diff --git a/tests/isc/netmgr_common.c b/tests/isc/netmgr_common.c index 45f76fe34e..35375ebda5 100644 --- a/tests/isc/netmgr_common.c +++ b/tests/isc/netmgr_common.c @@ -103,6 +103,7 @@ bool allow_send_back = false; bool noanswer = false; bool stream_use_TLS = false; bool stream_use_PROXY = false; +bool stream_PROXY_over_TLS = false; bool stream = false; in_port_t stream_port = 0; @@ -607,14 +608,19 @@ get_proxyheader_info(void) { static void proxystream_connect(isc_nm_t *nm) { + isc_tlsctx_t *tlsctx = stream_PROXY_over_TLS ? tcp_connect_tlsctx + : NULL; + isc_tlsctx_client_session_cache_t *sess_cache = + stream_PROXY_over_TLS ? tcp_tlsctx_client_sess_cache : NULL; + isc_nm_proxystreamconnect(nm, &tcp_connect_addr, &tcp_listen_addr, - connect_connect_cb, NULL, T_CONNECT, NULL, - NULL, get_proxyheader_info()); + connect_connect_cb, NULL, T_CONNECT, tlsctx, + sess_cache, get_proxyheader_info()); } stream_connect_function get_stream_connect_function(void) { - if (stream_use_TLS) { + if (stream_use_TLS && !stream_PROXY_over_TLS) { return (tls_connect); } else if (stream_use_PROXY) { return (proxystream_connect); @@ -630,16 +636,18 @@ stream_listen(isc_nm_accept_cb_t accept_cb, void *accept_cbarg, int backlog, isc_quota_t *quota, isc_nmsocket_t **sockp) { isc_result_t result = ISC_R_SUCCESS; - if (stream_use_TLS) { + if (stream_use_TLS && !stream_PROXY_over_TLS) { result = isc_nm_listentls( listen_nm, ISC_NM_LISTEN_ALL, &tcp_listen_addr, accept_cb, accept_cbarg, backlog, quota, tcp_listen_tlsctx, stream_use_PROXY, sockp); return (result); } else if (stream_use_PROXY) { + isc_tlsctx_t *tlsctx = stream_PROXY_over_TLS ? tcp_listen_tlsctx + : NULL; result = isc_nm_listenproxystream( listen_nm, ISC_NM_LISTEN_ALL, &tcp_listen_addr, - accept_cb, accept_cbarg, backlog, quota, NULL, sockp); + accept_cb, accept_cbarg, backlog, quota, tlsctx, sockp); return (result); } else { result = isc_nm_listentcp(listen_nm, ISC_NM_LISTEN_ALL, @@ -655,16 +663,23 @@ void stream_connect(isc_nm_cb_t cb, void *cbarg, unsigned int timeout) { isc_refcount_increment0(&active_cconnects); - if (stream_use_TLS) { + if (stream_use_TLS && !stream_PROXY_over_TLS) { isc_nm_tlsconnect( connect_nm, &tcp_connect_addr, &tcp_listen_addr, cb, cbarg, tcp_connect_tlsctx, tcp_tlsctx_client_sess_cache, timeout, stream_use_PROXY, NULL); return; } else if (stream_use_PROXY) { + isc_tlsctx_t *tlsctx = stream_PROXY_over_TLS + ? tcp_connect_tlsctx + : NULL; + isc_tlsctx_client_session_cache_t *sess_cache = + stream_PROXY_over_TLS ? tcp_tlsctx_client_sess_cache + : NULL; isc_nm_proxystreamconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr, cb, cbarg, timeout, - NULL, NULL, get_proxyheader_info()); + tlsctx, sess_cache, + get_proxyheader_info()); return; } else { isc_nm_tcpconnect(connect_nm, &tcp_connect_addr, @@ -674,6 +689,17 @@ stream_connect(isc_nm_cb_t cb, void *cbarg, unsigned int timeout) { UNREACHABLE(); } +isc_nm_proxy_type_t +get_proxy_type(void) { + if (!stream_use_PROXY) { + return (ISC_NM_PROXY_NONE); + } else if (stream_PROXY_over_TLS) { + return (ISC_NM_PROXY_ENCRYPTED); + } + + return (ISC_NM_PROXY_PLAIN); +} + void connect_success_cb(isc_nmhandle_t *handle, isc_result_t eresult, void *cbarg) { UNUSED(handle); @@ -703,6 +729,12 @@ proxystream_noop_setup(void **state) { return (stream_noop_setup(state)); } +int +proxystreamtls_noop_setup(void **state) { + stream_PROXY_over_TLS = true; + return (proxystream_noop_setup(state)); +} + void stream_noop(void **state ISC_ATTR_UNUSED) { isc_result_t result = ISC_R_SUCCESS; @@ -733,6 +765,14 @@ proxystream_noop_teardown(void **state) { return (r); } +int +proxystreamtls_noop_teardown(void **state) { + int r = proxystream_noop_teardown(state); + stream_PROXY_over_TLS = false; + + return (r); +} + static void noresponse_readcb(isc_nmhandle_t *handle, isc_result_t eresult, isc_region_t *region, void *cbarg) { @@ -811,6 +851,19 @@ proxystream_noresponse_teardown(void **state) { return (r); } +int +proxystreamtls_noresponse_setup(void **state) { + stream_PROXY_over_TLS = true; + return (proxystream_noresponse_setup(state)); +} + +int +proxystreamtls_noresponse_teardown(void **state) { + int r = proxystream_noresponse_teardown(state); + stream_PROXY_over_TLS = false; + return (r); +} + void stream_noresponse(void **state ISC_ATTR_UNUSED) { isc_result_t result = ISC_R_SUCCESS; @@ -864,6 +917,19 @@ proxystream_timeout_recovery_teardown(void **state) { return (r); } +int +proxystreamtls_timeout_recovery_setup(void **state) { + stream_PROXY_over_TLS = true; + return (proxystream_timeout_recovery_setup(state)); +} + +int +proxystreamtls_timeout_recovery_teardown(void **state) { + int r = proxystream_timeout_recovery_teardown(state); + stream_PROXY_over_TLS = false; + return (r); +} + void stream_timeout_recovery(void **state ISC_ATTR_UNUSED) { isc_result_t result = ISC_R_SUCCESS; @@ -929,6 +995,19 @@ proxystream_recv_one_teardown(void **state) { return (r); } +int +proxystreamtls_recv_one_setup(void **state) { + stream_PROXY_over_TLS = true; + return (proxystream_recv_one_setup(state)); +} + +int +proxystreamtls_recv_one_teardown(void **state) { + int r = proxystream_recv_one_teardown(state); + stream_PROXY_over_TLS = false; + return (r); +} + void stream_recv_one(void **state ISC_ATTR_UNUSED) { isc_result_t result = ISC_R_SUCCESS; @@ -994,6 +1073,19 @@ proxystream_recv_two_teardown(void **state) { return (r); } +int +proxystreamtls_recv_two_setup(void **state) { + stream_PROXY_over_TLS = true; + return (proxystream_recv_two_setup(state)); +} + +int +proxystreamtls_recv_two_teardown(void **state) { + int r = proxystream_recv_two_teardown(state); + stream_PROXY_over_TLS = false; + return (r); +} + void stream_recv_two(void **state ISC_ATTR_UNUSED) { isc_result_t result = ISC_R_SUCCESS; @@ -1047,6 +1139,19 @@ proxystream_recv_send_teardown(void **state) { return (r); } +int +proxystreamtls_recv_send_setup(void **state) { + stream_PROXY_over_TLS = true; + return (proxystream_recv_send_setup(state)); +} + +int +proxystreamtls_recv_send_teardown(void **state) { + int r = proxystream_recv_send_teardown(state); + stream_PROXY_over_TLS = false; + return (r); +} + void stream_recv_send(void **state ISC_ATTR_UNUSED) { isc_result_t result = ISC_R_SUCCESS; diff --git a/tests/isc/netmgr_common.h b/tests/isc/netmgr_common.h index a6729b5fe4..4e3d2be0a2 100644 --- a/tests/isc/netmgr_common.h +++ b/tests/isc/netmgr_common.h @@ -131,6 +131,7 @@ extern bool allow_send_back; extern bool noanswer; extern bool stream_use_TLS; extern bool stream_use_PROXY; +extern bool stream_PROXY_over_TLS; extern bool stream; extern in_port_t stream_port; @@ -288,6 +289,9 @@ stream_connect(isc_nm_cb_t cb, void *cbarg, unsigned int timeout); isc_nm_proxyheader_info_t * get_proxyheader_info(void); +isc_nm_proxy_type_t +get_proxy_type(void); + int stream_noop_setup(void **state ISC_ATTR_UNUSED); void @@ -300,6 +304,11 @@ proxystream_noop_setup(void **state); int proxystream_noop_teardown(void **state); +int +proxystreamtls_noop_setup(void **state); +int +proxystreamtls_noop_teardown(void **state); + int stream_noresponse_setup(void **state ISC_ATTR_UNUSED); void @@ -312,6 +321,11 @@ proxystream_noresponse_setup(void **state); int proxystream_noresponse_teardown(void **state); +int +proxystreamtls_noresponse_setup(void **state); +int +proxystreamtls_noresponse_teardown(void **state); + int stream_timeout_recovery_setup(void **state ISC_ATTR_UNUSED); void @@ -324,6 +338,11 @@ proxystream_timeout_recovery_setup(void **state); int proxystream_timeout_recovery_teardown(void **state); +int +proxystreamtls_timeout_recovery_setup(void **state); +int +proxystreamtls_timeout_recovery_teardown(void **state); + int stream_recv_one_setup(void **state ISC_ATTR_UNUSED); void @@ -336,6 +355,11 @@ proxystream_recv_one_setup(void **state); int proxystream_recv_one_teardown(void **state); +int +proxystreamtls_recv_one_setup(void **state); +int +proxystreamtls_recv_one_teardown(void **state); + int stream_recv_two_setup(void **state ISC_ATTR_UNUSED); void @@ -348,6 +372,11 @@ proxystream_recv_two_setup(void **state); int proxystream_recv_two_teardown(void **state); +int +proxystreamtls_recv_two_setup(void **state); +int +proxystreamtls_recv_two_teardown(void **state); + int stream_recv_send_setup(void **state ISC_ATTR_UNUSED); void @@ -362,6 +391,11 @@ proxystream_recv_send_setup(void **state); int proxystream_recv_send_teardown(void **state); +int +proxystreamtls_recv_send_setup(void **state); +int +proxystreamtls_recv_send_teardown(void **state); + int stream_shutdownconnect_setup(void **state ISC_ATTR_UNUSED); void @@ -374,6 +408,11 @@ proxystream_shutdownconnect_setup(void **state); int proxystream_shutdownconnect_teardown(void **state); +int +proxystreamtls_shutdownconnect_setup(void **state); +int +proxystreamtls_shutdownconnect_teardown(void **state); + int stream_shutdownread_setup(void **state ISC_ATTR_UNUSED); void @@ -386,5 +425,10 @@ proxystream_shutdownread_setup(void **state); int proxystream_shutdownread_teardown(void **state); +int +proxystreamtls_shutdownread_setup(void **state); +int +proxystreamtls_shutdownread_teardown(void **state); + void stop_listening(void *arg ISC_ATTR_UNUSED); diff --git a/tests/isc/stream_shutdown.c b/tests/isc/stream_shutdown.c index bf466bb21e..09b7ef0b69 100644 --- a/tests/isc/stream_shutdown.c +++ b/tests/isc/stream_shutdown.c @@ -72,6 +72,19 @@ proxystream_shutdownconnect_teardown(void **state) { return (r); } +int +proxystreamtls_shutdownconnect_setup(void **state) { + stream_PROXY_over_TLS = true; + return (proxystream_shutdownconnect_setup(state)); +} + +int +proxystreamtls_shutdownconnect_teardown(void **state) { + int r = proxystream_shutdownconnect_teardown(state); + stream_PROXY_over_TLS = false; + return (r); +} + void stream_shutdownconnect(void **state ISC_ATTR_UNUSED) { isc_result_t result = stream_listen(stream_accept_cb, NULL, 128, NULL, @@ -174,6 +187,19 @@ proxystream_shutdownread_teardown(void **state) { return (r); } +int +proxystreamtls_shutdownread_setup(void **state) { + stream_PROXY_over_TLS = true; + return (proxystream_shutdownread_setup(state)); +} + +int +proxystreamtls_shutdownread_teardown(void **state) { + int r = proxystream_shutdownread_teardown(state); + stream_PROXY_over_TLS = false; + return (r); +} + void stream_shutdownread(void **state ISC_ATTR_UNUSED) { isc_result_t result = stream_listen(stream_accept_cb, NULL, 128, NULL, diff --git a/tests/isc/tcpdns_test.c b/tests/isc/tcpdns_test.c index 6b562d1fb7..fd7f23414c 100644 --- a/tests/isc/tcpdns_test.c +++ b/tests/isc/tcpdns_test.c @@ -53,7 +53,7 @@ start_listening(uint32_t nworkers, isc_nm_accept_cb_t accept_cb, isc_nm_recv_cb_t recv_cb) { isc_result_t result = isc_nm_listenstreamdns( listen_nm, nworkers, &tcp_listen_addr, recv_cb, NULL, accept_cb, - NULL, 128, NULL, NULL, stream_use_PROXY, &listen_sock); + NULL, 128, NULL, NULL, get_proxy_type(), &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); isc_loop_teardown(mainloop, stop_listening, listen_sock); @@ -63,7 +63,7 @@ static void tcpdns_connect(isc_nm_t *nm) { isc_nm_streamdnsconnect(nm, &tcp_connect_addr, &tcp_listen_addr, connect_connect_cb, tcpdns_connect, T_CONNECT, - NULL, NULL, stream_use_PROXY, NULL); + NULL, NULL, get_proxy_type(), NULL); } ISC_LOOP_TEST_IMPL(tcpdns_noop) { @@ -73,7 +73,7 @@ ISC_LOOP_TEST_IMPL(tcpdns_noop) { isc_refcount_increment0(&active_cconnects); isc_nm_streamdnsconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr, connect_success_cb, tcpdns_connect, T_CONNECT, - NULL, NULL, stream_use_PROXY, NULL); + NULL, NULL, get_proxy_type(), NULL); } ISC_LOOP_TEST_IMPL(tcpdns_noresponse) { @@ -82,7 +82,7 @@ ISC_LOOP_TEST_IMPL(tcpdns_noresponse) { isc_refcount_increment0(&active_cconnects); isc_nm_streamdnsconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr, connect_connect_cb, tcpdns_connect, T_CONNECT, - NULL, NULL, stream_use_PROXY, NULL); + NULL, NULL, get_proxy_type(), NULL); } ISC_LOOP_TEST_IMPL(tcpdns_timeout_recovery) { diff --git a/tests/isc/tlsdns_test.c b/tests/isc/tlsdns_test.c index 9f98ed3ebc..0bd257b48f 100644 --- a/tests/isc/tlsdns_test.c +++ b/tests/isc/tlsdns_test.c @@ -52,7 +52,7 @@ start_listening(uint32_t nworkers, isc_nm_accept_cb_t accept_cb, isc_nm_recv_cb_t recv_cb) { isc_result_t result = isc_nm_listenstreamdns( listen_nm, nworkers, &tcp_listen_addr, recv_cb, NULL, accept_cb, - NULL, 128, NULL, tcp_listen_tlsctx, stream_use_PROXY, + NULL, 128, NULL, tcp_listen_tlsctx, get_proxy_type(), &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); @@ -64,7 +64,7 @@ tlsdns_connect(isc_nm_t *nm) { isc_nm_streamdnsconnect( nm, &tcp_connect_addr, &tcp_listen_addr, connect_connect_cb, tlsdns_connect, T_CONNECT, tcp_connect_tlsctx, - tcp_tlsctx_client_sess_cache, stream_use_PROXY, NULL); + tcp_tlsctx_client_sess_cache, get_proxy_type(), NULL); } ISC_LOOP_TEST_IMPL(tlsdns_noop) { @@ -75,7 +75,7 @@ ISC_LOOP_TEST_IMPL(tlsdns_noop) { isc_nm_streamdnsconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr, connect_success_cb, tlsdns_connect, T_CONNECT, tcp_connect_tlsctx, - tcp_tlsctx_client_sess_cache, stream_use_PROXY, + tcp_tlsctx_client_sess_cache, get_proxy_type(), NULL); } @@ -86,7 +86,7 @@ ISC_LOOP_TEST_IMPL(tlsdns_noresponse) { isc_nm_streamdnsconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr, connect_connect_cb, tlsdns_connect, T_CONNECT, tcp_connect_tlsctx, - tcp_tlsctx_client_sess_cache, stream_use_PROXY, + tcp_tlsctx_client_sess_cache, get_proxy_type(), NULL); } @@ -109,7 +109,7 @@ ISC_LOOP_TEST_IMPL(tlsdns_timeout_recovery) { isc_nm_streamdnsconnect( connect_nm, &tcp_connect_addr, &tcp_listen_addr, connect_connect_cb, tlsdns_connect, T_SOFT, tcp_connect_tlsctx, - tcp_tlsctx_client_sess_cache, stream_use_PROXY, NULL); + tcp_tlsctx_client_sess_cache, get_proxy_type(), NULL); } ISC_LOOP_TEST_IMPL(tlsdns_recv_one) {