diff options
Diffstat (limited to 'contrib/unbound/testcode/unitmain.c')
| -rw-r--r-- | contrib/unbound/testcode/unitmain.c | 1401 |
1 files changed, 1401 insertions, 0 deletions
diff --git a/contrib/unbound/testcode/unitmain.c b/contrib/unbound/testcode/unitmain.c new file mode 100644 index 000000000000..07c016d7ba74 --- /dev/null +++ b/contrib/unbound/testcode/unitmain.c @@ -0,0 +1,1401 @@ +/* + * testcode/unitmain.c - unit test main program for unbound. + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +/** + * \file + * Unit test main program. Calls all the other unit tests. + * Exits with code 1 on a failure. 0 if all unit tests are successful. + */ + +#include "config.h" +#ifdef HAVE_OPENSSL_ERR_H +#include <openssl/err.h> +#endif + +#ifdef HAVE_OPENSSL_RAND_H +#include <openssl/rand.h> +#endif + +#ifdef HAVE_OPENSSL_CONF_H +#include <openssl/conf.h> +#endif + +#ifdef HAVE_OPENSSL_ENGINE_H +#include <openssl/engine.h> +#endif + +#ifdef HAVE_NSS +/* nss3 */ +#include "nss.h" +#endif + +#include "sldns/rrdef.h" +#include "sldns/keyraw.h" +#include "util/log.h" +#include "testcode/unitmain.h" + +/** number of tests done */ +int testcount = 0; + +#include "util/alloc.h" +/** test alloc code */ +static void +alloc_test(void) { + alloc_special_type *t1, *t2; + struct alloc_cache major, minor1, minor2; + int i; + + unit_show_feature("alloc_special_obtain"); + alloc_init(&major, NULL, 0); + alloc_init(&minor1, &major, 0); + alloc_init(&minor2, &major, 1); + + t1 = alloc_special_obtain(&minor1); + alloc_clear(&minor1); + + alloc_special_release(&minor2, t1); + t2 = alloc_special_obtain(&minor2); + unit_assert( t1 == t2 ); /* reused */ + alloc_special_release(&minor2, t1); + + for(i=0; i<100; i++) { + t1 = alloc_special_obtain(&minor1); + alloc_special_release(&minor2, t1); + } + if(0) { + alloc_stats(&minor1); + alloc_stats(&minor2); + alloc_stats(&major); + } + /* reuse happened */ + unit_assert(minor1.num_quar + minor2.num_quar + major.num_quar == 11); + + alloc_clear(&minor1); + alloc_clear(&minor2); + unit_assert(major.num_quar == 11); + alloc_clear(&major); +} + +#include "util/net_help.h" +/** test net code */ +static void +net_test(void) +{ + const char* t4[] = {"\000\000\000\000", + "\200\000\000\000", + "\300\000\000\000", + "\340\000\000\000", + "\360\000\000\000", + "\370\000\000\000", + "\374\000\000\000", + "\376\000\000\000", + "\377\000\000\000", + "\377\200\000\000", + "\377\300\000\000", + "\377\340\000\000", + "\377\360\000\000", + "\377\370\000\000", + "\377\374\000\000", + "\377\376\000\000", + "\377\377\000\000", + "\377\377\200\000", + "\377\377\300\000", + "\377\377\340\000", + "\377\377\360\000", + "\377\377\370\000", + "\377\377\374\000", + "\377\377\376\000", + "\377\377\377\000", + "\377\377\377\200", + "\377\377\377\300", + "\377\377\377\340", + "\377\377\377\360", + "\377\377\377\370", + "\377\377\377\374", + "\377\377\377\376", + "\377\377\377\377", + "\377\377\377\377", + "\377\377\377\377", + }; + unit_show_func("util/net_help.c", "str_is_ip6"); + unit_assert( str_is_ip6("::") ); + unit_assert( str_is_ip6("::1") ); + unit_assert( str_is_ip6("2001:7b8:206:1:240:f4ff:fe37:8810") ); + unit_assert( str_is_ip6("fe80::240:f4ff:fe37:8810") ); + unit_assert( !str_is_ip6("0.0.0.0") ); + unit_assert( !str_is_ip6("213.154.224.12") ); + unit_assert( !str_is_ip6("213.154.224.255") ); + unit_assert( !str_is_ip6("255.255.255.0") ); + unit_show_func("util/net_help.c", "is_pow2"); + unit_assert( is_pow2(0) ); + unit_assert( is_pow2(1) ); + unit_assert( is_pow2(2) ); + unit_assert( is_pow2(4) ); + unit_assert( is_pow2(8) ); + unit_assert( is_pow2(16) ); + unit_assert( is_pow2(1024) ); + unit_assert( is_pow2(1024*1024) ); + unit_assert( is_pow2(1024*1024*1024) ); + unit_assert( !is_pow2(3) ); + unit_assert( !is_pow2(5) ); + unit_assert( !is_pow2(6) ); + unit_assert( !is_pow2(7) ); + unit_assert( !is_pow2(9) ); + unit_assert( !is_pow2(10) ); + unit_assert( !is_pow2(11) ); + unit_assert( !is_pow2(17) ); + unit_assert( !is_pow2(23) ); + unit_assert( !is_pow2(257) ); + unit_assert( !is_pow2(259) ); + + /* test addr_mask */ + unit_show_func("util/net_help.c", "addr_mask"); + if(1) { + struct sockaddr_in a4; + struct sockaddr_in6 a6; + socklen_t l4 = (socklen_t)sizeof(a4); + socklen_t l6 = (socklen_t)sizeof(a6); + int i; + a4.sin_family = AF_INET; + a6.sin6_family = AF_INET6; + for(i=0; i<35; i++) { + /* address 255.255.255.255 */ + memcpy(&a4.sin_addr, "\377\377\377\377", 4); + addr_mask((struct sockaddr_storage*)&a4, l4, i); + unit_assert(memcmp(&a4.sin_addr, t4[i], 4) == 0); + } + memcpy(&a6.sin6_addr, "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 16); + addr_mask((struct sockaddr_storage*)&a6, l6, 128); + unit_assert(memcmp(&a6.sin6_addr, "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 16) == 0); + addr_mask((struct sockaddr_storage*)&a6, l6, 122); + unit_assert(memcmp(&a6.sin6_addr, "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\300", 16) == 0); + addr_mask((struct sockaddr_storage*)&a6, l6, 120); + unit_assert(memcmp(&a6.sin6_addr, "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\000", 16) == 0); + addr_mask((struct sockaddr_storage*)&a6, l6, 64); + unit_assert(memcmp(&a6.sin6_addr, "\377\377\377\377\377\377\377\377\000\000\000\000\000\000\000\000", 16) == 0); + /* Check that negative value in net is not problematic. */ + addr_mask((struct sockaddr_storage*)&a6, l6, -100); + addr_mask((struct sockaddr_storage*)&a6, l6, 0); + unit_assert(memcmp(&a6.sin6_addr, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 16) == 0); + } + + /* test addr_in_common */ + unit_show_func("util/net_help.c", "addr_in_common"); + if(1) { + struct sockaddr_in a4, b4; + struct sockaddr_in6 a6, b6; + socklen_t l4 = (socklen_t)sizeof(a4); + socklen_t l6 = (socklen_t)sizeof(a6); + int i; + a4.sin_family = AF_INET; + b4.sin_family = AF_INET; + a6.sin6_family = AF_INET6; + b6.sin6_family = AF_INET6; + memcpy(&a4.sin_addr, "abcd", 4); + memcpy(&b4.sin_addr, "abcd", 4); + unit_assert(addr_in_common((struct sockaddr_storage*)&a4, 32, + (struct sockaddr_storage*)&b4, 32, l4) == 32); + unit_assert(addr_in_common((struct sockaddr_storage*)&a4, 34, + (struct sockaddr_storage*)&b4, 32, l4) == 32); + for(i=0; i<=32; i++) { + unit_assert(addr_in_common( + (struct sockaddr_storage*)&a4, 32, + (struct sockaddr_storage*)&b4, i, l4) == i); + unit_assert(addr_in_common( + (struct sockaddr_storage*)&a4, i, + (struct sockaddr_storage*)&b4, 32, l4) == i); + unit_assert(addr_in_common( + (struct sockaddr_storage*)&a4, i, + (struct sockaddr_storage*)&b4, i, l4) == i); + } + for(i=0; i<=32; i++) { + memcpy(&a4.sin_addr, "\377\377\377\377", 4); + memcpy(&b4.sin_addr, t4[i], 4); + unit_assert(addr_in_common( + (struct sockaddr_storage*)&a4, 32, + (struct sockaddr_storage*)&b4, 32, l4) == i); + unit_assert(addr_in_common( + (struct sockaddr_storage*)&b4, 32, + (struct sockaddr_storage*)&a4, 32, l4) == i); + } + memcpy(&a6.sin6_addr, "abcdefghabcdefgh", 16); + memcpy(&b6.sin6_addr, "abcdefghabcdefgh", 16); + unit_assert(addr_in_common((struct sockaddr_storage*)&a6, 128, + (struct sockaddr_storage*)&b6, 128, l6) == 128); + unit_assert(addr_in_common((struct sockaddr_storage*)&a6, 129, + (struct sockaddr_storage*)&b6, 128, l6) == 128); + for(i=0; i<=128; i++) { + unit_assert(addr_in_common( + (struct sockaddr_storage*)&a6, 128, + (struct sockaddr_storage*)&b6, i, l6) == i); + unit_assert(addr_in_common( + (struct sockaddr_storage*)&a6, i, + (struct sockaddr_storage*)&b6, 128, l6) == i); + unit_assert(addr_in_common( + (struct sockaddr_storage*)&a6, i, + (struct sockaddr_storage*)&b6, i, l6) == i); + } + } + /* test netblockstrtoaddr */ + unit_show_func("util/net_help.c", "netblockstrtoaddr"); + if(1) { + struct sockaddr_storage a; + socklen_t alen = 0; + int net = 0, res; + char astr[128]; + memset(&a, 0, sizeof(a)); + + res = netblockstrtoaddr("1.2.3.0/24", 53, &a, &alen, &net); + unit_assert(res!=0 && net == 24); + addr_to_str(&a, alen, astr, sizeof(astr)); + unit_assert(strcmp(astr, "1.2.3.0") == 0); + unit_assert(ntohs(((struct sockaddr_in*)&a)->sin_port)==53); + + res = netblockstrtoaddr("2001:DB8:33:44::/64", 53, + &a, &alen, &net); + unit_assert(res!=0 && net == 64); + addr_to_str(&a, alen, astr, sizeof(astr)); + unit_assert(strcmp(astr, "2001:db8:33:44::") == 0); + unit_assert(ntohs(((struct sockaddr_in6*)&a)->sin6_port)==53); + } + /* test sockaddr_cmp_addr */ + unit_show_func("util/net_help.c", "sockaddr_cmp_addr"); + if(1) { + struct sockaddr_storage a, b; + socklen_t alen = (socklen_t)sizeof(a); + socklen_t blen = (socklen_t)sizeof(b); + unit_assert(ipstrtoaddr("127.0.0.0", 53, &a, &alen)); + unit_assert(ipstrtoaddr("127.255.255.255", 53, &b, &blen)); + unit_assert(sockaddr_cmp_addr(&a, alen, &b, blen) < 0); + unit_assert(sockaddr_cmp_addr(&b, blen, &a, alen) > 0); + unit_assert(sockaddr_cmp_addr(&a, alen, &a, alen) == 0); + unit_assert(sockaddr_cmp_addr(&b, blen, &b, blen) == 0); + unit_assert(ipstrtoaddr("192.168.121.5", 53, &a, &alen)); + unit_assert(sockaddr_cmp_addr(&a, alen, &b, blen) > 0); + unit_assert(sockaddr_cmp_addr(&b, blen, &a, alen) < 0); + unit_assert(sockaddr_cmp_addr(&a, alen, &a, alen) == 0); + unit_assert(ipstrtoaddr("2001:3578:ffeb::99", 53, &b, &blen)); + unit_assert(sockaddr_cmp_addr(&b, blen, &b, blen) == 0); + unit_assert(sockaddr_cmp_addr(&a, alen, &b, blen) < 0); + unit_assert(sockaddr_cmp_addr(&b, blen, &a, alen) > 0); + } + /* test addr_is_ip4mapped */ + unit_show_func("util/net_help.c", "addr_is_ip4mapped"); + if(1) { + struct sockaddr_storage a; + socklen_t l = (socklen_t)sizeof(a); + unit_assert(ipstrtoaddr("12.13.14.15", 53, &a, &l)); + unit_assert(!addr_is_ip4mapped(&a, l)); + unit_assert(ipstrtoaddr("fe80::217:31ff:fe91:df", 53, &a, &l)); + unit_assert(!addr_is_ip4mapped(&a, l)); + unit_assert(ipstrtoaddr("ffff::217:31ff:fe91:df", 53, &a, &l)); + unit_assert(!addr_is_ip4mapped(&a, l)); + unit_assert(ipstrtoaddr("::ffff:31ff:fe91:df", 53, &a, &l)); + unit_assert(!addr_is_ip4mapped(&a, l)); + unit_assert(ipstrtoaddr("::fffe:fe91:df", 53, &a, &l)); + unit_assert(!addr_is_ip4mapped(&a, l)); + unit_assert(ipstrtoaddr("::ffff:127.0.0.1", 53, &a, &l)); + unit_assert(addr_is_ip4mapped(&a, l)); + unit_assert(ipstrtoaddr("::ffff:127.0.0.2", 53, &a, &l)); + unit_assert(addr_is_ip4mapped(&a, l)); + unit_assert(ipstrtoaddr("::ffff:192.168.0.2", 53, &a, &l)); + unit_assert(addr_is_ip4mapped(&a, l)); + unit_assert(ipstrtoaddr("2::ffff:192.168.0.2", 53, &a, &l)); + unit_assert(!addr_is_ip4mapped(&a, l)); + } + /* test addr_is_any */ + unit_show_func("util/net_help.c", "addr_is_any"); + if(1) { + struct sockaddr_storage a; + socklen_t l = (socklen_t)sizeof(a); + unit_assert(ipstrtoaddr("0.0.0.0", 53, &a, &l)); + unit_assert(addr_is_any(&a, l)); + unit_assert(ipstrtoaddr("0.0.0.0", 10053, &a, &l)); + unit_assert(addr_is_any(&a, l)); + unit_assert(ipstrtoaddr("0.0.0.0", 0, &a, &l)); + unit_assert(addr_is_any(&a, l)); + unit_assert(ipstrtoaddr("::0", 0, &a, &l)); + unit_assert(addr_is_any(&a, l)); + unit_assert(ipstrtoaddr("::0", 53, &a, &l)); + unit_assert(addr_is_any(&a, l)); + unit_assert(ipstrtoaddr("::1", 53, &a, &l)); + unit_assert(!addr_is_any(&a, l)); + unit_assert(ipstrtoaddr("2001:1667::1", 0, &a, &l)); + unit_assert(!addr_is_any(&a, l)); + unit_assert(ipstrtoaddr("2001::0", 0, &a, &l)); + unit_assert(!addr_is_any(&a, l)); + unit_assert(ipstrtoaddr("10.0.0.0", 0, &a, &l)); + unit_assert(!addr_is_any(&a, l)); + unit_assert(ipstrtoaddr("0.0.0.10", 0, &a, &l)); + unit_assert(!addr_is_any(&a, l)); + unit_assert(ipstrtoaddr("192.0.2.1", 0, &a, &l)); + unit_assert(!addr_is_any(&a, l)); + } +} + +#include "util/config_file.h" +/** test config_file: cfg_parse_memsize */ +static void +config_memsize_test(void) +{ + size_t v = 0; + unit_show_func("util/config_file.c", "cfg_parse_memsize"); + if(0) { + /* these emit errors */ + unit_assert( cfg_parse_memsize("", &v) == 0); + unit_assert( cfg_parse_memsize("bla", &v) == 0); + unit_assert( cfg_parse_memsize("nop", &v) == 0); + unit_assert( cfg_parse_memsize("n0b", &v) == 0); + unit_assert( cfg_parse_memsize("gb", &v) == 0); + unit_assert( cfg_parse_memsize("b", &v) == 0); + unit_assert( cfg_parse_memsize("kb", &v) == 0); + unit_assert( cfg_parse_memsize("kk kb", &v) == 0); + } + unit_assert( cfg_parse_memsize("0", &v) && v==0); + unit_assert( cfg_parse_memsize("1", &v) && v==1); + unit_assert( cfg_parse_memsize("10", &v) && v==10); + unit_assert( cfg_parse_memsize("10b", &v) && v==10); + unit_assert( cfg_parse_memsize("5b", &v) && v==5); + unit_assert( cfg_parse_memsize("1024", &v) && v==1024); + unit_assert( cfg_parse_memsize("1k", &v) && v==1024); + unit_assert( cfg_parse_memsize("1K", &v) && v==1024); + unit_assert( cfg_parse_memsize("1Kb", &v) && v==1024); + unit_assert( cfg_parse_memsize("1kb", &v) && v==1024); + unit_assert( cfg_parse_memsize("1 kb", &v) && v==1024); + unit_assert( cfg_parse_memsize("10 kb", &v) && v==10240); + unit_assert( cfg_parse_memsize("2k", &v) && v==2048); + unit_assert( cfg_parse_memsize("2m", &v) && v==2048*1024); + unit_assert( cfg_parse_memsize("3M", &v) && v==3072*1024); + unit_assert( cfg_parse_memsize("40m", &v) && v==40960*1024); + unit_assert( cfg_parse_memsize("1G", &v) && v==1024*1024*1024); + unit_assert( cfg_parse_memsize("1 Gb", &v) && v==1024*1024*1024); + unit_assert( cfg_parse_memsize("0 Gb", &v) && v==0*1024*1024); +} + +/** test config_file: test tag code */ +static void +config_tag_test(void) +{ + unit_show_func("util/config_file.c", "taglist_intersect"); + unit_assert( taglist_intersect( + (uint8_t*)"\000\000\000", 3, (uint8_t*)"\001\000\001", 3 + ) == 0); + unit_assert( taglist_intersect( + (uint8_t*)"\000\000\001", 3, (uint8_t*)"\001\000\001", 3 + ) == 1); + unit_assert( taglist_intersect( + (uint8_t*)"\001\000\000", 3, (uint8_t*)"\001\000\001", 3 + ) == 1); + unit_assert( taglist_intersect( + (uint8_t*)"\001", 1, (uint8_t*)"\001\000\001", 3 + ) == 1); + unit_assert( taglist_intersect( + (uint8_t*)"\001\000\001", 3, (uint8_t*)"\001", 1 + ) == 1); +} + +#include "util/rtt.h" +#include "util/timehist.h" +#include "iterator/iterator.h" +#include "libunbound/unbound.h" +/** test RTT code */ +static void +rtt_test(void) +{ + int init = UNKNOWN_SERVER_NICENESS; + int i; + struct rtt_info r; + unit_show_func("util/rtt.c", "rtt_timeout"); + rtt_init(&r); + /* initial value sensible */ + unit_assert( rtt_timeout(&r) == init ); + rtt_lost(&r, init); + unit_assert( rtt_timeout(&r) == init*2 ); + rtt_lost(&r, init*2); + unit_assert( rtt_timeout(&r) == init*4 ); + rtt_update(&r, 4000); + unit_assert( rtt_timeout(&r) >= 2000 ); + rtt_lost(&r, rtt_timeout(&r) ); + for(i=0; i<100; i++) { + rtt_lost(&r, rtt_timeout(&r) ); + unit_assert( rtt_timeout(&r) > RTT_MIN_TIMEOUT-1); + unit_assert( rtt_timeout(&r) < RTT_MAX_TIMEOUT+1); + } + /* must be the same, timehist bucket is used in stats */ + unit_assert(UB_STATS_BUCKET_NUM == NUM_BUCKETS_HIST); +} + +#include "util/edns.h" +/* Complete version-invalid client cookie; needs a new one. + * Based on edns_cookie_rfc9018_a2 */ +static void +edns_cookie_invalid_version(void) +{ + uint32_t timestamp = 1559734385; + uint8_t client_cookie[] = { + 0x24, 0x64, 0xc4, 0xab, 0xcf, 0x10, 0xc9, 0x57, + 0x99, 0x00, 0x00, 0x00, + 0x5c, 0xf7, 0x9f, 0x11, + 0x1f, 0x81, 0x30, 0xc3, 0xee, 0xe2, 0x94, 0x80 }; + uint8_t server_cookie[] = { + 0x24, 0x64, 0xc4, 0xab, 0xcf, 0x10, 0xc9, 0x57, + 0x01, 0x00, 0x00, 0x00, + 0x5c, 0xf7, 0xa8, 0x71, + 0xd4, 0xa5, 0x64, 0xa1, 0x44, 0x2a, 0xca, 0x77 }; + uint8_t server_secret[] = { + 0xe5, 0xe9, 0x73, 0xe5, 0xa6, 0xb2, 0xa4, 0x3f, + 0x48, 0xe7, 0xdc, 0x84, 0x9e, 0x37, 0xbf, 0xcf }; + uint8_t buf[32]; + /* copy client cookie|version|reserved|timestamp */ + memcpy(buf, client_cookie, 8 + 4 + 4); + /* copy ip 198.51.100.100 */ + memcpy(buf + 16, "\306\063\144\144", 4); + unit_assert(edns_cookie_server_validate(client_cookie, + sizeof(client_cookie), server_secret, sizeof(server_secret), 1, + buf, timestamp) == COOKIE_STATUS_INVALID); + edns_cookie_server_write(buf, server_secret, 1, timestamp); + unit_assert(memcmp(server_cookie, buf, 24) == 0); +} + +/* Complete hash-invalid client cookie; needs a new one. */ +static void +edns_cookie_invalid_hash(void) +{ + uint32_t timestamp = 0; + uint8_t client_cookie[] = { + 0xfc, 0x93, 0xfc, 0x62, 0x80, 0x7d, 0xdb, 0x86, + 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, + 0x32, 0xF2, 0x43, 0xB9, 0xBC, 0xFE, 0xC4, 0x06 }; + uint8_t server_cookie[] = { + 0xfc, 0x93, 0xfc, 0x62, 0x80, 0x7d, 0xdb, 0x86, + 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, + 0xBA, 0x0D, 0x82, 0x90, 0x8F, 0xAA, 0xEB, 0xBD }; + uint8_t server_secret[] = { + 0xe5, 0xe9, 0x73, 0xe5, 0xa6, 0xb2, 0xa4, 0x3f, + 0x48, 0xe7, 0xdc, 0x84, 0x9e, 0x37, 0xbf, 0xcf }; + uint8_t buf[32]; + /* copy client cookie|version|reserved|timestamp */ + memcpy(buf, client_cookie, 8 + 4 + 4); + /* copy ip 203.0.113.203 */ + memcpy(buf + 16, "\313\000\161\313", 4); + unit_assert(edns_cookie_server_validate(client_cookie, + sizeof(client_cookie), server_secret, sizeof(server_secret), 1, + buf, timestamp) == COOKIE_STATUS_INVALID); + edns_cookie_server_write(buf, server_secret, 1, timestamp); + unit_assert(memcmp(server_cookie, buf, 24) == 0); +} + +/* Complete hash-valid client cookie; more than 30 minutes old; needs a + * refreshed server cookie. + * A slightly better variation of edns_cookie_rfc9018_a3 for Unbound to check + * that RESERVED bits do not influence cookie validation. */ +static void +edns_cookie_rfc9018_a3_better(void) +{ + uint32_t timestamp = 1800 + 1; + uint8_t client_cookie[] = { + 0xfc, 0x93, 0xfc, 0x62, 0x80, 0x7d, 0xdb, 0x86, + 0x01, 0xab, 0xcd, 0xef, + 0x00, 0x00, 0x00, 0x00, + 0x32, 0xF2, 0x43, 0xB9, 0xBC, 0xFE, 0xC4, 0x06 }; + uint8_t server_cookie[] = { + 0xfc, 0x93, 0xfc, 0x62, 0x80, 0x7d, 0xdb, 0x86, + 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x07, 0x09, + 0x62, 0xD5, 0x93, 0x09, 0x14, 0x5C, 0x23, 0x9D }; + uint8_t server_secret[] = { + 0xe5, 0xe9, 0x73, 0xe5, 0xa6, 0xb2, 0xa4, 0x3f, + 0x48, 0xe7, 0xdc, 0x84, 0x9e, 0x37, 0xbf, 0xcf }; + uint8_t buf[32]; + /* copy client cookie|version|reserved|timestamp */ + memcpy(buf, client_cookie, 8 + 4 + 4); + /* copy ip 203.0.113.203 */ + memcpy(buf + 16, "\313\000\161\313", 4); + unit_assert(edns_cookie_server_validate(client_cookie, + sizeof(client_cookie), server_secret, sizeof(server_secret), 1, + buf, timestamp) == COOKIE_STATUS_VALID_RENEW); + edns_cookie_server_write(buf, server_secret, 1, timestamp); + unit_assert(memcmp(server_cookie, buf, 24) == 0); +} + +/* Complete hash-valid client cookie; more than 60 minutes old (expired); + * needs a refreshed server cookie. */ +static void +edns_cookie_rfc9018_a3(void) +{ + uint32_t timestamp = 1559734700; + uint8_t client_cookie[] = { + 0xfc, 0x93, 0xfc, 0x62, 0x80, 0x7d, 0xdb, 0x86, + 0x01, 0xab, 0xcd, 0xef, + 0x5c, 0xf7, 0x8f, 0x71, + 0xa3, 0x14, 0x22, 0x7b, 0x66, 0x79, 0xeb, 0xf5 }; + uint8_t server_cookie[] = { + 0xfc, 0x93, 0xfc, 0x62, 0x80, 0x7d, 0xdb, 0x86, + 0x01, 0x00, 0x00, 0x00, + 0x5c, 0xf7, 0xa9, 0xac, + 0xf7, 0x3a, 0x78, 0x10, 0xac, 0xa2, 0x38, 0x1e }; + uint8_t server_secret[] = { + 0xe5, 0xe9, 0x73, 0xe5, 0xa6, 0xb2, 0xa4, 0x3f, + 0x48, 0xe7, 0xdc, 0x84, 0x9e, 0x37, 0xbf, 0xcf }; + uint8_t buf[32]; + /* copy client cookie|version|reserved|timestamp */ + memcpy(buf, client_cookie, 8 + 4 + 4); + /* copy ip 203.0.113.203 */ + memcpy(buf + 16, "\313\000\161\313", 4); + unit_assert(edns_cookie_server_validate(client_cookie, + sizeof(client_cookie), server_secret, sizeof(server_secret), 1, + buf, timestamp) == COOKIE_STATUS_EXPIRED); + edns_cookie_server_write(buf, server_secret, 1, timestamp); + unit_assert(memcmp(server_cookie, buf, 24) == 0); +} + +/* Complete hash-valid client cookie; more than 30 minutes old; needs a + * refreshed server cookie. */ +static void +edns_cookie_rfc9018_a2(void) +{ + uint32_t timestamp = 1559734385; + uint8_t client_cookie[] = { + 0x24, 0x64, 0xc4, 0xab, 0xcf, 0x10, 0xc9, 0x57, + 0x01, 0x00, 0x00, 0x00, + 0x5c, 0xf7, 0x9f, 0x11, + 0x1f, 0x81, 0x30, 0xc3, 0xee, 0xe2, 0x94, 0x80 }; + uint8_t server_cookie[] = { + 0x24, 0x64, 0xc4, 0xab, 0xcf, 0x10, 0xc9, 0x57, + 0x01, 0x00, 0x00, 0x00, + 0x5c, 0xf7, 0xa8, 0x71, + 0xd4, 0xa5, 0x64, 0xa1, 0x44, 0x2a, 0xca, 0x77 }; + uint8_t server_secret[] = { + 0xe5, 0xe9, 0x73, 0xe5, 0xa6, 0xb2, 0xa4, 0x3f, + 0x48, 0xe7, 0xdc, 0x84, 0x9e, 0x37, 0xbf, 0xcf }; + uint8_t buf[32]; + /* copy client cookie|version|reserved|timestamp */ + memcpy(buf, client_cookie, 8 + 4 + 4); + /* copy ip 198.51.100.100 */ + memcpy(buf + 16, "\306\063\144\144", 4); + unit_assert(edns_cookie_server_validate(client_cookie, + sizeof(client_cookie), server_secret, sizeof(server_secret), 1, + buf, timestamp) == COOKIE_STATUS_VALID_RENEW); + edns_cookie_server_write(buf, server_secret, 1, timestamp); + unit_assert(memcmp(server_cookie, buf, 24) == 0); +} + +/* Only client cookie; needs a complete server cookie. */ +static void +edns_cookie_rfc9018_a1(void) +{ + uint32_t timestamp = 1559731985; + uint8_t client_cookie[] = { + 0x24, 0x64, 0xc4, 0xab, 0xcf, 0x10, 0xc9, 0x57 }; + uint8_t server_cookie[] = { + 0x24, 0x64, 0xc4, 0xab, 0xcf, 0x10, 0xc9, 0x57, + 0x01, 0x00, 0x00, 0x00, + 0x5c, 0xf7, 0x9f, 0x11, + 0x1f, 0x81, 0x30, 0xc3, 0xee, 0xe2, 0x94, 0x80 }; + uint8_t server_secret[] = { + 0xe5, 0xe9, 0x73, 0xe5, 0xa6, 0xb2, 0xa4, 0x3f, + 0x48, 0xe7, 0xdc, 0x84, 0x9e, 0x37, 0xbf, 0xcf }; + uint8_t buf[32]; + /* copy client cookie|version|reserved|timestamp */ + memcpy(buf, server_cookie, 8 + 4 + 4); + /* copy ip 198.51.100.100 */ + memcpy(buf + 16, "\306\063\144\144", 4); + unit_assert(edns_cookie_server_validate(client_cookie, + sizeof(client_cookie), + /* these will not be used; it will return invalid + * because of the size. */ + NULL, 0, 1, NULL, 0) == COOKIE_STATUS_CLIENT_ONLY); + edns_cookie_server_write(buf, server_secret, 1, timestamp); + unit_assert(memcmp(server_cookie, buf, 24) == 0); +} + +/** test interoperable DNS cookies (RFC9018) */ +static void +edns_cookie_test(void) +{ + unit_show_feature("interoperable dns cookies"); + /* Check RFC9018 appendix test vectors */ + edns_cookie_rfc9018_a1(); + edns_cookie_rfc9018_a2(); + edns_cookie_rfc9018_a3(); + /* More tests */ + edns_cookie_rfc9018_a3_better(); + edns_cookie_invalid_hash(); + edns_cookie_invalid_version(); +} + +#include "util/random.h" +/** test randomness */ +static void +rnd_test(void) +{ + struct ub_randstate* r; + int num = 1000, i; + long int a[1000]; + unit_show_feature("ub_random"); + unit_assert( (r = ub_initstate(NULL)) ); + for(i=0; i<num; i++) { + a[i] = ub_random(r); + unit_assert(a[i] >= 0); + unit_assert((size_t)a[i] <= (size_t)0x7fffffff); + if(i > 5) + unit_assert(a[i] != a[i-1] || a[i] != a[i-2] || + a[i] != a[i-3] || a[i] != a[i-4] || + a[i] != a[i-5] || a[i] != a[i-6]); + } + a[0] = ub_random_max(r, 1); + unit_assert(a[0] >= 0 && a[0] < 1); + a[0] = ub_random_max(r, 10000); + unit_assert(a[0] >= 0 && a[0] < 10000); + for(i=0; i<num; i++) { + a[i] = ub_random_max(r, 10); + unit_assert(a[i] >= 0 && a[i] < 10); + } + ub_randfree(r); +} + +#include "respip/respip.h" +#include "services/localzone.h" +#include "util/data/packed_rrset.h" +typedef struct addr_action {char* ip; char* sact; enum respip_action act;} + addr_action_t; + +/** Utility function that verifies that the respip set has actions as expected */ +static void +verify_respip_set_actions(struct respip_set* set, addr_action_t actions[], + int actions_len) +{ + int i = 0; + struct rbtree_type* tree = respip_set_get_tree(set); + for (i=0; i<actions_len; i++) { + struct sockaddr_storage addr; + int net; + socklen_t addrlen; + struct resp_addr* node; + netblockstrtoaddr(actions[i].ip, UNBOUND_DNS_PORT, &addr, + &addrlen, &net); + node = (struct resp_addr*)addr_tree_find(tree, &addr, addrlen, net); + + /** we have the node and the node has the correct action + * and has no data */ + unit_assert(node); + unit_assert(actions[i].act == + resp_addr_get_action(node)); + unit_assert(resp_addr_get_rrset(node) == NULL); + } + unit_assert(actions_len && i == actions_len); + unit_assert(actions_len == (int)tree->count); +} + +/** Global respip actions test; apply raw config data and verify that + * all the nodes in the respip set, looked up by address, have expected + * actions */ +static void +respip_conf_actions_test(void) +{ + addr_action_t config_response_ip[] = { + {"192.0.1.0/24", "deny", respip_deny}, + {"192.0.2.0/24", "redirect", respip_redirect}, + {"192.0.3.0/26", "inform", respip_inform}, + {"192.0.4.0/27", "inform_deny", respip_inform_deny}, + {"2001:db8:1::/48", "always_transparent", respip_always_transparent}, + {"2001:db8:2::/49", "always_refuse", respip_always_refuse}, + {"2001:db8:3::/50", "always_nxdomain", respip_always_nxdomain}, + }; + int i; + struct respip_set* set = respip_set_create(); + struct config_file cfg; + int clen = (int)(sizeof(config_response_ip) / sizeof(addr_action_t)); + + unit_assert(set); + unit_show_feature("global respip config actions apply"); + memset(&cfg, 0, sizeof(cfg)); + for(i=0; i<clen; i++) { + char* ip = strdup(config_response_ip[i].ip); + char* sact = strdup(config_response_ip[i].sact); + unit_assert(ip && sact); + if(!cfg_str2list_insert(&cfg.respip_actions, ip, sact)) + unit_assert(0); + } + unit_assert(respip_global_apply_cfg(set, &cfg)); + verify_respip_set_actions(set, config_response_ip, clen); + + respip_set_delete(set); + config_deldblstrlist(cfg.respip_actions); +} + +/** Per-view respip actions test; apply raw configuration with two views + * and verify that actions are as expected in respip sets of both views */ +static void +respip_view_conf_actions_test(void) +{ + addr_action_t config_response_ip_view1[] = { + {"192.0.1.0/24", "deny", respip_deny}, + {"192.0.2.0/24", "redirect", respip_redirect}, + {"192.0.3.0/26", "inform", respip_inform}, + {"192.0.4.0/27", "inform_deny", respip_inform_deny}, + }; + addr_action_t config_response_ip_view2[] = { + {"2001:db8:1::/48", "always_transparent", respip_always_transparent}, + {"2001:db8:2::/49", "always_refuse", respip_always_refuse}, + {"2001:db8:3::/50", "always_nxdomain", respip_always_nxdomain}, + }; + int i; + struct config_file cfg; + int clen1 = (int)(sizeof(config_response_ip_view1) / sizeof(addr_action_t)); + int clen2 = (int)(sizeof(config_response_ip_view2) / sizeof(addr_action_t)); + struct config_view* cv1; + struct config_view* cv2; + int have_respip_cfg = 0; + struct views* views = NULL; + struct view* v = NULL; + + unit_show_feature("per-view respip config actions apply"); + memset(&cfg, 0, sizeof(cfg)); + cv1 = (struct config_view*)calloc(1, sizeof(struct config_view)); + cv2 = (struct config_view*)calloc(1, sizeof(struct config_view)); + unit_assert(cv1 && cv2); + cv1->name = strdup("view1"); + cv2->name = strdup("view2"); + unit_assert(cv1->name && cv2->name); + cv1->next = cv2; + cfg.views = cv1; + + for(i=0; i<clen1; i++) { + char* ip = strdup(config_response_ip_view1[i].ip); + char* sact = strdup(config_response_ip_view1[i].sact); + unit_assert(ip && sact); + if(!cfg_str2list_insert(&cv1->respip_actions, ip, sact)) + unit_assert(0); + } + for(i=0; i<clen2; i++) { + char* ip = strdup(config_response_ip_view2[i].ip); + char* sact = strdup(config_response_ip_view2[i].sact); + unit_assert(ip && sact); + if(!cfg_str2list_insert(&cv2->respip_actions, ip, sact)) + unit_assert(0); + } + views = views_create(); + unit_assert(views); + unit_assert(views_apply_cfg(views, &cfg)); + unit_assert(respip_views_apply_cfg(views, &cfg, &have_respip_cfg)); + + /* now verify the respip sets in each view */ + v = views_find_view(views, "view1", 0); + unit_assert(v); + verify_respip_set_actions(v->respip_set, config_response_ip_view1, clen1); + lock_rw_unlock(&v->lock); + v = views_find_view(views, "view2", 0); + unit_assert(v); + verify_respip_set_actions(v->respip_set, config_response_ip_view2, clen2); + lock_rw_unlock(&v->lock); + + views_delete(views); + free(cv1->name); + free(cv1); + free(cv2->name); + free(cv2); +} + +typedef struct addr_data {char* ip; char* data;} addr_data_t; + +/** find the respip address node in the specified tree (by address lookup) + * and verify type and address of the specified rdata (by index) in this + * node's rrset */ +static void +verify_rrset(struct respip_set* set, const char* ipstr, + const char* rdatastr, size_t rdi, uint16_t type) +{ + struct sockaddr_storage addr; + int net; + char buf[65536]; + socklen_t addrlen; + struct rbtree_type* tree; + struct resp_addr* node; + const struct ub_packed_rrset_key* rrs; + + netblockstrtoaddr(ipstr, UNBOUND_DNS_PORT, &addr, &addrlen, &net); + tree = respip_set_get_tree(set); + node = (struct resp_addr*)addr_tree_find(tree, &addr, addrlen, net); + unit_assert(node); + unit_assert((rrs = resp_addr_get_rrset(node))); + unit_assert(ntohs(rrs->rk.type) == type); + packed_rr_to_string((struct ub_packed_rrset_key*)rrs, + rdi, 0, buf, sizeof(buf)); + unit_assert(strstr(buf, rdatastr)); +} + +/** Dataset used to test redirect rrset initialization for both + * global and per-view respip redirect configuration */ +static addr_data_t config_response_ip_data[] = { + {"192.0.1.0/24", "A 1.2.3.4"}, + {"192.0.1.0/24", "A 11.12.13.14"}, + {"192.0.2.0/24", "CNAME www.example.com."}, + {"2001:db8:1::/48", "AAAA 2001:db8:1::2:1"}, +}; + +/** Populate raw respip redirect config data, used for both global and + * view-based respip redirect test case */ +static void +cfg_insert_respip_data(struct config_str2list** respip_actions, + struct config_str2list** respip_data) +{ + int clen = (int)(sizeof(config_response_ip_data) / sizeof(addr_data_t)); + int i = 0; + + /* insert actions (duplicate netblocks don't matter) */ + for(i=0; i<clen; i++) { + char* ip = strdup(config_response_ip_data[i].ip); + char* sact = strdup("redirect"); + unit_assert(ip && sact); + if(!cfg_str2list_insert(respip_actions, ip, sact)) + unit_assert(0); + } + /* insert data */ + for(i=0; i<clen; i++) { + char* ip = strdup(config_response_ip_data[i].ip); + char* data = strdup(config_response_ip_data[i].data); + unit_assert(ip && data); + if(!cfg_str2list_insert(respip_data, ip, data)) + unit_assert(0); + } +} + +/** Test global respip redirect w/ data directives */ +static void +respip_conf_data_test(void) +{ + struct respip_set* set = respip_set_create(); + struct config_file cfg; + + unit_show_feature("global respip config data apply"); + memset(&cfg, 0, sizeof(cfg)); + + cfg_insert_respip_data(&cfg.respip_actions, &cfg.respip_data); + + /* apply configuration and verify rrsets */ + unit_assert(respip_global_apply_cfg(set, &cfg)); + verify_rrset(set, "192.0.1.0/24", "1.2.3.4", 0, LDNS_RR_TYPE_A); + verify_rrset(set, "192.0.1.0/24", "11.12.13.14", 1, LDNS_RR_TYPE_A); + verify_rrset(set, "192.0.2.0/24", "www.example.com", 0, LDNS_RR_TYPE_CNAME); + verify_rrset(set, "2001:db8:1::/48", "2001:db8:1::2:1", 0, LDNS_RR_TYPE_AAAA); + + respip_set_delete(set); +} + +/** Test per-view respip redirect w/ data directives */ +static void +respip_view_conf_data_test(void) +{ + struct config_file cfg; + struct config_view* cv; + int have_respip_cfg = 0; + struct views* views = NULL; + struct view* v = NULL; + + unit_show_feature("per-view respip config data apply"); + memset(&cfg, 0, sizeof(cfg)); + cv = (struct config_view*)calloc(1, sizeof(struct config_view)); + unit_assert(cv); + cv->name = strdup("view1"); + unit_assert(cv->name); + cfg.views = cv; + cfg_insert_respip_data(&cv->respip_actions, &cv->respip_data); + views = views_create(); + unit_assert(views); + unit_assert(views_apply_cfg(views, &cfg)); + + /* apply configuration and verify rrsets */ + unit_assert(respip_views_apply_cfg(views, &cfg, &have_respip_cfg)); + v = views_find_view(views, "view1", 0); + unit_assert(v); + verify_rrset(v->respip_set, "192.0.1.0/24", "1.2.3.4", + 0, LDNS_RR_TYPE_A); + verify_rrset(v->respip_set, "192.0.1.0/24", "11.12.13.14", + 1, LDNS_RR_TYPE_A); + verify_rrset(v->respip_set, "192.0.2.0/24", "www.example.com", + 0, LDNS_RR_TYPE_CNAME); + verify_rrset(v->respip_set, "2001:db8:1::/48", "2001:db8:1::2:1", + 0, LDNS_RR_TYPE_AAAA); + lock_rw_unlock(&v->lock); + + views_delete(views); + free(cv->name); + free(cv); +} + +/** respip unit tests */ +static void respip_test(void) +{ + respip_view_conf_data_test(); + respip_conf_data_test(); + respip_view_conf_actions_test(); + respip_conf_actions_test(); +} + +#include "util/regional.h" +#include "sldns/sbuffer.h" +#include "util/data/dname.h" +#include "util/data/msgreply.h" +#include "util/data/msgencode.h" +#include "sldns/str2wire.h" + +static void edns_ede_encode_setup(struct edns_data* edns, + struct regional* region) +{ + memset(edns, 0, sizeof(*edns)); + edns->edns_present = 1; + edns->edns_version = EDNS_ADVERTISED_VERSION; + edns->udp_size = EDNS_ADVERTISED_SIZE; + edns->bits &= EDNS_DO; + /* Fill up opt_list_out with EDEs */ + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_out, region, + LDNS_EDE_OTHER, "Too long other text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_out, region, + LDNS_EDE_OTHER, "Too long other text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_out, region, + LDNS_EDE_BLOCKED, "Too long blocked text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_out, region, + LDNS_EDE_OTHER, "Too long other text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_out, region, + LDNS_EDE_BLOCKED, "Too long blocked text")); + /* Fill up opt_list_inplace_cb_out with EDEs */ + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_inplace_cb_out, region, + LDNS_EDE_OTHER, "Too long other text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_inplace_cb_out, region, + LDNS_EDE_OTHER, "Too long other text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_inplace_cb_out, region, + LDNS_EDE_BLOCKED, "Too long blocked text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_inplace_cb_out, region, + LDNS_EDE_OTHER, "Too long other text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_inplace_cb_out, region, + LDNS_EDE_BLOCKED, "Too long blocked text")); + /* append another EDNS option to both lists */ + unit_assert( + edns_opt_list_append(&edns->opt_list_out, + LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST, 0, NULL, region)); + unit_assert( + edns_opt_list_append(&edns->opt_list_inplace_cb_out, + LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST, 0, NULL, region)); + /* append LDNS_EDE_OTHER at the end of both lists */ + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_out, region, + LDNS_EDE_OTHER, "Too long other text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_inplace_cb_out, region, + LDNS_EDE_OTHER, "Too long other text")); +} + +static void edns_ede_encode_encodedecode(struct query_info* qinfo, + struct reply_info* rep, struct regional* region, + struct edns_data* edns, sldns_buffer* pkt) +{ + /* encode */ + unit_assert( + reply_info_answer_encode(qinfo, rep, 1, rep->flags, pkt, + 0, 0, region, 65535, edns, 0, 0)); + /* buffer ready for reading; skip after the question section */ + sldns_buffer_skip(pkt, LDNS_HEADER_SIZE); + (void)query_dname_len(pkt); + sldns_buffer_skip(pkt, 2 + 2); + /* decode */ + unit_assert(parse_edns_from_query_pkt(pkt, edns, NULL, NULL, NULL, 0, + region, NULL) == 0); +} + +static void edns_ede_encode_check(struct edns_data* edns, int* found_ede, + int* found_ede_other, int* found_ede_txt, int* found_other_edns) +{ + struct edns_option* opt; + for(opt = edns->opt_list_in; opt; opt = opt->next) { + if(opt->opt_code == LDNS_EDNS_EDE) { + (*found_ede)++; + if(opt->opt_len > 2) + (*found_ede_txt)++; + if(opt->opt_len >= 2 && sldns_read_uint16( + opt->opt_data) == LDNS_EDE_OTHER) + (*found_ede_other)++; + } else { + (*found_other_edns)++; + } + } + +} + +static void edns_ede_encode_fit_test(struct query_info* qinfo, + struct reply_info* rep, struct regional* region) +{ + struct edns_data edns; + int found_ede = 0, found_ede_other = 0, found_ede_txt = 0; + int found_other_edns = 0; + sldns_buffer* pkt = sldns_buffer_new(65535); + unit_assert(pkt); + edns_ede_encode_setup(&edns, region); + /* leave the pkt buffer as is; everything should fit */ + edns_ede_encode_encodedecode(qinfo, rep, region, &edns, pkt); + edns_ede_encode_check(&edns, &found_ede, &found_ede_other, + &found_ede_txt, &found_other_edns); + unit_assert(found_ede == 12); + unit_assert(found_ede_other == 8); + unit_assert(found_ede_txt == 12); + unit_assert(found_other_edns == 2); + /* cleanup */ + sldns_buffer_free(pkt); +} + +static void edns_ede_encode_notxt_fit_test( struct query_info* qinfo, + struct reply_info* rep, struct regional* region) +{ + struct edns_data edns; + sldns_buffer* pkt; + uint16_t edns_field_size, ede_txt_size; + int found_ede = 0, found_ede_other = 0, found_ede_txt = 0; + int found_other_edns = 0; + edns_ede_encode_setup(&edns, region); + /* pkt buffer should fit everything if the ede txt is cropped. + * OTHER EDE should not be there since it is useless without text. */ + edns_field_size = calc_edns_field_size(&edns); + (void)calc_ede_option_size(&edns, &ede_txt_size); + pkt = sldns_buffer_new(LDNS_HEADER_SIZE + + qinfo->qname_len + + 2 + 2 /* qtype + qclass */ + + 11 /* opt record */ + + edns_field_size + - ede_txt_size); + unit_assert(pkt); + edns_ede_encode_encodedecode(qinfo, rep, region, &edns, pkt); + edns_ede_encode_check(&edns, &found_ede, &found_ede_other, + &found_ede_txt, &found_other_edns); + unit_assert(found_ede == 4); + unit_assert(found_ede_other == 0); + unit_assert(found_ede_txt == 0); + unit_assert(found_other_edns == 2); + /* cleanup */ + sldns_buffer_free(pkt); +} + +static void edns_ede_encode_no_fit_test( struct query_info* qinfo, + struct reply_info* rep, struct regional* region) +{ + struct edns_data edns; + sldns_buffer* pkt; + uint16_t edns_field_size, ede_size, ede_txt_size; + int found_ede = 0, found_ede_other = 0, found_ede_txt = 0; + int found_other_edns = 0; + edns_ede_encode_setup(&edns, region); + /* pkt buffer should fit only non-EDE options. */ + edns_field_size = calc_edns_field_size(&edns); + ede_size = calc_ede_option_size(&edns, &ede_txt_size); + pkt = sldns_buffer_new(LDNS_HEADER_SIZE + + qinfo->qname_len + + 2 + 2 /* qtype + qclass */ + + 11 /* opt record */ + + edns_field_size + - ede_size); + unit_assert(pkt); + edns_ede_encode_encodedecode(qinfo, rep, region, &edns, pkt); + edns_ede_encode_check(&edns, &found_ede, &found_ede_other, + &found_ede_txt, &found_other_edns); + unit_assert(found_ede == 0); + unit_assert(found_ede_other == 0); + unit_assert(found_ede_txt == 0); + unit_assert(found_other_edns == 2); + /* cleanup */ + sldns_buffer_free(pkt); +} + +/** test optional EDE encoding with various buffer + * available sizes */ +static void edns_ede_answer_encode_test(void) +{ + struct regional* region = regional_create(); + struct reply_info* rep; + struct query_info qinfo; + unit_show_feature("edns ede optional encoding"); + unit_assert(region); + rep = construct_reply_info_base(region, + LDNS_RCODE_NOERROR | BIT_QR, 1, + 3600, 3600, 3600, 0, + 0, 0, 0, 0, + sec_status_unchecked, LDNS_EDE_NONE); + unit_assert(rep); + memset(&qinfo, 0, sizeof(qinfo)); + qinfo.qname = sldns_str2wire_dname("encode.ede.", &qinfo.qname_len); + unit_assert(qinfo.qname); + qinfo.qtype = LDNS_RR_TYPE_TXT; + qinfo.qclass = LDNS_RR_CLASS_IN; + + edns_ede_encode_fit_test(&qinfo, rep, region); + edns_ede_encode_notxt_fit_test(&qinfo, rep, region); + edns_ede_encode_no_fit_test(&qinfo, rep, region); + + /* cleanup */ + free(qinfo.qname); + regional_free_all(region); + regional_destroy(region); +} + +#include "services/localzone.h" +/* Utility function that compares two localzone trees */ +static void compare_localzone_trees(struct local_zones* z1, + struct local_zones* z2) +{ + struct local_zone *node1, *node2; + lock_rw_rdlock(&z1->lock); + lock_rw_rdlock(&z2->lock); + /* size should be the same */ + unit_assert(z1->ztree.count == z2->ztree.count); + for(node1=(struct local_zone*)rbtree_first(&z1->ztree), + node2=(struct local_zone*)rbtree_first(&z2->ztree); + (rbnode_type*)node1 != RBTREE_NULL && + (rbnode_type*)node2 != RBTREE_NULL; + node1=(struct local_zone*)rbtree_next((rbnode_type*)node1), + node2=(struct local_zone*)rbtree_next((rbnode_type*)node2)) { + int labs; + /* the same zone should be at the same nodes */ + unit_assert(!dname_lab_cmp( + node1->name, node1->namelabs, + node2->name, node2->namelabs, + &labs)); + /* the zone's parent should be the same on both nodes */ + unit_assert( + (node1->parent == NULL && node2->parent == NULL) || + (node1->parent != NULL && node2->parent != NULL)); + if(node1->parent) { + unit_assert(!dname_lab_cmp( + node1->parent->name, node1->parent->namelabs, + node2->parent->name, node2->parent->namelabs, + &labs)); + } + } + lock_rw_unlock(&z1->lock); + lock_rw_unlock(&z2->lock); +} + +/* test that zone addition results in the same tree from both the configuration + * file and the unbound-control commands */ +static void localzone_parents_test(void) +{ + struct local_zones *z1, *z2; + size_t i; + char* zone_data[] = { + "one", + "a.b.c.one", + "b.c.one", + "c.one", + "two", + "c.two", + "b.c.two", + "a.b.c.two", + "a.b.c.three", + "b.c.three", + "c.three", + "three", + "c.four", + "b.c.four", + "a.b.c.four", + "four", + "." + }; + unit_show_feature("localzones parent calculation"); + z1 = local_zones_create(); + z2 = local_zones_create(); + /* parse test data */ + for(i=0; i<sizeof(zone_data)/sizeof(zone_data[0]); i++) { + uint8_t* nm; + int nmlabs; + size_t nmlen; + struct local_zone* z; + + /* This is the config way */ + z = lz_enter_zone(z1, zone_data[i], "always_nxdomain", + LDNS_RR_CLASS_IN); + (void)z; /* please compiler when no threading and no lock + code; the following line disappears and z stays unused */ + lock_rw_unlock(&z->lock); + lz_init_parents(z1); + + /* This is the unbound-control way */ + nm = sldns_str2wire_dname(zone_data[i], &nmlen); + if(!nm) unit_assert(0); + nmlabs = dname_count_size_labels(nm, &nmlen); + lock_rw_wrlock(&z2->lock); + local_zones_add_zone(z2, nm, nmlen, nmlabs, LDNS_RR_CLASS_IN, + local_zone_always_nxdomain); + lock_rw_unlock(&z2->lock); + } + /* The trees should be the same, iterate and check the nodes */ + compare_localzone_trees(z1, z2); + + /* cleanup */ + local_zones_delete(z1); + local_zones_delete(z2); +} + +/** localzone unit tests */ +static void localzone_test(void) +{ + localzone_parents_test(); +} + +void unit_show_func(const char* file, const char* func) +{ + printf("test %s:%s\n", file, func); +} + +void unit_show_feature(const char* feature) +{ + printf("test %s functions\n", feature); +} + +#ifdef USE_ECDSA_EVP_WORKAROUND +void ecdsa_evp_workaround_init(void); +#endif + +/** + * Main unit test program. Setup, teardown and report errors. + * @param argc: arg count. + * @param argv: array of commandline arguments. + * @return program failure if test fails. + */ +int +main(int argc, char* argv[]) +{ + checklock_start(); + log_init(NULL, 0, NULL); + if(argc != 1) { + printf("usage: %s\n", argv[0]); + printf("\tperforms unit tests.\n"); + return 1; + } + /* Disable roundrobin for the unit tests */ + RRSET_ROUNDROBIN = 0; +#ifdef USE_LIBEVENT + printf("Start of %s+libevent unit test.\n", PACKAGE_STRING); +#else + printf("Start of %s unit test.\n", PACKAGE_STRING); +#endif +#ifdef HAVE_SSL +# ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS + ERR_load_crypto_strings(); +# endif +# ifdef USE_GOST + (void)sldns_key_EVP_load_gost_id(); +# endif +# ifdef USE_ECDSA_EVP_WORKAROUND + ecdsa_evp_workaround_init(); +# endif +#elif defined(HAVE_NSS) + if(NSS_NoDB_Init(".") != SECSuccess) + fatal_exit("could not init NSS"); +#endif /* HAVE_SSL or HAVE_NSS*/ + authzone_test(); + neg_test(); + rnd_test(); + respip_test(); + verify_test(); + net_test(); + config_memsize_test(); + config_tag_test(); + dname_test(); + rtt_test(); + anchors_test(); + alloc_test(); + regional_test(); + lruhash_test(); + slabhash_test(); + infra_test(); + ldns_test(); + edns_cookie_test(); + zonemd_test(); + tcpreuse_test(); + msgparse_test(); + edns_ede_answer_encode_test(); + localzone_test(); +#ifdef CLIENT_SUBNET + ecs_test(); +#endif /* CLIENT_SUBNET */ +#ifdef HAVE_NGTCP2 + doq_test(); +#endif /* HAVE_NGTCP2 */ + if(log_get_lock()) { + lock_basic_destroy((lock_basic_type*)log_get_lock()); + } + checklock_stop(); + printf("%d checks ok.\n", testcount); +#ifdef HAVE_SSL +# if defined(USE_GOST) + sldns_key_EVP_unload_gost(); +# endif +# ifdef HAVE_OPENSSL_CONFIG +# ifdef HAVE_EVP_CLEANUP + EVP_cleanup(); +# endif +# if (OPENSSL_VERSION_NUMBER < 0x10100000) && !defined(OPENSSL_NO_ENGINE) && defined(HAVE_ENGINE_CLEANUP) + ENGINE_cleanup(); +# endif + CONF_modules_free(); +# endif +# ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA + CRYPTO_cleanup_all_ex_data(); +# endif +# ifdef HAVE_ERR_FREE_STRINGS + ERR_free_strings(); +# endif +# ifdef HAVE_RAND_CLEANUP + RAND_cleanup(); +# endif +#elif defined(HAVE_NSS) + if(NSS_Shutdown() != SECSuccess) + fatal_exit("could not shutdown NSS"); +#endif /* HAVE_SSL or HAVE_NSS */ +#ifdef HAVE_PTHREAD + /* dlopen frees its thread specific state */ + pthread_exit(NULL); +#endif + return 0; +} |