nameserver_test.go
1 // Copyright 2026 Alibaba Group Holding Ltd. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package main 16 17 import ( 18 "fmt" 19 "net/netip" 20 "os" 21 "path/filepath" 22 "strings" 23 "testing" 24 25 "github.com/stretchr/testify/require" 26 ) 27 28 func TestAllowIPsForNft_EmptyResolv(t *testing.T) { 29 dir := t.TempDir() 30 resolv := filepath.Join(dir, "resolv.conf") 31 require.NoError(t, os.WriteFile(resolv, []byte("# empty\n"), 0644)) 32 ips := AllowIPsForNft(resolv) 33 require.Len(t, ips, 1, "expected 1 IP (127.0.0.1)") 34 require.Equal(t, netip.MustParseAddr("127.0.0.1"), ips[0]) 35 } 36 37 func TestAllowIPsForNft_ValidNameservers(t *testing.T) { 38 dir := t.TempDir() 39 resolv := filepath.Join(dir, "resolv.conf") 40 // Standard resolv.conf with two nameservers 41 content := "nameserver 192.168.65.7\nnameserver 10.0.0.1\n" 42 require.NoError(t, os.WriteFile(resolv, []byte(content), 0644)) 43 ips := AllowIPsForNft(resolv) 44 require.Len(t, ips, 3, "expected 3 IPs (127.0.0.1 + 2 nameservers)") 45 require.Equal(t, netip.MustParseAddr("127.0.0.1"), ips[0], "expected first 127.0.0.1") 46 require.Equal(t, netip.MustParseAddr("192.168.65.7"), ips[1], "expected 192.168.65.7") 47 require.Equal(t, netip.MustParseAddr("10.0.0.1"), ips[2], "expected 10.0.0.1") 48 } 49 50 func TestAllowIPsForNft_FiltersInvalid(t *testing.T) { 51 dir := t.TempDir() 52 resolv := filepath.Join(dir, "resolv.conf") 53 // 0.0.0.0 and 127.0.0.11 should be filtered; 192.168.1.1 kept 54 content := "nameserver 0.0.0.0\nnameserver 192.168.1.1\nnameserver 127.0.0.11\n" 55 require.NoError(t, os.WriteFile(resolv, []byte(content), 0644)) 56 ips := AllowIPsForNft(resolv) 57 require.Len(t, ips, 2, "expected 2 IPs (127.0.0.1 + 192.168.1.1)") 58 require.Equal(t, netip.MustParseAddr("127.0.0.1"), ips[0], "expected first 127.0.0.1") 59 require.Equal(t, netip.MustParseAddr("192.168.1.1"), ips[1], "expected 192.168.1.1") 60 } 61 62 func TestAllowIPsForNft_Cap(t *testing.T) { 63 dir := t.TempDir() 64 resolv := filepath.Join(dir, "resolv.conf") 65 var lines []string 66 for i := 1; i <= 11; i++ { 67 lines = append(lines, fmt.Sprintf("nameserver 10.0.0.%d", i)) 68 } 69 content := strings.Join(lines, "\n") + "\n" 70 require.NoError(t, os.WriteFile(resolv, []byte(content), 0644)) 71 72 ips := AllowIPsForNft(resolv) 73 // 127.0.0.1 + first 10 nameservers (fixed cap) 74 require.Len(t, ips, 11, "expected 11 IPs (127.0.0.1 + 10 from resolv)") 75 require.Equal(t, netip.MustParseAddr("10.0.0.1"), ips[1], "expected first nameserver to be 10.0.0.1") 76 require.Equal(t, netip.MustParseAddr("10.0.0.10"), ips[10], "expected tenth nameserver to be 10.0.0.10") 77 } 78 79 func TestIsValidNameserverIP(t *testing.T) { 80 tests := []struct { 81 ip string 82 want bool 83 }{ 84 {"0.0.0.0", false}, 85 {"::", false}, 86 {"127.0.0.1", false}, 87 {"127.0.0.11", false}, 88 {"::1", false}, 89 {"192.168.65.7", true}, 90 {"10.0.0.1", true}, 91 {"8.8.8.8", true}, 92 } 93 for _, tt := range tests { 94 ip := netip.MustParseAddr(tt.ip) 95 got := isValidNameserverIP(ip) 96 if got != tt.want { 97 t.Errorf("isValidNameserverIP(%s) = %v, want %v", tt.ip, got, tt.want) 98 } 99 } 100 }