add test for doq

dmachard · Feb 19, 2024 · 92d38f0 · 92d38f0
1 parent 023fc27
commit 92d38f0
Show file tree

Hide file tree

Showing 4 changed files with 85 additions and 11 deletions.
diff --git a/.github/workflows/testing-dnstap.yml b/.github/workflows/testing-dnstap.yml
@@ -166,3 +166,47 @@ jobs:
         sudo python3 -m pip install dnstap_pb fstrm dnspython
         sudo python3 -m pip install --upgrade protobuf
         sudo -E python3 -m unittest tests.dnsquery_${{ matrix.mode }} -v
+
+  dnsdist_doq:
+    runs-on: ubuntu-22.04
+
+    strategy:
+      matrix:
+        go-version: [ '1.21' ]
+        dnsdist: [ '19' ]
+
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-go@v5
+      with:
+        go-version: ${{ matrix.go-version }}
+    - uses: actions/setup-python@v5
+      with:
+        python-version: 3.12
+
+    - name: build binary
+      run: CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o go-dnscollector *.go
+
+    - name: download q
+      run: |
+        wget -o q.tar.gz https://github.com/natesales/q/releases/download/v0.19.2/q_0.19.2_linux_amd64.tar.gz
+        tar xvf q.tar.gz
+
+    - name: Generate certificate
+      run: |
+        openssl rand -base64 48 > passphrase.txt
+        openssl genrsa -aes128 -passout file:passphrase.txt -out server.key 2048
+        openssl req -new -passin file:passphrase.txt -key server.key -out server.csr -subj "/C=FR/O=krkr/OU=Domain Control Validated/CN=*.krkr.io"
+        openssl rsa -in server.key -passin file:passphrase.txt -out dnscollector.key
+        openssl x509 -req -days 36500 -in server.csr -signkey dnscollector.key -out dnscollector.crt
+        mv dnscollector.key ./testsdata/
+        mv dnscollector.crt ./testsdata/
+
+    - name: Deploy dnsdist docker image
+      run: |
+        sudo docker run -d --network="host" --name=dnsdist --volume=$PWD/testsdata/powerdns/dnsdist_doqdoh.conf:/etc/dnsdist/conf.d/dnsdist.conf:z --volume=$PWD/testsdata/dnscollector.key:/etc/dnsdist/key.pem:z --volume=$PWD/testsdata/dnscollector.crt:/etc/dnsdist/cert.pem:z powerdns/dnsdist-${{ matrix.dnsdist }}
+        until (dig -p 5553 www.github.com @127.0.0.1 | grep NOERROR); do sleep 5.0; done
+
+    - name: Tests
+      run: |
+        sudo python3 -m unittest tests.dnsquery_dnstapdoq -v
diff --git a/tests/dnsquery_dnstap_doq.py → tests/dnsquery_dnstapdoq.py b/tests/dnsquery_dnstap_doq.py → tests/dnsquery_dnstapdoq.py
@@ -21,7 +21,7 @@ def pipe_data_received(self, fd, data):
             self.is_ready.set_result(True)
 
         if not self.is_clientresponse.done():
-            if b"CLIENT_RESPONSE NOERROR" in data:
+            if b" DOQ " in data:
                 self.is_clientresponse.set_result(True)
                 self.kill()
 
@@ -51,31 +51,40 @@ def kill(self):
             self.proc.kill()
         except ProcessLookupError: pass
 
-class TestBench(unittest.TestCase):
+class TestDnstap(unittest.TestCase):
     def setUp(self):
         self.loop = asyncio.get_event_loop()
 
     def test_stdout_recv(self):
-        """benchmark"""
+        """test to receive dnstap DOQ response in stdou"""
         async def run():
             # run collector
             is_ready = asyncio.Future()
             is_clientresponse = asyncio.Future()
-            args = ( "./go-dnscollector", "-config", "./testsdata/config_stdout_dnstap_doq.yml",)
+            args = ( "./go-dnscollector", "-config", "./testsdata/config_stdout_dnstaptcp.yml",)
             transport_collector, protocol_collector =  await self.loop.subprocess_exec(lambda: CollectorProc(is_ready, is_clientresponse),
                                                                                        *args, stdout=asyncio.subprocess.PIPE)
 
-            # wait if is listening
+            # make doq resolution
+            for i in range(10):
+                is_existed = asyncio.Future()
+                args = ( "./q", "www.github.com", "A", "@quic://127.0.0.1:853", "--tls-insecure-skip-verify")
+                transport_client, protocol_client =  await self.loop.subprocess_exec(lambda: DoQClient(is_existed), *args, stdout=asyncio.subprocess.PIPE)
+                await is_existed
+
+                protocol_client.kill()
+                transport_client.close()
+
+            # waiting for connection between collector and dns server is ok
             try:
-                await asyncio.wait_for(is_ready, timeout=1.5)
+                await asyncio.wait_for(is_ready, timeout=5.0)
             except asyncio.TimeoutError:
                 protocol_collector.kill()
-                self.fail("collector listening timeout")
-
+                transport_collector.close()
+                self.fail("collector framestream timeout")
 
-            nb_packets = [10]
-            for nb in nb_packets:
-                # start gen
+            # make again doq resolution
+            for i in range(10):
                 is_existed = asyncio.Future()
                 args = ( "./q", "www.github.com", "A", "@quic://127.0.0.1:853", "--tls-insecure-skip-verify")
                 transport_client, protocol_client =  await self.loop.subprocess_exec(lambda: DoQClient(is_existed), *args, stdout=asyncio.subprocess.PIPE)
@@ -84,6 +93,14 @@ async def run():
                 protocol_client.kill()
                 transport_client.close()
 
+            # wait client response on collector
+            try:
+                await asyncio.wait_for(is_clientresponse, timeout=30.0)
+            except asyncio.TimeoutError:
+                protocol_collector.kill()
+                transport_collector.close()
+                self.fail("dnstap client response expected")
+
             # Shutdown all
             protocol_collector.kill()
             transport_collector.close()

diff --git a/testsdata/config_stdout_dnstap_doq.yml b/testsdata/config_stdout_dnstap_doq.yml
diff --git a/testsdata/powerdns/dnsdist_doqdoh.conf b/testsdata/powerdns/dnsdist_doqdoh.conf
@@ -0,0 +1,13 @@
+setLocal('0.0.0.0:5553')
+
+addDOQLocal('0.0.0.0:853', '/etc/dnsdist/cert.pem', '/etc/dnsdist/key.pem')
+addDOHLocal('0.0.0.0:443', '/etc/dnsdist/cert.pem', '/etc/dnsdist/key.pem')
+addDOH3Local('0.0.0.0:443', '/etc/dnsdist/cert.pem', '/etc/dnsdist/key.pem')
+
+fstl = newFrameStreamTcpLogger("127.0.0.1:6000")
+
+addAction(AllRule(), DnstapLogAction("dnsdist-tcp", fstl))
+addResponseAction(AllRule(), DnstapLogResponseAction("dnsdist-tcp", fstl))
+addCacheHitResponseAction(AllRule(), DnstapLogResponseAction("dnsdist-tcp", fstl))
+
+newServer('8.8.8.8')