mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 18:19:42 +00:00
Code Issues Releases Wiki Activity
bind/tests/isc/tlsdns_test.c

234 lines
7.0 KiB
C
Raw Normal View History

Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
Include <inttypes.h> whenever including <cmocka.h> Development versions of cmocka require the intmax_t and uintmax_t types to be defined by the time the test code includes the <cmocka.h> header. These types are defined in the <stdint.h> header, which is included by the <inttypes.h> header, which in turn is already explicitly included by some of the programs in the tests/ directory. Ensure all programs in that directory that include the <cmocka.h> header also include the <inttypes.h> header to future-proof the code while keeping the change set minimal and the resulting code consistent. Also prevent explicitly including the <stdint.h> header in those programs as it is included by the <inttypes.h> header.
2023-05-18 15:12:23 +02:00
#include <inttypes.h>
Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
#include <sched.h> /* IWYU pragma: keep */
#include <setjmp.h>
#include <signal.h>
#include <stdarg.h>
#include <stdlib.h>
#include <unistd.h>
unit tests: include an OpenSSL header before including cmocka.h OpenSSL 3.1.0 uses __attribute__(malloc), conflicting with a redefined malloc in cmocka.h. As a workaround, include an OpenSSL header file before including cmocka.h in the unit tests where OpenSSL is used.
2023-04-06 13:18:04 +00:00
/*
* As a workaround, include an OpenSSL header file before including cmocka.h,
* because OpenSSL 3.1.0 uses __attribute__(malloc), conflicting with a
* redefined malloc in cmocka.h.
*/
#include <openssl/err.h>
Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
#define UNIT_TESTING
#include <cmocka.h>
#include <isc/async.h>
Move the library init and shutdown to executables Instead of relying on unreliable order of execution of the library constructors and destructors, move them to individual binaries. The advantage is that the execution time and order will remain constant and will not depend on the dynamic load dependency solver. This requires more work, but that was mitigated by a simple requirement, any executable using libisc and libdns, must include <isc/lib.h> and <dns/lib.h> respectively (in this particular order). In turn, these two headers must not be included from within any library as they contain inlined functions marked with constructor/destructor attributes.
2025-02-04 13:17:31 +01:00
#include <isc/lib.h>
Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
#include <isc/loop.h>
#include <isc/nonce.h>
#include <isc/os.h>
#include <isc/quota.h>
#include <isc/refcount.h>
#include <isc/sockaddr.h>
#include <isc/thread.h>
#include <isc/util.h>
#include <isc/uv.h>
#include "uv_wrap.h"
#define KEEP_BEFORE
#include "netmgr_common.h"
#include <tests/isc.h>
static void
start_listening(uint32_t nworkers, isc_nm_accept_cb_t accept_cb,
isc_nm_recv_cb_t recv_cb) {
Re-purpose TLS DNS and TCP DNS unit tests for Stream DNS This commit modifies the existing unit tests for TLS DNS and TCP DNS in such a way that the new Stream DNS transport is used as it is intended to be a drop-in replacement for these two transports.
2022-11-08 16:43:01 +02:00
isc_result_t result = isc_nm_listenstreamdns(
Refactor the network manager to be a singleton There is only a single network manager running on top of the loop manager (except for tests). Refactor the network manager to be a singleton (a single instance) and change the unit tests, so that the shorter read timeouts apply only to a specific handle, not the whole extra 'connect_nm' network manager instance.
2025-07-14 17:12:35 +02:00
nworkers, &tcp_listen_addr, recv_cb, NULL, accept_cb, NULL, 128,
NULL, tcp_listen_tlsctx, get_proxy_type(), &listen_sock);
Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
assert_int_equal(result, ISC_R_SUCCESS);
Change the loopmgr to be singleton All the applications built on top of the loop manager were required to create just a single instance of the loop manager. Refactor the loop manager to not expose this instance to the callers and keep the loop manager object internal to the isc_loop compilation unit. This significantly simplifies a number of data structures and calls to the isc_loop API.
2025-07-14 10:50:21 +02:00
isc_loop_teardown(isc_loop_main(), stop_listening, listen_sock);
Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
}
static void
Refactor the network manager to be a singleton There is only a single network manager running on top of the loop manager (except for tests). Refactor the network manager to be a singleton (a single instance) and change the unit tests, so that the shorter read timeouts apply only to a specific handle, not the whole extra 'connect_nm' network manager instance.
2025-07-14 17:12:35 +02:00
tlsdns_connect(void) {
Add PROXY support to Stream DNS This commit makes it possible to use Stream DNS on top of PROXY Stream either directly or indirectly (in the case when TLS is involved).
2023-05-09 15:13:05 +03:00
isc_nm_streamdnsconnect(
Refactor the network manager to be a singleton There is only a single network manager running on top of the loop manager (except for tests). Refactor the network manager to be a singleton (a single instance) and change the unit tests, so that the shorter read timeouts apply only to a specific handle, not the whole extra 'connect_nm' network manager instance.
2025-07-14 17:12:35 +02:00
&tcp_connect_addr, &tcp_listen_addr, connect_connect_cb,
TLS SNI - add low level support for SNI to the networking code This commit adds support for setting SNI hostnames in outgoing connections over TLS. Most of the changes are related to either adapting the code to accept and extra argument in *connect() functions and a couple of changes to the TLS Stream to actually make use of the new SNI hostname information.
2024-12-17 15:52:18 +02:00
tlsdns_connect, T_CONNECT, tcp_connect_tlsctx, NULL,
PROXY over TLS: Fix stream-based DNS transports tests support This commit fixes the infrastructural code of the stream-based DNS transports to take PROXY over TLS support into account.
2023-05-25 18:22:55 +03:00
tcp_tlsctx_client_sess_cache, get_proxy_type(), NULL);
Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
}
ISC_LOOP_TEST_IMPL(tlsdns_noop) {
start_listening(ISC_NM_LISTEN_ONE, noop_accept_cb, noop_recv_cb);
connect_readcb = NULL;
isc_refcount_increment0(&active_cconnects);
Refactor the network manager to be a singleton There is only a single network manager running on top of the loop manager (except for tests). Refactor the network manager to be a singleton (a single instance) and change the unit tests, so that the shorter read timeouts apply only to a specific handle, not the whole extra 'connect_nm' network manager instance.
2025-07-14 17:12:35 +02:00
isc_nm_streamdnsconnect(
&tcp_connect_addr, &tcp_listen_addr, connect_success_cb,
tlsdns_connect, T_CONNECT, tcp_connect_tlsctx, NULL,
tcp_tlsctx_client_sess_cache, get_proxy_type(), NULL);
Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
}
ISC_LOOP_TEST_IMPL(tlsdns_noresponse) {
start_listening(ISC_NM_LISTEN_ALL, noop_accept_cb, noop_recv_cb);
isc_refcount_increment0(&active_cconnects);
Refactor the network manager to be a singleton There is only a single network manager running on top of the loop manager (except for tests). Refactor the network manager to be a singleton (a single instance) and change the unit tests, so that the shorter read timeouts apply only to a specific handle, not the whole extra 'connect_nm' network manager instance.
2025-07-14 17:12:35 +02:00
isc_nm_streamdnsconnect(
&tcp_connect_addr, &tcp_listen_addr, connect_connect_cb,
tlsdns_connect, T_CONNECT, tcp_connect_tlsctx, NULL,
tcp_tlsctx_client_sess_cache, get_proxy_type(), NULL);
Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
}
ISC_LOOP_TEST_IMPL(tlsdns_timeout_recovery) {
/*
* Accept connections but don't send responses, forcing client
* reads to time out.
*/
noanswer = true;
start_listening(ISC_NM_LISTEN_ONE, listen_accept_cb, listen_read_cb);
/*
* timeout_retry_cb() will give up after five timeouts.
*/
connect_readcb = timeout_retry_cb;
Separate the single setter/getter functions for TCP timeouts Previously all kinds of TCP timeouts had a single getter and setter functions. Separate each timeout to its own getter/setter functions, because in majority of cases only one is required at a time, and it's not optimal expanding those functions every time a new timeout value is implemented.
2025-03-11 12:10:51 +00:00
Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
isc_refcount_increment0(&active_cconnects);
Add PROXY support to Stream DNS This commit makes it possible to use Stream DNS on top of PROXY Stream either directly or indirectly (in the case when TLS is involved).
2023-05-09 15:13:05 +03:00
isc_nm_streamdnsconnect(
Refactor the network manager to be a singleton There is only a single network manager running on top of the loop manager (except for tests). Refactor the network manager to be a singleton (a single instance) and change the unit tests, so that the shorter read timeouts apply only to a specific handle, not the whole extra 'connect_nm' network manager instance.
2025-07-14 17:12:35 +02:00
&tcp_connect_addr, &tcp_listen_addr, connect_connect_cb,
tlsdns_connect, T_SOFT, tcp_connect_tlsctx, NULL,
tcp_tlsctx_client_sess_cache, get_proxy_type(), NULL);
Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
}
ISC_LOOP_TEST_IMPL(tlsdns_recv_one) {
start_listening(ISC_NM_LISTEN_ONE, listen_accept_cb, listen_read_cb);
isc_refcount_increment0(&active_cconnects);
Refactor the network manager to be a singleton There is only a single network manager running on top of the loop manager (except for tests). Refactor the network manager to be a singleton (a single instance) and change the unit tests, so that the shorter read timeouts apply only to a specific handle, not the whole extra 'connect_nm' network manager instance.
2025-07-14 17:12:35 +02:00
tlsdns_connect();
Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
}
ISC_LOOP_TEST_IMPL(tlsdns_recv_two) {
start_listening(ISC_NM_LISTEN_ONE, listen_accept_cb, listen_read_cb);
isc_refcount_increment0(&active_cconnects);
Refactor the network manager to be a singleton There is only a single network manager running on top of the loop manager (except for tests). Refactor the network manager to be a singleton (a single instance) and change the unit tests, so that the shorter read timeouts apply only to a specific handle, not the whole extra 'connect_nm' network manager instance.
2025-07-14 17:12:35 +02:00
tlsdns_connect();
Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
isc_refcount_increment0(&active_cconnects);
Refactor the network manager to be a singleton There is only a single network manager running on top of the loop manager (except for tests). Refactor the network manager to be a singleton (a single instance) and change the unit tests, so that the shorter read timeouts apply only to a specific handle, not the whole extra 'connect_nm' network manager instance.
2025-07-14 17:12:35 +02:00
tlsdns_connect();
Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
}
ISC_LOOP_TEST_IMPL(tlsdns_recv_send) {
start_listening(ISC_NM_LISTEN_ALL, listen_accept_cb, listen_read_cb);
for (size_t i = 0; i < workers; i++) {
Change the loopmgr to be singleton All the applications built on top of the loop manager were required to create just a single instance of the loop manager. Refactor the loop manager to not expose this instance to the callers and keep the loop manager object internal to the isc_loop compilation unit. This significantly simplifies a number of data structures and calls to the isc_loop API.
2025-07-14 10:50:21 +02:00
isc_async_run(isc_loop_get(i), stream_recv_send_connect,
tlsdns_connect);
Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
}
}
Add PROXYv2 related tests for TLS DNS transport This commit adds a set of PROXYv2 related tests to ensure that Stream DNS over TLS supports this mode.
2023-05-09 20:49:38 +03:00
/* PROXY tests */
ISC_LOOP_TEST_IMPL(proxy_tlsdns_noop) { loop_test_tlsdns_noop(arg); }
ISC_LOOP_TEST_IMPL(proxy_tlsdns_noresponse) {
loop_test_tlsdns_noresponse(arg);
}
ISC_LOOP_TEST_IMPL(proxy_tlsdns_timeout_recovery) {
loop_test_tlsdns_timeout_recovery(arg);
}
ISC_LOOP_TEST_IMPL(proxy_tlsdns_recv_one) { loop_test_tlsdns_recv_one(arg); }
ISC_LOOP_TEST_IMPL(proxy_tlsdns_recv_two) { loop_test_tlsdns_recv_two(arg); }
ISC_LOOP_TEST_IMPL(proxy_tlsdns_recv_send) { loop_test_tlsdns_recv_send(arg); }
StreamDNS over TLS: Add PROXY over TLS tests This commit extends the TLS DNS unit tests suite with checks related to PROXY over TLS support in StreamDNS.
2023-06-21 18:35:42 +03:00
/* PROXY over TLS tests */
ISC_LOOP_TEST_IMPL(proxytls_tlsdns_noop) { loop_test_tlsdns_noop(arg); }
ISC_LOOP_TEST_IMPL(proxytls_tlsdns_noresponse) {
loop_test_tlsdns_noresponse(arg);
}
ISC_LOOP_TEST_IMPL(proxytls_tlsdns_timeout_recovery) {
loop_test_tlsdns_timeout_recovery(arg);
}
ISC_LOOP_TEST_IMPL(proxytls_tlsdns_recv_one) { loop_test_tlsdns_recv_one(arg); }
ISC_LOOP_TEST_IMPL(proxytls_tlsdns_recv_two) { loop_test_tlsdns_recv_two(arg); }
ISC_LOOP_TEST_IMPL(proxytls_tlsdns_recv_send) {
loop_test_tlsdns_recv_send(arg);
}
Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
ISC_TEST_LIST_START
ISC_TEST_ENTRY_CUSTOM(tlsdns_noop, stream_noop_setup, stream_noop_teardown)
ISC_TEST_ENTRY_CUSTOM(tlsdns_noresponse, stream_noresponse_setup,
stream_noresponse_teardown)
ISC_TEST_ENTRY_CUSTOM(tlsdns_timeout_recovery, stream_timeout_recovery_setup,
stream_timeout_recovery_teardown)
ISC_TEST_ENTRY_CUSTOM(tlsdns_recv_one, stream_recv_one_setup,
stream_recv_one_teardown)
ISC_TEST_ENTRY_CUSTOM(tlsdns_recv_two, stream_recv_two_setup,
stream_recv_two_teardown)
ISC_TEST_ENTRY_CUSTOM(tlsdns_recv_send, stream_recv_send_setup,
stream_recv_send_teardown)
/* FIXME: Re-add the noalpn tests */
Add PROXYv2 related tests for TLS DNS transport This commit adds a set of PROXYv2 related tests to ensure that Stream DNS over TLS supports this mode.
2023-05-09 20:49:38 +03:00
/* PROXY */
ISC_TEST_ENTRY_CUSTOM(proxy_tlsdns_noop, proxystream_noop_setup,
proxystream_noop_teardown)
ISC_TEST_ENTRY_CUSTOM(proxy_tlsdns_noresponse, proxystream_noresponse_setup,
proxystream_noresponse_teardown)
ISC_TEST_ENTRY_CUSTOM(proxy_tlsdns_timeout_recovery,
proxystream_timeout_recovery_setup,
proxystream_timeout_recovery_teardown)
ISC_TEST_ENTRY_CUSTOM(proxy_tlsdns_recv_one, proxystream_recv_one_setup,
proxystream_recv_one_teardown)
ISC_TEST_ENTRY_CUSTOM(proxy_tlsdns_recv_two, proxystream_recv_two_setup,
proxystream_recv_two_teardown)
ISC_TEST_ENTRY_CUSTOM(proxy_tlsdns_recv_send, proxystream_recv_send_setup,
proxystream_recv_send_teardown)
StreamDNS over TLS: Add PROXY over TLS tests This commit extends the TLS DNS unit tests suite with checks related to PROXY over TLS support in StreamDNS.
2023-06-21 18:35:42 +03:00
/* PROXY over TLS */
ISC_TEST_ENTRY_CUSTOM(proxytls_tlsdns_noop, proxystreamtls_noop_setup,
proxystreamtls_noop_teardown)
ISC_TEST_ENTRY_CUSTOM(proxytls_tlsdns_noresponse,
proxystreamtls_noresponse_setup,
proxystreamtls_noresponse_teardown)
ISC_TEST_ENTRY_CUSTOM(proxytls_tlsdns_timeout_recovery,
proxystreamtls_timeout_recovery_setup,
proxystreamtls_timeout_recovery_teardown)
ISC_TEST_ENTRY_CUSTOM(proxytls_tlsdns_recv_one, proxystreamtls_recv_one_setup,
proxystreamtls_recv_one_teardown)
ISC_TEST_ENTRY_CUSTOM(proxytls_tlsdns_recv_two, proxystreamtls_recv_two_setup,
proxystreamtls_recv_two_teardown)
ISC_TEST_ENTRY_CUSTOM(proxytls_tlsdns_recv_send, proxystreamtls_recv_send_setup,
proxystreamtls_recv_send_teardown)
Split netmgr_test into separate per-transport unit tests The netmgr_test unit test has been subdivided into tcp_test, tcpdns_test, tls_test, tlsdns_test, and udp_test components. These have been updated to use the new loopmgr.
2022-07-26 13:03:48 +02:00
ISC_TEST_LIST_END
Make sure the unit test listening and connecting ports are different In rare circumstances, the UDP port for the listening socket and the UDP port for the connecting socket might be the same. Because we use the "reuse" port socket option, this isn't caught when binding the socket, and thus the connected client socket could send a datagram to itself, completely bypassing the server. This doesn't happen under normal operation mode because `named` is listening on a privileged port (53), and even if not, it doesn't usually talk to itself as the tests do. Pick an arbitrary port for listening (9153-9156) that is outside the ephemeral port range for the network manager related unit tests (except the `doh_test).
2022-10-11 12:03:17 +02:00
static int
Replace __attribute__((unused)) with ISC_ATTR_UNUSED attribute macro Instead of marking the unused entities with UNUSED(x) macro in the function body, use a `ISC_ATTR_UNUSED` attribute macro that expans to C23 [[maybe_unused]] or __attribute__((__unused__)) as fallback.
2023-01-10 10:20:44 +01:00
tlsdns_setup(void **state ISC_ATTR_UNUSED) {
TLS DNS unit tests: do not share the port with TCP DNS tests TLS DNS unit tests were sharing the port with TCP DNS tests by mistake. That could have caused conflicts between the two, when running the unit tests in parallel. This commit fixes that.
2022-10-26 15:41:30 +03:00
stream_port = TLSDNS_TEST_PORT;
Make sure the unit test listening and connecting ports are different In rare circumstances, the UDP port for the listening socket and the UDP port for the connecting socket might be the same. Because we use the "reuse" port socket option, this isn't caught when binding the socket, and thus the connected client socket could send a datagram to itself, completely bypassing the server. This doesn't happen under normal operation mode because `named` is listening on a privileged port (53), and even if not, it doesn't usually talk to itself as the tests do. Pick an arbitrary port for listening (9153-9156) that is outside the ephemeral port range for the network manager related unit tests (except the `doh_test).
2022-10-11 12:03:17 +02:00
Remove redundant parentheses from the return statement
2024-11-19 10:38:03 +01:00
return 0;
Make sure the unit test listening and connecting ports are different In rare circumstances, the UDP port for the listening socket and the UDP port for the connecting socket might be the same. Because we use the "reuse" port socket option, this isn't caught when binding the socket, and thus the connected client socket could send a datagram to itself, completely bypassing the server. This doesn't happen under normal operation mode because `named` is listening on a privileged port (53), and even if not, it doesn't usually talk to itself as the tests do. Pick an arbitrary port for listening (9153-9156) that is outside the ephemeral port range for the network manager related unit tests (except the `doh_test).
2022-10-11 12:03:17 +02:00
}
ISC_TEST_MAIN_CUSTOM(tlsdns_setup, NULL)
Reference in New Issue Copy Permalink