From fc123303ac792fb996b04c8c60ed04fe64354ddd Mon Sep 17 00:00:00 2001 From: George Thessalonikefs Date: Fri, 8 Oct 2021 18:21:24 +0200 Subject: [PATCH] - Add functionality to skip tdir tests from the .pre file; - Initial tests for interface-* options. --- testcode/do-tests.sh | 2 + testcode/mini_tdir.sh | 30 +++-- .../acl_interface.tdir/acl_interface.conf | 68 ++++++++++ testdata/acl_interface.tdir/acl_interface.dsc | 16 +++ testdata/acl_interface.tdir/acl_interface.pre | 54 ++++++++ .../acl_interface.tdir/acl_interface.test | 11 ++ .../acl_interface.test.scenario | 116 ++++++++++++++++++ .../acl_interface.tdir/acl_interface.testns | 13 ++ .../acl_interface.tdir/acl_interface.testns2 | 13 ++ testdata/common.sh | 8 ++ 10 files changed, 322 insertions(+), 9 deletions(-) create mode 100644 testdata/acl_interface.tdir/acl_interface.conf create mode 100644 testdata/acl_interface.tdir/acl_interface.dsc create mode 100644 testdata/acl_interface.tdir/acl_interface.pre create mode 100644 testdata/acl_interface.tdir/acl_interface.test create mode 100644 testdata/acl_interface.tdir/acl_interface.test.scenario create mode 100644 testdata/acl_interface.tdir/acl_interface.testns create mode 100644 testdata/acl_interface.tdir/acl_interface.testns2 diff --git a/testcode/do-tests.sh b/testcode/do-tests.sh index 2a1cfc4c9..1669d6c33 100755 --- a/testcode/do-tests.sh +++ b/testcode/do-tests.sh @@ -16,6 +16,7 @@ NEED_WHOAMI='07-confroot.tdir' NEED_IPV6='fwd_ancil.tdir fwd_tcp_tc6.tdir stub_udp6.tdir edns_cache.tdir' NEED_NOMINGW='tcp_sigpipe.tdir 07-confroot.tdir 08-host-lib.tdir fwd_ancil.tdir' NEED_DNSCRYPT_PROXY='dnscrypt_queries.tdir dnscrypt_queries_chacha.tdir' +NEED_UNSHARE='acl_interface.tdir' # test if dig and ldns-testns are available. test_tool_avail "dig" @@ -50,6 +51,7 @@ for test in `ls -d *.tdir`; do skip_if_in_list $test "$NEED_NC" "nc" skip_if_in_list $test "$NEED_WHOAMI" "whoami" skip_if_in_list $test "$NEED_DNSCRYPT_PROXY" "dnscrypt-proxy" + skip_if_in_list $test "$NEED_UNSHARE" "unshare" if echo $NEED_IPV6 | grep $test >/dev/null; then if test "$HAVE_IPV6" = no; then diff --git a/testcode/mini_tdir.sh b/testcode/mini_tdir.sh index 6bbece8d9..46a930f41 100755 --- a/testcode/mini_tdir.sh +++ b/testcode/mini_tdir.sh @@ -17,9 +17,9 @@ fi if test "$1" = "clean"; then if test $quiet = 0; then - echo "rm -f result.* .done* .tdir.var.master .tdir.var.test" + echo "rm -f result.* .done* .skip* .tdir.var.master .tdir.var.test" fi - rm -f result.* .done* .tdir.var.master .tdir.var.test + rm -f result.* .done* .skip* .tdir.var.master .tdir.var.test exit 0 fi if test "$1" = "fake"; then @@ -54,12 +54,15 @@ if test "$1" = "-f" && test "$2" = "report"; then echo "** PASSED ** $timelen $name: $desc" pass=`expr $pass + 1` fi + elif test -f ".skip-$name"; then + echo ">> SKIPPED<< $timelen $name: $desc" + skip=`expr $pass + 1` else if test -f "result.$name"; then echo "!! FAILED !! $timelen $name: $desc" fail=`expr $fail + 1` else - echo ".> SKIPPED<< $timelen $name: $desc" + echo ">> SKIPPED<< $timelen $name: $desc" skip=`expr $skip + 1` fi fi @@ -81,6 +84,10 @@ if test "$1" = "report" || test "$2" = "report"; then if test $quiet = 0; then echo "** PASSED ** : $name" fi + elif test -f ".skip-$name"; then + if test $quiet = 0; then + echo ">> SKIPPED<< : $name" + fi else if test -f "result.$name"; then echo "!! FAILED !! : $name" @@ -116,6 +123,7 @@ name=`basename $1 .tdir` dir=$name.$$ result=result.$name done=.done-$name +skip=.skip-$name success="no" if test -x "`which bash`"; then shell="bash" @@ -124,8 +132,8 @@ else fi # check already done -if test -f .done-$name; then - echo "minitdir .done-$name exists. skip test." +if test -f $done; then + echo "minitdir $done exists. skip test." exit 0 fi @@ -151,11 +159,15 @@ if test -f $name.pre; then fi echo "minitdir exe $name.pre" >> $result $shell $name.pre $args >> $result - if test $? -ne 0; then + exit_value=$? + if test $exit_value -eq 3; then + echo "$name: SKIPPED" >> $result + echo "$name: SKIPPED" > ../$skip + elif test $exit_value -ne 0; then echo "Warning: $name.pre did not exit successfully" fi fi -if test -f $name.test; then +if test -f $name.test -a ! -f ../$skip; then if test $quiet = 0; then echo "minitdir exe $name.test" fi @@ -167,14 +179,14 @@ if test -f $name.test; then success="no" else echo "$name: PASSED" >> $result - echo "$name: PASSED" > ../.done-$name + echo "$name: PASSED" > ../$done if test $quiet = 0; then echo "$name: PASSED" fi success="yes" fi fi -if test -f $name.post; then +if test -f $name.post -a ! -f ../$skip; then if test $quiet = 0; then echo "minitdir exe $name.post" fi diff --git a/testdata/acl_interface.tdir/acl_interface.conf b/testdata/acl_interface.tdir/acl_interface.conf new file mode 100644 index 000000000..0c2314770 --- /dev/null +++ b/testdata/acl_interface.tdir/acl_interface.conf @@ -0,0 +1,68 @@ +server: + verbosity: 7 + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + use-caps-for-id: yes + +# Interface configuration for IPv4 + interface: @IPV4_ADDR@@@PORT_ALLOW@ + interface: @IPV4_ADDR@@@PORT_DENY@ + interface: @IPV4_ADDR@@@PORT_REFUSE@ + interface: @IPV4_ADDR@@@PORT_VIEW_INT@ + interface: @IPV4_ADDR@@@PORT_VIEW_EXT@ + interface: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ + + interface-action: @IPV4_ADDR@@@PORT_ALLOW@ allow + interface-action: @IPV4_ADDR@@@PORT_DENY@ deny + interface-action: @IPV4_ADDR@@@PORT_VIEW_INT@ allow + interface-action: @IPV4_ADDR@@@PORT_VIEW_EXT@ allow + interface-action: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ allow + + interface-view: @IPV4_ADDR@@@PORT_VIEW_INT@ "int" + interface-view: @IPV4_ADDR@@@PORT_VIEW_EXT@ "ext" + interface-view: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ "intext" + +# Mirrored interface configuration for IPv6 + interface: @IPV6_ADDR@@@PORT_ALLOW@ + interface: @IPV6_ADDR@@@PORT_DENY@ + interface: @IPV6_ADDR@@@PORT_REFUSE@ + interface: @IPV6_ADDR@@@PORT_VIEW_INT@ + interface: @IPV6_ADDR@@@PORT_VIEW_EXT@ + interface: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ + + interface-action: @IPV6_ADDR@@@PORT_ALLOW@ allow + interface-action: @IPV6_ADDR@@@PORT_DENY@ deny + interface-action: @IPV6_ADDR@@@PORT_VIEW_INT@ allow + interface-action: @IPV6_ADDR@@@PORT_VIEW_EXT@ allow + interface-action: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ allow + + interface-view: @IPV6_ADDR@@@PORT_VIEW_INT@ "int" + interface-view: @IPV6_ADDR@@@PORT_VIEW_EXT@ "ext" + interface-view: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ "intext" + +# Views configuration +view: + name: "int" + view-first: yes + local-zone: "." refuse + local-zone: "internal" transparent +view: + name: "ext" + view-first: yes + local-zone: "internal" refuse +view: + name: "intext" + view-first: yes + +# Stubs configuration +forward-zone: + name: "." + forward-addr: @IPV4_ADDR@@@FORWARD_PORT@ + +stub-zone: + name: "internal" + stub-addr: @IPV4_ADDR@@@STUB_PORT@ diff --git a/testdata/acl_interface.tdir/acl_interface.dsc b/testdata/acl_interface.tdir/acl_interface.dsc new file mode 100644 index 000000000..3e5e94de8 --- /dev/null +++ b/testdata/acl_interface.tdir/acl_interface.dsc @@ -0,0 +1,16 @@ +BaseName: acl_interface +Version: 1.0 +Description: Check the interface-* settings +CreationDate: Fri 8 Oct 18:14:40 CEST 2021 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: acl_interface.pre +Post: +Test: acl_interface.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/acl_interface.tdir/acl_interface.pre b/testdata/acl_interface.tdir/acl_interface.pre new file mode 100644 index 000000000..14f2fb599 --- /dev/null +++ b/testdata/acl_interface.tdir/acl_interface.pre @@ -0,0 +1,54 @@ +# #-- acl_interface.pre--# +PRE="../.." +. ../common.sh + +# This test uses the unshare utility +if test ! -x "`which unshare 2>&1`"; then + skip_test "no unshare (from util-linux package) available, skip test" +fi + +get_random_port 8 + +PORT_ALLOW=$RND_PORT +PORT_DENY=$(($RND_PORT + 1)) +PORT_REFUSE=$(($RND_PORT + 2)) +PORT_VIEW_INT=$(($RND_PORT + 3)) +PORT_VIEW_EXT=$(($RND_PORT + 4)) +PORT_VIEW_INTEXT=$(($RND_PORT + 5)) +FORWARD_PORT=$(($RND_PORT + 6)) +STUB_PORT=$(($RND_PORT + 7)) + +IPV4_ADDR=192.168.1.1 +IPV6_ADDR=2001:db8::1 + +# make config file +sed \ + -e 's/@PORT_ALLOW\@/'$PORT_ALLOW'/' \ + -e 's/@PORT_DENY\@/'$PORT_DENY'/' \ + -e 's/@PORT_REFUSE\@/'$PORT_REFUSE'/' \ + -e 's/@PORT_VIEW_INT\@/'$PORT_VIEW_INT'/' \ + -e 's/@PORT_VIEW_EXT\@/'$PORT_VIEW_EXT'/' \ + -e 's/@PORT_VIEW_INTEXT\@/'$PORT_VIEW_INTEXT'/' \ + -e 's/@FORWARD_PORT\@/'$FORWARD_PORT'/' \ + -e 's/@STUB_PORT\@/'$STUB_PORT'/' \ + -e 's/@IPV4_ADDR\@/'$IPV4_ADDR'/' \ + -e 's/@IPV6_ADDR\@/'$IPV6_ADDR'/' \ + < acl_interface.conf > ub.conf + +if test -x "`which bash`"; then + shell="bash" +else + shell="sh" +fi + +echo "PORT_ALLOW=$PORT_ALLOW" >> .tpkg.var.test +echo "PORT_DENY=$PORT_DENY" >> .tpkg.var.test +echo "PORT_REFUSE=$PORT_REFUSE" >> .tpkg.var.test +echo "PORT_VIEW_INT=$PORT_VIEW_INT" >> .tpkg.var.test +echo "PORT_VIEW_EXT=$PORT_VIEW_EXT" >> .tpkg.var.test +echo "PORT_VIEW_INTEXT=$PORT_VIEW_INTEXT" >> .tpkg.var.test +echo "FORWARD_PORT=$FORWARD_PORT" >> .tpkg.var.test +echo "STUB_PORT=$STUB_PORT" >> .tpkg.var.test +echo "IPV4_ADDR=$IPV4_ADDR" >> .tpkg.var.test +echo "IPV6_ADDR=$IPV6_ADDR" >> .tpkg.var.test +echo "shell=$shell" >> .tpkg.var.test diff --git a/testdata/acl_interface.tdir/acl_interface.test b/testdata/acl_interface.tdir/acl_interface.test new file mode 100644 index 000000000..421081887 --- /dev/null +++ b/testdata/acl_interface.tdir/acl_interface.test @@ -0,0 +1,11 @@ +# #-- acl_interface.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test +PRE="../.." +. ../common.sh + +# Run the scenario in an unshared namespace +unshare -rUn $shell acl_interface.test.scenario +exit $? diff --git a/testdata/acl_interface.tdir/acl_interface.test.scenario b/testdata/acl_interface.tdir/acl_interface.test.scenario new file mode 100644 index 000000000..d30c64d3f --- /dev/null +++ b/testdata/acl_interface.tdir/acl_interface.test.scenario @@ -0,0 +1,116 @@ +# #-- acl_interface.test.scenario --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test +PRE="../.." +. ../common.sh + +ip addr add $IPV4_ADDR dev lo +ip addr add $IPV6_ADDR dev lo +ip link set lo up + +# start the forwarder in the background +get_ldns_testns +$LDNS_TESTNS -p $FORWARD_PORT acl_interface.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# start the stub in the background +$LDNS_TESTNS -p $STUB_PORT acl_interface.testns2 >fwd2.log 2>&1 & +STUB_PID=$! +echo "STUB_PID=$STUB_PID" >> .tpkg.var.test + +# start unbound in the background +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_ldns_testns_up fwd2.log +wait_unbound_up unbound.log + +# Query for the given domain to the given port +# $1: address family [4, 6] +# $2: port +# $3: dname +query () { + addr=$IPV4_ADDR + if test "$1" -eq 6; then + addr=$IPV6_ADDR + fi + echo "> dig -p $2 $3" + dig @"$addr" -p $2 $3 | tee outfile +} + +expect_refused () { + echo "> check answer for REFUSED" + if grep "REFUSED" outfile; then + echo "OK" + else + echo "Not OK" + exit 1 + fi +} + +expect_external_answer () { + echo "> check external answer" + if grep "1.2.3.4" outfile; then + echo "OK" + else + echo "Not OK" + exit 1 + fi +} + +expect_internal_answer () { + echo "> check internal answer" + if grep "10.20.30.40" outfile; then + echo "OK" + else + echo "Not OK" + exit 1 + fi +} + + +# do the test + +for i in 4 6; do + query $i $PORT_REFUSE "www.external" + expect_refused + + query $i $PORT_REFUSE "www.internal" + expect_refused + + query $i $PORT_ALLOW "www.external" + expect_external_answer + + query $i $PORT_ALLOW "www.internal" + expect_internal_answer + + query $i $PORT_VIEW_INT "www.internal" + expect_internal_answer + + query $i $PORT_VIEW_INT "www.external" + expect_refused + + query $i $PORT_VIEW_EXT "www.internal" + expect_refused + + query $i $PORT_VIEW_EXT "www.external" + expect_external_answer + + query $i $PORT_VIEW_INTEXT "www.internal" + expect_internal_answer + + query $i $PORT_VIEW_INTEXT "www.external" + expect_external_answer +done + +echo "> cat logfiles" +cat fwd.log +cat fwd2.log +cat unbound.log +exit 0 diff --git a/testdata/acl_interface.tdir/acl_interface.testns b/testdata/acl_interface.tdir/acl_interface.testns new file mode 100644 index 000000000..62abf6928 --- /dev/null +++ b/testdata/acl_interface.tdir/acl_interface.testns @@ -0,0 +1,13 @@ +; nameserver test file +$ORIGIN external. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 1.2.3.4 +ENTRY_END diff --git a/testdata/acl_interface.tdir/acl_interface.testns2 b/testdata/acl_interface.tdir/acl_interface.testns2 new file mode 100644 index 000000000..e9edfc8ba --- /dev/null +++ b/testdata/acl_interface.tdir/acl_interface.testns2 @@ -0,0 +1,13 @@ +; nameserver test file +$ORIGIN internal. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END diff --git a/testdata/common.sh b/testdata/common.sh index 280f5dac4..a449f1a64 100644 --- a/testdata/common.sh +++ b/testdata/common.sh @@ -27,6 +27,7 @@ # wait_petal_up : wait for petal to come up. # wait_nsd_up : wait for nsd to come up. # wait_server_up_or_fail: wait for server to come up or print a failure string +# skip_test x : print message and skip test (must be called in .pre) # kill_pid : kill a server, make sure and wait for it to go down. @@ -109,6 +110,13 @@ skip_if_in_list () { fi } +# Print a message and skip the test. Must be called in the .pre file. +# $1: message to print. +skip_test () { + echo "$1" + exit 3 +} + # function to get a number of random port numbers. # $1: number of random ports. # RND_PORT is returned as the starting port number -- 2.47.2