORT_REFUSE@
+       interface: @IPV6_ADDR@@@PORT_VIEW_INT@
+       interface: @IPV6_ADDR@@@PORT_VIEW_EXT@
+       interface: @IPV6_ADDR@@@PORT_VIEW_INTEXT@
+
+       interface-action: @IPV6_ADDR@@@PORT_ALLOW@ allow
+       interface-action: @IPV6_ADDR@@@PORT_DENY@ deny
+       interface-action: @IPV6_ADDR@@@PORT_VIEW_INT@ allow
+       interface-action: @IPV6_ADDR@@@PORT_VIEW_EXT@ allow
+       interface-action: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ allow
+
+       interface-view: @IPV6_ADDR@@@PORT_VIEW_INT@ "int"
+       interface-view: @IPV6_ADDR@@@PORT_VIEW_EXT@ "ext"
+       interface-view: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ "intext"
+
+# Views configuration
+view:
+       name: "int"
+       view-first: yes
+       local-zone: "." refuse
+       local-zone: "internal" transparent
+view:
+       name: "ext"
+       view-first: yes
+       local-zone: "internal" refuse
+view:
+       name: "intext"
+       view-first: yes
+
+# Stubs configuration
+forward-zone:
+       name: "."
+       forward-addr: @IPV4_ADDR@@@FORWARD_PORT@
+
+stub-zone:
+       name: "internal"
+       stub-addr: @IPV4_ADDR@@@STUB_PORT@

diff --git a/testdata/acl_interface.tdir/acl_interface.dsc b/testdata/acl_interface.tdir/acl_interface.dsc
new file mode 100644 (file)
index 0000000..3e5e94d
--- /dev/null
+++ b/testdata/acl_interface.tdir/acl_interface.dsc
@@ -0,0 +1,16 @@
+BaseName: acl_interface
+Version: 1.0
+Description: Check the interface-* settings
+CreationDate: Fri 8 Oct 18:14:40 CEST 2021
+Maintainer:
+Category:
+Component:
+CmdDepends:
+Depends:
+Help:
+Pre: acl_interface.pre
+Post:
+Test: acl_interface.test
+AuxFiles:
+Passed:
+Failure:

diff --git a/testdata/acl_interface.tdir/acl_interface.pre b/testdata/acl_interface.tdir/acl_interface.pre
new file mode 100644 (file)
index 0000000..14f2fb5
--- /dev/null
+++ b/testdata/acl_interface.tdir/acl_interface.pre
@@ -0,0 +1,54 @@
+# #-- acl_interface.pre--#
+PRE="../.."
+. ../common.sh
+
+# This test uses the unshare utility
+if test ! -x "`which unshare 2>&1`"; then
+       skip_test "no unshare (from util-linux package) available, skip test"
+fi
+
+get_random_port 8
+
+PORT_ALLOW=$RND_PORT
+PORT_DENY=$(($RND_PORT + 1))
+PORT_REFUSE=$(($RND_PORT + 2))
+PORT_VIEW_INT=$(($RND_PORT + 3))
+PORT_VIEW_EXT=$(($RND_PORT + 4))
+PORT_VIEW_INTEXT=$(($RND_PORT + 5))
+FORWARD_PORT=$(($RND_PORT + 6))
+STUB_PORT=$(($RND_PORT + 7))
+
+IPV4_ADDR=192.168.1.1
+IPV6_ADDR=2001:db8::1
+
+# make config file
+sed \
+       -e 's/@PORT_ALLOW\@/'$PORT_ALLOW'/' \
+       -e 's/@PORT_DENY\@/'$PORT_DENY'/' \
+       -e 's/@PORT_REFUSE\@/'$PORT_REFUSE'/' \
+       -e 's/@PORT_VIEW_INT\@/'$PORT_VIEW_INT'/' \
+       -e 's/@PORT_VIEW_EXT\@/'$PORT_VIEW_EXT'/' \
+       -e 's/@PORT_VIEW_INTEXT\@/'$PORT_VIEW_INTEXT'/' \
+       -e 's/@FORWARD_PORT\@/'$FORWARD_PORT'/' \
+       -e 's/@STUB_PORT\@/'$STUB_PORT'/' \
+       -e 's/@IPV4_ADDR\@/'$IPV4_ADDR'/' \
+       -e 's/@IPV6_ADDR\@/'$IPV6_ADDR'/' \
+       < acl_interface.conf > ub.conf
+
+if test -x "`which bash`"; then
+       shell="bash"
+else
+       shell="sh"
+fi
+
+echo "PORT_ALLOW=$PORT_ALLOW" >> .tpkg.var.test
+echo "PORT_DENY=$PORT_DENY" >> .tpkg.var.test
+echo "PORT_REFUSE=$PORT_REFUSE" >> .tpkg.var.test
+echo "PORT_VIEW_INT=$PORT_VIEW_INT" >> .tpkg.var.test
+echo "PORT_VIEW_EXT=$PORT_VIEW_EXT" >> .tpkg.var.test
+echo "PORT_VIEW_INTEXT=$PORT_VIEW_INTEXT" >> .tpkg.var.test
+echo "FORWARD_PORT=$FORWARD_PORT" >> .tpkg.var.test
+echo "STUB_PORT=$STUB_PORT" >> .tpkg.var.test
+echo "IPV4_ADDR=$IPV4_ADDR" >> .tpkg.var.test
+echo "IPV6_ADDR=$IPV6_ADDR" >> .tpkg.var.test
+echo "shell=$shell" >> .tpkg.var.test

diff --git a/testdata/acl_interface.tdir/acl_interface.test b/testdata/acl_interface.tdir/acl_interface.test
new file mode 100644 (file)
index 0000000..4210818
--- /dev/null
+++ b/testdata/acl_interface.tdir/acl_interface.test
@@ -0,0 +1,11 @@
+# #-- acl_interface.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+PRE="../.."
+. ../common.sh
+
+# Run the scenario in an unshared namespace
+unshare -rUn $shell acl_interface.test.scenario
+exit $?

diff --git a/testdata/acl_interface.tdir/acl_interface.test.scenario b/testdata/acl_interface.tdir/acl_interface.test.scenario
new file mode 100644 (file)
index 0000000..d30c64d
--- /dev/null
+++ b/testdata/acl_interface.tdir/acl_interface.test.scenario
@@ -0,0 +1,116 @@
+# #-- acl_interface.test.scenario --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+PRE="../.."
+. ../common.sh
+
+ip addr add $IPV4_ADDR dev lo
+ip addr add $IPV6_ADDR dev lo
+ip link set lo up
+
+# start the forwarder in the background
+get_ldns_testns
+$LDNS_TESTNS -p $FORWARD_PORT acl_interface.testns >fwd.log 2>&1 &
+FWD_PID=$!
+echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
+
+# start the stub in the background
+$LDNS_TESTNS -p $STUB_PORT acl_interface.testns2 >fwd2.log 2>&1 &
+STUB_PID=$!
+echo "STUB_PID=$STUB_PID" >> .tpkg.var.test
+
+# start unbound in the background
+$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
+UNBOUND_PID=$!
+echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
+
+cat .tpkg.var.test
+wait_ldns_testns_up fwd.log
+wait_ldns_testns_up fwd2.log
+wait_unbound_up unbound.log
+
+# Query for the given domain to the given port
+# $1: address family [4, 6]
+# $2: port
+# $3: dname
+query () {
+       addr=$IPV4_ADDR
+       if test "$1" -eq 6; then
+               addr=$IPV6_ADDR
+       fi
+       echo "> dig -p $2 $3"
+       dig @"$addr" -p $2 $3 | tee outfile
+}
+
+expect_refused () {
+       echo "> check answer for REFUSED"
+       if grep "REFUSED" outfile; then
+               echo "OK"
+       else
+               echo "Not OK"
+               exit 1
+       fi
+}
+
+expect_external_answer () {
+       echo "> check external answer"
+       if grep "1.2.3.4" outfile; then
+               echo "OK"
+       else
+               echo "Not OK"
+               exit 1
+       fi
+}
+
+expect_internal_answer () {
+       echo "> check internal answer"
+       if grep "10.20.30.40" outfile; then
+               echo "OK"
+       else
+               echo "Not OK"
+               exit 1
+       fi
+}
+
+
+# do the test
+
+for i in 4 6; do
+       query $i $PORT_REFUSE "www.external"
+       expect_refused
+
+       query $i $PORT_REFUSE "www.internal"
+       expect_refused
+
+       query $i $PORT_ALLOW "www.external"
+       expect_external_answer
+
+       query $i $PORT_ALLOW "www.internal"
+       expect_internal_answer
+
+       query $i $PORT_VIEW_INT "www.internal"
+       expect_internal_answer
+
+       query $i $PORT_VIEW_INT "www.external"
+       expect_refused
+
+       query $i $PORT_VIEW_EXT "www.internal"
+       expect_refused
+
+       query $i $PORT_VIEW_EXT "www.external"
+       expect_external_answer
+
+       query $i $PORT_VIEW_INTEXT "www.internal"
+       expect_internal_answer
+
+       query $i $PORT_VIEW_INTEXT "www.external"
+       expect_external_answer
+done
+
+echo "> cat logfiles"
+cat fwd.log
+cat fwd2.log
+cat unbound.log
+exit 0

diff --git a/testdata/acl_interface.tdir/acl_interface.testns b/testdata/acl_interface.tdir/acl_interface.testns
new file mode 100644 (file)
index 0000000..62abf69
--- /dev/null
+++ b/testdata/acl_interface.tdir/acl_interface.testns
@@ -0,0 +1,13 @@
+; nameserver test file
+$ORIGIN external.
+$TTL 3600
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id
+SECTION QUESTION
+www    IN      A
+SECTION ANSWER
+www    IN      A       1.2.3.4
+ENTRY_END

diff --git a/testdata/acl_interface.tdir/acl_interface.testns2 b/testdata/acl_interface.tdir/acl_interface.testns2
new file mode 100644 (file)
index 0000000..e9edfc8
--- /dev/null
+++ b/testdata/acl_interface.tdir/acl_interface.testns2
@@ -0,0 +1,13 @@
+; nameserver test file
+$ORIGIN internal.
+$TTL 3600
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id
+SECTION QUESTION
+www    IN      A
+SECTION ANSWER
+www    IN      A       10.20.30.40
+ENTRY_END

diff --git a/testdata/common.sh b/testdata/common.sh
index 280f5dac4cec6bbaa50d41985ff8bdd8d69b4b34..a449f1a64eb27403d7bb0c2cb81085d8c4b606cc 100644 (file)
--- a/testdata/common.sh
+++ b/testdata/common.sh
@@ -27,6 +27,7 @@
 # wait_petal_up                : wait for petal to come up.
 # wait_nsd_up          : wait for nsd to come up.
 # wait_server_up_or_fail: wait for server to come up or print a failure string
+# skip_test x          : print message and skip test (must be called in .pre)
 # kill_pid             : kill a server, make sure and wait for it to go down.
 
 
@@ -109,6 +110,13 @@ skip_if_in_list () {
        fi
 }
 
+# Print a message and skip the test. Must be called in the .pre file.
+# $1: message to print.
+skip_test () {
+       echo "$1"
+       exit 3
+}
+
 # function to get a number of random port numbers.
 # $1: number of random ports.
 # RND_PORT is returned as the starting port number