mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

PROXY over TLS: Fix stream-based DNS transports tests support

Browse Source 
This commit fixes the infrastructural code of the stream-based DNS
transports to take PROXY over TLS support into account.
This commit is contained in:
Artem Boldariev 2023-05-25 18:22:55 +03:00
parent 9d7343cd7d
commit 9a7e30b1ca
5 changed files with 191 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
tests/isc/netmgr_common.c
View File

@ -103,6 +103,7 @@ bool allow_send_back = false;
bool noanswer = false;
bool stream_use_TLS = false;
bool stream_use_PROXY = false;
bool stream_PROXY_over_TLS = false;
bool stream = false;
in_port_t stream_port = 0;
@ -607,14 +608,19 @@ get_proxyheader_info(void) {
static void
proxystream_connect(isc_nm_t *nm) {
isc_tlsctx_t *tlsctx = stream_PROXY_over_TLS ? tcp_connect_tlsctx
: NULL;
isc_tlsctx_client_session_cache_t *sess_cache =
stream_PROXY_over_TLS ? tcp_tlsctx_client_sess_cache : NULL;
isc_nm_proxystreamconnect(nm, &tcp_connect_addr, &tcp_listen_addr,
connect_connect_cb, NULL, T_CONNECT, NULL,
NULL, get_proxyheader_info());
connect_connect_cb, NULL, T_CONNECT, tlsctx,
sess_cache, get_proxyheader_info());
}
stream_connect_function
get_stream_connect_function(void) {
if (stream_use_TLS) {
if (stream_use_TLS && !stream_PROXY_over_TLS) {
return (tls_connect);
} else if (stream_use_PROXY) {
return (proxystream_connect);
@ -630,16 +636,18 @@ stream_listen(isc_nm_accept_cb_t accept_cb, void *accept_cbarg, int backlog,
isc_quota_t *quota, isc_nmsocket_t **sockp) {
isc_result_t result = ISC_R_SUCCESS;
if (stream_use_TLS) {
if (stream_use_TLS && !stream_PROXY_over_TLS) {
result = isc_nm_listentls(
listen_nm, ISC_NM_LISTEN_ALL, &tcp_listen_addr,
accept_cb, accept_cbarg, backlog, quota,
tcp_listen_tlsctx, stream_use_PROXY, sockp);
return (result);
} else if (stream_use_PROXY) {
isc_tlsctx_t *tlsctx = stream_PROXY_over_TLS ? tcp_listen_tlsctx
: NULL;
result = isc_nm_listenproxystream(
listen_nm, ISC_NM_LISTEN_ALL, &tcp_listen_addr,
accept_cb, accept_cbarg, backlog, quota, NULL, sockp);
accept_cb, accept_cbarg, backlog, quota, tlsctx, sockp);
return (result);
} else {
result = isc_nm_listentcp(listen_nm, ISC_NM_LISTEN_ALL,
@ -655,16 +663,23 @@ void
stream_connect(isc_nm_cb_t cb, void *cbarg, unsigned int timeout) {
isc_refcount_increment0(&active_cconnects);
if (stream_use_TLS) {
if (stream_use_TLS && !stream_PROXY_over_TLS) {
isc_nm_tlsconnect(
connect_nm, &tcp_connect_addr, &tcp_listen_addr, cb,
cbarg, tcp_connect_tlsctx, tcp_tlsctx_client_sess_cache,
timeout, stream_use_PROXY, NULL);
return;
} else if (stream_use_PROXY) {
isc_tlsctx_t *tlsctx = stream_PROXY_over_TLS
? tcp_connect_tlsctx
: NULL;
isc_tlsctx_client_session_cache_t *sess_cache =
stream_PROXY_over_TLS ? tcp_tlsctx_client_sess_cache
: NULL;
isc_nm_proxystreamconnect(connect_nm, &tcp_connect_addr,
&tcp_listen_addr, cb, cbarg, timeout,
NULL, NULL, get_proxyheader_info());
tlsctx, sess_cache,
get_proxyheader_info());
return;
} else {
isc_nm_tcpconnect(connect_nm, &tcp_connect_addr,
@ -674,6 +689,17 @@ stream_connect(isc_nm_cb_t cb, void *cbarg, unsigned int timeout) {
UNREACHABLE();
}
isc_nm_proxy_type_t
get_proxy_type(void) {
if (!stream_use_PROXY) {
return (ISC_NM_PROXY_NONE);
} else if (stream_PROXY_over_TLS) {
return (ISC_NM_PROXY_ENCRYPTED);
}
return (ISC_NM_PROXY_PLAIN);
}
void
connect_success_cb(isc_nmhandle_t *handle, isc_result_t eresult, void *cbarg) {
UNUSED(handle);
@ -703,6 +729,12 @@ proxystream_noop_setup(void **state) {
return (stream_noop_setup(state));
}
int
proxystreamtls_noop_setup(void **state) {
stream_PROXY_over_TLS = true;
return (proxystream_noop_setup(state));
}
void
stream_noop(void **state ISC_ATTR_UNUSED) {
isc_result_t result = ISC_R_SUCCESS;
@ -733,6 +765,14 @@ proxystream_noop_teardown(void **state) {
return (r);
}
int
proxystreamtls_noop_teardown(void **state) {
int r = proxystream_noop_teardown(state);
stream_PROXY_over_TLS = false;
return (r);
}
static void
noresponse_readcb(isc_nmhandle_t *handle, isc_result_t eresult,
isc_region_t *region, void *cbarg) {
@ -811,6 +851,19 @@ proxystream_noresponse_teardown(void **state) {
return (r);
}
int
proxystreamtls_noresponse_setup(void **state) {
stream_PROXY_over_TLS = true;
return (proxystream_noresponse_setup(state));
}
int
proxystreamtls_noresponse_teardown(void **state) {
int r = proxystream_noresponse_teardown(state);
stream_PROXY_over_TLS = false;
return (r);
}
void
stream_noresponse(void **state ISC_ATTR_UNUSED) {
isc_result_t result = ISC_R_SUCCESS;
@ -864,6 +917,19 @@ proxystream_timeout_recovery_teardown(void **state) {
return (r);
}
int
proxystreamtls_timeout_recovery_setup(void **state) {
stream_PROXY_over_TLS = true;
return (proxystream_timeout_recovery_setup(state));
}
int
proxystreamtls_timeout_recovery_teardown(void **state) {
int r = proxystream_timeout_recovery_teardown(state);
stream_PROXY_over_TLS = false;
return (r);
}
void
stream_timeout_recovery(void **state ISC_ATTR_UNUSED) {
isc_result_t result = ISC_R_SUCCESS;
@ -929,6 +995,19 @@ proxystream_recv_one_teardown(void **state) {
return (r);
}
int
proxystreamtls_recv_one_setup(void **state) {
stream_PROXY_over_TLS = true;
return (proxystream_recv_one_setup(state));
}
int
proxystreamtls_recv_one_teardown(void **state) {
int r = proxystream_recv_one_teardown(state);
stream_PROXY_over_TLS = false;
return (r);
}
void
stream_recv_one(void **state ISC_ATTR_UNUSED) {
isc_result_t result = ISC_R_SUCCESS;
@ -994,6 +1073,19 @@ proxystream_recv_two_teardown(void **state) {
return (r);
}
int
proxystreamtls_recv_two_setup(void **state) {
stream_PROXY_over_TLS = true;
return (proxystream_recv_two_setup(state));
}
int
proxystreamtls_recv_two_teardown(void **state) {
int r = proxystream_recv_two_teardown(state);
stream_PROXY_over_TLS = false;
return (r);
}
void
stream_recv_two(void **state ISC_ATTR_UNUSED) {
isc_result_t result = ISC_R_SUCCESS;
@ -1047,6 +1139,19 @@ proxystream_recv_send_teardown(void **state) {
return (r);
}
int
proxystreamtls_recv_send_setup(void **state) {
stream_PROXY_over_TLS = true;
return (proxystream_recv_send_setup(state));
}
int
proxystreamtls_recv_send_teardown(void **state) {
int r = proxystream_recv_send_teardown(state);
stream_PROXY_over_TLS = false;
return (r);
}
void
stream_recv_send(void **state ISC_ATTR_UNUSED) {
isc_result_t result = ISC_R_SUCCESS;

44
tests/isc/netmgr_common.h
View File

@ -131,6 +131,7 @@ extern bool allow_send_back;
extern bool noanswer;
extern bool stream_use_TLS;
extern bool stream_use_PROXY;
extern bool stream_PROXY_over_TLS;
extern bool stream;
extern in_port_t stream_port;
@ -288,6 +289,9 @@ stream_connect(isc_nm_cb_t cb, void *cbarg, unsigned int timeout);
isc_nm_proxyheader_info_t *
get_proxyheader_info(void);
isc_nm_proxy_type_t
get_proxy_type(void);
int
stream_noop_setup(void **state ISC_ATTR_UNUSED);
void
@ -300,6 +304,11 @@ proxystream_noop_setup(void **state);
int
proxystream_noop_teardown(void **state);
int
proxystreamtls_noop_setup(void **state);
int
proxystreamtls_noop_teardown(void **state);
int
stream_noresponse_setup(void **state ISC_ATTR_UNUSED);
void
@ -312,6 +321,11 @@ proxystream_noresponse_setup(void **state);
int
proxystream_noresponse_teardown(void **state);
int
proxystreamtls_noresponse_setup(void **state);
int
proxystreamtls_noresponse_teardown(void **state);
int
stream_timeout_recovery_setup(void **state ISC_ATTR_UNUSED);
void
@ -324,6 +338,11 @@ proxystream_timeout_recovery_setup(void **state);
int
proxystream_timeout_recovery_teardown(void **state);
int
proxystreamtls_timeout_recovery_setup(void **state);
int
proxystreamtls_timeout_recovery_teardown(void **state);
int
stream_recv_one_setup(void **state ISC_ATTR_UNUSED);
void
@ -336,6 +355,11 @@ proxystream_recv_one_setup(void **state);
int
proxystream_recv_one_teardown(void **state);
int
proxystreamtls_recv_one_setup(void **state);
int
proxystreamtls_recv_one_teardown(void **state);
int
stream_recv_two_setup(void **state ISC_ATTR_UNUSED);
void
@ -348,6 +372,11 @@ proxystream_recv_two_setup(void **state);
int
proxystream_recv_two_teardown(void **state);
int
proxystreamtls_recv_two_setup(void **state);
int
proxystreamtls_recv_two_teardown(void **state);
int
stream_recv_send_setup(void **state ISC_ATTR_UNUSED);
void
@ -362,6 +391,11 @@ proxystream_recv_send_setup(void **state);
int
proxystream_recv_send_teardown(void **state);
int
proxystreamtls_recv_send_setup(void **state);
int
proxystreamtls_recv_send_teardown(void **state);
int
stream_shutdownconnect_setup(void **state ISC_ATTR_UNUSED);
void
@ -374,6 +408,11 @@ proxystream_shutdownconnect_setup(void **state);
int
proxystream_shutdownconnect_teardown(void **state);
int
proxystreamtls_shutdownconnect_setup(void **state);
int
proxystreamtls_shutdownconnect_teardown(void **state);
int
stream_shutdownread_setup(void **state ISC_ATTR_UNUSED);
void
@ -386,5 +425,10 @@ proxystream_shutdownread_setup(void **state);
int
proxystream_shutdownread_teardown(void **state);
int
proxystreamtls_shutdownread_setup(void **state);
int
proxystreamtls_shutdownread_teardown(void **state);
void
stop_listening(void *arg ISC_ATTR_UNUSED);

26
tests/isc/stream_shutdown.c
View File

@ -72,6 +72,19 @@ proxystream_shutdownconnect_teardown(void **state) {
return (r);
}
int
proxystreamtls_shutdownconnect_setup(void **state) {
stream_PROXY_over_TLS = true;
return (proxystream_shutdownconnect_setup(state));
}
int
proxystreamtls_shutdownconnect_teardown(void **state) {
int r = proxystream_shutdownconnect_teardown(state);
stream_PROXY_over_TLS = false;
return (r);
}
void
stream_shutdownconnect(void **state ISC_ATTR_UNUSED) {
isc_result_t result = stream_listen(stream_accept_cb, NULL, 128, NULL,
@ -174,6 +187,19 @@ proxystream_shutdownread_teardown(void **state) {
return (r);
}
int
proxystreamtls_shutdownread_setup(void **state) {
stream_PROXY_over_TLS = true;
return (proxystream_shutdownread_setup(state));
}
int
proxystreamtls_shutdownread_teardown(void **state) {
int r = proxystream_shutdownread_teardown(state);
stream_PROXY_over_TLS = false;
return (r);
}
void
stream_shutdownread(void **state ISC_ATTR_UNUSED) {
isc_result_t result = stream_listen(stream_accept_cb, NULL, 128, NULL,

8
tests/isc/tcpdns_test.c
View File

@ -53,7 +53,7 @@ start_listening(uint32_t nworkers, isc_nm_accept_cb_t accept_cb,
isc_nm_recv_cb_t recv_cb) {
isc_result_t result = isc_nm_listenstreamdns(
listen_nm, nworkers, &tcp_listen_addr, recv_cb, NULL, accept_cb,
NULL, 128, NULL, NULL, stream_use_PROXY, &listen_sock);
NULL, 128, NULL, NULL, get_proxy_type(), &listen_sock);
assert_int_equal(result, ISC_R_SUCCESS);
isc_loop_teardown(mainloop, stop_listening, listen_sock);
@ -63,7 +63,7 @@ static void
tcpdns_connect(isc_nm_t *nm) {
isc_nm_streamdnsconnect(nm, &tcp_connect_addr, &tcp_listen_addr,
connect_connect_cb, tcpdns_connect, T_CONNECT,
NULL, NULL, stream_use_PROXY, NULL);
NULL, NULL, get_proxy_type(), NULL);
}
ISC_LOOP_TEST_IMPL(tcpdns_noop) {
@ -73,7 +73,7 @@ ISC_LOOP_TEST_IMPL(tcpdns_noop) {
isc_refcount_increment0(&active_cconnects);
isc_nm_streamdnsconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr,
connect_success_cb, tcpdns_connect, T_CONNECT,
NULL, NULL, stream_use_PROXY, NULL);
NULL, NULL, get_proxy_type(), NULL);
}
ISC_LOOP_TEST_IMPL(tcpdns_noresponse) {
@ -82,7 +82,7 @@ ISC_LOOP_TEST_IMPL(tcpdns_noresponse) {
isc_refcount_increment0(&active_cconnects);
isc_nm_streamdnsconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr,
connect_connect_cb, tcpdns_connect, T_CONNECT,
NULL, NULL, stream_use_PROXY, NULL);
NULL, NULL, get_proxy_type(), NULL);
}
ISC_LOOP_TEST_IMPL(tcpdns_timeout_recovery) {

10
tests/isc/tlsdns_test.c
View File

@ -52,7 +52,7 @@ start_listening(uint32_t nworkers, isc_nm_accept_cb_t accept_cb,
isc_nm_recv_cb_t recv_cb) {
isc_result_t result = isc_nm_listenstreamdns(
listen_nm, nworkers, &tcp_listen_addr, recv_cb, NULL, accept_cb,
NULL, 128, NULL, tcp_listen_tlsctx, stream_use_PROXY,
NULL, 128, NULL, tcp_listen_tlsctx, get_proxy_type(),
&listen_sock);
assert_int_equal(result, ISC_R_SUCCESS);
@ -64,7 +64,7 @@ tlsdns_connect(isc_nm_t *nm) {
isc_nm_streamdnsconnect(
nm, &tcp_connect_addr, &tcp_listen_addr, connect_connect_cb,
tlsdns_connect, T_CONNECT, tcp_connect_tlsctx,
tcp_tlsctx_client_sess_cache, stream_use_PROXY, NULL);
tcp_tlsctx_client_sess_cache, get_proxy_type(), NULL);
}
ISC_LOOP_TEST_IMPL(tlsdns_noop) {
@ -75,7 +75,7 @@ ISC_LOOP_TEST_IMPL(tlsdns_noop) {
isc_nm_streamdnsconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr,
connect_success_cb, tlsdns_connect, T_CONNECT,
tcp_connect_tlsctx,
tcp_tlsctx_client_sess_cache, stream_use_PROXY,
tcp_tlsctx_client_sess_cache, get_proxy_type(),
NULL);
}
@ -86,7 +86,7 @@ ISC_LOOP_TEST_IMPL(tlsdns_noresponse) {
isc_nm_streamdnsconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr,
connect_connect_cb, tlsdns_connect, T_CONNECT,
tcp_connect_tlsctx,
tcp_tlsctx_client_sess_cache, stream_use_PROXY,
tcp_tlsctx_client_sess_cache, get_proxy_type(),
NULL);
}
@ -109,7 +109,7 @@ ISC_LOOP_TEST_IMPL(tlsdns_timeout_recovery) {
isc_nm_streamdnsconnect(
connect_nm, &tcp_connect_addr, &tcp_listen_addr,
connect_connect_cb, tlsdns_connect, T_SOFT, tcp_connect_tlsctx,
tcp_tlsctx_client_sess_cache, stream_use_PROXY, NULL);
tcp_tlsctx_client_sess_cache, get_proxy_type(), NULL);
}
ISC_LOOP_TEST_IMPL(tlsdns_recv_one) {