From 24c0c7321441e9c92061b14a14db50040f9f6bdd Mon Sep 17 00:00:00 2001
From: =?utf8?q?Petr=20=C5=A0pa=C4=8Dek?= <petr.spacek@nic.cz>
Date: Tue, 19 Dec 2017 14:41:37 +0100
Subject: [PATCH] CI: run respdiff over UDP/TCP/TLS

---
 .gitlab-ci.yml                                | 48 +++++++++++++++++--
 ci/respdiff/kresd.config                      |  3 +-
 .../{respdiff.conf => respdiff-tcp.conf}      |  3 ++
 ci/respdiff/respdiff-tls.conf                 | 42 ++++++++++++++++
 ci/respdiff/respdiff-udp.conf                 | 42 ++++++++++++++++
 ci/respdiff/run-respdiff-tests.sh             | 19 +++++---
 6 files changed, 146 insertions(+), 11 deletions(-)
 rename ci/respdiff/{respdiff.conf => respdiff-tcp.conf} (95%)
 create mode 100644 ci/respdiff/respdiff-tls.conf
 create mode 100644 ci/respdiff/respdiff-udp.conf

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c19cc3ed7..8a856de1f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -124,14 +124,54 @@ test:linux:amd64:valgrind:
       - tmpdeckard*
 
 
-respdiff:linux:amd64:
+respdiff:iter:udp:linux:amd64:
   stage: test
   script:
     - PREFIX=$(pwd)/.local ./ci/respdiff/start-resolvers.sh
-    - ./ci/respdiff/run-respdiff-tests.sh
-    - cat ./results/respdiff.txt
+    - ./ci/respdiff/run-respdiff-tests.sh udp
+    - cat results/respdiff.txt
     - echo 'test if mismatch rate >= 1 %'
-    - grep -q '^target diagrees.*0\.[0-9][0-9] %' ./results/respdiff.txt
+    - grep -q '^target diagrees.*0\.[0-9][0-9] %' results/respdiff.txt
+  dependencies:
+    - build:linux:amd64
+  artifacts:
+    when: always
+    expire_in: '1 week'
+    paths:
+      - results/*.txt
+  tags:
+    - docker
+    - linux
+    - amd64
+
+respdiff:iter:tcp:linux:amd64:
+  stage: test
+  script:
+    - PREFIX=$(pwd)/.local ./ci/respdiff/start-resolvers.sh
+    - ./ci/respdiff/run-respdiff-tests.sh tcp
+    - cat results/respdiff.txt
+    - echo 'test if mismatch rate >= 1 %'
+    - grep -q '^target diagrees.*0\.[0-9][0-9] %' results/respdiff.txt
+  dependencies:
+    - build:linux:amd64
+  artifacts:
+    when: always
+    expire_in: '1 week'
+    paths:
+      - results/*.txt
+  tags:
+    - docker
+    - linux
+    - amd64
+
+respdiff:iter:tls:linux:amd64:
+  stage: test
+  script:
+    - PREFIX=$(pwd)/.local ./ci/respdiff/start-resolvers.sh
+    - ./ci/respdiff/run-respdiff-tests.sh tls
+    - cat results/respdiff.txt
+    - echo 'test if mismatch rate >= 1 %'
+    - grep -q '^target diagrees.*0\.[0-9][0-9] %' results/respdiff.txt
   dependencies:
     - build:linux:amd64
   artifacts:
diff --git a/ci/respdiff/kresd.config b/ci/respdiff/kresd.config
index a0476a6ad..2d6902f3b 100644
--- a/ci/respdiff/kresd.config
+++ b/ci/respdiff/kresd.config
@@ -3,6 +3,8 @@
 -- Listen on localhost and external interface
 net.listen('127.0.0.1', 5353)
 net.listen('::1', 5353)
+net.listen('127.0.0.1', 8853, { tls = true })
+net.listen('::1', 8853, { tls = true })
 
 -- Auto-maintain root TA
 trust_anchors.file = '.local/etc/kresd/root.keys'
@@ -21,5 +23,4 @@ modules = {
 	'stats',    -- Track internal statistics
 }
 
-
 verbose(false)
diff --git a/ci/respdiff/respdiff.conf b/ci/respdiff/respdiff-tcp.conf
similarity index 95%
rename from ci/respdiff/respdiff.conf
rename to ci/respdiff/respdiff-tcp.conf
index 7ce9a8435..44fb9c46f 100644
--- a/ci/respdiff/respdiff.conf
+++ b/ci/respdiff/respdiff-tcp.conf
@@ -14,14 +14,17 @@ names = kresd, bind, unbound
 [kresd]
 ip = ::1
 port = 5353
+transport = tcp
 
 [bind]
 ip = 127.0.0.1
 port = 53533
+transport = udp
 
 [unbound]
 ip = 127.0.0.1
 port = 53535
+transport = udp
 
 [diff]
 # symbolic name of server under test
diff --git a/ci/respdiff/respdiff-tls.conf b/ci/respdiff/respdiff-tls.conf
new file mode 100644
index 000000000..f1fe45ae7
--- /dev/null
+++ b/ci/respdiff/respdiff-tls.conf
@@ -0,0 +1,42 @@
+[sendrecv]
+# in seconds
+timeout = 5
+# number of queries to run simultaneously
+jobs = 64
+
+[servers]
+names = kresd, bind, unbound
+# symbolic names of DNS servers under test
+# separate multiple values by ,
+
+# each symbolic name in [servers] section refers to config section
+# containing IP address and port of particular server
+[kresd]
+ip = ::1
+port = 8853
+transport = tls
+
+[bind]
+ip = 127.0.0.1
+port = 53533
+transport = udp
+
+[unbound]
+ip = 127.0.0.1
+port = 53535
+transport = udp
+
+[diff]
+# symbolic name of server under test
+# other servers are used as reference when comparing answers from the target
+target = kresd
+
+# fields and comparison methods used when comparing two DNS messages
+criteria = opcode, rcode, flags, question, qname, qtype, answertypes, answerrrsigs
+# other supported criteria values: authority, additional, edns, nsid
+
+[report]
+# diffsum reports mismatches in field values in this order
+# if particular message has multiple mismatches, it is counted only once into category with highest weight
+field_weights = opcode, qcase, qtype, rcode, flags, answertypes, answerrrsigs, answer, authority, additional, edns, nsid
+
diff --git a/ci/respdiff/respdiff-udp.conf b/ci/respdiff/respdiff-udp.conf
new file mode 100644
index 000000000..d61369f60
--- /dev/null
+++ b/ci/respdiff/respdiff-udp.conf
@@ -0,0 +1,42 @@
+[sendrecv]
+# in seconds
+timeout = 5
+# number of queries to run simultaneously
+jobs = 64
+
+[servers]
+names = kresd, bind, unbound
+# symbolic names of DNS servers under test
+# separate multiple values by ,
+
+# each symbolic name in [servers] section refers to config section
+# containing IP address and port of particular server
+[kresd]
+ip = ::1
+port = 5353
+transport = udp
+
+[bind]
+ip = 127.0.0.1
+port = 53533
+transport = udp
+
+[unbound]
+ip = 127.0.0.1
+port = 53535
+transport = udp
+
+[diff]
+# symbolic name of server under test
+# other servers are used as reference when comparing answers from the target
+target = kresd
+
+# fields and comparison methods used when comparing two DNS messages
+criteria = opcode, rcode, flags, question, qname, qtype, answertypes, answerrrsigs
+# other supported criteria values: authority, additional, edns, nsid
+
+[report]
+# diffsum reports mismatches in field values in this order
+# if particular message has multiple mismatches, it is counted only once into category with highest weight
+field_weights = opcode, qcase, qtype, rcode, flags, answertypes, answerrrsigs, answer, authority, additional, edns, nsid
+
diff --git a/ci/respdiff/run-respdiff-tests.sh b/ci/respdiff/run-respdiff-tests.sh
index 9cde3d694..b85d41256 100755
--- a/ci/respdiff/run-respdiff-tests.sh
+++ b/ci/respdiff/run-respdiff-tests.sh
@@ -1,7 +1,14 @@
+#!/bin/bash
+# $1 == udp/tcp/tls, it selects configuration file to use
+# respdiff scripts must be present in /var/opt/respdiff
+set -o errexit -o nounset -o xtrace
+
 wget https://gitlab.labs.nic.cz/knot/knot-resolver/snippets/69/raw?inline=false -O /tmp/queries.txt
-mkdir results;
-rm -rf /tmp/respdiff;
-python3 /var/opt/respdiff/qprep.py /tmp/respdiff < /tmp/queries.txt && \
-python3 /var/opt/respdiff/orchestrator.py /tmp/respdiff -c $(pwd)/ci/respdiff/respdiff.conf && \
-python3 /var/opt/respdiff/msgdiff.py /tmp/respdiff -c $(pwd)/ci/respdiff/respdiff.conf && \
-python3 /var/opt/respdiff/diffsum.py /tmp/respdiff -c $(pwd)/ci/respdiff/respdiff.conf > results/respdiff.txt
+mkdir results
+rm -rf respdiff.db
+
+CONFIG="$(pwd)/ci/respdiff/respdiff-${1}.conf"
+/var/opt/respdiff/qprep.py respdiff.db < /tmp/queries.txt
+time /var/opt/respdiff/orchestrator.py respdiff.db -c "${CONFIG}"
+time /var/opt/respdiff/msgdiff.py respdiff.db -c "${CONFIG}"
+/var/opt/respdiff/diffsum.py respdiff.db -c "${CONFIG}" > results/respdiff.txt
-- 
2.47.2