mirror of
https://github.com/Control-D-Inc/ctrld.git
synced 2026-03-13 10:26:06 +00:00
1.6 KiB
1.6 KiB
DNS Intercept Test Scripts
Manual test scripts for verifying DNS intercept mode behavior. These require root/admin privileges and a running ctrld instance.
Structure
test-scripts/
├── darwin/
│ ├── test-recovery-bypass.sh # Captive portal recovery simulation
│ ├── test-dns-intercept.sh # Basic pf intercept verification
│ ├── test-pf-group-exemption.sh # Group-based pf exemption test
│ └── validate-pf-rules.sh # Dry-run pf rule validation
└── windows/
├── test-recovery-bypass.ps1 # Captive portal recovery simulation
└── test-dns-intercept.ps1 # Basic WFP intercept verification
Prerequisites
- ctrld running with
--intercept-mode dns(or--intercept-mode hard) - Verbose logging:
-v 1 --log /tmp/dns.log(macOS) or--log C:\temp\dns.log(Windows) - Root (macOS) or Administrator (Windows)
- For recovery tests: disconnect VPNs (e.g., Tailscale) that provide alternative routes
Recovery Bypass Test
Simulates a captive portal by blackholing ctrld's upstream DoH IPs and cycling wifi. Verifies that ctrld's recovery bypass activates, discovers DHCP nameservers, and forwards queries to them until the upstream recovers.
macOS
sudo bash test-scripts/darwin/test-recovery-bypass.sh en0
Windows (PowerShell as Administrator)
.\test-scripts\windows\test-recovery-bypass.ps1 -WifiAdapter "Wi-Fi"
Safety
All scripts clean up on exit (including Ctrl+C):
- macOS: Removes route blackholes, re-enables wifi
- Windows: Removes firewall rules, re-enables adapter