1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
-- SPDX-License-Identifier: GPL-3.0-or-later
-- do not attempt to contact outside world, operate only on cache
net.ipv4 = false
net.ipv6 = false
-- do not listen, test is driven by config code
env.KRESD_NO_LISTEN = true
local path = worker.cwd..'/control/'..worker.pid
same(true, net.listen(path, nil, {kind = 'control'}),
'new control sockets were created so map() can work')
modules.load('hints > iterate')
modules.load('daf')
hints['pass.'] = '127.0.0.1'
hints['deny.'] = '127.0.0.1'
hints['deny.'] = '127.0.0.1'
hints['drop.'] = '127.0.0.1'
hints['del.'] = '127.0.0.1'
hints['del2.'] = '127.0.0.1'
hints['toggle.'] = '127.0.0.1'
local check_answer = require('test_utils').check_answer
local function test_sanity()
check_answer('daf sanity (no rules)', 'pass.', kres.type.A, kres.rcode.NOERROR)
check_answer('daf sanity (no rules)', 'deny.', kres.type.A, kres.rcode.NOERROR)
check_answer('daf sanity (no rules)', 'drop.', kres.type.A, kres.rcode.NOERROR)
check_answer('daf sanity (no rules)', 'del.', kres.type.A, kres.rcode.NOERROR)
check_answer('daf sanity (no rules)', 'del2.', kres.type.A, kres.rcode.NOERROR)
check_answer('daf sanity (no rules)', 'toggle.', kres.type.A, kres.rcode.NOERROR)
end
local function test_basic_actions()
daf.add('qname = pass. pass')
daf.add('qname = deny. deny')
daf.add('qname = drop. drop')
check_answer('daf pass action', 'pass.', kres.type.A, kres.rcode.NOERROR)
check_answer('daf deny action', 'deny.', kres.type.A, kres.rcode.NXDOMAIN)
check_answer('daf drop action', 'drop.', kres.type.A, kres.rcode.SERVFAIL)
end
local function test_del()
-- first matching rule is used
local first = daf.add('qname = del. deny')
local second = daf.add('qname = del2. deny')
check_answer('daf del - first rule active',
'del.', kres.type.A, kres.rcode.NXDOMAIN)
check_answer('daf del - second rule active',
'del2.', kres.type.A, kres.rcode.NXDOMAIN)
daf.del(first.rule.id)
check_answer('daf del - first rule deleted',
'del.', kres.type.A, kres.rcode.NOERROR)
daf.del(second.rule.id)
check_answer('daf del - second rule deleted',
'del2.', kres.type.A, kres.rcode.NOERROR)
end
local function test_toggle()
local toggle = daf.add('qname = toggle. deny')
check_answer('daf - toggle active',
'toggle.', kres.type.A, kres.rcode.NXDOMAIN)
daf.disable(toggle.rule.id)
check_answer('daf - toggle disabled',
'toggle.', kres.type.A, kres.rcode.NOERROR)
daf.enable(toggle.rule.id)
check_answer('daf - toggle enabled',
'toggle.', kres.type.A, kres.rcode.NXDOMAIN)
end
return {
test_sanity, -- must be first, expects no daf rules
test_basic_actions,
test_del,
test_toggle,
}
|
