From: Remi Gacogne Date: Fri, 17 Feb 2023 09:41:17 +0000 (+0100) Subject: dnsdist: Test DoH 'meta' Protocol Buffer values for all protocols X-Git-Tag: dnsdist-1.8.0-rc1~2^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=334e3549a06024182597fb9187e6e03c81fcd708;p=thirdparty%2Fpdns.git dnsdist: Test DoH 'meta' Protocol Buffer values for all protocols The DoH-related values should be empty non-DoH protocols, but the protocol buffer messages should still be sent, with the expected content. --- diff --git a/regression-tests.dnsdist/dnsdisttests.py b/regression-tests.dnsdist/dnsdisttests.py index 015369a862..06f71609fd 100644 --- a/regression-tests.dnsdist/dnsdisttests.py +++ b/regression-tests.dnsdist/dnsdisttests.py @@ -1026,3 +1026,9 @@ class DNSDistTest(AssertEqualDNSMessageMixin, unittest.TestCase): cls._response_headers = response_headers.getvalue() return (receivedQuery, message) + + def sendDOHQueryWrapper(self, query, response, useQueue=True): + return self.sendDOHQuery(self._dohServerPort, self._serverName, self._dohBaseURL, query, response=response, caFile=self._caCert, useQueue=useQueue) + + def sendDOTQueryWrapper(self, query, response, useQueue=True): + return self.sendDOTQuery(self._tlsServerPort, self._serverName, query, response, self._caCert, useQueue=useQueue) diff --git a/regression-tests.dnsdist/test_Metrics.py b/regression-tests.dnsdist/test_Metrics.py index d5ef57dc97..08a84daca0 100644 --- a/regression-tests.dnsdist/test_Metrics.py +++ b/regression-tests.dnsdist/test_Metrics.py @@ -75,12 +75,6 @@ class TestRuleMetrics(DNSDistTest): self.assertEquals(self.getMetric('rule-' + name), 2) - def sendDOHQueryWrapper(self, query, response, useQueue=True): - return self.sendDOHQuery(self._dohServerPort, self._serverName, self._dohBaseURL, query, response=response, caFile=self._caCert, useQueue=useQueue) - - def sendDOTQueryWrapper(self, query, response, useQueue=True): - return self.sendDOTQuery(self._tlsServerPort, self._serverName, query, response, self._caCert, useQueue=useQueue) - def testCacheMetrics(self): """ Metrics: Check that metrics are correctly updated for cache misses and hits diff --git a/regression-tests.dnsdist/test_Protobuf.py b/regression-tests.dnsdist/test_Protobuf.py index 3bbcb79466..fead59012a 100644 --- a/regression-tests.dnsdist/test_Protobuf.py +++ b/regression-tests.dnsdist/test_Protobuf.py @@ -491,12 +491,15 @@ class TestProtobufMetaDOH(DNSDistProtobufTest): _serverCert = 'server.chain' _serverName = 'tls.tests.dnsdist.org' _caCert = 'ca.pem' + _tlsServerPort = 8453 _dohServerPort = 8443 _dohBaseURL = ("https://%s:%d/dns-query" % (_serverName, _dohServerPort)) - _config_params = ['_testServerPort', '_protobufServerPort', '_dohServerPort', '_serverCert', '_serverKey'] + _config_params = ['_testServerPort', '_protobufServerPort', '_tlsServerPort', '_serverCert', '_serverKey', '_dohServerPort', '_serverCert', '_serverKey'] _config_template = """ newServer{address="127.0.0.1:%d"} rl = newRemoteLogger('127.0.0.1:%d') + + addTLSLocal("127.0.0.1:%s", "%s", "%s", { provider="openssl" }) addDOHLocal("127.0.0.1:%s", "%s", "%s", { '/dns-query' }, { keepIncomingHeaders=true }) local mytags = {path='doh-path', host='doh-host', ['query-string']='doh-query-string', scheme='doh-scheme', agent='doh-header:user-agent'} @@ -518,57 +521,79 @@ class TestProtobufMetaDOH(DNSDistProtobufTest): '127.0.0.1') response.answer.append(rrset) - (receivedQuery, receivedResponse) = self.sendDOHQuery(self._dohServerPort, self._serverName, self._dohBaseURL, query, caFile=self._caCert, response=response) - - self.assertTrue(receivedQuery) - self.assertTrue(receivedResponse) - receivedQuery.id = query.id - self.assertEqual(query, receivedQuery) - self.assertEqual(response, receivedResponse) - - # let the protobuf messages the time to get there - time.sleep(1) - - # check the protobuf message corresponding to the UDP query - msg = self.getFirstProtobufMessage() - - self.checkProtobufQuery(msg, dnsmessage_pb2.PBDNSMessage.DOH, query, dns.rdataclass.IN, dns.rdatatype.A, name) - self.assertEqual(len(msg.meta), 5) - tags = {} - for entry in msg.meta: - self.assertEqual(len(entry.value.stringVal), 1) - tags[entry.key] = entry.value.stringVal[0] - - self.assertIn('agent', tags) - self.assertIn('PycURL', tags['agent']) - self.assertIn('host', tags) - self.assertEqual(tags['host'], self._serverName + ':' + str(self._dohServerPort)) - self.assertIn('path', tags) - self.assertEqual(tags['path'], '/dns-query') - self.assertIn('query-string', tags) - self.assertIn('?dns=', tags['query-string']) - self.assertIn('scheme', tags) - self.assertEqual(tags['scheme'], 'https') - - # check the protobuf message corresponding to the UDP response - msg = self.getFirstProtobufMessage() - self.checkProtobufResponse(msg, dnsmessage_pb2.PBDNSMessage.DOH, response) - self.assertEqual(len(msg.meta), 5) - tags = {} - for entry in msg.meta: - self.assertEqual(len(entry.value.stringVal), 1) - tags[entry.key] = entry.value.stringVal[0] - - self.assertIn('agent', tags) - self.assertIn('PycURL', tags['agent']) - self.assertIn('host', tags) - self.assertEqual(tags['host'], self._serverName + ':' + str(self._dohServerPort)) - self.assertIn('path', tags) - self.assertEqual(tags['path'], '/dns-query') - self.assertIn('query-string', tags) - self.assertIn('?dns=', tags['query-string']) - self.assertIn('scheme', tags) - self.assertEqual(tags['scheme'], 'https') + for method in ("sendUDPQuery", "sendTCPQuery", "sendDOTQueryWrapper", "sendDOHQueryWrapper"): + sender = getattr(self, method) + (receivedQuery, receivedResponse) = sender(query, response) + + self.assertTrue(receivedQuery) + self.assertTrue(receivedResponse) + receivedQuery.id = query.id + self.assertEqual(query, receivedQuery) + self.assertEqual(response, receivedResponse) + + # let the protobuf messages the time to get there + time.sleep(1) + + # check the protobuf message corresponding to the query + msg = self.getFirstProtobufMessage() + + if method == "sendUDPQuery": + pbMessageType = dnsmessage_pb2.PBDNSMessage.UDP + elif method == "sendTCPQuery": + pbMessageType = dnsmessage_pb2.PBDNSMessage.TCP + elif method == "sendDOTQueryWrapper": + pbMessageType = dnsmessage_pb2.PBDNSMessage.DOT + elif method == "sendDOHQueryWrapper": + pbMessageType = dnsmessage_pb2.PBDNSMessage.DOH + + print(method) + self.checkProtobufQuery(msg, pbMessageType, query, dns.rdataclass.IN, dns.rdatatype.A, name) + self.assertEqual(len(msg.meta), 5) + tags = {} + for entry in msg.meta: + if method == "sendDOHQueryWrapper": + self.assertEqual(len(entry.value.stringVal), 1) + tags[entry.key] = entry.value.stringVal[0] + else: + self.assertEqual(len(entry.value.stringVal), 0) + tags[entry.key] = None + + self.assertIn('agent', tags) + if method == "sendDOHQueryWrapper": + self.assertIn('PycURL', tags['agent']) + self.assertIn('host', tags) + self.assertEqual(tags['host'], self._serverName + ':' + str(self._dohServerPort)) + self.assertIn('path', tags) + self.assertEqual(tags['path'], '/dns-query') + self.assertIn('query-string', tags) + self.assertIn('?dns=', tags['query-string']) + self.assertIn('scheme', tags) + self.assertEqual(tags['scheme'], 'https') + + # check the protobuf message corresponding to the response + msg = self.getFirstProtobufMessage() + self.checkProtobufResponse(msg, pbMessageType, response) + self.assertEqual(len(msg.meta), 5) + tags = {} + for entry in msg.meta: + if method == "sendDOHQueryWrapper": + self.assertEqual(len(entry.value.stringVal), 1) + tags[entry.key] = entry.value.stringVal[0] + else: + self.assertEqual(len(entry.value.stringVal), 0) + tags[entry.key] = None + + self.assertIn('agent', tags) + if method == "sendDOHQueryWrapper": + self.assertIn('PycURL', tags['agent']) + self.assertIn('host', tags) + self.assertEqual(tags['host'], self._serverName + ':' + str(self._dohServerPort)) + self.assertIn('path', tags) + self.assertEqual(tags['path'], '/dns-query') + self.assertIn('query-string', tags) + self.assertIn('?dns=', tags['query-string']) + self.assertIn('scheme', tags) + self.assertEqual(tags['scheme'], 'https') class TestProtobufMetaProxy(DNSDistProtobufTest):