From: Artem Boldariev Date: Tue, 14 Nov 2023 18:33:30 +0000 (+0200) Subject: Add checkonf tests for the PROXYv2 related options X-Git-Tag: v9.19.19~10^2~4 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0e8d5c9c6b37ffa6cf683d7a16aa35b9c41fd8d2;p=thirdparty%2Fbind9.git Add checkonf tests for the PROXYv2 related options This commit adds necessary PROXYv2 configuration options checks. --- diff --git a/bin/tests/system/checkconf/bad-proxy-encrypted-do53.conf b/bin/tests/system/checkconf/bad-proxy-encrypted-do53.conf new file mode 100644 index 00000000000..4d28fbba718 --- /dev/null +++ b/bin/tests/system/checkconf/bad-proxy-encrypted-do53.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + listen-on proxy encrypted { 10.53.0.1; }; +}; diff --git a/bin/tests/system/checkconf/bad-proxy-encrypted-doh-plain.conf b/bin/tests/system/checkconf/bad-proxy-encrypted-doh-plain.conf new file mode 100644 index 00000000000..7824e966dbe --- /dev/null +++ b/bin/tests/system/checkconf/bad-proxy-encrypted-doh-plain.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +http local-http-server { + endpoints { "/dns-query"; }; + listener-clients 100; + streams-per-connection 100; +}; + +options { + listen-on port 8080 proxy encrypted tls none http local-http-server { 10.53.0.1; }; +}; diff --git a/bin/tests/system/checkconf/good-proxy-doh.conf b/bin/tests/system/checkconf/good-proxy-doh.conf new file mode 100644 index 00000000000..69f2bda6e48 --- /dev/null +++ b/bin/tests/system/checkconf/good-proxy-doh.conf @@ -0,0 +1,36 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +tls local-tls { + protocols { TLSv1.2; }; + key-file "key.pem"; + cert-file "cert.pem"; + dhparam-file "dhparam.pem"; + ciphers "HIGH:!aNULL:!MD5:!RC4"; + prefer-server-ciphers yes; + session-tickets no; +}; + +http local-http-server { + endpoints { "/dns-query"; }; + listener-clients 100; + streams-per-connection 100; +}; + +options { + allow-proxy { any; }; + allow-proxy-on { any; }; + listen-on port 443 proxy encrypted tls local-tls http local-http-server { 10.53.0.1; }; + listen-on port 4430 proxy plain tls local-tls http local-http-server { 10.53.0.1; }; + listen-on port 8080 proxy plain tls none http local-http-server { 10.53.0.1; }; +}; diff --git a/bin/tests/system/checkconf/good-proxy.conf b/bin/tests/system/checkconf/good-proxy.conf new file mode 100644 index 00000000000..1f085a5507e --- /dev/null +++ b/bin/tests/system/checkconf/good-proxy.conf @@ -0,0 +1,30 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +tls local-tls { + protocols { TLSv1.2; }; + key-file "key.pem"; + cert-file "cert.pem"; + dhparam-file "dhparam.pem"; + ciphers "HIGH:!aNULL:!MD5:!RC4"; + prefer-server-ciphers yes; + session-tickets no; +}; + +options { + allow-proxy { any; }; + allow-proxy-on { any; }; + listen-on proxy plain { 10.53.0.1; }; + listen-on port 853 proxy encrypted tls local-tls { 10.53.0.1; }; + listen-on port 8530 proxy plain tls local-tls { 10.53.0.1; }; +}; diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index 606c8487a39..7eced176630 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -86,6 +86,8 @@ for good in good-*.conf; do case $good in good-doh-*.conf) continue ;; good-dot-*.conf) continue ;; + good-proxy-*doh*.conf) continue ;; + bad-proxy-*doh*.conf) continue ;; esac fi {