xref: /freebsd/contrib/unbound/testdata/acl_interface.tdir/acl_interface.test.scenario (revision 4b15965daa99044daf184221b7c283bf7f2d7e66) 
1# #-- acl_interface.test.scenario --#
2# source the master var file when it's there
3[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
4# use .tpkg.var.test for in test variable passing
5[ -f .tpkg.var.test ] && source .tpkg.var.test
6PRE="../.."
7. ../common.sh
8
9ip addr add $IPV4_ADDR dev lo
10ip addr add $IPV6_ADDR dev lo
11ip link set lo up
12
13ip link add $INTERFACE type dummy
14ip addr add $INTERFACE_ADDR_1 dev $INTERFACE
15ip addr add $INTERFACE_ADDR_2 dev $INTERFACE
16ip addr add $INTERFACE_ADDR_3 dev $INTERFACE
17ip addr add $INTERFACE_ADDR_4 dev $INTERFACE
18ip link set $INTERFACE up
19
20ip link add ${INTERFACE}vlan50 type dummy
21ip addr add fe80::2/64 dev ${INTERFACE}vlan50
22ip link add ${INTERFACE}vlan51 type dummy
23ip addr add fe80::2/64 dev ${INTERFACE}vlan51
24ip link set ${INTERFACE}vlan50 up
25ip link set ${INTERFACE}vlan51 up
26
27ip addr show
28
29# start the forwarder in the background
30get_ldns_testns
31$LDNS_TESTNS -p $FORWARD_PORT acl_interface.testns >fwd.log 2>&1 &
32FWD_PID=$!
33echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
34
35# start the stub in the background
36$LDNS_TESTNS -p $STUB_PORT acl_interface.testns2 >fwd2.log 2>&1 &
37STUB_PID=$!
38echo "STUB_PID=$STUB_PID" >> .tpkg.var.test
39
40# start unbound in the background
41$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
42UNBOUND_PID=$!
43echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
44
45cat .tpkg.var.test
46wait_ldns_testns_up fwd.log
47wait_ldns_testns_up fwd2.log
48wait_unbound_up unbound.log
49
50end () {
51	echo "> cat logfiles"
52	cat fwd.log
53	cat fwd2.log
54	cat unbound.log
55	exit $1
56}
57
58# Query for the given domain to the given port
59# $1: address family [4, 6]
60# $2: port
61# $3: dname
62query () {
63	addr=$IPV4_ADDR
64	if test "$1" -eq 6; then
65		addr=$IPV6_ADDR
66	fi
67	echo "> dig -p $2 $3"
68	dig @"$addr" -p $2 $3 | tee outfile
69}
70
71# Query for the given domain to the given port
72# $1: address
73# $2: port
74# $3: dname
75query_addr () {
76	echo "> dig @$1 -p $2 $3"
77	dig @"$1" -p $2 $3 | tee outfile
78}
79
80expect_refused () {
81	echo "> check answer for REFUSED"
82	if grep "REFUSED" outfile; then
83		echo "OK"
84	else
85		echo "Not OK"
86		end 1
87	fi
88}
89
90expect_nx_answer () {
91	echo "> check answer for NXDOMAIN"
92	if grep "NXDOMAIN" outfile; then
93		echo "OK"
94	else
95		echo "Not OK"
96		end 1
97	fi
98}
99
100expect_external_answer () {
101	echo "> check external answer"
102	if grep "1.2.3.4" outfile; then
103		echo "OK"
104	else
105		echo "Not OK"
106		end 1
107	fi
108}
109
110expect_internal_answer () {
111	echo "> check internal answer"
112	if grep "10.20.30.40" outfile; then
113		echo "OK"
114	else
115		echo "Not OK"
116		end 1
117	fi
118}
119
120expect_tag_one_answer () {
121	echo "> check tag 'one' answer"
122	if grep "1.1.1.1" outfile; then
123		echo "OK"
124	else
125		echo "Not OK"
126		end 1
127	fi
128}
129
130expect_tag_two_answer () {
131	echo "> check tag 'two' answer"
132	if grep "2.2.2.2" outfile; then
133		echo "OK"
134	else
135		echo "Not OK"
136		end 1
137	fi
138}
139
140expect_rpz_one_answer () {
141	echo "> check tag 'one' answer"
142	if grep "11.11.11.11" outfile; then
143		echo "OK"
144	else
145		echo "Not OK"
146		end 1
147	fi
148}
149
150expect_rpz_two_answer () {
151	echo "> check tag 'two' answer"
152	if grep "22.22.22.22" outfile; then
153		echo "OK"
154	else
155		echo "Not OK"
156		end 1
157	fi
158}
159
160# do the test
161
162for i in 4 6; do
163	query $i $PORT_REFUSE "www.external"
164	expect_refused
165
166	query $i $PORT_REFUSE "www.internal"
167	expect_refused
168
169	query $i $PORT_ALLOW "www.external"
170	expect_external_answer
171
172	query $i $PORT_ALLOW "www.internal"
173	expect_internal_answer
174
175	query $i $PORT_TAG_1 "local"
176	expect_tag_one_answer
177
178	query $i $PORT_TAG_2 "local"
179	expect_tag_two_answer
180
181	query $i $PORT_TAG_3 "local"
182	expect_refused
183
184	query $i $PORT_RPZ_1 "local"
185	expect_rpz_one_answer
186
187	query $i $PORT_RPZ_2 "local"
188	expect_rpz_two_answer
189
190	query $i $PORT_RPZ_NX "local"
191	expect_nx_answer
192
193	query $i $PORT_VIEW_INT "www.internal"
194	expect_internal_answer
195
196	query $i $PORT_VIEW_INT "www.external"
197	expect_refused
198
199	query $i $PORT_VIEW_EXT "www.internal"
200	expect_refused
201
202	query $i $PORT_VIEW_EXT "www.external"
203	expect_external_answer
204
205	query $i $PORT_VIEW_INTEXT "www.internal"
206	expect_internal_answer
207
208	query $i $PORT_VIEW_INTEXT "www.external"
209	expect_external_answer
210done
211
212for addr in $INTERFACE_ADDR_1 $INTERFACE_ADDR_2 $INTERFACE_ADDR_3 $INTERFACE_ADDR_4; do
213	query_addr $addr $PORT_REFUSE "www.external"
214	expect_refused
215
216	query_addr $addr $PORT_REFUSE "www.internal"
217	expect_refused
218
219	query_addr $addr $PORT_ALLOW "www.external"
220	expect_external_answer
221
222	query_addr $addr $PORT_ALLOW "www.internal"
223	expect_internal_answer
224
225	query_addr $addr $PORT_TAG_1 "local"
226	expect_tag_one_answer
227
228	query_addr $addr $PORT_TAG_2 "local"
229	expect_tag_two_answer
230
231	query_addr $addr $PORT_TAG_3 "local"
232	expect_refused
233
234	query_addr $addr $PORT_RPZ_1 "local"
235	expect_rpz_one_answer
236
237	query_addr $addr $PORT_RPZ_2 "local"
238	expect_rpz_two_answer
239
240	query_addr $addr $PORT_RPZ_NX "local"
241	expect_nx_answer
242
243	query_addr $addr $PORT_VIEW_INT "www.internal"
244	expect_internal_answer
245
246	query_addr $addr $PORT_VIEW_INT "www.external"
247	expect_refused
248
249	query_addr $addr $PORT_VIEW_EXT "www.internal"
250	expect_refused
251
252	query_addr $addr $PORT_VIEW_EXT "www.external"
253	expect_external_answer
254
255	query_addr $addr $PORT_VIEW_INTEXT "www.internal"
256	expect_internal_answer
257
258	query_addr $addr $PORT_VIEW_INTEXT "www.external"
259	expect_external_answer
260done
261
262query_addr fe80::2%${INTERFACE}vlan50 $PORT_ALLOW "one.vtest."
263expect_tag_one_answer
264
265query_addr fe80::2%${INTERFACE}vlan51 $PORT_ALLOW "two.vtest."
266expect_tag_two_answer
267
268end 0
269