CI: run respdiff over UDP/TCP/TLS

.gitlab-ci.yml

@@ -124,14 +124,54 @@ test:linux:amd64:valgrind:
       - tmpdeckard*
 
 
-respdiff:linux:amd64:
+respdiff:iter:udp:linux:amd64:
   stage: test
   script:
     - PREFIX=$(pwd)/.local ./ci/respdiff/start-resolvers.sh
-    - ./ci/respdiff/run-respdiff-tests.sh
-    - cat ./results/respdiff.txt
+    - ./ci/respdiff/run-respdiff-tests.sh udp
+    - cat results/respdiff.txt
     - echo 'test if mismatch rate >= 1 %'
-    - grep -q '^target diagrees.*0\.[0-9][0-9] %' ./results/respdiff.txt
+    - grep -q '^target diagrees.*0\.[0-9][0-9] %' results/respdiff.txt
+  dependencies:
+    - build:linux:amd64
+  artifacts:
+    when: always
+    expire_in: '1 week'
+    paths:
+      - results/*.txt
+  tags:
+    - docker
+    - linux
+    - amd64
+
+respdiff:iter:tcp:linux:amd64:
+  stage: test
+  script:
+    - PREFIX=$(pwd)/.local ./ci/respdiff/start-resolvers.sh
+    - ./ci/respdiff/run-respdiff-tests.sh tcp
+    - cat results/respdiff.txt
+    - echo 'test if mismatch rate >= 1 %'
+    - grep -q '^target diagrees.*0\.[0-9][0-9] %' results/respdiff.txt
+  dependencies:
+    - build:linux:amd64
+  artifacts:
+    when: always
+    expire_in: '1 week'
+    paths:
+      - results/*.txt
+  tags:
+    - docker
+    - linux
+    - amd64
+
+respdiff:iter:tls:linux:amd64:
+  stage: test
+  script:
+    - PREFIX=$(pwd)/.local ./ci/respdiff/start-resolvers.sh
+    - ./ci/respdiff/run-respdiff-tests.sh tls
+    - cat results/respdiff.txt
+    - echo 'test if mismatch rate >= 1 %'
+    - grep -q '^target diagrees.*0\.[0-9][0-9] %' results/respdiff.txt
   dependencies:
     - build:linux:amd64
   artifacts:

ci/respdiff/kresd.config

@@ -3,6 +3,8 @@
 -- Listen on localhost and external interface
 net.listen('127.0.0.1', 5353)
 net.listen('::1', 5353)
+net.listen('127.0.0.1', 8853, { tls = true })
+net.listen('::1', 8853, { tls = true })
 
 -- Auto-maintain root TA
 trust_anchors.file = '.local/etc/kresd/root.keys'
@@ -21,5 +23,4 @@ modules = {
 	'stats',    -- Track internal statistics
 }
 
-
 verbose(false)

ci/respdiff/respdiff.conf → ci/respdiff/respdiff-tcp.conf

@@ -14,14 +14,17 @@ names = kresd, bind, unbound
 [kresd]
 ip = ::1
 port = 5353
+transport = tcp
 
 [bind]
 ip = 127.0.0.1
 port = 53533
+transport = udp
 
 [unbound]
 ip = 127.0.0.1
 port = 53535
+transport = udp
 
 [diff]
 # symbolic name of server under test

ci/respdiff/respdiff-tls.conf

+[sendrecv]
+# in seconds
+timeout = 5
+# number of queries to run simultaneously
+jobs = 64
+
+[servers]
+names = kresd, bind, unbound
+# symbolic names of DNS servers under test
+# separate multiple values by ,
+
+# each symbolic name in [servers] section refers to config section
+# containing IP address and port of particular server
+[kresd]
+ip = ::1
+port = 8853
+transport = tls
+
+[bind]
+ip = 127.0.0.1
+port = 53533
+transport = udp
+
+[unbound]
+ip = 127.0.0.1
+port = 53535
+transport = udp
+
+[diff]
+# symbolic name of server under test
+# other servers are used as reference when comparing answers from the target
+target = kresd
+
+# fields and comparison methods used when comparing two DNS messages
+criteria = opcode, rcode, flags, question, qname, qtype, answertypes, answerrrsigs
+# other supported criteria values: authority, additional, edns, nsid
+
+[report]
+# diffsum reports mismatches in field values in this order
+# if particular message has multiple mismatches, it is counted only once into category with highest weight
+field_weights = opcode, qcase, qtype, rcode, flags, answertypes, answerrrsigs, answer, authority, additional, edns, nsid
+

ci/respdiff/respdiff-udp.conf

+[sendrecv]
+# in seconds
+timeout = 5
+# number of queries to run simultaneously
+jobs = 64
+
+[servers]
+names = kresd, bind, unbound
+# symbolic names of DNS servers under test
+# separate multiple values by ,
+
+# each symbolic name in [servers] section refers to config section
+# containing IP address and port of particular server
+[kresd]
+ip = ::1
+port = 5353
+transport = udp
+
+[bind]
+ip = 127.0.0.1
+port = 53533
+transport = udp
+
+[unbound]
+ip = 127.0.0.1
+port = 53535
+transport = udp
+
+[diff]
+# symbolic name of server under test
+# other servers are used as reference when comparing answers from the target
+target = kresd
+
+# fields and comparison methods used when comparing two DNS messages
+criteria = opcode, rcode, flags, question, qname, qtype, answertypes, answerrrsigs
+# other supported criteria values: authority, additional, edns, nsid
+
+[report]
+# diffsum reports mismatches in field values in this order
+# if particular message has multiple mismatches, it is counted only once into category with highest weight
+field_weights = opcode, qcase, qtype, rcode, flags, answertypes, answerrrsigs, answer, authority, additional, edns, nsid
+

ci/respdiff/run-respdiff-tests.sh

+#!/bin/bash
+# $1 == udp/tcp/tls, it selects configuration file to use
+# respdiff scripts must be present in /var/opt/respdiff
+set -o errexit -o nounset -o xtrace
+
 wget https://gitlab.labs.nic.cz/knot/knot-resolver/snippets/69/raw?inline=false -O /tmp/queries.txt
-mkdir results;
-rm -rf /tmp/respdiff;
-python3 /var/opt/respdiff/qprep.py /tmp/respdiff < /tmp/queries.txt && \
-python3 /var/opt/respdiff/orchestrator.py /tmp/respdiff -c $(pwd)/ci/respdiff/respdiff.conf && \
-python3 /var/opt/respdiff/msgdiff.py /tmp/respdiff -c $(pwd)/ci/respdiff/respdiff.conf && \
-python3 /var/opt/respdiff/diffsum.py /tmp/respdiff -c $(pwd)/ci/respdiff/respdiff.conf > results/respdiff.txt
+mkdir results
+rm -rf respdiff.db
+
+CONFIG="$(pwd)/ci/respdiff/respdiff-${1}.conf"
+/var/opt/respdiff/qprep.py respdiff.db < /tmp/queries.txt
+time /var/opt/respdiff/orchestrator.py respdiff.db -c "${CONFIG}"
+time /var/opt/respdiff/msgdiff.py respdiff.db -c "${CONFIG}"
+/var/opt/respdiff/diffsum.py respdiff.db -c "${CONFIG}" > results/respdiff.txt