1*91f7d55fSchristos# #-- proxy_protocol.test.scenario --# 2*91f7d55fSchristos# source the master var file when it's there 3*91f7d55fSchristos[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master 4*91f7d55fSchristos# use .tpkg.var.test for in test variable passing 5*91f7d55fSchristos[ -f .tpkg.var.test ] && source .tpkg.var.test 6*91f7d55fSchristos 7*91f7d55fSchristosPRE="../.." 8*91f7d55fSchristos. ../common.sh 9*91f7d55fSchristos 10*91f7d55fSchristosip addr add 127.0.0.1 dev lo 11*91f7d55fSchristosip link set lo up 12*91f7d55fSchristos 13*91f7d55fSchristosip link add $INTERFACE_ALLOW type dummy 14*91f7d55fSchristosip addr add $INTERFACE_ALLOW_ADDR dev $INTERFACE_ALLOW 15*91f7d55fSchristosip link set $INTERFACE_ALLOW up 16*91f7d55fSchristos 17*91f7d55fSchristosip link add $INTERFACE_REFUSE type dummy 18*91f7d55fSchristosip addr add $INTERFACE_REFUSE_ADDR dev $INTERFACE_REFUSE 19*91f7d55fSchristosip link set $INTERFACE_REFUSE up 20*91f7d55fSchristos 21*91f7d55fSchristos# start forwarder in the background 22*91f7d55fSchristosget_ldns_testns 23*91f7d55fSchristos$LDNS_TESTNS -p $FWD_PORT proxy_protocol.testns >fwd.log 2>&1 & 24*91f7d55fSchristosFWD_PID=$! 25*91f7d55fSchristosecho "FWD_PID=$FWD_PID" >> .tpkg.var.test 26*91f7d55fSchristos 27*91f7d55fSchristos# start unbound in the background 28*91f7d55fSchristos$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & 29*91f7d55fSchristosUNBOUND_PID=$! 30*91f7d55fSchristosecho "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test 31*91f7d55fSchristos 32*91f7d55fSchristoswait_ldns_testns_up fwd.log 33*91f7d55fSchristoswait_unbound_up unbound.log 34*91f7d55fSchristos 35*91f7d55fSchristos# call streamtcp and check return value 36*91f7d55fSchristosdo_streamtcp () { 37*91f7d55fSchristos $PRE/streamtcp $* A IN >outfile 2>&1 38*91f7d55fSchristos if test "$?" -ne 0; then 39*91f7d55fSchristos echo "exit status not OK" 40*91f7d55fSchristos echo "> cat logfiles" 41*91f7d55fSchristos cat outfile 42*91f7d55fSchristos cat unbound.log 43*91f7d55fSchristos echo "Not OK" 44*91f7d55fSchristos exit 1 45*91f7d55fSchristos fi 46*91f7d55fSchristos} 47*91f7d55fSchristos 48*91f7d55fSchristossend_query () { 49*91f7d55fSchristos server=$1 50*91f7d55fSchristos client=$2 51*91f7d55fSchristos prot=$3 52*91f7d55fSchristos query=$4 53*91f7d55fSchristos echo -n "> query $query to $server" 54*91f7d55fSchristos port=$UNBOUND_PORT 55*91f7d55fSchristos if test ! -z "$client"; then 56*91f7d55fSchristos port=$PROXY_PORT 57*91f7d55fSchristos fi 58*91f7d55fSchristos case $prot in 59*91f7d55fSchristos -u) 60*91f7d55fSchristos echo -n " (over UDP)" 61*91f7d55fSchristos ;; 62*91f7d55fSchristos -s) 63*91f7d55fSchristos echo -n " (over TLS)" 64*91f7d55fSchristos port=$PROXY_TLS_PORT 65*91f7d55fSchristos ;; 66*91f7d55fSchristos *) 67*91f7d55fSchristos echo -n " (over TCP)" 68*91f7d55fSchristos esac 69*91f7d55fSchristos if test ! -z "$client"; then 70*91f7d55fSchristos echo -n " ($client proxied)" 71*91f7d55fSchristos fi 72*91f7d55fSchristos echo 73*91f7d55fSchristos do_streamtcp $prot -f $server@$port $client $query 74*91f7d55fSchristos #cat outfile 75*91f7d55fSchristos} 76*91f7d55fSchristos 77*91f7d55fSchristosexpect_answer () { 78*91f7d55fSchristos #query=$1 79*91f7d55fSchristos #answer=$2 80*91f7d55fSchristos if grep "$query" outfile | grep "$answer"; then 81*91f7d55fSchristos echo "content OK" 82*91f7d55fSchristos echo 83*91f7d55fSchristos else 84*91f7d55fSchristos echo "> cat logfiles" 85*91f7d55fSchristos cat outfile 86*91f7d55fSchristos cat unbound.log 87*91f7d55fSchristos echo "result contents not OK" 88*91f7d55fSchristos exit 1 89*91f7d55fSchristos fi 90*91f7d55fSchristos} 91*91f7d55fSchristos 92*91f7d55fSchristosexpect_refuse () { 93*91f7d55fSchristos if grep "rcode: REFUSE" outfile; then 94*91f7d55fSchristos echo "content OK" 95*91f7d55fSchristos echo 96*91f7d55fSchristos else 97*91f7d55fSchristos echo "> cat logfiles" 98*91f7d55fSchristos cat outfile 99*91f7d55fSchristos cat unbound.log 100*91f7d55fSchristos echo "result contents not OK" 101*91f7d55fSchristos exit 1 102*91f7d55fSchristos fi 103*91f7d55fSchristos} 104*91f7d55fSchristos 105*91f7d55fSchristos# Start the test 106*91f7d55fSchristos 107*91f7d55fSchristos# Query without PROXYv2 108*91f7d55fSchristos# Client localhost 109*91f7d55fSchristos# Expect the result back 110*91f7d55fSchristosserver=127.0.0.1 111*91f7d55fSchristosclient="" 112*91f7d55fSchristosquery="two.example.net." 113*91f7d55fSchristosanswer="2.2.2.2" 114*91f7d55fSchristosfor prot in "-u" ""; do 115*91f7d55fSchristos send_query "$server" "$client" "$prot" "$query" 116*91f7d55fSchristos expect_answer 117*91f7d55fSchristosdone 118*91f7d55fSchristos 119*91f7d55fSchristos# Query with PROXYv2 120*91f7d55fSchristos# Client $CLIENT_ADDR_ALLOW should be allowed 121*91f7d55fSchristos# Expect the result back 122*91f7d55fSchristosserver=127.0.0.1 123*91f7d55fSchristosclient="-p $CLIENT_ADDR_ALLOW@1234" 124*91f7d55fSchristosquery="one.example.net." 125*91f7d55fSchristosanswer="1.1.1.1" 126*91f7d55fSchristosfor prot in "-u" "" "-s"; do 127*91f7d55fSchristos send_query "$server" "$client" "$prot" "$query" 128*91f7d55fSchristos expect_answer 129*91f7d55fSchristosdone 130*91f7d55fSchristos 131*91f7d55fSchristos# Query with PROXYv2 132*91f7d55fSchristos# Client $CLIENT_ADDR_ALLOW6 should be allowed 133*91f7d55fSchristos# Expect the result back 134*91f7d55fSchristosserver=127.0.0.1 135*91f7d55fSchristosclient="-p $CLIENT_ADDR_ALLOW6@1234" 136*91f7d55fSchristosquery="one.example.net." 137*91f7d55fSchristosanswer="1.1.1.1" 138*91f7d55fSchristosfor prot in "-u" "" "-s"; do 139*91f7d55fSchristos send_query "$server" "$client" "$prot" "$query" 140*91f7d55fSchristos expect_answer 141*91f7d55fSchristosdone 142*91f7d55fSchristos 143*91f7d55fSchristos# Query with PROXYv2 144*91f7d55fSchristos# Client $CLIENT_ADDR_REFUSE should be refused 145*91f7d55fSchristos# Expect the REFUSE back 146*91f7d55fSchristosserver=127.0.0.1 147*91f7d55fSchristosclient="-p $CLIENT_ADDR_REFUSE" 148*91f7d55fSchristosquery="one.example.net." 149*91f7d55fSchristosanswer="" 150*91f7d55fSchristosfor prot in "-u" "" "-s"; do 151*91f7d55fSchristos send_query "$server" "$client" "$prot" "$query" 152*91f7d55fSchristos expect_refuse 153*91f7d55fSchristosdone 154*91f7d55fSchristos 155*91f7d55fSchristos# Query with PROXYv2 156*91f7d55fSchristos# Client $CLIENT_ADDR_REFUSE6 should be refused 157*91f7d55fSchristos# Expect the REFUSE back 158*91f7d55fSchristosserver=127.0.0.1 159*91f7d55fSchristosclient="-p $CLIENT_ADDR_REFUSE6" 160*91f7d55fSchristosquery="one.example.net." 161*91f7d55fSchristosanswer="" 162*91f7d55fSchristosfor prot in "-u" "" "-s"; do 163*91f7d55fSchristos send_query "$server" "$client" "$prot" "$query" 164*91f7d55fSchristos expect_refuse 165*91f7d55fSchristosdone 166*91f7d55fSchristos 167*91f7d55fSchristos# Query with PROXYv2 168*91f7d55fSchristos# Client $CLIENT_ADDR_ALLOW should be allowed; proxy source address should be allowed 169*91f7d55fSchristos# Expect the result back 170*91f7d55fSchristosserver=$INTERFACE_ALLOW_ADDR 171*91f7d55fSchristosclient="-p $CLIENT_ADDR_ALLOW@1234" 172*91f7d55fSchristosquery="one.example.net." 173*91f7d55fSchristosanswer="1.1.1.1" 174*91f7d55fSchristosfor prot in "-u" "" "-s"; do 175*91f7d55fSchristos send_query "$server" "$client" "$prot" "$query" 176*91f7d55fSchristos expect_answer 177*91f7d55fSchristosdone 178*91f7d55fSchristos 179*91f7d55fSchristos# Query with PROXYv2 180*91f7d55fSchristos# Client $CLIENT_ADDR_ALLOW should be allowed; proxy source address should be refused 181*91f7d55fSchristos# Expect the REFUSE back 182*91f7d55fSchristosserver=$INTERFACE_REFUSE_ADDR 183*91f7d55fSchristosclient="-p $CLIENT_ADDR_ALLOW@1234" 184*91f7d55fSchristosquery="one.example.net." 185*91f7d55fSchristosanswer="" 186*91f7d55fSchristosfor prot in "-u" "" "-s"; do 187*91f7d55fSchristos send_query "$server" "$client" "$prot" "$query" 188*91f7d55fSchristos expect_refuse 189*91f7d55fSchristosdone 190*91f7d55fSchristos 191*91f7d55fSchristosecho "OK" 192*91f7d55fSchristosexit 0 193*91f7d55fSchristos 194