From 0fbfce4c9916630a0abcbcb87e51a326fd63c2d9 Mon Sep 17 00:00:00 2001 From: Ralph Dolmans Date: Wed, 24 Jun 2020 14:04:34 +0200 Subject: [PATCH] - Add DoH tests --- services/mesh.c | 4 + sldns/parseutil.c | 49 ++- sldns/parseutil.h | 2 + .../doh_downstream.tdir/doh_downstream.conf | 27 ++ .../doh_downstream.tdir/doh_downstream.dsc | 16 + .../doh_downstream.tdir/doh_downstream.post | 11 + .../doh_downstream.tdir/doh_downstream.pre | 31 ++ .../doh_downstream.tdir/doh_downstream.test | 343 ++++++++++++++++++ .../doh_downstream.tdir/doh_downstream.testns | 74 ++++ .../doh_downstream.tdir/unbound_server.key | 15 + .../doh_downstream.tdir/unbound_server.pem | 11 + .../doh_downstream_post.conf | 27 ++ .../doh_downstream_post.dsc | 16 + .../doh_downstream_post.post | 11 + .../doh_downstream_post.pre | 30 ++ .../doh_downstream_post.test | 343 ++++++++++++++++++ .../doh_downstream_post.testns | 74 ++++ .../unbound_server.key | 15 + .../unbound_server.pem | 11 + util/netevent.c | 6 +- 20 files changed, 1103 insertions(+), 13 deletions(-) create mode 100644 testdata/doh_downstream.tdir/doh_downstream.conf create mode 100644 testdata/doh_downstream.tdir/doh_downstream.dsc create mode 100644 testdata/doh_downstream.tdir/doh_downstream.post create mode 100644 testdata/doh_downstream.tdir/doh_downstream.pre create mode 100644 testdata/doh_downstream.tdir/doh_downstream.test create mode 100644 testdata/doh_downstream.tdir/doh_downstream.testns create mode 100644 testdata/doh_downstream.tdir/unbound_server.key create mode 100644 testdata/doh_downstream.tdir/unbound_server.pem create mode 100644 testdata/doh_downstream_post.tdir/doh_downstream_post.conf create mode 100644 testdata/doh_downstream_post.tdir/doh_downstream_post.dsc create mode 100644 testdata/doh_downstream_post.tdir/doh_downstream_post.post create mode 100644 testdata/doh_downstream_post.tdir/doh_downstream_post.pre create mode 100644 testdata/doh_downstream_post.tdir/doh_downstream_post.test create mode 100644 testdata/doh_downstream_post.tdir/doh_downstream_post.testns create mode 100644 testdata/doh_downstream_post.tdir/unbound_server.key create mode 100644 testdata/doh_downstream_post.tdir/unbound_server.pem diff --git a/services/mesh.c b/services/mesh.c index 225449fb9..c2afdbf82 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -1212,6 +1212,10 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, rcode = LDNS_RCODE_SERVFAIL; if(r->query_reply.c->alpn_h2) { r->query_reply.c->h2_stream = r->h2_stream; + /* Mesh reply won't exist for long anymore. Make it impossible + * for HTTP/2 stream to refer to mesh state, in case + * connection gets cleanup before HTTP/2 stream close. */ + r->h2_stream->mesh_state = NULL; } /* send the reply */ /* We don't reuse the encoded answer if either the previous or current diff --git a/sldns/parseutil.c b/sldns/parseutil.c index b51a0709d..dc8354b62 100644 --- a/sldns/parseutil.c +++ b/sldns/parseutil.c @@ -619,13 +619,18 @@ size_t sldns_b64_ntop_calculate_size(size_t srcsize) * * This routine does not insert spaces or linebreaks after 76 characters. */ -int sldns_b64_ntop(uint8_t const *src, size_t srclength, - char *target, size_t targsize) +static int sldns_b64_ntop_base(uint8_t const *src, size_t srclength, + char *target, size_t targsize, int base64url, int padding) { - const char* b64 = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + char* b64; const char pad64 = '='; size_t i = 0, o = 0; + if(base64url) + b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123" + "456789-_"; + else + b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123" + "456789+/"; if(targsize < sldns_b64_ntop_calculate_size(srclength)) return -1; /* whole chunks: xxxxxxyy yyyyzzzz zzwwwwww */ @@ -645,18 +650,26 @@ int sldns_b64_ntop(uint8_t const *src, size_t srclength, target[o] = b64[src[i] >> 2]; target[o+1] = b64[ ((src[i]&0x03)<<4) | (src[i+1]>>4) ]; target[o+2] = b64[ ((src[i+1]&0x0f)<<2) ]; - target[o+3] = pad64; - /* i += 2; */ - o += 4; + if(padding) { + target[o+3] = pad64; + /* i += 2; */ + o += 4; + } else { + o += 3; + } break; case 1: /* one at end, converted into A B = = */ target[o] = b64[src[i] >> 2]; target[o+1] = b64[ ((src[i]&0x03)<<4) ]; - target[o+2] = pad64; - target[o+3] = pad64; - /* i += 1; */ - o += 4; + if(padding) { + target[o+2] = pad64; + target[o+3] = pad64; + /* i += 1; */ + o += 4; + } else { + o += 2; + } break; case 0: default: @@ -669,6 +682,20 @@ int sldns_b64_ntop(uint8_t const *src, size_t srclength, return (int)o; } +int sldns_b64_ntop(uint8_t const *src, size_t srclength, char *target, + size_t targsize) +{ + return sldns_b64_ntop_base(src, srclength, target, targsize, + 0 /* no base64url */, 1 /* padding */); +} + +int sldns_b64url_ntop(uint8_t const *src, size_t srclength, char *target, + size_t targsize) +{ + return sldns_b64_ntop_base(src, srclength, target, targsize, + 1 /* base64url */, 0 /* no padding */); +} + size_t sldns_b64_pton_calculate_size(size_t srcsize) { return (((((srcsize + 3) / 4) * 3)) + 1); diff --git a/sldns/parseutil.h b/sldns/parseutil.h index 852ad3fb5..7eb23317f 100644 --- a/sldns/parseutil.h +++ b/sldns/parseutil.h @@ -92,6 +92,8 @@ size_t sldns_b64_ntop_calculate_size(size_t srcsize); int sldns_b64_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize); +int sldns_b64url_ntop(uint8_t const *src, size_t srclength, char *target, + size_t targsize); /** * calculates the size needed to store the result of sldns_b64_pton diff --git a/testdata/doh_downstream.tdir/doh_downstream.conf b/testdata/doh_downstream.tdir/doh_downstream.conf new file mode 100644 index 000000000..f0857bb58 --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.conf @@ -0,0 +1,27 @@ +server: + verbosity: 2 + # num-threads: 1 + interface: 127.0.0.1@@PORT@ + https-port: @PORT@ + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + http-query-buffer-size: 1G + http-response-buffer-size: 1G + http-max-streams: 200 + + local-zone: "example.net" static + local-data: "www1.example.net. IN A 1.2.3.1" + local-data: "www2.example.net. IN A 1.2.3.2" + local-data: "www3.example.net. IN A 1.2.3.3" + local-zone: "drop.net" deny + tcp-upstream: yes + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/doh_downstream.tdir/doh_downstream.dsc b/testdata/doh_downstream.tdir/doh_downstream.dsc new file mode 100644 index 000000000..66b84284e --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.dsc @@ -0,0 +1,16 @@ +BaseName: doh_downstream +Version: 1.0 +Description: Test DNS-over-HTTPS query processing +CreationDate: Mon Jun 12 12:00:00 CET 2020 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: doh_downstream.pre +Post: doh_downstream.post +Test: doh_downstream.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/doh_downstream.tdir/doh_downstream.post b/testdata/doh_downstream.tdir/doh_downstream.post new file mode 100644 index 000000000..432e0eedd --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.post @@ -0,0 +1,11 @@ +# #-- doh_downstream.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +kill_pid $FWD_PID +kill_pid $UNBOUND_PID +cat unbound.log diff --git a/testdata/doh_downstream.tdir/doh_downstream.pre b/testdata/doh_downstream.tdir/doh_downstream.pre new file mode 100644 index 000000000..84734d76e --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.pre @@ -0,0 +1,31 @@ +# #-- doh_downstream.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +get_random_port 2 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT doh_downstream.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doh_downstream.conf > ub.conf +# start unbound in the background +PRE="../.." +$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/doh_downstream.tdir/doh_downstream.test b/testdata/doh_downstream.tdir/doh_downstream.test new file mode 100644 index 000000000..98a54af26 --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.test @@ -0,0 +1,343 @@ +# #-- doh_downstream.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +get_make +(cd $PRE; $MAKE dohclient) + + +# this test query should just work (server is up) +echo "> query www1.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +echo "OK" + +# multiple requests (from localdata) +echo "> query www1.example.net. www2.example.net. www3.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +echo "" +echo "> query www1.example.net. www.example.com. www2.example.net. www2.example.com. www3.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www2.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www.example.com" outfile | grep "10.20.30.40"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.com" outfile | grep "10.20.30.42"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +# www.example.com present twice, answered twice. +echo "" +echo "> query www1.example.net. www.example.com. www2.example.net. www.example.com. www3.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www.example.com" outfile | grep "10.20.30.40"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +# www3.example.com present twice, answered twice. +echo "" +echo "> query www1.example.net. www3.example.com. www2.example.net. www3.example.com. www3.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www3.example.com. A IN www2.example.net A IN www3.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.com" outfile | grep "10.20.30.43"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +echo "" +echo "> query www4.example.com. www3.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www4.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www4.example.com" outfile | grep "10.20.30.44"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + + +echo "" +echo "> query a1.example.com. - a90.example.com." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www6.example.com. A IN a1.a.example.com. A IN a2.a.example.com. A IN a3.a.example.com. A IN a4.a.example.com. A IN a5.a.example.com. A IN a6.a.example.com. A IN a7.a.example.com. A IN a8.a.example.com. A IN a9.a.example.com. A IN a10.a.example.com. A IN a11.a.example.com. A IN a12.a.example.com. A IN a13.a.example.com. A IN a14.a.example.com. A IN a15.a.example.com. A IN a16.a.example.com. A IN a17.a.example.com. A IN a18.a.example.com. A IN a19.a.example.com. A IN a20.a.example.com. A IN a21.a.example.com. A IN a22.a.example.com. A IN a23.a.example.com. A IN a24.a.example.com. A IN a25.a.example.com. A IN a26.a.example.com. A IN a27.a.example.com. A IN a28.a.example.com. A IN a29.a.example.com. A IN a30.a.example.com. A IN a31.a.example.com. A IN a32.a.example.com. A IN a33.a.example.com. A IN a34.a.example.com. A IN a35.a.example.com. A IN a36.a.example.com. A IN a37.a.example.com. A IN a38.a.example.com. A IN a39.a.example.com. A IN a40.a.example.com. A IN a41.a.example.com. A IN a42.a.example.com. A IN a43.a.example.com. A IN a44.a.example.com. A IN a45.a.example.com. A IN a46.a.example.com. A IN a47.a.example.com. A IN a48.a.example.com. A IN a49.a.example.com. A IN a50.a.example.com. A IN a51.a.example.com. A IN a52.a.example.com. A IN a53.a.example.com. A IN a54.a.example.com. A IN a55.a.example.com. A IN a56.a.example.com. A IN a57.a.example.com. A IN a58.a.example.com. A IN a59.a.example.com. A IN a60.a.example.com. A IN a61.a.example.com. A IN a62.a.example.com. A IN a63.a.example.com. A IN a64.a.example.com. A IN a65.a.example.com. A IN a66.a.example.com. A IN a67.a.example.com. A IN a68.a.example.com. A IN a69.a.example.com. A IN a70.a.example.com. A IN a71.a.example.com. A IN a72.a.example.com. A IN a73.a.example.com. A IN a74.a.example.com. A IN a75.a.example.com. A IN a76.a.example.com. A IN a77.a.example.com. A IN a78.a.example.com. A IN a79.a.example.com. A IN a80.a.example.com. A IN a81.a.example.com. A IN a82.a.example.com. A IN a83.a.example.com. A IN a84.a.example.com. A IN a85.a.example.com. A IN a86.a.example.com. A IN a87.a.example.com. A IN a88.a.example.com. A IN a89.a.example.com. A IN a90.a.example.com. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +grep "a.example.com. IN A" outfile + +echo "" +echo "> query www5.example.net. www3.example.net. www.drop.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www5.example.com. A IN www3.example.net A IN www.drop.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "OK" +exit 0 diff --git a/testdata/doh_downstream.tdir/doh_downstream.testns b/testdata/doh_downstream.tdir/doh_downstream.testns new file mode 100644 index 000000000..c53941b67 --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.testns @@ -0,0 +1,74 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www2 IN A +SECTION ANSWER +www2 IN A 10.20.30.42 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www3 IN A +SECTION ANSWER +www3 IN A 10.20.30.43 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www4 IN A +SECTION ANSWER +www4 IN A 10.20.30.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www5 IN A +SECTION ANSWER +www5 IN A 10.20.30.45 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www6 IN A +SECTION ANSWER +www6 IN A 10.20.30.46 +ENTRY_END + +; lots of noerror/nodata answers for other queries (a.. queries) +ENTRY_BEGIN +MATCH opcode qtype subdomain +REPLY QR AA NOERROR +ADJUST copy_id copy_query +SECTION QUESTION +a.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns hostmaster 2019 28800 7200 604800 3600 +ENTRY_END diff --git a/testdata/doh_downstream.tdir/unbound_server.key b/testdata/doh_downstream.tdir/unbound_server.key new file mode 100644 index 000000000..4256c421d --- /dev/null +++ b/testdata/doh_downstream.tdir/unbound_server.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA +3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s +RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB +AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS +6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds +sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi +XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 +fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL +CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP +0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 +oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l +In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S +LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +-----END RSA PRIVATE KEY----- diff --git a/testdata/doh_downstream.tdir/unbound_server.pem b/testdata/doh_downstream.tdir/unbound_server.pem new file mode 100644 index 000000000..aeda3ff11 --- /dev/null +++ b/testdata/doh_downstream.tdir/unbound_server.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 +bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE +AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS +y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ +/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu +g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ +9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG +l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH +Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +-----END CERTIFICATE----- diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.conf b/testdata/doh_downstream_post.tdir/doh_downstream_post.conf new file mode 100644 index 000000000..f0857bb58 --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.conf @@ -0,0 +1,27 @@ +server: + verbosity: 2 + # num-threads: 1 + interface: 127.0.0.1@@PORT@ + https-port: @PORT@ + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + http-query-buffer-size: 1G + http-response-buffer-size: 1G + http-max-streams: 200 + + local-zone: "example.net" static + local-data: "www1.example.net. IN A 1.2.3.1" + local-data: "www2.example.net. IN A 1.2.3.2" + local-data: "www3.example.net. IN A 1.2.3.3" + local-zone: "drop.net" deny + tcp-upstream: yes + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.dsc b/testdata/doh_downstream_post.tdir/doh_downstream_post.dsc new file mode 100644 index 000000000..70de7502f --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.dsc @@ -0,0 +1,16 @@ +BaseName: doh_downstream_post +Version: 1.0 +Description: Test DNS-over-HTTPS query processing, using POST method +CreationDate: Mon Jun 12 12:00:00 CET 2020 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: doh_downstream_post.pre +Post: doh_downstream_post.post +Test: doh_downstream_post.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.post b/testdata/doh_downstream_post.tdir/doh_downstream_post.post new file mode 100644 index 000000000..f66183b70 --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.post @@ -0,0 +1,11 @@ +# #-- doh_downstream_post.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +kill_pid $FWD_PID +kill_pid $UNBOUND_PID +cat unbound.log diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.pre b/testdata/doh_downstream_post.tdir/doh_downstream_post.pre new file mode 100644 index 000000000..e32f187c5 --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.pre @@ -0,0 +1,30 @@ +# #-- doh_downstream_post.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +get_random_port 2 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT doh_downstream_post.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doh_downstream_post.conf > ub.conf +# start unbound in the background +PRE="../.." +$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.test b/testdata/doh_downstream_post.tdir/doh_downstream_post.test new file mode 100644 index 000000000..4a49c8b51 --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.test @@ -0,0 +1,343 @@ +# #-- doh_downstream_post.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +get_make +(cd $PRE; $MAKE dohclient) + + +# this test query should just work (server is up) +echo "> query www1.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +echo "OK" + +# multiple requests (from localdata) +echo "> query www1.example.net. www2.example.net. www3.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +echo "" +echo "> query www1.example.net. www.example.com. www2.example.net. www2.example.com. www3.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www2.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www.example.com" outfile | grep "10.20.30.40"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.com" outfile | grep "10.20.30.42"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +# www.example.com present twice, answered twice. +echo "" +echo "> query www1.example.net. www.example.com. www2.example.net. www.example.com. www3.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www.example.com" outfile | grep "10.20.30.40"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +# www3.example.com present twice, answered twice. +echo "" +echo "> query www1.example.net. www3.example.com. www2.example.net. www3.example.com. www3.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www3.example.com. A IN www2.example.net A IN www3.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.com" outfile | grep "10.20.30.43"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +echo "" +echo "> query www4.example.com. www3.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www4.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www4.example.com" outfile | grep "10.20.30.44"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + + +echo "" +echo "> query a1.example.com. - a90.example.com." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www6.example.com. A IN a1.a.example.com. A IN a2.a.example.com. A IN a3.a.example.com. A IN a4.a.example.com. A IN a5.a.example.com. A IN a6.a.example.com. A IN a7.a.example.com. A IN a8.a.example.com. A IN a9.a.example.com. A IN a10.a.example.com. A IN a11.a.example.com. A IN a12.a.example.com. A IN a13.a.example.com. A IN a14.a.example.com. A IN a15.a.example.com. A IN a16.a.example.com. A IN a17.a.example.com. A IN a18.a.example.com. A IN a19.a.example.com. A IN a20.a.example.com. A IN a21.a.example.com. A IN a22.a.example.com. A IN a23.a.example.com. A IN a24.a.example.com. A IN a25.a.example.com. A IN a26.a.example.com. A IN a27.a.example.com. A IN a28.a.example.com. A IN a29.a.example.com. A IN a30.a.example.com. A IN a31.a.example.com. A IN a32.a.example.com. A IN a33.a.example.com. A IN a34.a.example.com. A IN a35.a.example.com. A IN a36.a.example.com. A IN a37.a.example.com. A IN a38.a.example.com. A IN a39.a.example.com. A IN a40.a.example.com. A IN a41.a.example.com. A IN a42.a.example.com. A IN a43.a.example.com. A IN a44.a.example.com. A IN a45.a.example.com. A IN a46.a.example.com. A IN a47.a.example.com. A IN a48.a.example.com. A IN a49.a.example.com. A IN a50.a.example.com. A IN a51.a.example.com. A IN a52.a.example.com. A IN a53.a.example.com. A IN a54.a.example.com. A IN a55.a.example.com. A IN a56.a.example.com. A IN a57.a.example.com. A IN a58.a.example.com. A IN a59.a.example.com. A IN a60.a.example.com. A IN a61.a.example.com. A IN a62.a.example.com. A IN a63.a.example.com. A IN a64.a.example.com. A IN a65.a.example.com. A IN a66.a.example.com. A IN a67.a.example.com. A IN a68.a.example.com. A IN a69.a.example.com. A IN a70.a.example.com. A IN a71.a.example.com. A IN a72.a.example.com. A IN a73.a.example.com. A IN a74.a.example.com. A IN a75.a.example.com. A IN a76.a.example.com. A IN a77.a.example.com. A IN a78.a.example.com. A IN a79.a.example.com. A IN a80.a.example.com. A IN a81.a.example.com. A IN a82.a.example.com. A IN a83.a.example.com. A IN a84.a.example.com. A IN a85.a.example.com. A IN a86.a.example.com. A IN a87.a.example.com. A IN a88.a.example.com. A IN a89.a.example.com. A IN a90.a.example.com. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +grep "a.example.com. IN A" outfile + +echo "" +echo "> query www5.example.net. www3.example.net. www.drop.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www5.example.com. A IN www3.example.net A IN www.drop.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "OK" +exit 0 diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.testns b/testdata/doh_downstream_post.tdir/doh_downstream_post.testns new file mode 100644 index 000000000..c53941b67 --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.testns @@ -0,0 +1,74 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www2 IN A +SECTION ANSWER +www2 IN A 10.20.30.42 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www3 IN A +SECTION ANSWER +www3 IN A 10.20.30.43 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www4 IN A +SECTION ANSWER +www4 IN A 10.20.30.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www5 IN A +SECTION ANSWER +www5 IN A 10.20.30.45 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www6 IN A +SECTION ANSWER +www6 IN A 10.20.30.46 +ENTRY_END + +; lots of noerror/nodata answers for other queries (a.. queries) +ENTRY_BEGIN +MATCH opcode qtype subdomain +REPLY QR AA NOERROR +ADJUST copy_id copy_query +SECTION QUESTION +a.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns hostmaster 2019 28800 7200 604800 3600 +ENTRY_END diff --git a/testdata/doh_downstream_post.tdir/unbound_server.key b/testdata/doh_downstream_post.tdir/unbound_server.key new file mode 100644 index 000000000..4256c421d --- /dev/null +++ b/testdata/doh_downstream_post.tdir/unbound_server.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA +3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s +RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB +AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS +6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds +sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi +XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 +fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL +CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP +0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 +oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l +In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S +LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +-----END RSA PRIVATE KEY----- diff --git a/testdata/doh_downstream_post.tdir/unbound_server.pem b/testdata/doh_downstream_post.tdir/unbound_server.pem new file mode 100644 index 000000000..aeda3ff11 --- /dev/null +++ b/testdata/doh_downstream_post.tdir/unbound_server.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 +bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE +AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS +y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ +/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu +g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ +9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG +l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH +Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +-----END CERTIFICATE----- diff --git a/util/netevent.c b/util/netevent.c index 749781934..49ad08a4d 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -2289,12 +2289,13 @@ struct http2_stream* http2_stream_create(int32_t stream_id) } /** Delete http2 stream. After session delete or stream close callback */ -void http2_stream_delete(struct http2_session* h2_session, +static void http2_stream_delete(struct http2_session* h2_session, struct http2_stream* h2_stream) { if(h2_stream->mesh_state) { mesh_state_remove_reply(h2_stream->mesh, h2_stream->mesh_state, h2_session->c); + h2_stream->mesh_state = NULL; } http2_req_stream_clear(h2_stream); free(h2_stream); @@ -2426,7 +2427,8 @@ comm_point_http2_handle_read(int ATTR_UNUSED(fd), struct comm_point* c) /* reading until recv cb returns NGHTTP2_ERR_WOULDBLOCK */ ret = nghttp2_session_recv(c->h2_session->session); if(ret) { - if(ret != NGHTTP2_ERR_EOF) { + if(ret != NGHTTP2_ERR_EOF && + ret != NGHTTP2_ERR_CALLBACK_FAILURE) { verbose(VERB_QUERY, "http2: session_recv failed, " "error: %s", nghttp2_strerror(ret)); } -- 2.47.2