From f3fbe45c4c32b450f5b7948ad6a654c21f573b49 Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Fri, 8 Nov 2024 11:17:48 +0100
Subject: [PATCH] btest: Add integration test for DNS_Mgr

This makes use of an ephemeral dnsmasq instance
---
 .../btest/Baseline/dns_mgr.lookup_addr/out    |  2 +
 .../Baseline/dns_mgr.lookup_hostname/out      |  7 ++++
 .../dns_mgr.lookup_hostname_cname/out         |  3 ++
 .../Baseline/dns_mgr.lookup_hostname_txt/out  |  2 +
 testing/btest/btest.cfg                       |  2 +-
 testing/btest/dns_mgr/lookup_addr.zeek        | 26 ++++++++++++
 testing/btest/dns_mgr/lookup_hostname.zeek    | 28 +++++++++++++
 .../btest/dns_mgr/lookup_hostname_cname.zeek  | 42 +++++++++++++++++++
 .../btest/dns_mgr/lookup_hostname_txt.zeek    | 32 ++++++++++++++
 testing/scripts/run-dnsmasq                   | 34 +++++++++++++++
 10 files changed, 177 insertions(+), 1 deletion(-)
 create mode 100644 testing/btest/Baseline/dns_mgr.lookup_addr/out
 create mode 100644 testing/btest/Baseline/dns_mgr.lookup_hostname/out
 create mode 100644 testing/btest/Baseline/dns_mgr.lookup_hostname_cname/out
 create mode 100644 testing/btest/Baseline/dns_mgr.lookup_hostname_txt/out
 create mode 100644 testing/btest/dns_mgr/lookup_addr.zeek
 create mode 100644 testing/btest/dns_mgr/lookup_hostname.zeek
 create mode 100644 testing/btest/dns_mgr/lookup_hostname_cname.zeek
 create mode 100644 testing/btest/dns_mgr/lookup_hostname_txt.zeek
 create mode 100755 testing/scripts/run-dnsmasq

diff --git a/testing/btest/Baseline/dns_mgr.lookup_addr/out b/testing/btest/Baseline/dns_mgr.lookup_addr/out
new file mode 100644
index 0000000000..4b156fd76d
--- /dev/null
+++ b/testing/btest/Baseline/dns_mgr.lookup_addr/out
@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+dns.example.com
diff --git a/testing/btest/Baseline/dns_mgr.lookup_hostname/out b/testing/btest/Baseline/dns_mgr.lookup_hostname/out
new file mode 100644
index 0000000000..dbcd56e47a
--- /dev/null
+++ b/testing/btest/Baseline/dns_mgr.lookup_hostname/out
@@ -0,0 +1,7 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+addrs, 5
+10.0.0.3
+10.0.0.2
+10.0.0.1
+fe80::6990:df6e:618:c096
+10.0.0.4
diff --git a/testing/btest/Baseline/dns_mgr.lookup_hostname_cname/out b/testing/btest/Baseline/dns_mgr.lookup_hostname_cname/out
new file mode 100644
index 0000000000..5711a95433
--- /dev/null
+++ b/testing/btest/Baseline/dns_mgr.lookup_hostname_cname/out
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+lookup_hostname addrs, 0
+lookup_hostname_txt, 15, www.example.com
diff --git a/testing/btest/Baseline/dns_mgr.lookup_hostname_txt/out b/testing/btest/Baseline/dns_mgr.lookup_hostname_txt/out
new file mode 100644
index 0000000000..52f266be5d
--- /dev/null
+++ b/testing/btest/Baseline/dns_mgr.lookup_hostname_txt/out
@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+TXT, more-network-monitor
diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg
index b47ff2dddf..9b459a0a05 100644
--- a/testing/btest/btest.cfg
+++ b/testing/btest/btest.cfg
@@ -4,7 +4,7 @@
 build_dir = build
 
 [btest]
-TestDirs    = af_packet doc bifs language core scripts coverage signatures plugins broker spicy supervisor telemetry javascript misc opt
+TestDirs    = af_packet doc bifs language core scripts coverage signatures plugins broker spicy supervisor telemetry javascript misc opt dns_mgr
 TmpDir      = %(testbase)s/.tmp
 BaselineDir = %(testbase)s/Baseline
 IgnoreDirs  = .svn CVS .tmp
diff --git a/testing/btest/dns_mgr/lookup_addr.zeek b/testing/btest/dns_mgr/lookup_addr.zeek
new file mode 100644
index 0000000000..1c35cb2a9c
--- /dev/null
+++ b/testing/btest/dns_mgr/lookup_addr.zeek
@@ -0,0 +1,26 @@
+# @TEST-GROUP: dns_mgr
+#
+# @TEST-REQUIRES: dnsmasq --version
+# @TEST-PORT: DNSMASQ_PORT
+
+# @TEST-EXEC: btest-bg-run dnsmasq run-dnsmasq 127.0.0.1 ${DNSMASQ_PORT%/tcp}
+# @TEST-EXEC: unset ZEEK_DNS_FAKE; ZEEK_DNS_RESOLVER=127.0.0.1:${DNSMASQ_PORT%/tcp} zeek -b %INPUT >out
+# @TEST-EXEC: btest-bg-wait -k 0
+
+# @TEST-EXEC: btest-diff out
+
+redef exit_only_after_terminate = T;
+
+event zeek_init()
+	{
+	when ( local host = lookup_addr(10.0.0.99) )
+		{
+		print cat(host);
+		terminate();
+		}
+	timeout 5sec
+		{
+		print "ERROR timeout";
+		terminate();
+		}
+	}
diff --git a/testing/btest/dns_mgr/lookup_hostname.zeek b/testing/btest/dns_mgr/lookup_hostname.zeek
new file mode 100644
index 0000000000..fcb328369e
--- /dev/null
+++ b/testing/btest/dns_mgr/lookup_hostname.zeek
@@ -0,0 +1,28 @@
+# @TEST-GROUP: dns_mgr
+#
+# @TEST-REQUIRES: dnsmasq --version
+# @TEST-PORT: DNSMASQ_PORT
+
+# @TEST-EXEC: btest-bg-run dnsmasq run-dnsmasq 127.0.0.1 ${DNSMASQ_PORT%/tcp}
+# @TEST-EXEC: unset ZEEK_DNS_FAKE; ZEEK_DNS_RESOLVER=127.0.0.1:${DNSMASQ_PORT%/tcp} zeek -b %INPUT >out
+# @TEST-EXEC: btest-bg-wait -k 0
+
+# @TEST-EXEC: btest-diff out
+
+redef exit_only_after_terminate = T;
+
+event zeek_init()
+	{
+	when ( local addrs = lookup_hostname("example.com") )
+		{
+		print "addrs", |addrs|;
+		for ( a in addrs )
+			print a;
+		terminate();
+		}
+	timeout 5sec
+		{
+		print "ERROR timeout";
+		terminate();
+		}
+	}
diff --git a/testing/btest/dns_mgr/lookup_hostname_cname.zeek b/testing/btest/dns_mgr/lookup_hostname_cname.zeek
new file mode 100644
index 0000000000..0c66df4043
--- /dev/null
+++ b/testing/btest/dns_mgr/lookup_hostname_cname.zeek
@@ -0,0 +1,42 @@
+# @TEST-GROUP: dns_mgr
+#
+# @TEST-REQUIRES: dnsmasq --version
+# @TEST-PORT: DNSMASQ_PORT
+
+# @TEST-EXEC: btest-bg-run dnsmasq run-dnsmasq 127.0.0.1 ${DNSMASQ_PORT%/tcp}
+# @TEST-EXEC: unset ZEEK_DNS_FAKE; ZEEK_DNS_RESOLVER=127.0.0.1:${DNSMASQ_PORT%/tcp} zeek -b %INPUT >out
+# @TEST-EXEC: btest-bg-wait -k 0
+
+# @TEST-EXEC: btest-diff out
+
+redef exit_only_after_terminate = T;
+
+event zeek_init()
+	{
+	# www.example.com is a CNAME for example.com and this
+	# results in nothing :-/
+	when ( local addrs = lookup_hostname("www.example.com") )
+		{
+		print "lookup_hostname addrs", |addrs|;
+		for ( a in addrs )
+			print a;
+
+		# Example.com is a CNAME for www.example.com and a
+		# TXT lookup yields example.com. Weird.
+		when ( local txt = lookup_hostname_txt("www.example.com") )
+			{
+			print "lookup_hostname_txt", |txt|, txt;
+			terminate();
+			}
+		timeout 5sec
+			{
+			print "ERROR lookup_hostname_txt timeout";
+			terminate();
+			}
+		}
+	timeout 5sec
+		{
+		print "ERROR lookup_hostname timeout";
+		terminate();
+		}
+	}
diff --git a/testing/btest/dns_mgr/lookup_hostname_txt.zeek b/testing/btest/dns_mgr/lookup_hostname_txt.zeek
new file mode 100644
index 0000000000..29b70f6c69
--- /dev/null
+++ b/testing/btest/dns_mgr/lookup_hostname_txt.zeek
@@ -0,0 +1,32 @@
+# @TEST-GROUP: dns_mgr
+#
+# @TEST-REQUIRES: dnsmasq --version
+# @TEST-PORT: DNSMASQ_PORT
+
+# @TEST-EXEC: btest-bg-run dnsmasq run-dnsmasq 127.0.0.1 ${DNSMASQ_PORT%/tcp}
+# @TEST-EXEC: unset ZEEK_DNS_FAKE; ZEEK_DNS_RESOLVER=127.0.0.1:${DNSMASQ_PORT%/tcp} zeek -b %INPUT >out
+# @TEST-EXEC: btest-bg-wait -k 0
+
+# @TEST-EXEC: btest-diff out
+
+redef exit_only_after_terminate = T;
+
+event zeek_init()
+	{
+	when ( local txt = lookup_hostname_txt("example.com") )
+		{
+		# www.example.com has much more TXT entries, we
+		# only return "more-network-monitor", however.
+		#
+		# ;; ANSWER SECTION:
+		# www.example.com.        0       IN      TXT     "more-network-monitor" "bro"
+		# www.example.com.        0       IN      TXT     "network-monitor" "open-source" "zeek"
+		print "TXT", txt;
+		terminate();
+		}
+	timeout 5sec
+		{
+		print "ERROR timeout";
+		terminate();
+		}
+	}
diff --git a/testing/scripts/run-dnsmasq b/testing/scripts/run-dnsmasq
new file mode 100755
index 0000000000..edada1b6e5
--- /dev/null
+++ b/testing/scripts/run-dnsmasq
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+set -eux
+
+if ! dnsmasq --version; then
+    exit 1
+fi
+
+if [ $# -ne 2 ]; then
+    echo "Usage $0 <listen_addr> <listen_port>" >2
+    exit 1
+fi
+
+listen_addr=$1
+listen_port=$2
+
+exec dnsmasq \
+    --no-resolv \
+    --no-hosts \
+    --no-daemon \
+    --listen-addr="${listen_addr}" \
+    --port="${listen_port}" \
+    --address /example.com/10.0.0.1 \
+    --address /example.com/10.0.0.2 \
+    --address /example.com/10.0.0.3 \
+    --address /example.com/10.0.0.4 \
+    --address /example.com/10.0.0.4 \
+    --address /example.com/fe80::6990:df6e:618:c096 \
+    --address /mx.example.com/10.0.0.99 \
+    --address /dns.example.com/10.0.0.99 \
+    --ptr-record=99.0.0.10.in-addr.arpa,mx.example.com \
+    --ptr-record=99.0.0.10.in-addr.arpa,dns.example.com \
+    --txt-record=example.com,network-monitor,open-source,zeek \
+    --txt-record=example.com,more-network-monitor,bro \
+    --cname=www.example.com,example.com