xref: /netbsd-src/external/bsd/unbound/dist/testdata/proxy_protocol.tdir/proxy_protocol.test.scenario (revision 91f7d55fb697b5e0475da4718fa34c3a3ebeac85)
1*91f7d55fSchristos# #-- proxy_protocol.test.scenario --#
2*91f7d55fSchristos# source the master var file when it's there
3*91f7d55fSchristos[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
4*91f7d55fSchristos# use .tpkg.var.test for in test variable passing
5*91f7d55fSchristos[ -f .tpkg.var.test ] && source .tpkg.var.test
6*91f7d55fSchristos
7*91f7d55fSchristosPRE="../.."
8*91f7d55fSchristos. ../common.sh
9*91f7d55fSchristos
10*91f7d55fSchristosip addr add 127.0.0.1 dev lo
11*91f7d55fSchristosip link set lo up
12*91f7d55fSchristos
13*91f7d55fSchristosip link add $INTERFACE_ALLOW type dummy
14*91f7d55fSchristosip addr add $INTERFACE_ALLOW_ADDR dev $INTERFACE_ALLOW
15*91f7d55fSchristosip link set $INTERFACE_ALLOW up
16*91f7d55fSchristos
17*91f7d55fSchristosip link add $INTERFACE_REFUSE type dummy
18*91f7d55fSchristosip addr add $INTERFACE_REFUSE_ADDR dev $INTERFACE_REFUSE
19*91f7d55fSchristosip link set $INTERFACE_REFUSE up
20*91f7d55fSchristos
21*91f7d55fSchristos# start forwarder in the background
22*91f7d55fSchristosget_ldns_testns
23*91f7d55fSchristos$LDNS_TESTNS -p $FWD_PORT proxy_protocol.testns >fwd.log 2>&1 &
24*91f7d55fSchristosFWD_PID=$!
25*91f7d55fSchristosecho "FWD_PID=$FWD_PID" >> .tpkg.var.test
26*91f7d55fSchristos
27*91f7d55fSchristos# start unbound in the background
28*91f7d55fSchristos$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
29*91f7d55fSchristosUNBOUND_PID=$!
30*91f7d55fSchristosecho "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
31*91f7d55fSchristos
32*91f7d55fSchristoswait_ldns_testns_up fwd.log
33*91f7d55fSchristoswait_unbound_up unbound.log
34*91f7d55fSchristos
35*91f7d55fSchristos# call streamtcp and check return value
36*91f7d55fSchristosdo_streamtcp () {
37*91f7d55fSchristos	$PRE/streamtcp $* A IN >outfile 2>&1
38*91f7d55fSchristos	if test "$?" -ne 0; then
39*91f7d55fSchristos		echo "exit status not OK"
40*91f7d55fSchristos		echo "> cat logfiles"
41*91f7d55fSchristos		cat outfile
42*91f7d55fSchristos		cat unbound.log
43*91f7d55fSchristos		echo "Not OK"
44*91f7d55fSchristos		exit 1
45*91f7d55fSchristos	fi
46*91f7d55fSchristos}
47*91f7d55fSchristos
48*91f7d55fSchristossend_query () {
49*91f7d55fSchristos	server=$1
50*91f7d55fSchristos	client=$2
51*91f7d55fSchristos	prot=$3
52*91f7d55fSchristos	query=$4
53*91f7d55fSchristos	echo -n "> query $query to $server"
54*91f7d55fSchristos	port=$UNBOUND_PORT
55*91f7d55fSchristos	if test ! -z "$client"; then
56*91f7d55fSchristos		port=$PROXY_PORT
57*91f7d55fSchristos	fi
58*91f7d55fSchristos	case $prot in
59*91f7d55fSchristos		-u)
60*91f7d55fSchristos			echo -n " (over UDP)"
61*91f7d55fSchristos			;;
62*91f7d55fSchristos		-s)
63*91f7d55fSchristos			echo -n " (over TLS)"
64*91f7d55fSchristos			port=$PROXY_TLS_PORT
65*91f7d55fSchristos			;;
66*91f7d55fSchristos		*)
67*91f7d55fSchristos			echo -n " (over TCP)"
68*91f7d55fSchristos	esac
69*91f7d55fSchristos	if test ! -z "$client"; then
70*91f7d55fSchristos		echo -n " ($client proxied)"
71*91f7d55fSchristos	fi
72*91f7d55fSchristos	echo
73*91f7d55fSchristos	do_streamtcp $prot -f $server@$port $client $query
74*91f7d55fSchristos	#cat outfile
75*91f7d55fSchristos}
76*91f7d55fSchristos
77*91f7d55fSchristosexpect_answer () {
78*91f7d55fSchristos	#query=$1
79*91f7d55fSchristos	#answer=$2
80*91f7d55fSchristos	if grep "$query" outfile | grep "$answer"; then
81*91f7d55fSchristos		echo "content OK"
82*91f7d55fSchristos		echo
83*91f7d55fSchristos	else
84*91f7d55fSchristos		echo "> cat logfiles"
85*91f7d55fSchristos		cat outfile
86*91f7d55fSchristos		cat unbound.log
87*91f7d55fSchristos		echo "result contents not OK"
88*91f7d55fSchristos		exit 1
89*91f7d55fSchristos	fi
90*91f7d55fSchristos}
91*91f7d55fSchristos
92*91f7d55fSchristosexpect_refuse () {
93*91f7d55fSchristos	if grep "rcode: REFUSE" outfile; then
94*91f7d55fSchristos		echo "content OK"
95*91f7d55fSchristos		echo
96*91f7d55fSchristos	else
97*91f7d55fSchristos		echo "> cat logfiles"
98*91f7d55fSchristos		cat outfile
99*91f7d55fSchristos		cat unbound.log
100*91f7d55fSchristos		echo "result contents not OK"
101*91f7d55fSchristos		exit 1
102*91f7d55fSchristos	fi
103*91f7d55fSchristos}
104*91f7d55fSchristos
105*91f7d55fSchristos# Start the test
106*91f7d55fSchristos
107*91f7d55fSchristos# Query without PROXYv2
108*91f7d55fSchristos# Client localhost
109*91f7d55fSchristos# Expect the result back
110*91f7d55fSchristosserver=127.0.0.1
111*91f7d55fSchristosclient=""
112*91f7d55fSchristosquery="two.example.net."
113*91f7d55fSchristosanswer="2.2.2.2"
114*91f7d55fSchristosfor prot in "-u" ""; do
115*91f7d55fSchristos	send_query "$server" "$client" "$prot" "$query"
116*91f7d55fSchristos	expect_answer
117*91f7d55fSchristosdone
118*91f7d55fSchristos
119*91f7d55fSchristos# Query with PROXYv2
120*91f7d55fSchristos# Client $CLIENT_ADDR_ALLOW should be allowed
121*91f7d55fSchristos# Expect the result back
122*91f7d55fSchristosserver=127.0.0.1
123*91f7d55fSchristosclient="-p $CLIENT_ADDR_ALLOW@1234"
124*91f7d55fSchristosquery="one.example.net."
125*91f7d55fSchristosanswer="1.1.1.1"
126*91f7d55fSchristosfor prot in "-u" "" "-s"; do
127*91f7d55fSchristos	send_query "$server" "$client" "$prot" "$query"
128*91f7d55fSchristos	expect_answer
129*91f7d55fSchristosdone
130*91f7d55fSchristos
131*91f7d55fSchristos# Query with PROXYv2
132*91f7d55fSchristos# Client $CLIENT_ADDR_ALLOW6 should be allowed
133*91f7d55fSchristos# Expect the result back
134*91f7d55fSchristosserver=127.0.0.1
135*91f7d55fSchristosclient="-p $CLIENT_ADDR_ALLOW6@1234"
136*91f7d55fSchristosquery="one.example.net."
137*91f7d55fSchristosanswer="1.1.1.1"
138*91f7d55fSchristosfor prot in "-u" "" "-s"; do
139*91f7d55fSchristos	send_query "$server" "$client" "$prot" "$query"
140*91f7d55fSchristos	expect_answer
141*91f7d55fSchristosdone
142*91f7d55fSchristos
143*91f7d55fSchristos# Query with PROXYv2
144*91f7d55fSchristos# Client $CLIENT_ADDR_REFUSE should be refused
145*91f7d55fSchristos# Expect the REFUSE back
146*91f7d55fSchristosserver=127.0.0.1
147*91f7d55fSchristosclient="-p $CLIENT_ADDR_REFUSE"
148*91f7d55fSchristosquery="one.example.net."
149*91f7d55fSchristosanswer=""
150*91f7d55fSchristosfor prot in "-u" "" "-s"; do
151*91f7d55fSchristos	send_query "$server" "$client" "$prot" "$query"
152*91f7d55fSchristos	expect_refuse
153*91f7d55fSchristosdone
154*91f7d55fSchristos
155*91f7d55fSchristos# Query with PROXYv2
156*91f7d55fSchristos# Client $CLIENT_ADDR_REFUSE6 should be refused
157*91f7d55fSchristos# Expect the REFUSE back
158*91f7d55fSchristosserver=127.0.0.1
159*91f7d55fSchristosclient="-p $CLIENT_ADDR_REFUSE6"
160*91f7d55fSchristosquery="one.example.net."
161*91f7d55fSchristosanswer=""
162*91f7d55fSchristosfor prot in "-u" "" "-s"; do
163*91f7d55fSchristos	send_query "$server" "$client" "$prot" "$query"
164*91f7d55fSchristos	expect_refuse
165*91f7d55fSchristosdone
166*91f7d55fSchristos
167*91f7d55fSchristos# Query with PROXYv2
168*91f7d55fSchristos# Client $CLIENT_ADDR_ALLOW should be allowed; proxy source address should be allowed
169*91f7d55fSchristos# Expect the result back
170*91f7d55fSchristosserver=$INTERFACE_ALLOW_ADDR
171*91f7d55fSchristosclient="-p $CLIENT_ADDR_ALLOW@1234"
172*91f7d55fSchristosquery="one.example.net."
173*91f7d55fSchristosanswer="1.1.1.1"
174*91f7d55fSchristosfor prot in "-u" "" "-s"; do
175*91f7d55fSchristos	send_query "$server" "$client" "$prot" "$query"
176*91f7d55fSchristos	expect_answer
177*91f7d55fSchristosdone
178*91f7d55fSchristos
179*91f7d55fSchristos# Query with PROXYv2
180*91f7d55fSchristos# Client $CLIENT_ADDR_ALLOW should be allowed; proxy source address should be refused
181*91f7d55fSchristos# Expect the REFUSE back
182*91f7d55fSchristosserver=$INTERFACE_REFUSE_ADDR
183*91f7d55fSchristosclient="-p $CLIENT_ADDR_ALLOW@1234"
184*91f7d55fSchristosquery="one.example.net."
185*91f7d55fSchristosanswer=""
186*91f7d55fSchristosfor prot in "-u" "" "-s"; do
187*91f7d55fSchristos	send_query "$server" "$client" "$prot" "$query"
188*91f7d55fSchristos	expect_refuse
189*91f7d55fSchristosdone
190*91f7d55fSchristos
191*91f7d55fSchristosecho "OK"
192*91f7d55fSchristosexit 0
193*91f7d55fSchristos
194