From a66619fe32b9ac43b67f8fc635aec3cfea95fd91 Mon Sep 17 00:00:00 2001 From: Curtis Blackburn Date: Mon, 11 Jan 2016 19:37:17 -0800 Subject: [PATCH] [rt39196] Added a new nameserver to test rrl "log-only yes". Added test for RT #39197. Made the rrl test more tolerant of minor differences in results due to timing. Removed the failure override for the rrl test. commit 01a15bc80ef4c20171ddfe9b5ceb2ebe008c8e0d Author: Curtis Blackburn Date: Tue Dec 15 15:08:03 2015 -0800 added a new nameserver to the rrl test --- bin/tests/system/rrl/broken.conf | 52 ++++++++++++++++ bin/tests/system/rrl/clean.sh | 1 + bin/tests/system/rrl/ns3/named.conf | 2 + bin/tests/system/rrl/ns4/hints | 18 ++++++ bin/tests/system/rrl/ns4/named.conf | 72 ++++++++++++++++++++++ bin/tests/system/rrl/ns4/tld4.db | 47 +++++++++++++++ bin/tests/system/rrl/tests.sh | 93 +++++++++++++++++++---------- 7 files changed, 254 insertions(+), 31 deletions(-) create mode 100644 bin/tests/system/rrl/broken.conf create mode 100644 bin/tests/system/rrl/ns4/hints create mode 100644 bin/tests/system/rrl/ns4/named.conf create mode 100644 bin/tests/system/rrl/ns4/tld4.db diff --git a/bin/tests/system/rrl/broken.conf b/bin/tests/system/rrl/broken.conf new file mode 100644 index 0000000000..db3576154d --- /dev/null +++ b/bin/tests/system/rrl/broken.conf @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + + +controls { /* empty */ }; + +options { + query-source address 10.53.0.5; + notify-source 10.53.0.5; + transfer-source 10.53.0.5; + port 5300; + pid-file "named.pid"; + statistics-file "named.stats"; + listen-on { 10.53.0.5; }; + listen-on-v6 { none; }; + notify no; + + rate-limit { + responses-per-second 2; + all-per-second 50; + slip 3; + exempt-clients { 10.53.0.7; }; + log-only yes; + + min-table-size 0; + max-table-size 0; + }; + + additional-from-cache no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; +controls { + inet 10.53.0.5 port 9953 allow { any; } keys { rndc_key; }; +}; + diff --git a/bin/tests/system/rrl/clean.sh b/bin/tests/system/rrl/clean.sh index 72fc87b6fc..6f055228e3 100644 --- a/bin/tests/system/rrl/clean.sh +++ b/bin/tests/system/rrl/clean.sh @@ -20,3 +20,4 @@ rm -f dig.out* rm -f */named.memstats */named.run */named.stats */log-* */session.key rm -f ns3/bl*.db */*.jnl */*.core */*.pid rm -f ns*/named.lock +rm -f broken.out diff --git a/bin/tests/system/rrl/ns3/named.conf b/bin/tests/system/rrl/ns3/named.conf index 75d5a808c8..b2d9463463 100644 --- a/bin/tests/system/rrl/ns3/named.conf +++ b/bin/tests/system/rrl/ns3/named.conf @@ -41,6 +41,8 @@ options { qps-scale 10; window 1; max-table-size 1000; + log-only no; + min-table-size 0; }; }; diff --git a/bin/tests/system/rrl/ns4/hints b/bin/tests/system/rrl/ns4/hints new file mode 100644 index 0000000000..3f01014ffe --- /dev/null +++ b/bin/tests/system/rrl/ns4/hints @@ -0,0 +1,18 @@ +; Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + + + +. 0 NS ns1. +ns1. 0 A 10.53.0.1 diff --git a/bin/tests/system/rrl/ns4/named.conf b/bin/tests/system/rrl/ns4/named.conf new file mode 100644 index 0000000000..084f103b2c --- /dev/null +++ b/bin/tests/system/rrl/ns4/named.conf @@ -0,0 +1,72 @@ +/* + * Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + + +controls { /* empty */ }; + +options { + query-source address 10.53.0.4; + notify-source 10.53.0.4; + transfer-source 10.53.0.4; + port 5300; + session-keyfile "session.key"; + pid-file "named.pid"; + statistics-file "named.stats"; + listen-on { 10.53.0.4; }; + listen-on-v6 { none; }; + notify no; + + rate-limit { + responses-per-second 2; + all-per-second 50; + slip 3; + exempt-clients { 10.53.0.7; }; + log-only yes; + + // small enough to force a table expansion + min-table-size 75; + }; + + additional-from-cache no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; +controls { + inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; }; +}; + +/* + * These log settings have no effect unless "-g" is removed from ../../start.pl + */ +logging { + channel debug { + file "log-debug"; + print-category yes; print-severity yes; severity debug 10; + }; + channel queries { + file "log-queries"; + print-category yes; print-severity yes; severity info; + }; + category rate-limit { debug; queries; }; + category queries { debug; queries; }; +}; + +zone "." { type hint; file "hints"; }; + +zone "tld4."{ type master; file "tld4.db"; }; diff --git a/bin/tests/system/rrl/ns4/tld4.db b/bin/tests/system/rrl/ns4/tld4.db new file mode 100644 index 0000000000..cd5c6b6a77 --- /dev/null +++ b/bin/tests/system/rrl/ns4/tld4.db @@ -0,0 +1,47 @@ +; Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + + + +; rate limit response from this zone + +$TTL 120 +@ SOA tld4. hostmaster.ns.tld4. ( 1 3600 1200 604800 60 ) + NS ns + NS . +ns A 10.53.0.2 + +; basic rate limiting +a1 A 192.0.2.1 + +; wildcards +*.a2 A 192.0.2.2 + +; a3 is in tld3 + +; a4 does not exist to give NXDOMAIN + +; a5 for TCP requests +a5 A 192.0.2.5 + +; a6 for whitelisted clients +a6 A 192.0.2.6 + +; a7 for SERVFAIL + +; a8 for NODATA +a8 A 192.0.2.8 + +; a9 for all-per-second limit +$GENERATE 101-180 all$.a9 A 192.0.2.8 diff --git a/bin/tests/system/rrl/tests.sh b/bin/tests/system/rrl/tests.sh index 3ae15c40d8..a9e83b6c5b 100644 --- a/bin/tests/system/rrl/tests.sh +++ b/bin/tests/system/rrl/tests.sh @@ -23,6 +23,7 @@ SYSTEMTESTTOP=.. ns1=10.53.0.1 # root, defining the others ns2=10.53.0.2 # test server ns3=10.53.0.3 # secondary test server +ns4=10.53.0.4 # log-only test server ns7=10.53.0.7 # whitelisted client USAGE="$0: [-x]" @@ -70,7 +71,7 @@ HOME=/dev/null; export HOME digcmd () { OFILE=$1; shift DIG_DOM=$1; shift - ARGS="+nosearch +nocookie +time=1 +tries=1 +ignore -p 5300 $* $DIG_DOM @$ns2" + ARGS="+nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 $* $DIG_DOM @$ns2" #echo I:dig $ARGS 1>&2 START=`date +%y%m%d%H%M.%S` RESULT=`$DIG $ARGS 2>&1 | tee $OFILE=TEMP \ @@ -87,7 +88,6 @@ digcmd () { touch -t $START "$OFILE=$RESULT" } - # $1=number of tests $2=target domain $3=dig options QNUM=1 burst () { @@ -96,13 +96,17 @@ burst () { CNTS=`$PERL -e 'for ( $i = 0; $i < '$BURST_LIMIT'; $i++) { printf "%03d\n", '$QNUM' + $i; }'` for CNT in $CNTS do - eval BURST_DOM="$BURST_DOM_BASE" - FILE="dig.out-$BURST_DOM-$CNT" - digcmd $FILE $BURST_DOM $* & + eval BURST_DOM="$BURST_DOM_BASE" + FILE="dig.out-$BURST_DOM-$CNT" + digcmd $FILE $BURST_DOM $* & done QNUM=`expr $QNUM + $BURST_LIMIT` } +# compare integers $1 and $2; ensure the difference is no more than $3 +range () { + $PERL -E 'if (abs(int($ARGV[0]) - int($ARGV[1])) > int($ARGV[2])) { exit(1) }' $1 $2 $3 +} # $1=domain $2=IP address $3=# of IP addresses $4=TC $5=drop # $6=NXDOMAIN $7=SERVFAIL or other errors @@ -117,26 +121,27 @@ ck_result() { NXDOMAIN=`ls dig.out-$1-*=NXDOMAIN dig.out-$1-*=NXDOMAINTC 2>/dev/null \ | wc -l` SERVFAIL=`ls dig.out-$1-*=SERVFAIL 2>/dev/null | wc -l` - if test $ADDRS -ne "$3"; then - setret "I:"$ADDRS" instead of $3 '$2' responses for $1" - BAD=yes - fi - if test $TC -ne "$4"; then - setret "I:"$TC" instead of $4 truncation responses for $1" - BAD=yes - fi - if test $DROP -ne "$5"; then - setret "I:"$DROP" instead of $5 dropped responses for $1" - BAD=yes - fi - if test $NXDOMAIN -ne "$6"; then - setret "I:"$NXDOMAIN" instead of $6 NXDOMAIN responses for $1" - BAD=yes - fi - if test $SERVFAIL -ne "$7"; then - setret "I:"$SERVFAIL" instead of $7 error responses for $1" - BAD=yes - fi + + range $ADDRS "$3" 1 || + setret "I:"$ADDRS" instead of $3 '$2' responses for $1" && + BAD=yes + + range $TC "$4" 1 || + setret "I:"$TC" instead of $4 truncation responses for $1" && + BAD=yes + + range $DROP "$5" 1 || + setret "I:"$DROP" instead of $5 dropped responses for $1" && + BAD=yes + + range $NXDOMAIN "$6" 1 || + setret "I:"$NXDOMAIN" instead of $6 NXDOMAIN responses for $1" && + BAD=yes + + range $SERVFAIL "$7" 1 || + setret "I:"$SERVFAIL" instead of $7 error responses for $1" && + BAD=yes + if test -z "$BAD"; then rm -f dig.out-$1-* fi @@ -150,9 +155,9 @@ ckstats () { C=`sed -n -e "s/[ ]*\([0-9]*\).responses $TYPE for rate limits.*/\1/p" \ ns2/named.stats | tail -1` C=`expr 0$C + 0` - if test "$C" -ne $EXPECTED; then - setret "I:wrong $LABEL $TYPE statistics of $C instead of $EXPECTED" - fi + + range "$C" $EXPECTED 1 || + setret "I:wrong $LABEL $TYPE statistics of $C instead of $EXPECTED" } @@ -251,8 +256,34 @@ $RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats ckstats final dropped 56 ckstats final truncated 23 +######### +sec_start + +$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1 +$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1 +$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1 +$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1 +$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1 +$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1 +$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1 +$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1 +$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1 +$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1 +$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1 + +grep "would limit" ns4/named.run >/dev/null 2>&1 || +setret "I: \"would limit\" not found in log file." + +$NAMED -gc broken.conf > broken.out 2>&1 & +sleep 2 +grep "min-table-size 1" broken.out > /dev/null || setret "I: min-table-size 0 was not changed to 1" + +if [ -f named.pid ]; then + kill `cat named.pid` + setret "I: named should not have started, but did" +fi echo "I:exit status: $ret" -# exit $ret -[ $ret -ne 0 ] && echo "I:test failure overridden" -exit 0 +exit $ret +#[ $ret -ne 0 ] && echo "I:test failure overridden" +#exit 0