# #-- 290-transports.test --# # source the master var file when it's there [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master # use .tpkg.var.test for in test variable passing [ -f .tpkg.var.test ] && source .tpkg.var.test if grep -q '^#define HAVE_SSL_HN_AUTH 1' "${BUILDDIR}/build-stub-only/src/config.h" then HAVE_SSL_HN_AUTH=1 else HAVE_SSL_HN_AUTH=0 fi SERVER_IP="64.6.64.6" SERVER_IPv6="2620:74:1b::1:1" SERVER_IP_TSIG="185.49.141.37^" SERVER_IPv6_TSIG="2a04:b900:0:100::37^" TSIG_ALG="hmac-md5.sig-alg.reg.int" TSIG_NAME="hmac-md5.tsigs.getdnsapi.net" TSIG_SECRET="16G69OTeXW6xSQ==" TLS_SERVER_IP="185.49.141.38~getdnsapi.net" TLS_SERVER_IPv6="2a04:b900:0:100::38~getdnsapi.net" TLS_SERVER_KEY="foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S=" TLS_SERVER_WRONG_KEY="foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc1S=" TLS_SERVER_SS_IP="184.105.193.78~tls-dns-u.odvr.dns-oarc.net" #Self signed cert TLS_SERVER_SS_KEY="pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI=" GOOD_RESULT_SYNC="Status was: At least one response was returned" GOOD_RESULT_ASYNC="successful" BAD_RESULT_SYNC="1 'Generic error'" BAD_RESULT_ASYNC="callback_type of 703" BAD_RESULT_TRANSPORT="None of the configured upstreams could be used to send queries on the specified transports" BAD_RESULT_NO_NAME="GETDNS_RESPSTATUS_NO_NAME" NUM_ARGS=3 GOOD_COUNT=0 FAIL_COUNT=0 check_auth () { local my_auth_ok=0; auth_result=`echo $1 | sed 's/.*tls_auth_status\": .*//'` if [[ $2 == "-" ]] ; then my_auth_ok=1; fi if [[ $2 == "N" ]] && [[ $auth_result == "None" ]]; then my_auth_ok=1; fi if [[ $2 == "F" ]] && [[ $auth_result == "Failed" ]]; then my_auth_ok=1; fi if [[ $2 == "S" ]] && [[ $auth_result == "Success" ]]; then my_auth_ok=1; fi echo $my_auth_ok; } check_trans () { local my_trans_ok=0; trans_result=`echo $1 | sed "s/.*\"transport\": GETDNS_TRANSPORT_//" | sed 's/ }.*//' | sed 's/,.*//'` if [[ $2 == "U" ]] && [[ $trans_result == "UDP" ]]; then my_trans_ok=1; fi if [[ $2 == "T" ]] && [[ $trans_result == "TCP" ]]; then my_trans_ok=1; fi if [[ $2 == "L" ]] && [[ $trans_result == "TLS" ]]; then my_trans_ok=1; fi echo $my_trans_ok; } check_good () { auth_ok=0; result_ok=0; trans_ok=0; result=`echo $1 | sed 's/ All done.'// | sed 's/.*Response code was: GOOD. '//` async_success=`echo $result | grep -c "$GOOD_RESULT_ASYNC"` if [[ $result =~ $GOOD_RESULT_SYNC ]] || [[ $async_success =~ 1 ]]; then result_ok=1; fi if [[ $result_ok == 1 ]] ; then trans_ok=$(check_trans "$1" "$2") auth_ok=$(check_auth "$1" "$3") fi if [[ $result_ok == 1 ]] && [[ $auth_ok == 1 ]] && [[ $trans_ok == 1 ]]; then (( GOOD_COUNT++ )) echo -n "PASS: " else (( FAIL_COUNT++ )) echo "FAIL (RESULT): Result: $result Auth: $auth_ok Trans: $trans_ok" echo -n "FAIL: " fi } check_bad () { result=`echo $1 | grep "An error occurred:" | tail -1 | sed 's/ All done.'//` error=` echo $result | sed 's/An error occurred: //'` if [[ -z $result ]]; then result=`echo $1 | grep "GETDNS_RESPSTATUS_NO_NAME" ` error=` echo $result | sed 's/"status": //'` fi if [[ ! -z $result ]]; then if [[ $error =~ $BAD_RESULT_SYNC ]] || [[ $error =~ $BAD_RESULT_ASYNC ]] || [[ $error =~ $BAD_RESULT_TRANSPORT ]] || [[ $error =~ $BAD_RESULT_NO_NAME ]]; then (( GOOD_COUNT++ )) echo -n "PASS:" else (( FAIL_COUNT++ )) echo "FAIL (RESULT): " $error echo -n "FAIL: " fi else (( FAIL_COUNT++ )) echo "FAIL (RESULT): " $1 echo -n "FAIL: " fi } # disable IPv6, travis cannot handle it? for (( ii = 0; ii < 1; ii++)); do if [[ ii -eq 1 ]]; then SERVER_IP=$SERVER_IPv6 TLS_SERVER_IP=$TLS_SERVER_IPv6 SERVER_IP_TSIG=$SERVER_IPv6_TSIG echo "Using IPv6" fi TLS_SERVER_IP_NO_NAME=`echo ${TLS_SERVER_IP%~*}` TLS_SERVER_SS_IP_NO_NAME=`echo ${TLS_SERVER_SS_IP%~*}` TLS_SERVER_IP_WRONG_NAME=`echo ${TLS_SERVER_IP::${#TLS_SERVER_IP}-1}` SERVER_IP_TSIG_WRONG_NAME=`echo ${SERVER_IP_TSIG}${TSIG_ALG}":"${TSIG_NAME::${#TSIG_NAME}-1}":"${TSIG_SECRET}` SERVER_IP_TSIG_WRONG_SECRET=`echo ${SERVER_IP_TSIG}${TSIG_ALG}":"${TSIG_NAME}":"${TSIG_SECRET::${#TSIG_SECRET}-1}` if [[ $HAVE_SSL_HN_AUTH = 1 ]] then NUM_GOOD_QUERIES=8 GOOD_QUERIES=( "-s -A getdnsapi.net -l U @${SERVER_IP} +edns_cookies" "U" "-" "-s -A getdnsapi.net -l T @${SERVER_IP}" "T" "-" "-s -A getdnsapi.net -l U @${SERVER_IP_TSIG}${TSIG_ALG}:${TSIG_NAME}:${TSIG_SECRET}" "U" "-" "-s -A getdnsapi.net -l U @${SERVER_IP_TSIG}${TSIG_NAME}:${TSIG_SECRET}" "U" "-" "-s -A getdnsapi.net -l L @${TLS_SERVER_IP_NO_NAME}" "L" "N" "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP}" "L" "S" "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S" "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S") # "-s -G DNSKEY getdnsapi.net -l U @${SERVER_IP} -b 512 -D" "U" "-") else NUM_GOOD_QUERIES=6 GOOD_QUERIES=( "-s -A getdnsapi.net -l U @${SERVER_IP} +edns_cookies" "U" "-" "-s -A getdnsapi.net -l T @${SERVER_IP}" "T" "-" "-s -A getdnsapi.net -l U @${SERVER_IP_TSIG}${TSIG_ALG}:${TSIG_NAME}:${TSIG_SECRET}" "U" "-" "-s -A getdnsapi.net -l U @${SERVER_IP_TSIG}${TSIG_NAME}:${TSIG_SECRET}" "U" "-" "-s -A getdnsapi.net -l L @${TLS_SERVER_IP_NO_NAME}" "L" "N" "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S") # "-s -G DNSKEY getdnsapi.net -l U @${SERVER_IP} -b 512 -D" "U" "-") fi #"-s -A getdnsapi.net -l L -m @${TLS_SERVER_SS_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_SS_KEY}\"" "L" "S" NUM_GOOD_FB_QUERIES=6 GOOD_FALLBACK_QUERIES=( "-s -A getdnsapi.net -l LU @${SERVER_IP}" "U" "-" "-s -A getdnsapi.net -l LT @${SERVER_IP}" "T" "-" "-s -A getdnsapi.net -l LT @${TLS_SERVER_IP_NO_NAME}" "L" "N" "-s -A getdnsapi.net -l LT -m @${TLS_SERVER_IP_NO_NAME}" "L" "N" "-s -A getdnsapi.net -l L @${SERVER_IP} @${TLS_SERVER_IP_NO_NAME}" "L" "-" "-s -G DNSKEY getdnsapi.net -l UT @${SERVER_IP} -b 512 -D" "T" "-") NOT_AVAILABLE_QUERIES=( "-s -A getdnsapi.net -l L @${SERVER_IP}" "-s -A getdnsapi.net -l U @${SERVER_IP_TSIG_WRONG_NAME}" "-s -A getdnsapi.net -l U @${SERVER_IP_TSIG_WRONG_SECRET}" "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_WRONG_NAME}" "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME}" "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\"" "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP} -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\"" "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_WRONG_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_WRONG_NAME} -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\"") #"-s -A getdnsapi.net -l L -m @${TLS_SERVER_SS_IP} -K pin-sha256=\"${TLS_SERVER_SS_KEY}\"" echo "Starting transport test" echo for (( i = 0; i < 2; i+=1 )); do if [[ i -eq 0 ]]; then echo "**SYNC Mode**" else echo echo "**ASYNC Mode**" SYNC_MODE=" -a " fi echo "*Success cases:" for (( j = 0; j < $NUM_GOOD_QUERIES; j+=1 )); do check_good "`"${GETDNS_STUB_QUERY}" -V +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} `" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]} echo "getdns_query $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]}" (( COUNT++ )) done echo "*Success fallback cases:" for (( j = 0; j < $NUM_GOOD_FB_QUERIES; j+=1 )); do check_good "`"${GETDNS_STUB_QUERY}" -V +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]} echo "getdns_query $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} TESTS: ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}" (( COUNT++ )) done echo "*Transport not available cases:" for (( j = 0; j < ${#NOT_AVAILABLE_QUERIES[@]}; j+=1 )); do check_bad "`"${GETDNS_STUB_QUERY}" -V $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`" echo "getdns_query $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]}" (( COUNT++ )) done done echo done echo echo "Finished transport test: did $COUNT queries, $GOOD_COUNT passes, $FAIL_COUNT failures" echo if [[ $FAIL_COUNT -gt 0 ]] then exit 1 fi