From 61524c58020d03b22e750e8bf7a1871acbfdb8c0 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Thu, 10 Feb 2022 10:43:16 +0100
Subject: Merging upstream version 0.3.3.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 src/test/create_dnstap.c |  7 +++++++
 src/test/print_dnstap.c  | 20 ++++++++++++++++++++
 src/test/test3.gold      | 12 +++++++++++-
 src/test/test4.gold      | 10 ++++++++++
 src/test/test5.gold      | 10 ++++++++++
 src/test/test_dnstap.c   |  4 ++--
 6 files changed, 60 insertions(+), 3 deletions(-)

(limited to 'src/test')

diff --git a/src/test/create_dnstap.c b/src/test/create_dnstap.c
index 9fbd4a8..b1f00ff 100644
--- a/src/test/create_dnstap.c
+++ b/src/test/create_dnstap.c
@@ -12,6 +12,7 @@
 static char          dns_wire_format_placeholder[] = "dns_wire_format_placeholder";
 static unsigned char query_address[sizeof(struct in_addr)];
 static unsigned char response_address[sizeof(struct in_addr)];
+static char          policy_value[] = "bad.ns.name";
 
 static inline void create_dnstap(struct dnstap* d, const char* identity)
 {
@@ -48,4 +49,10 @@ static inline void create_dnstap(struct dnstap* d, const char* identity)
 
     dnstap_message_set_query_message(*d, dns_wire_format_placeholder, sizeof(dns_wire_format_placeholder) - 1);
     dnstap_message_set_response_message(*d, dns_wire_format_placeholder, sizeof(dns_wire_format_placeholder) - 1);
+
+    dnstap_message_use_policy(*d);
+    dnstap_message_policy_set_type(*d, "RPZ");
+    dnstap_message_policy_set_action(*d, DNSTAP_POLICY_ACTION_DROP);
+    dnstap_message_policy_set_match(*d, DNSTAP_POLICY_MATCH_NS_NAME);
+    dnstap_message_policy_set_value(*d, policy_value, sizeof(policy_value) - 1);
 }
diff --git a/src/test/print_dnstap.c b/src/test/print_dnstap.c
index b758119..109677b 100644
--- a/src/test/print_dnstap.c
+++ b/src/test/print_dnstap.c
@@ -111,6 +111,26 @@ static void print_dnstap(const struct dnstap* d)
             printf("  response_message_length: %zu\n", dnstap_message_response_message_length(*d));
             printf("  response_message: %s\n", printable_string(dnstap_message_response_message(*d), dnstap_message_response_message_length(*d)));
         }
+
+        if (dnstap_message_has_policy(*d)) {
+            printf("  policy:\n");
+
+            if (dnstap_message_policy_has_type(*d)) {
+                printf("    type: %s\n", dnstap_message_policy_type(*d));
+            }
+            if (dnstap_message_policy_has_rule(*d)) {
+                printf("    rule: %s\n", printable_string(dnstap_message_policy_rule(*d), dnstap_message_policy_rule_length(*d)));
+            }
+            if (dnstap_message_policy_has_action(*d)) {
+                printf("    action: %s\n", DNSTAP_POLICY_ACTION_STRING[dnstap_message_policy_action(*d)]);
+            }
+            if (dnstap_message_policy_has_match(*d)) {
+                printf("    match: %s\n", DNSTAP_POLICY_MATCH_STRING[dnstap_message_policy_match(*d)]);
+            }
+            if (dnstap_message_policy_has_value(*d)) {
+                printf("    value: %s\n", printable_string(dnstap_message_policy_value(*d), dnstap_message_policy_value_length(*d)));
+            }
+        }
     }
 
     printf("----\n");
diff --git a/src/test/test3.gold b/src/test/test3.gold
index a6e5c22..c86c86d 100644
--- a/src/test/test3.gold
+++ b/src/test/test3.gold
@@ -1,4 +1,4 @@
-read 322
+read 370
 ---- dnstap
 identity: writer_write-1
 message:
@@ -13,6 +13,11 @@ message:
   query_message: dns_wire_format_placeholder
   response_message_length: 27
   response_message: dns_wire_format_placeholder
+  policy:
+    type: RPZ
+    action: DROP
+    match: NS_NAME
+    value: bad.ns.name
 ----
 ---- dnstap
 identity: writer_write-2
@@ -28,4 +33,9 @@ message:
   query_message: dns_wire_format_placeholder
   response_message_length: 27
   response_message: dns_wire_format_placeholder
+  policy:
+    type: RPZ
+    action: DROP
+    match: NS_NAME
+    value: bad.ns.name
 ----
diff --git a/src/test/test4.gold b/src/test/test4.gold
index f6c9f7f..36523e4 100644
--- a/src/test/test4.gold
+++ b/src/test/test4.gold
@@ -12,6 +12,11 @@ message:
   query_message: dns_wire_format_placeholder
   response_message_length: 27
   response_message: dns_wire_format_placeholder
+  policy:
+    type: RPZ
+    action: DROP
+    match: NS_NAME
+    value: bad.ns.name
 ----
 ---- dnstap
 identity: writer_pop-2
@@ -27,4 +32,9 @@ message:
   query_message: dns_wire_format_placeholder
   response_message_length: 27
   response_message: dns_wire_format_placeholder
+  policy:
+    type: RPZ
+    action: DROP
+    match: NS_NAME
+    value: bad.ns.name
 ----
diff --git a/src/test/test5.gold b/src/test/test5.gold
index 86404aa..3042714 100644
--- a/src/test/test5.gold
+++ b/src/test/test5.gold
@@ -12,6 +12,11 @@ message:
   query_message: dns_wire_format_placeholder
   response_message_length: 27
   response_message: dns_wire_format_placeholder
+  policy:
+    type: RPZ
+    action: DROP
+    match: NS_NAME
+    value: bad.ns.name
 ----
 ---- dnstap
 identity: writer_reader_unixsock-2
@@ -27,4 +32,9 @@ message:
   query_message: dns_wire_format_placeholder
   response_message_length: 27
   response_message: dns_wire_format_placeholder
+  policy:
+    type: RPZ
+    action: DROP
+    match: NS_NAME
+    value: bad.ns.name
 ----
diff --git a/src/test/test_dnstap.c b/src/test/test_dnstap.c
index fd199f8..eec0049 100644
--- a/src/test/test_dnstap.c
+++ b/src/test/test_dnstap.c
@@ -27,7 +27,7 @@ int main(void)
     d.dnstap.type = (enum _Dnstap__Dnstap__Type)DNSTAP_TYPE_MESSAGE;
 
     // invalid message.type
-    d.message.type = (enum _Dnstap__Message__Type)(DNSTAP_MESSAGE_TYPE_TOOL_RESPONSE + 1);
+    d.message.type = (enum _Dnstap__Message__Type)(DNSTAP_MESSAGE_TYPE_UPDATE_RESPONSE + 1);
     s              = dnstap_encode_protobuf_size(&d);
     assert(s < sizeof(buf));
     assert(dnstap_encode_protobuf(&d, buf) == s);
@@ -47,7 +47,7 @@ int main(void)
     d.message.socket_family = (enum _Dnstap__SocketFamily)DNSTAP_SOCKET_FAMILY_INET;
 
     // invalid message.socket_protocol
-    d.message.socket_protocol = (enum _Dnstap__SocketProtocol)(DNSTAP_SOCKET_PROTOCOL_TCP + 1);
+    d.message.socket_protocol = (enum _Dnstap__SocketProtocol)(DNSTAP_SOCKET_PROTOCOL_DNSCryptTCP + 1);
     s                         = dnstap_encode_protobuf_size(&d);
     assert(s < sizeof(buf));
     assert(dnstap_encode_protobuf(&d, buf) == s);
-- 
cgit v1.2.3