# #-- acl_interface.test.scenario --# # source the master var file when it's there [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master # use .tpkg.var.test for in test variable passing [ -f .tpkg.var.test ] && source .tpkg.var.test PRE="../.." . ../common.sh ip addr add $IPV4_ADDR dev lo ip addr add $IPV6_ADDR dev lo ip link set lo up ip link add $INTERFACE type dummy ip addr add $INTERFACE_ADDR_1 dev $INTERFACE ip addr add $INTERFACE_ADDR_2 dev $INTERFACE ip addr add $INTERFACE_ADDR_3 dev $INTERFACE ip addr add $INTERFACE_ADDR_4 dev $INTERFACE ip link set $INTERFACE up # start the forwarder in the background get_ldns_testns $LDNS_TESTNS -p $FORWARD_PORT acl_interface.testns >fwd.log 2>&1 & FWD_PID=$! echo "FWD_PID=$FWD_PID" >> .tpkg.var.test # start the stub in the background $LDNS_TESTNS -p $STUB_PORT acl_interface.testns2 >fwd2.log 2>&1 & STUB_PID=$! echo "STUB_PID=$STUB_PID" >> .tpkg.var.test # start unbound in the background $PRE/unbound -d -c ub.conf >unbound.log 2>&1 & UNBOUND_PID=$! echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test cat .tpkg.var.test wait_ldns_testns_up fwd.log wait_ldns_testns_up fwd2.log wait_unbound_up unbound.log end () { echo "> cat logfiles" cat fwd.log cat fwd2.log cat unbound.log exit $1 } # Query for the given domain to the given port # $1: address family [4, 6] # $2: port # $3: dname query () { addr=$IPV4_ADDR if test "$1" -eq 6; then addr=$IPV6_ADDR fi echo "> dig -p $2 $3" dig @"$addr" -p $2 $3 | tee outfile } # Query for the given domain to the given port # $1: address # $2: port # $3: dname query_addr () { echo "> dig @$1 -p $2 $3" dig @"$1" -p $2 $3 | tee outfile } expect_refused () { echo "> check answer for REFUSED" if grep "REFUSED" outfile; then echo "OK" else echo "Not OK" end 1 fi } expect_external_answer () { echo "> check external answer" if grep "1.2.3.4" outfile; then echo "OK" else echo "Not OK" end 1 fi } expect_internal_answer () { echo "> check internal answer" if grep "10.20.30.40" outfile; then echo "OK" else echo "Not OK" end 1 fi } expect_tag_one_answer () { echo "> check tag 'one' answer" if grep "1.1.1.1" outfile; then echo "OK" else echo "Not OK" end 1 fi } expect_tag_two_answer () { echo "> check tag 'two' answer" if grep "2.2.2.2" outfile; then echo "OK" else echo "Not OK" end 1 fi } # do the test for i in 4 6; do query $i $PORT_REFUSE "www.external" expect_refused query $i $PORT_REFUSE "www.internal" expect_refused query $i $PORT_ALLOW "www.external" expect_external_answer query $i $PORT_ALLOW "www.internal" expect_internal_answer query $i $PORT_TAG_1 "local" expect_tag_one_answer query $i $PORT_TAG_2 "local" expect_tag_two_answer query $i $PORT_TAG_3 "local" expect_refused query $i $PORT_VIEW_INT "www.internal" expect_internal_answer query $i $PORT_VIEW_INT "www.external" expect_refused query $i $PORT_VIEW_EXT "www.internal" expect_refused query $i $PORT_VIEW_EXT "www.external" expect_external_answer query $i $PORT_VIEW_INTEXT "www.internal" expect_internal_answer query $i $PORT_VIEW_INTEXT "www.external" expect_external_answer done for addr in $INTERFACE_ADDR_1 $INTERFACE_ADDR_2 $INTERFACE_ADDR_3 $INTERFACE_ADDR_4; do query_addr $addr $PORT_REFUSE "www.external" expect_refused query_addr $addr $PORT_REFUSE "www.internal" expect_refused query_addr $addr $PORT_ALLOW "www.external" expect_external_answer query_addr $addr $PORT_ALLOW "www.internal" expect_internal_answer query_addr $addr $PORT_TAG_1 "local" expect_tag_one_answer query_addr $addr $PORT_TAG_2 "local" expect_tag_two_answer query_addr $addr $PORT_TAG_3 "local" expect_refused query_addr $addr $PORT_VIEW_INT "www.internal" expect_internal_answer query_addr $addr $PORT_VIEW_INT "www.external" expect_refused query_addr $addr $PORT_VIEW_EXT "www.internal" expect_refused query_addr $addr $PORT_VIEW_EXT "www.external" expect_external_answer query_addr $addr $PORT_VIEW_INTEXT "www.internal" expect_internal_answer query_addr $addr $PORT_VIEW_INTEXT "www.external" expect_external_answer done end 0