AdGuardHome/internal/dnsforward/dns_test.go
Dimitry Kolyshev c4ff80fd3a Pull request: dnsforward: ddr support
Merge in DNS/adguard-home from 4463-ddr-support-1 to master

Squashed commit of the following:

commit 74d8337a9d78e00a0b01301bbf92054fc58aff0d
Merge: 7882c56e ed449c61
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Wed Apr 27 10:32:48 2022 +0200

    Merge remote-tracking branch 'origin/master' into 4463-ddr-support-1

commit 7882c56eced204b99a0189c839f5b5ef56fcbfd8
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Tue Apr 26 13:29:16 2022 +0200

    all: docs

commit 59593cf47f8db2131fb8a4a44ec3721de8f73567
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Tue Apr 26 13:06:49 2022 +0200

    all: docs

commit 13bfe00d91b190a2538eeee642ce40abe031ecf2
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Tue Apr 26 12:58:48 2022 +0200

    all: docs

commit a663b53d211483a717a480e24e120a201dc3d9da
Merge: 53122f6a 235316e0
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Tue Apr 26 12:33:07 2022 +0200

    Merge remote-tracking branch 'origin/master' into 4463-ddr-support-1

commit 53122f6aac8e9ede69de833e367e006f4c5c75c0
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Tue Apr 26 12:30:56 2022 +0200

    dnsforward: ddr support

commit 87083ded02c120e1fb3e54b885a1992efd8f780d
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Tue Apr 26 11:51:06 2022 +0200

    dnsforward: ddr support

commit 3dc711e0a9ba1a024e7d24527b2a690aa36413ce
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Tue Apr 26 11:39:59 2022 +0200

    dnsforward: imp code

commit f63f6a9d65a96960ae2c06aeca2b32aef70d8f63
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Tue Apr 26 11:34:23 2022 +0200

    dnsforward: ddr support

commit e64ffcdac8f9428e4c93a6dc99cc3f1bb090af35
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Tue Apr 26 11:22:20 2022 +0200

    dnsforward: ddr support

commit 297460946bb1765137c7c3fe3e298cd574635287
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Tue Apr 26 11:08:59 2022 +0200

    dnsforward: imp code

commit 61b4e2e0e06e212c31b7a9d1b09fab392ae6dbc4
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Mon Apr 25 14:39:34 2022 +0200

    dnsforward: ddr support

commit 7c2787e12eb67a02b41cbb4fe36a12671259f9c9
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Mon Apr 25 11:41:42 2022 +0200

    all: docs

commit 29c2c872843f6d006e6a98144a52e23a4cbe7be9
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Mon Apr 25 11:26:07 2022 +0200

    dnsforward: ddr support

commit 2d4ba0c4ce4fbbf3d99da8dd92349da2ec9cff13
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Mon Apr 25 11:03:34 2022 +0200

    dnsforward: ddr support

commit 0efb5b5cd55bcba3dfae35e80209277f0643a87e
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Sun Apr 24 13:07:25 2022 +0200

    dnsforward: imp code

commit 884381ef04029d5d743834555cb6601d891c2d25
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Sun Apr 24 12:56:41 2022 +0200

    dnsforward: imp code

commit 41231f24e83a9690d36546e83fd61ddd709050ed
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Fri Apr 22 16:05:47 2022 +0200

    dnsforward: ddr support

commit 9d9da3f479efa5d5609f9b1e6b0d1a93fc253b9f
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Fri Apr 22 13:46:29 2022 +0200

    all: ddr support

commit b225363df143d599e9acbf1a6b0bf6d00044dd47
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Fri Apr 22 13:38:27 2022 +0200

    dnsforward: imp code

... and 10 more commits
2022-04-27 11:39:48 +03:00

548 lines
12 KiB
Go

package dnsforward
import (
"net"
"testing"
"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
"github.com/AdguardTeam/AdGuardHome/internal/filtering"
"github.com/AdguardTeam/dnsproxy/proxy"
"github.com/AdguardTeam/dnsproxy/upstream"
"github.com/AdguardTeam/golibs/netutil"
"github.com/miekg/dns"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
const ddrTestDomainName = "dns.example.net"
func TestServer_ProcessDDRQuery(t *testing.T) {
dohSVCB := &dns.SVCB{
Priority: 1,
Target: ddrTestDomainName,
Value: []dns.SVCBKeyValue{
&dns.SVCBAlpn{Alpn: []string{"h2"}},
&dns.SVCBPort{Port: 8044},
&dns.SVCBDoHPath{Template: "/dns-query?dns"},
},
}
dotSVCB := &dns.SVCB{
Priority: 2,
Target: ddrTestDomainName,
Value: []dns.SVCBKeyValue{
&dns.SVCBAlpn{Alpn: []string{"dot"}},
&dns.SVCBPort{Port: 8043},
},
}
testCases := []struct {
name string
host string
want []*dns.SVCB
wantRes resultCode
portDoH int
portDoT int
qtype uint16
ddrEnabled bool
}{{
name: "pass_host",
wantRes: resultCodeSuccess,
host: "example.net.",
qtype: dns.TypeSVCB,
ddrEnabled: true,
portDoH: 8043,
}, {
name: "pass_qtype",
wantRes: resultCodeFinish,
host: ddrHostFQDN,
qtype: dns.TypeA,
ddrEnabled: true,
portDoH: 8043,
}, {
name: "pass_disabled_tls",
wantRes: resultCodeFinish,
host: ddrHostFQDN,
qtype: dns.TypeSVCB,
ddrEnabled: true,
}, {
name: "pass_disabled_ddr",
wantRes: resultCodeSuccess,
host: ddrHostFQDN,
qtype: dns.TypeSVCB,
ddrEnabled: false,
portDoH: 8043,
}, {
name: "dot",
wantRes: resultCodeFinish,
want: []*dns.SVCB{dotSVCB},
host: ddrHostFQDN,
qtype: dns.TypeSVCB,
ddrEnabled: true,
portDoT: 8043,
}, {
name: "doh",
wantRes: resultCodeFinish,
want: []*dns.SVCB{dohSVCB},
host: ddrHostFQDN,
qtype: dns.TypeSVCB,
ddrEnabled: true,
portDoH: 8044,
}, {
name: "dot_doh",
wantRes: resultCodeFinish,
want: []*dns.SVCB{dotSVCB, dohSVCB},
host: ddrHostFQDN,
qtype: dns.TypeSVCB,
ddrEnabled: true,
portDoT: 8043,
portDoH: 8044,
}}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
s := prepareTestServer(t, tc.portDoH, tc.portDoT, tc.ddrEnabled)
req := createTestMessageWithType(tc.host, tc.qtype)
dctx := &dnsContext{
proxyCtx: &proxy.DNSContext{
Req: req,
},
}
res := s.processDDRQuery(dctx)
require.Equal(t, tc.wantRes, res)
if tc.wantRes != resultCodeFinish {
return
}
msg := dctx.proxyCtx.Res
require.NotNil(t, msg)
for _, v := range tc.want {
v.Hdr = s.hdr(req, dns.TypeSVCB)
}
assert.ElementsMatch(t, tc.want, msg.Answer)
})
}
}
func prepareTestServer(t *testing.T, portDoH, portDoT int, ddrEnabled bool) (s *Server) {
t.Helper()
proxyConf := proxy.Config{}
if portDoH > 0 {
proxyConf.HTTPSListenAddr = []*net.TCPAddr{{Port: portDoH}}
}
if portDoT > 0 {
proxyConf.TLSListenAddr = []*net.TCPAddr{{Port: portDoT}}
}
s = &Server{
dnsProxy: &proxy.Proxy{
Config: proxyConf,
},
conf: ServerConfig{
FilteringConfig: FilteringConfig{
HandleDDR: ddrEnabled,
},
TLSConfig: TLSConfig{
ServerName: ddrTestDomainName,
},
},
}
return s
}
func TestServer_ProcessDetermineLocal(t *testing.T) {
s := &Server{
privateNets: netutil.SubnetSetFunc(netutil.IsLocallyServed),
}
testCases := []struct {
want assert.BoolAssertionFunc
name string
cliIP net.IP
}{{
want: assert.True,
name: "local",
cliIP: net.IP{192, 168, 0, 1},
}, {
want: assert.False,
name: "external",
cliIP: net.IP{250, 249, 0, 1},
}, {
want: assert.False,
name: "invalid",
cliIP: net.IP{1, 2, 3, 4, 5},
}, {
want: assert.False,
name: "nil",
cliIP: nil,
}}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
proxyCtx := &proxy.DNSContext{
Addr: &net.TCPAddr{
IP: tc.cliIP,
},
}
dctx := &dnsContext{
proxyCtx: proxyCtx,
}
s.processDetermineLocal(dctx)
tc.want(t, dctx.isLocalClient)
})
}
}
func TestServer_ProcessInternalHosts_localRestriction(t *testing.T) {
knownIP := net.IP{1, 2, 3, 4}
testCases := []struct {
name string
host string
wantIP net.IP
wantRes resultCode
isLocalCli bool
}{{
name: "local_client_success",
host: "example.lan",
wantIP: knownIP,
wantRes: resultCodeSuccess,
isLocalCli: true,
}, {
name: "local_client_unknown_host",
host: "wronghost.lan",
wantIP: nil,
wantRes: resultCodeFinish,
isLocalCli: true,
}, {
name: "external_client_known_host",
host: "example.lan",
wantIP: nil,
wantRes: resultCodeFinish,
isLocalCli: false,
}, {
name: "external_client_unknown_host",
host: "wronghost.lan",
wantIP: nil,
wantRes: resultCodeFinish,
isLocalCli: false,
}}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
s := &Server{
dhcpServer: &testDHCP{},
localDomainSuffix: defaultLocalDomainSuffix,
tableHostToIP: hostToIPTable{
"example": knownIP,
},
}
req := &dns.Msg{
MsgHdr: dns.MsgHdr{
Id: dns.Id(),
},
Question: []dns.Question{{
Name: dns.Fqdn(tc.host),
Qtype: dns.TypeA,
Qclass: dns.ClassINET,
}},
}
dctx := &dnsContext{
proxyCtx: &proxy.DNSContext{
Req: req,
},
isLocalClient: tc.isLocalCli,
}
res := s.processInternalHosts(dctx)
require.Equal(t, tc.wantRes, res)
pctx := dctx.proxyCtx
if tc.wantRes == resultCodeFinish {
require.NotNil(t, pctx.Res)
assert.Equal(t, dns.RcodeNameError, pctx.Res.Rcode)
assert.Len(t, pctx.Res.Answer, 0)
return
}
if tc.wantIP == nil {
assert.Nil(t, pctx.Res)
} else {
require.NotNil(t, pctx.Res)
ans := pctx.Res.Answer
require.Len(t, ans, 1)
assert.Equal(t, tc.wantIP, ans[0].(*dns.A).A)
}
})
}
}
func TestServer_ProcessInternalHosts(t *testing.T) {
const (
examplecom = "example.com"
examplelan = "example.lan"
)
knownIP := net.IP{1, 2, 3, 4}
testCases := []struct {
name string
host string
suffix string
wantIP net.IP
wantRes resultCode
qtyp uint16
}{{
name: "success_external",
host: examplecom,
suffix: defaultLocalDomainSuffix,
wantIP: nil,
wantRes: resultCodeSuccess,
qtyp: dns.TypeA,
}, {
name: "success_external_non_a",
host: examplecom,
suffix: defaultLocalDomainSuffix,
wantIP: nil,
wantRes: resultCodeSuccess,
qtyp: dns.TypeCNAME,
}, {
name: "success_internal",
host: examplelan,
suffix: defaultLocalDomainSuffix,
wantIP: knownIP,
wantRes: resultCodeSuccess,
qtyp: dns.TypeA,
}, {
name: "success_internal_unknown",
host: "example-new.lan",
suffix: defaultLocalDomainSuffix,
wantIP: nil,
wantRes: resultCodeFinish,
qtyp: dns.TypeA,
}, {
name: "success_internal_aaaa",
host: examplelan,
suffix: defaultLocalDomainSuffix,
wantIP: nil,
wantRes: resultCodeSuccess,
qtyp: dns.TypeAAAA,
}, {
name: "success_custom_suffix",
host: "example.custom",
suffix: ".custom.",
wantIP: knownIP,
wantRes: resultCodeSuccess,
qtyp: dns.TypeA,
}}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
s := &Server{
dhcpServer: &testDHCP{},
localDomainSuffix: tc.suffix,
tableHostToIP: hostToIPTable{
"example": knownIP,
},
}
req := &dns.Msg{
MsgHdr: dns.MsgHdr{
Id: 1234,
},
Question: []dns.Question{{
Name: dns.Fqdn(tc.host),
Qtype: tc.qtyp,
Qclass: dns.ClassINET,
}},
}
dctx := &dnsContext{
proxyCtx: &proxy.DNSContext{
Req: req,
},
isLocalClient: true,
}
res := s.processInternalHosts(dctx)
pctx := dctx.proxyCtx
assert.Equal(t, tc.wantRes, res)
if tc.wantRes == resultCodeFinish {
require.NotNil(t, pctx.Res)
assert.Equal(t, dns.RcodeNameError, pctx.Res.Rcode)
return
}
require.NoError(t, dctx.err)
if tc.qtyp == dns.TypeAAAA {
// TODO(a.garipov): Remove this special handling
// when we fully support AAAA.
require.NotNil(t, pctx.Res)
ans := pctx.Res.Answer
require.Len(t, ans, 0)
} else if tc.wantIP == nil {
assert.Nil(t, pctx.Res)
} else {
require.NotNil(t, pctx.Res)
ans := pctx.Res.Answer
require.Len(t, ans, 1)
assert.Equal(t, tc.wantIP, ans[0].(*dns.A).A)
}
})
}
}
func TestServer_ProcessRestrictLocal(t *testing.T) {
ups := &aghtest.Upstream{
Reverse: map[string][]string{
"251.252.253.254.in-addr.arpa.": {"host1.example.net."},
"1.1.168.192.in-addr.arpa.": {"some.local-client."},
},
}
s := createTestServer(t, &filtering.Config{}, ServerConfig{
UDPListenAddrs: []*net.UDPAddr{{}},
TCPListenAddrs: []*net.TCPAddr{{}},
}, ups)
s.conf.UpstreamConfig.Upstreams = []upstream.Upstream{ups}
startDeferStop(t, s)
testCases := []struct {
name string
want string
question net.IP
cliIP net.IP
wantLen int
}{{
name: "from_local_to_external",
want: "host1.example.net.",
question: net.IP{254, 253, 252, 251},
cliIP: net.IP{192, 168, 10, 10},
wantLen: 1,
}, {
name: "from_external_for_local",
want: "",
question: net.IP{192, 168, 1, 1},
cliIP: net.IP{254, 253, 252, 251},
wantLen: 0,
}, {
name: "from_local_for_local",
want: "some.local-client.",
question: net.IP{192, 168, 1, 1},
cliIP: net.IP{192, 168, 1, 2},
wantLen: 1,
}, {
name: "from_external_for_external",
want: "host1.example.net.",
question: net.IP{254, 253, 252, 251},
cliIP: net.IP{254, 253, 252, 255},
wantLen: 1,
}}
for _, tc := range testCases {
reqAddr, err := dns.ReverseAddr(tc.question.String())
require.NoError(t, err)
req := createTestMessageWithType(reqAddr, dns.TypePTR)
pctx := &proxy.DNSContext{
Proto: proxy.ProtoTCP,
Req: req,
Addr: &net.TCPAddr{
IP: tc.cliIP,
},
}
t.Run(tc.name, func(t *testing.T) {
err = s.handleDNSRequest(nil, pctx)
require.NoError(t, err)
require.NotNil(t, pctx.Res)
require.Len(t, pctx.Res.Answer, tc.wantLen)
if tc.wantLen > 0 {
assert.Equal(t, tc.want, pctx.Res.Answer[0].(*dns.PTR).Ptr)
}
})
}
}
func TestServer_ProcessLocalPTR_usingResolvers(t *testing.T) {
const locDomain = "some.local."
const reqAddr = "1.1.168.192.in-addr.arpa."
s := createTestServer(t, &filtering.Config{}, ServerConfig{
UDPListenAddrs: []*net.UDPAddr{{}},
TCPListenAddrs: []*net.TCPAddr{{}},
}, &aghtest.Upstream{
Reverse: map[string][]string{
reqAddr: {locDomain},
},
})
var proxyCtx *proxy.DNSContext
var dnsCtx *dnsContext
setup := func(use bool) {
proxyCtx = &proxy.DNSContext{
Addr: &net.TCPAddr{
IP: net.IP{127, 0, 0, 1},
},
Req: createTestMessageWithType(reqAddr, dns.TypePTR),
}
dnsCtx = &dnsContext{
proxyCtx: proxyCtx,
unreversedReqIP: net.IP{192, 168, 1, 1},
}
s.conf.UsePrivateRDNS = use
}
t.Run("enabled", func(t *testing.T) {
setup(true)
rc := s.processLocalPTR(dnsCtx)
require.Equal(t, resultCodeSuccess, rc)
require.NotEmpty(t, proxyCtx.Res.Answer)
assert.Equal(t, locDomain, proxyCtx.Res.Answer[0].(*dns.PTR).Ptr)
})
t.Run("disabled", func(t *testing.T) {
setup(false)
rc := s.processLocalPTR(dnsCtx)
require.Equal(t, resultCodeFinish, rc)
require.Empty(t, proxyCtx.Res.Answer)
})
}
func TestIPStringFromAddr(t *testing.T) {
t.Run("not_nil", func(t *testing.T) {
addr := net.UDPAddr{
IP: net.ParseIP("1:2:3::4"),
Port: 12345,
Zone: "eth0",
}
assert.Equal(t, ipStringFromAddr(&addr), addr.IP.String())
})
t.Run("nil", func(t *testing.T) {
assert.Empty(t, ipStringFromAddr(nil))
})
}