1# #-- proxy_protocol.test.scenario --#
2# source the master var file when it's there
3[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
4# use .tpkg.var.test for in test variable passing
5[ -f .tpkg.var.test ] && source .tpkg.var.test
6
7PRE="../.."
8. ../common.sh
9
10ip addr add 127.0.0.1 dev lo
11ip link set lo up
12
13ip link add $INTERFACE_ALLOW type dummy
14ip addr add $INTERFACE_ALLOW_ADDR dev $INTERFACE_ALLOW
15ip link set $INTERFACE_ALLOW up
16
17ip link add $INTERFACE_REFUSE type dummy
18ip addr add $INTERFACE_REFUSE_ADDR dev $INTERFACE_REFUSE
19ip link set $INTERFACE_REFUSE up
20
21# start forwarder in the background
22get_ldns_testns
23$LDNS_TESTNS -p $FWD_PORT proxy_protocol.testns >fwd.log 2>&1 &
24FWD_PID=$!
25echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
26
27# start unbound in the background
28$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
29UNBOUND_PID=$!
30echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
31
32wait_ldns_testns_up fwd.log
33wait_unbound_up unbound.log
34
35# call streamtcp and check return value
36do_streamtcp () {
37	$PRE/streamtcp $* A IN >outfile 2>&1
38	if test "$?" -ne 0; then
39		echo "exit status not OK"
40		echo "> cat logfiles"
41		cat outfile
42		cat unbound.log
43		echo "Not OK"
44		exit 1
45	fi
46}
47
48send_query () {
49	server=$1
50	client=$2
51	prot=$3
52	query=$4
53	echo -n "> query $query to $server"
54	port=$UNBOUND_PORT
55	if test ! -z "$client"; then
56		port=$PROXY_PORT
57	fi
58	case $prot in
59		-u)
60			echo -n " (over UDP)"
61			;;
62		-s)
63			echo -n " (over TLS)"
64			port=$PROXY_TLS_PORT
65			;;
66		*)
67			echo -n " (over TCP)"
68	esac
69	if test ! -z "$client"; then
70		echo -n " ($client proxied)"
71	fi
72	echo
73	do_streamtcp $prot -f $server@$port $client $query
74	#cat outfile
75}
76
77expect_answer () {
78	#query=$1
79	#answer=$2
80	if grep "$query" outfile | grep "$answer"; then
81		echo "content OK"
82		echo
83	else
84		echo "> cat logfiles"
85		cat outfile
86		cat unbound.log
87		echo "result contents not OK"
88		exit 1
89	fi
90}
91
92expect_refuse () {
93	if grep "rcode: REFUSE" outfile; then
94		echo "content OK"
95		echo
96	else
97		echo "> cat logfiles"
98		cat outfile
99		cat unbound.log
100		echo "result contents not OK"
101		exit 1
102	fi
103}
104
105# Start the test
106
107# Query without PROXYv2
108# Client localhost
109# Expect the result back
110server=127.0.0.1
111client=""
112query="two.example.net."
113answer="2.2.2.2"
114for prot in "-u" ""; do
115	send_query "$server" "$client" "$prot" "$query"
116	expect_answer
117done
118
119# Query with PROXYv2
120# Client $CLIENT_ADDR_ALLOW should be allowed
121# Expect the result back
122server=127.0.0.1
123client="-p $CLIENT_ADDR_ALLOW@1234"
124query="one.example.net."
125answer="1.1.1.1"
126for prot in "-u" "" "-s"; do
127	send_query "$server" "$client" "$prot" "$query"
128	expect_answer
129done
130
131# Query with PROXYv2
132# Client $CLIENT_ADDR_ALLOW6 should be allowed
133# Expect the result back
134server=127.0.0.1
135client="-p $CLIENT_ADDR_ALLOW6@1234"
136query="one.example.net."
137answer="1.1.1.1"
138for prot in "-u" "" "-s"; do
139	send_query "$server" "$client" "$prot" "$query"
140	expect_answer
141done
142
143# Query with PROXYv2
144# Client $CLIENT_ADDR_REFUSE should be refused
145# Expect the REFUSE back
146server=127.0.0.1
147client="-p $CLIENT_ADDR_REFUSE"
148query="one.example.net."
149answer=""
150for prot in "-u" "" "-s"; do
151	send_query "$server" "$client" "$prot" "$query"
152	expect_refuse
153done
154
155# Query with PROXYv2
156# Client $CLIENT_ADDR_REFUSE6 should be refused
157# Expect the REFUSE back
158server=127.0.0.1
159client="-p $CLIENT_ADDR_REFUSE6"
160query="one.example.net."
161answer=""
162for prot in "-u" "" "-s"; do
163	send_query "$server" "$client" "$prot" "$query"
164	expect_refuse
165done
166
167# Query with PROXYv2
168# Client $CLIENT_ADDR_ALLOW should be allowed; proxy source address should be allowed
169# Expect the result back
170server=$INTERFACE_ALLOW_ADDR
171client="-p $CLIENT_ADDR_ALLOW@1234"
172query="one.example.net."
173answer="1.1.1.1"
174for prot in "-u" "" "-s"; do
175	send_query "$server" "$client" "$prot" "$query"
176	expect_answer
177done
178
179# Query with PROXYv2
180# Client $CLIENT_ADDR_ALLOW should be allowed; proxy source address should be refused
181# Expect the REFUSE back
182server=$INTERFACE_REFUSE_ADDR
183client="-p $CLIENT_ADDR_ALLOW@1234"
184query="one.example.net."
185answer=""
186for prot in "-u" "" "-s"; do
187	send_query "$server" "$client" "$prot" "$query"
188	expect_refuse
189done
190
191echo "OK"
192exit 0
193
194