Skip to content

Commit

Permalink
dnsforward: add test
Browse files Browse the repository at this point in the history
  • Loading branch information
Mizzick committed Apr 14, 2024
1 parent ff7c715 commit 6ee6cc9
Show file tree
Hide file tree
Showing 2 changed files with 109 additions and 2 deletions.
2 changes: 0 additions & 2 deletions internal/dnsforward/beforerequest.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,6 @@ var _ proxy.BeforeRequestHandler = (*Server)(nil)
// HandleBefore is the handler that is called before any other processing,
// including logs. It performs access checks and puts the client ID, if there
// is one, into the server's cache.
//
// TODO(e.burkov): Write tests.
func (s *Server) HandleBefore(
_ *proxy.Proxy,
pctx *proxy.DNSContext,
Expand Down
109 changes: 109 additions & 0 deletions internal/dnsforward/dnsforward_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1652,3 +1652,112 @@ func TestServer_Exchange(t *testing.T) {
assert.Empty(t, host)
})
}

func TestServer_HandleBefore(t *testing.T) {
const (
blockedHost = "blockedhost.org"
clientID = "client-1"
testHost = "example.org."
)

testCases := []struct {
want assert.ValueAssertionFunc
clientSrvName string
name string
host string
allowedClients []string
disallowedClients []string
blockedHosts []string
}{{
want: assert.NotEmpty,
clientSrvName: tlsServerName,
name: "allow_all",
host: testHost,
allowedClients: []string{},
disallowedClients: []string{},
blockedHosts: []string{},
}, {
want: assert.NotEmpty,
clientSrvName: clientID + "." + tlsServerName,
name: "allowed_client_allowed",
host: testHost,
allowedClients: []string{clientID},
disallowedClients: []string{},
blockedHosts: []string{},
}, {
want: assert.Empty,
clientSrvName: "client-2." + tlsServerName,
name: "allowed_client_rejected",
host: testHost,
allowedClients: []string{clientID},
disallowedClients: []string{},
blockedHosts: []string{},
}, {
want: assert.NotEmpty,
clientSrvName: tlsServerName,
name: "disallowed_client_allowed",
host: testHost,
allowedClients: []string{},
disallowedClients: []string{clientID},
blockedHosts: []string{},
}, {
want: assert.Empty,
clientSrvName: clientID + "." + tlsServerName,
name: "disallowed_client_rejected",
host: testHost,
allowedClients: []string{},
disallowedClients: []string{clientID},
blockedHosts: []string{},
}, {
want: assert.NotEmpty,
clientSrvName: tlsServerName,
name: "blocked_hosts_allowed",
host: testHost,
allowedClients: []string{},
disallowedClients: []string{},
blockedHosts: []string{blockedHost},
}, {
want: assert.Empty,
clientSrvName: tlsServerName,
name: "blocked_hosts_rejected",
host: dns.Fqdn(blockedHost),
allowedClients: []string{},
disallowedClients: []string{},
blockedHosts: []string{blockedHost},
}}

for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
s, _ := createTestTLS(t, TLSConfig{
TLSListenAddrs: []*net.TCPAddr{{}},
ServerName: tlsServerName,
})

s.conf.AllowedClients = tc.allowedClients
s.conf.DisallowedClients = tc.disallowedClients
s.conf.BlockedHosts = tc.blockedHosts

err := s.Prepare(&s.conf)
require.NoErrorf(t, err, "failed to prepare server: %s", err)

startDeferStop(t, s)

tlsConfig := &tls.Config{
InsecureSkipVerify: true,
ServerName: tc.clientSrvName,
}

client := &dns.Client{
Net: "tcp-tls",
TLSConfig: tlsConfig,
}

req := createTestMessage(tc.host)
addr := s.dnsProxy.Addr(proxy.ProtoTLS).String()

reply, _, err := client.Exchange(req, addr)
require.NoErrorf(t, err, "couldn't talk to server %s: %s", addr, err)
tc.want(t, reply.Answer)
})
}
}

0 comments on commit 6ee6cc9

Please sign in to comment.