1# #-- proxy_protocol.test.scenario --# 2# source the master var file when it's there 3[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master 4# use .tpkg.var.test for in test variable passing 5[ -f .tpkg.var.test ] && source .tpkg.var.test 6 7PRE="../.." 8. ../common.sh 9 10ip addr add 127.0.0.1 dev lo 11ip link set lo up 12 13ip link add $INTERFACE_ALLOW type dummy 14ip addr add $INTERFACE_ALLOW_ADDR dev $INTERFACE_ALLOW 15ip link set $INTERFACE_ALLOW up 16 17ip link add $INTERFACE_REFUSE type dummy 18ip addr add $INTERFACE_REFUSE_ADDR dev $INTERFACE_REFUSE 19ip link set $INTERFACE_REFUSE up 20 21# start forwarder in the background 22get_ldns_testns 23$LDNS_TESTNS -p $FWD_PORT proxy_protocol.testns >fwd.log 2>&1 & 24FWD_PID=$! 25echo "FWD_PID=$FWD_PID" >> .tpkg.var.test 26 27# start unbound in the background 28$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & 29UNBOUND_PID=$! 30echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test 31 32wait_ldns_testns_up fwd.log 33wait_unbound_up unbound.log 34 35# call streamtcp and check return value 36do_streamtcp () { 37 $PRE/streamtcp $* A IN >outfile 2>&1 38 if test "$?" -ne 0; then 39 echo "exit status not OK" 40 echo "> cat logfiles" 41 cat outfile 42 cat unbound.log 43 echo "Not OK" 44 exit 1 45 fi 46} 47 48send_query () { 49 server=$1 50 client=$2 51 prot=$3 52 query=$4 53 echo -n "> query $query to $server" 54 port=$UNBOUND_PORT 55 if test ! -z "$client"; then 56 port=$PROXY_PORT 57 fi 58 case $prot in 59 -u) 60 echo -n " (over UDP)" 61 ;; 62 -s) 63 echo -n " (over TLS)" 64 port=$PROXY_TLS_PORT 65 ;; 66 *) 67 echo -n " (over TCP)" 68 esac 69 if test ! -z "$client"; then 70 echo -n " ($client proxied)" 71 fi 72 echo 73 do_streamtcp $prot -f $server@$port $client $query 74 #cat outfile 75} 76 77expect_answer () { 78 #query=$1 79 #answer=$2 80 if grep "$query" outfile | grep "$answer"; then 81 echo "content OK" 82 echo 83 else 84 echo "> cat logfiles" 85 cat outfile 86 cat unbound.log 87 echo "result contents not OK" 88 exit 1 89 fi 90} 91 92expect_refuse () { 93 if grep "rcode: REFUSE" outfile; then 94 echo "content OK" 95 echo 96 else 97 echo "> cat logfiles" 98 cat outfile 99 cat unbound.log 100 echo "result contents not OK" 101 exit 1 102 fi 103} 104 105# Start the test 106 107# Query without PROXYv2 108# Client localhost 109# Expect the result back 110server=127.0.0.1 111client="" 112query="two.example.net." 113answer="2.2.2.2" 114for prot in "-u" ""; do 115 send_query "$server" "$client" "$prot" "$query" 116 expect_answer 117done 118 119# Query with PROXYv2 120# Client $CLIENT_ADDR_ALLOW should be allowed 121# Expect the result back 122server=127.0.0.1 123client="-p $CLIENT_ADDR_ALLOW@1234" 124query="one.example.net." 125answer="1.1.1.1" 126for prot in "-u" "" "-s"; do 127 send_query "$server" "$client" "$prot" "$query" 128 expect_answer 129done 130 131# Query with PROXYv2 132# Client $CLIENT_ADDR_ALLOW6 should be allowed 133# Expect the result back 134server=127.0.0.1 135client="-p $CLIENT_ADDR_ALLOW6@1234" 136query="one.example.net." 137answer="1.1.1.1" 138for prot in "-u" "" "-s"; do 139 send_query "$server" "$client" "$prot" "$query" 140 expect_answer 141done 142 143# Query with PROXYv2 144# Client $CLIENT_ADDR_REFUSE should be refused 145# Expect the REFUSE back 146server=127.0.0.1 147client="-p $CLIENT_ADDR_REFUSE" 148query="one.example.net." 149answer="" 150for prot in "-u" "" "-s"; do 151 send_query "$server" "$client" "$prot" "$query" 152 expect_refuse 153done 154 155# Query with PROXYv2 156# Client $CLIENT_ADDR_REFUSE6 should be refused 157# Expect the REFUSE back 158server=127.0.0.1 159client="-p $CLIENT_ADDR_REFUSE6" 160query="one.example.net." 161answer="" 162for prot in "-u" "" "-s"; do 163 send_query "$server" "$client" "$prot" "$query" 164 expect_refuse 165done 166 167# Query with PROXYv2 168# Client $CLIENT_ADDR_ALLOW should be allowed; proxy source address should be allowed 169# Expect the result back 170server=$INTERFACE_ALLOW_ADDR 171client="-p $CLIENT_ADDR_ALLOW@1234" 172query="one.example.net." 173answer="1.1.1.1" 174for prot in "-u" "" "-s"; do 175 send_query "$server" "$client" "$prot" "$query" 176 expect_answer 177done 178 179# Query with PROXYv2 180# Client $CLIENT_ADDR_ALLOW should be allowed; proxy source address should be refused 181# Expect the REFUSE back 182server=$INTERFACE_REFUSE_ADDR 183client="-p $CLIENT_ADDR_ALLOW@1234" 184query="one.example.net." 185answer="" 186for prot in "-u" "" "-s"; do 187 send_query "$server" "$client" "$prot" "$query" 188 expect_refuse 189done 190 191echo "OK" 192exit 0 193 194