From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Fri, 14 Feb 2020 13:16:56 +0000 (+0100)
Subject: dnstap io, test for TCP and reconnect for that.
X-Git-Tag: release-1.11.0~120^2~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7da19e96cec049cc58a176576525db60df78dad1;p=thirdparty%2Funbound.git

dnstap io, test for TCP and reconnect for that.
---

diff --git a/dnstap/unbound-dnstap-socket.c b/dnstap/unbound-dnstap-socket.c
index 803236196..e26e12ede 100644
--- a/dnstap/unbound-dnstap-socket.c
+++ b/dnstap/unbound-dnstap-socket.c
@@ -1266,9 +1266,11 @@ setup_and_run(struct config_strlist_head* local_list,
 		verifypem);
 	if(!tap_socket_list_addevs(maindata->acceptlist, base))
 		fatal_exit("could not setup accept events");
+	if(verbosity) log_info("start of service");
 
 	ub_event_base_dispatch(base);
 
+	if(verbosity) log_info("end of service");
 	sig_base = NULL;
 	tap_socket_list_delete(maindata->acceptlist);
 	ub_event_base_free(base);
diff --git a/testdata/dnstap_tcp.tdir/dnstap_tcp.conf b/testdata/dnstap_tcp.tdir/dnstap_tcp.conf
new file mode 100644
index 000000000..6aefaad1e
--- /dev/null
+++ b/testdata/dnstap_tcp.tdir/dnstap_tcp.conf
@@ -0,0 +1,42 @@
+server:
+	verbosity: 2
+	num-threads: 1
+	outgoing-range: 16
+	interface: 127.0.0.1
+	port: @PORT@
+	use-syslog: no
+	directory: ""
+	pidfile: "unbound.pid"
+	chroot: ""
+	username: ""
+	do-not-query-localhost: no
+	local-zone: "example.net." redirect
+	local-data: "example.net. IN A 10.20.30.41"
+remote-control:
+	control-enable: yes
+	control-interface: 127.0.0.1
+	# control-interface: ::1
+	control-port: @CONTROL_PORT@
+	server-key-file: "unbound_server.key"
+	server-cert-file: "unbound_server.pem"
+	control-key-file: "unbound_control.key"
+	control-cert-file: "unbound_control.pem"
+forward-zone:
+	name: "."
+	forward-addr: "127.0.0.1@@TOPORT@"
+dnstap:
+	dnstap-enable: yes 
+	#dnstap-socket-path: "dnstap.socket"
+	dnstap-ip: "127.0.0.1@@TAPPORT@"
+	dnstap-tls: no
+	dnstap-send-identity: yes
+	dnstap-send-version: yes
+	#dnstap-identity
+	#dnstap-version
+	dnstap-log-resolver-query-messages: yes
+	dnstap-log-resolver-response-messages: yes
+	dnstap-log-client-query-messages: yes
+	dnstap-log-client-response-messages: yes
+	dnstap-log-forwarder-query-messages: yes
+	dnstap-log-forwarder-response-messages: yes
+
diff --git a/testdata/dnstap_tcp.tdir/dnstap_tcp.dsc b/testdata/dnstap_tcp.tdir/dnstap_tcp.dsc
new file mode 100644
index 000000000..de4ad82da
--- /dev/null
+++ b/testdata/dnstap_tcp.tdir/dnstap_tcp.dsc
@@ -0,0 +1,16 @@
+BaseName: dnstap_tcp
+Version: 1.0
+Description: test dnstap tcp and reconnect
+CreationDate: Tue Feb 14 14:00:38 CET 2020
+Maintainer: dr. W.C.A. Wijngaards
+Category: 
+Component:
+CmdDepends: 
+Depends: 
+Help:
+Pre: dnstap_tcp.pre
+Post: dnstap_tcp.post
+Test: dnstap_tcp.test
+AuxFiles: 
+Passed:
+Failure:
diff --git a/testdata/dnstap_tcp.tdir/dnstap_tcp.post b/testdata/dnstap_tcp.tdir/dnstap_tcp.post
new file mode 100644
index 000000000..64e30db17
--- /dev/null
+++ b/testdata/dnstap_tcp.tdir/dnstap_tcp.post
@@ -0,0 +1,23 @@
+# #-- dnstap_tcp.post --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# source the test var file when it's there
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+#
+# do your teardown here
+. ../common.sh
+PRE="../.."
+if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi
+kill_pid $DNSTAP_SOCKET_PID
+kill_pid $FWD_PID
+kill $UNBOUND_PID
+kill $UNBOUND_PID >/dev/null 2>&1
+cat unbound.log
+echo "> tap logfiles"
+cat tap.log
+cat tap.errlog
+echo "> tap2 logfiles"
+cat tap2.log
+cat tap2.errlog
+cat fwd.log
+exit 0
diff --git a/testdata/dnstap_tcp.tdir/dnstap_tcp.pre b/testdata/dnstap_tcp.tdir/dnstap_tcp.pre
new file mode 100644
index 000000000..3006603c5
--- /dev/null
+++ b/testdata/dnstap_tcp.tdir/dnstap_tcp.pre
@@ -0,0 +1,54 @@
+# #-- dnstap_tcp.pre--#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+. ../common.sh
+
+PRE="../.."
+if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi
+
+get_random_port 4
+UNBOUND_PORT=$RND_PORT
+FWD_PORT=$(($RND_PORT + 1))
+CONTROL_PORT=$(($RND_PORT + 2))
+TAP_PORT=$(($RND_PORT + 3))
+echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
+echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
+echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test
+echo "TAP_PORT=$TAP_PORT" >> .tpkg.var.test
+
+# start forwarder
+get_ldns_testns
+$LDNS_TESTNS -p $FWD_PORT dnstap_tcp.testns >fwd.log 2>&1 &
+FWD_PID=$!
+echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
+
+# start the dnstap log server
+# the -vvvv flag prints protocol and connection information from the
+# unbound-dnstap-socket server.
+# the -l flag prints the DNS info in the DNSTAP packet in multiline output.
+# stderr is the '-vvvv' server logs and errors.
+# stdout is the one-line packet logs (or with -l, multiline).
+$PRE/unbound-dnstap-socket -s "127.0.0.1@$TAP_PORT" -l -vvvv 2>tap.errlog >tap.log &
+if test $? -ne 0; then
+	echo "could not start unbound-dnstap-socket server"
+	exit 1
+fi
+DNSTAP_SOCKET_PID=$!
+echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test
+# wait for the server to go up
+wait_server_up "tap.errlog" "start of service"
+
+# make config file
+sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' -e 's/@TAPPORT\@/'$TAP_PORT'/' < dnstap_tcp.conf > ub.conf
+# start unbound in the background
+$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
+UNBOUND_PID=$!
+echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
+
+cat .tpkg.var.test
+wait_ldns_testns_up fwd.log
+wait_unbound_up unbound.log
+
diff --git a/testdata/dnstap_tcp.tdir/dnstap_tcp.test b/testdata/dnstap_tcp.tdir/dnstap_tcp.test
new file mode 100644
index 000000000..bf79b6d72
--- /dev/null
+++ b/testdata/dnstap_tcp.tdir/dnstap_tcp.test
@@ -0,0 +1,91 @@
+# #-- dnstap_tcp.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+. ../common.sh
+PRE="../.."
+if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi
+
+# test if the server is up.
+echo "> dig www.example.com."
+dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+echo "> check answer"
+if grep "10.20.30.40" outfile; then
+	echo "OK"
+else
+	echo "> cat logfiles"
+	cat tap.log
+	cat tap.errlog
+	cat fwd.log
+	cat unbound.log
+	echo "Not OK"
+	exit 1
+fi
+
+echo "> check tap.log for dnstap info"
+# see if it logged the information in tap.log
+# wait for a moment for filesystem to catch up.
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
+if grep "www.example.com" tap.log >/dev/null; then :; else sleep 10; fi
+if grep "www.example.com" tap.log; then echo "yes it is in tap.log";
+else
+	echo "information not in tap.log"
+	echo "failed"
+	echo "> cat logfiles"
+	cat tap.log
+	cat tap.errlog
+	cat fwd.log
+	cat unbound.log
+	echo "Not OK"
+	exit 1
+fi
+
+echo ""
+echo "> test disconnect from the upstream server"
+
+kill_pid $DNSTAP_SOCKET_PID
+dig @127.0.0.1 -p $UNBOUND_PORT down.example.net.
+
+# bring log socket back up
+$PRE/unbound-dnstap-socket -s "127.0.0.1@$TAP_PORT" -l -vvvv 2>tap2.errlog >tap2.log &
+if test $? -ne 0; then
+	echo "could not start (again) unbound-dnstap-socket server"
+	exit 1
+fi
+DNSTAP_SOCKET_PID=$!
+echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test
+# wait for the server to go up
+wait_server_up "tap2.errlog" "start of service"
+
+dig @127.0.0.1 -p $UNBOUND_PORT up.example.net.
+sleep 2
+dig @127.0.0.1 -p $UNBOUND_PORT up2.example.net.
+
+for x in down up up2; do
+	if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi
+	if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi
+	if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi
+	if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 10; fi
+	if grep "$x.example.net" tap2.log; then echo "yes it is in tap2.log";
+	else
+		echo "$x.example.net. information not in tap2.log"
+		echo "failed"
+		echo "> cat logfiles"
+		cat tap.log
+		cat tap.errlog
+		echo "> tap2 logfiles"
+		cat tap2.log
+		cat tap2.errlog
+		cat fwd.log
+		cat unbound.log
+		echo "Not OK"
+		exit 1
+	fi
+done
+
+echo "> OK"
+exit 0
diff --git a/testdata/dnstap_tcp.tdir/dnstap_tcp.testns b/testdata/dnstap_tcp.tdir/dnstap_tcp.testns
new file mode 100644
index 000000000..0c911ca5b
--- /dev/null
+++ b/testdata/dnstap_tcp.tdir/dnstap_tcp.testns
@@ -0,0 +1,22 @@
+; nameserver test file
+$ORIGIN example.com.
+$TTL 3600
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id
+SECTION QUESTION
+www	IN	A
+SECTION ANSWER
+www	IN	A	10.20.30.40
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA SERVFAIL
+ADJUST copy_id
+SECTION QUESTION
+www.example.net.	IN	A
+ENTRY_END
+
diff --git a/testdata/dnstap_tcp.tdir/unbound_control.key b/testdata/dnstap_tcp.tdir/unbound_control.key
new file mode 100644
index 000000000..d7c43a06b
--- /dev/null
+++ b/testdata/dnstap_tcp.tdir/unbound_control.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa
+rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH
+ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB
+AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z
+WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG
+DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr
+4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m
+Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr
+p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg
+P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+
+aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe
+YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9
+DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE=
+-----END RSA PRIVATE KEY-----
diff --git a/testdata/dnstap_tcp.tdir/unbound_control.pem b/testdata/dnstap_tcp.tdir/unbound_control.pem
new file mode 100644
index 000000000..8f1ba87f1
--- /dev/null
+++ b/testdata/dnstap_tcp.tdir/unbound_control.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
+bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE
+AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD
+6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3
+qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US
+J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB
+BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B
+9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC
+iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq
+-----END CERTIFICATE-----
diff --git a/testdata/dnstap_tcp.tdir/unbound_server.key b/testdata/dnstap_tcp.tdir/unbound_server.key
new file mode 100644
index 000000000..4256c421d
--- /dev/null
+++ b/testdata/dnstap_tcp.tdir/unbound_server.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA
+3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s
+RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB
+AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS
+6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds
+sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi
+XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3
+fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL
+CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP
+0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2
+oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l
+In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S
+LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg==
+-----END RSA PRIVATE KEY-----
diff --git a/testdata/dnstap_tcp.tdir/unbound_server.pem b/testdata/dnstap_tcp.tdir/unbound_server.pem
new file mode 100644
index 000000000..aeda3ff11
--- /dev/null
+++ b/testdata/dnstap_tcp.tdir/unbound_server.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
+bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE
+AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS
+y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/
+/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu
+g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ
+9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG
+l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH
+Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg==
+-----END CERTIFICATE-----