From 2e7c8cde0bbacdb097559a27044f5e46e86c8efe Mon Sep 17 00:00:00 2001 From: genofire Date: Wed, 23 Oct 2019 14:03:30 +0200 Subject: [PATCH] [BUGFIX] disable ip protocol fallback and tests (#540) Signed-off-by: Martin/Geno --- prober/dns_test.go | 97 ++++++++++++++++++++++++++------------------ prober/tcp_test.go | 5 ++- prober/utils.go | 2 +- prober/utils_test.go | 32 +++++++++++++++ 4 files changed, 93 insertions(+), 43 deletions(-) diff --git a/prober/dns_test.go b/prober/dns_test.go index 767a31c..9b7b4a6 100644 --- a/prober/dns_test.go +++ b/prober/dns_test.go @@ -96,21 +96,24 @@ func TestRecursiveDNSResponse(t *testing.T) { }{ { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", }, true, }, { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", - ValidRcodes: []string{"SERVFAIL", "NXDOMAIN"}, + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", + ValidRcodes: []string{"SERVFAIL", "NXDOMAIN"}, }, false, }, { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", ValidateAnswer: config.DNSRRValidator{ FailIfMatchesRegexp: []string{".*7200.*"}, FailIfNotMatchesRegexp: []string{".*3600.*"}, @@ -119,8 +122,9 @@ func TestRecursiveDNSResponse(t *testing.T) { }, { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", ValidateAuthority: config.DNSRRValidator{ FailIfMatchesRegexp: []string{".*7200.*"}, }, @@ -128,8 +132,9 @@ func TestRecursiveDNSResponse(t *testing.T) { }, { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", ValidateAdditional: config.DNSRRValidator{ FailIfNotMatchesRegexp: []string{".*3600.*"}, }, @@ -226,27 +231,31 @@ func TestAuthoritativeDNSResponse(t *testing.T) { }{ { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", }, true, }, { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", - QueryType: "SOA", + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", + QueryType: "SOA", }, true, }, { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", - ValidRcodes: []string{"SERVFAIL", "NXDOMAIN"}, + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", + ValidRcodes: []string{"SERVFAIL", "NXDOMAIN"}, }, false, }, { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", ValidateAnswer: config.DNSRRValidator{ FailIfMatchesRegexp: []string{".*3600.*"}, FailIfNotMatchesRegexp: []string{".*3600.*"}, @@ -255,8 +264,9 @@ func TestAuthoritativeDNSResponse(t *testing.T) { }, { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", ValidateAnswer: config.DNSRRValidator{ FailIfMatchesRegexp: []string{".*7200.*"}, FailIfNotMatchesRegexp: []string{".*7200.*"}, @@ -265,8 +275,9 @@ func TestAuthoritativeDNSResponse(t *testing.T) { }, { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", ValidateAuthority: config.DNSRRValidator{ FailIfNotMatchesRegexp: []string{"ns.*.isp.net"}, }, @@ -274,8 +285,9 @@ func TestAuthoritativeDNSResponse(t *testing.T) { }, { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", ValidateAdditional: config.DNSRRValidator{ FailIfNotMatchesRegexp: []string{"^ns.*.isp"}, }, @@ -283,8 +295,9 @@ func TestAuthoritativeDNSResponse(t *testing.T) { }, { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", ValidateAdditional: config.DNSRRValidator{ FailIfMatchesRegexp: []string{"^ns.*.isp"}, }, @@ -334,29 +347,33 @@ func TestServfailDNSResponse(t *testing.T) { }{ { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", }, false, }, { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", - ValidRcodes: []string{"SERVFAIL", "NXDOMAIN"}, + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", + ValidRcodes: []string{"SERVFAIL", "NXDOMAIN"}, }, true, }, { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", - QueryType: "NOT_A_VALID_QUERY_TYPE", + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", + QueryType: "NOT_A_VALID_QUERY_TYPE", }, false, }, { config.DNSProbe{ - IPProtocol: "ipv4", - QueryName: "example.com", - ValidRcodes: []string{"NOT_A_VALID_RCODE"}, + IPProtocol: "ip4", + IPProtocolFallback: true, + QueryName: "example.com", + ValidRcodes: []string{"NOT_A_VALID_RCODE"}, }, false, }, } diff --git a/prober/tcp_test.go b/prober/tcp_test.go index e2fcbd4..02401f6 100644 --- a/prober/tcp_test.go +++ b/prober/tcp_test.go @@ -135,8 +135,9 @@ func TestTCPConnectionWithTLS(t *testing.T) { // Expect name-verified TLS connection. module := config.Module{ TCP: config.TCPProbe{ - IPProtocol: "ipv4", - TLS: true, + IPProtocol: "ip4", + IPProtocolFallback: true, + TLS: true, TLSConfig: pconfig.TLSConfig{ CAFile: tmpCaFile.Name(), InsecureSkipVerify: false, diff --git a/prober/utils.go b/prober/utils.go index 238f65c..eab2004 100644 --- a/prober/utils.go +++ b/prober/utils.go @@ -91,7 +91,7 @@ func chooseProtocol(ctx context.Context, IPProtocol string, fallbackIPProtocol b } // Unable to find ip and no fallback set. - if fallback == nil { + if fallback == nil || !fallbackIPProtocol { return nil, 0.0, fmt.Errorf("unable to find ip; no fallback") } diff --git a/prober/utils_test.go b/prober/utils_test.go index 326da5d..dc0e8f9 100644 --- a/prober/utils_test.go +++ b/prober/utils_test.go @@ -14,6 +14,7 @@ package prober import ( + "context" "crypto/rand" "crypto/rsa" "crypto/x509" @@ -22,9 +23,13 @@ import ( "fmt" "math/big" "net" + "os" "testing" "time" + "github.com/go-kit/kit/log" + + "github.com/prometheus/client_golang/prometheus" dto "github.com/prometheus/client_model/go" ) @@ -110,3 +115,30 @@ func generateTestCertificate(expiry time.Time, IPAddressSAN bool) ([]byte, []byt pemKey := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privatekey)}) return pemCert, pemKey } + +func TestChooseProtocol(t *testing.T) { + ctx := context.Background() + registry := prometheus.NewPedanticRegistry() + w := log.NewSyncWriter(os.Stderr) + logger := log.NewLogfmtLogger(w) + + ip, _, err := chooseProtocol(ctx, "ip4", true, "ipv6.google.com", registry, logger) + if err != nil { + t.Error(err) + } + if ip == nil || ip.IP.To4() != nil { + t.Error("with fallback it should answer") + } + + registry = prometheus.NewPedanticRegistry() + + ip, _, err = chooseProtocol(ctx, "ip4", false, "ipv6.google.com", registry, logger) + if err != nil && err.Error() != "unable to find ip; no fallback" { + t.Error(err) + } else if err == nil { + t.Error("should set error") + } + if ip != nil { + t.Error("without fallback it should not answer") + } +} -- 2.25.1