From 1e2aca8d90b4d858cb12c127c1ec4244178a2d7c Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Wed, 2 Nov 2016 20:56:02 -0700 Subject: [PATCH] [master] make rrl system test more robust 4509. [test] Make the rrl system test more reliable on slower machines by using mdig instead of dig. [RT #43280] --- CHANGES | 3 + bin/tests/system/rrl/clean.sh | 2 +- bin/tests/system/rrl/tests.sh | 100 +++++++++++++++++----------------- 3 files changed, 53 insertions(+), 52 deletions(-) diff --git a/CHANGES b/CHANGES index 1aad547774..e4a9f6f45f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4509. [test] Make the rrl system test more reliable on slower + machines by using mdig instead of dig. [RT #43280] + 4508. [placeholder] 4507. [bug] Named could incorrectly log 'allows updates by IP diff --git a/bin/tests/system/rrl/clean.sh b/bin/tests/system/rrl/clean.sh index b6cdb2ab18..499cd40741 100644 --- a/bin/tests/system/rrl/clean.sh +++ b/bin/tests/system/rrl/clean.sh @@ -8,7 +8,7 @@ # Clean up after rrl tests. -rm -f dig.out* +rm -f dig.out* *mdig.out* rm -f */named.memstats */named.run */named.stats */log-* */session.key rm -f ns3/bl*.db */*.jnl */*.core */*.pid rm -f ns*/named.lock diff --git a/bin/tests/system/rrl/tests.sh b/bin/tests/system/rrl/tests.sh index 0d55c95cea..4906e1d79e 100644 --- a/bin/tests/system/rrl/tests.sh +++ b/bin/tests/system/rrl/tests.sh @@ -59,39 +59,34 @@ sec_start () { # turn off ${HOME}/.digrc HOME=/dev/null; export HOME -# $1=result name $2=domain name $3=dig options -digcmd () { - OFILE=$1; shift - DIG_DOM=$1; shift - ARGS="+nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 $* $DIG_DOM @$ns2" - #echo I:dig $ARGS 1>&2 - START=`date +%y%m%d%H%M.%S` - RESULT=`$DIG $ARGS 2>&1 | tee $OFILE=TEMP \ - | sed -n -e '/^;; AUTHORITY/,/^$/d' \ - -e '/^;; ADDITIONAL/,/^$/d' \ - -e 's/^[^;].* \([^ ]\{1,\}\)$/\1/p' \ - -e 's/;; flags.* tc .*/TC/p' \ - -e 's/;; .* status: NXDOMAIN.*/NXDOMAIN/p' \ - -e 's/;; .* status: SERVFAIL.*/SERVFAIL/p' \ - -e 's/;; connection timed out.*/drop/p' \ - -e 's/;; communications error to.*/drop/p' \ - | tr -d '\n'` - mv "$OFILE=TEMP" "$OFILE=$RESULT" - touch -t $START "$OFILE=$RESULT" -} - # $1=number of tests $2=target domain $3=dig options QNUM=1 burst () { BURST_LIMIT=$1; shift BURST_DOM_BASE="$1"; shift + + XCNT=$CNT + CNT='XXX' + eval FILENAME="mdig.out-$BURST_DOM_BASE" + CNT=$XCNT + + DOMS="" CNTS=`$PERL -e 'for ( $i = 0; $i < '$BURST_LIMIT'; $i++) { printf "%03d\n", '$QNUM' + $i; }'` for CNT in $CNTS do eval BURST_DOM="$BURST_DOM_BASE" - FILE="dig.out-$BURST_DOM-$CNT" - digcmd $FILE $BURST_DOM $* & + DOMS="$DOMS $BURST_DOM" done + ARGS="+nocookie +continue +time=1 +tries=1 -p 5300 $* @$ns2 $DOMS" + $MDIG $ARGS 2>&1 | tee -a full-$FILENAME | sed -n -e '/^;; AUTHORITY/,/^$/d' \ + -e '/^;; ADDITIONAL/,/^$/d' \ + -e 's/^[^;].* \([^ ]\{1,\}\)$/\1/p' \ + -e 's/;; flags.* tc .*/TC/p' \ + -e 's/;; .* status: NXDOMAIN.*/NXDOMAIN/p' \ + -e 's/;; .* status: NOERROR.*/NOERROR/p' \ + -e 's/;; .* status: SERVFAIL.*/SERVFAIL/p' \ + -e 's/response failed with timed out.*/drop/p' \ + -e 's/;; communications error to.*/drop/p' >> $FILENAME QNUM=`expr $QNUM + $BURST_LIMIT` } @@ -103,16 +98,15 @@ range () { # $1=domain $2=IP address $3=# of IP addresses $4=TC $5=drop # $6=NXDOMAIN $7=SERVFAIL or other errors ck_result() { - BAD= - wait - ADDRS=`ls dig.out-$1-*=$2 2>/dev/null | wc -l` + BAD=no + ADDRS=`egrep "^$2$" mdig.out-$1 2>/dev/null | wc -l` # count simple truncated and truncated NXDOMAIN as TC - TC=`ls dig.out-$1-*=TC dig.out-$1-*=NXDOMAINTC 2>/dev/null | wc -l` - DROP=`ls dig.out-$1-*=drop 2>/dev/null | wc -l` + TC=`egrep "^TC|NXDOMAINTC$" mdig.out-$1 2>/dev/null | wc -l` + DROP=`egrep "^drop$" mdig.out-$1 2>/dev/null | wc -l` # count NXDOMAIN and truncated NXDOMAIN as NXDOMAIN - NXDOMAIN=`ls dig.out-$1-*=NXDOMAIN dig.out-$1-*=NXDOMAINTC 2>/dev/null \ - | wc -l` - SERVFAIL=`ls dig.out-$1-*=SERVFAIL 2>/dev/null | wc -l` + NXDOMAIN=`egrep "^NXDOMAIN|NXDOMAINTC$" mdig.out-$1 2>/dev/null | wc -l` + SERVFAIL=`egrep "^SERVFAIL$" mdig.out-$1 2>/dev/null | wc -l` + NOERROR=`egrep "^NOERROR$" mdig.out-$1 2>/dev/null | wc -l` range $ADDRS "$3" 1 || setret "I:"$ADDRS" instead of $3 '$2' responses for $1" && @@ -133,9 +127,13 @@ ck_result() { range $SERVFAIL "$7" 1 || setret "I:"$SERVFAIL" instead of $7 error responses for $1" && BAD=yes + + range $NOERROR "$8" 1 || + setret "I:"$NOERROR" instead of $8 NOERROR responses for $1" && + BAD=yes if test -z "$BAD"; then - rm -f dig.out-$1-* + rm -f mdig.out-$1 fi } @@ -161,7 +159,7 @@ sec_start burst 5 a1.tld3 +norec # basic rate limiting burst 3 a1.tld2 -# 1 second delay allows an additional response. +# delay allows an additional response. sleep 1 burst 10 a1.tld2 # Request 30 different qnames to try a wildcard. @@ -169,18 +167,18 @@ burst 30 'x$CNT.a2.tld2' # These should be counted and limited but are not. See RT33138. burst 10 'y.x$CNT.a2.tld2' -# IP TC drop NXDOMAIN SERVFAIL +# IP TC drop NXDOMAIN SERVFAIL NOERROR # referrals to "." -ck_result a1.tld3 '' 2 1 2 0 0 +ck_result a1.tld3 x 0 1 2 0 0 2 # check 13 results including 1 second delay that allows an additional response -ck_result a1.tld2 192.0.2.1 3 4 6 0 0 +ck_result a1.tld2 192.0.2.1 3 4 6 0 0 8 # Check the wild card answers. # The parent name of the 30 requests is counted. -ck_result 'x*.a2.tld2' 192.0.2.2 2 10 18 0 0 +ck_result 'x*.a2.tld2' 192.0.2.2 2 10 18 0 0 12 # These should be limited but are not. See RT33138. -ck_result 'y.x*.a2.tld2' 192.0.2.2 10 0 0 0 0 +ck_result 'y.x*.a2.tld2' 192.0.2.2 10 0 0 0 0 10 ######### sec_start @@ -190,15 +188,15 @@ burst 10 'y$CNT.a3.tld3' burst 10 'z$CNT.a4.tld2' # 10 identical recursive responses are limited -ck_result 'x.a3.tld3' 192.0.3.3 2 3 5 0 0 +ck_result 'x.a3.tld3' 192.0.3.3 2 3 5 0 0 5 # 10 different recursive responses are not limited -ck_result 'y*.a3.tld3' 192.0.3.3 10 0 0 0 0 +ck_result 'y*.a3.tld3' 192.0.3.3 10 0 0 0 0 10 # 10 different NXDOMAIN responses are limited based on the parent name. # We count 13 responses because we count truncated NXDOMAIN responses # as both truncated and NXDOMAIN. -ck_result 'z*.a4.tld2' x 0 3 5 5 0 +ck_result 'z*.a4.tld2' x 0 3 5 5 0 0 $RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats ckstats first dropped 36 @@ -211,22 +209,22 @@ sec_start burst 10 a5.tld2 +tcp burst 10 a6.tld2 -b $ns7 burst 10 a7.tld4 -burst 2 a8.tld2 AAAA -burst 2 a8.tld2 TXT -burst 2 a8.tld2 SPF +burst 2 a8.tld2 -t AAAA +burst 2 a8.tld2 -t TXT +burst 2 a8.tld2 -t SPF -# IP TC drop NXDOMAIN SERVFAIL +# IP TC drop NXDOMAIN SERVFAIL NOERROR # TCP responses are not rate limited -ck_result a5.tld2 192.0.2.5 10 0 0 0 0 +ck_result a5.tld2 192.0.2.5 10 0 0 0 0 10 # whitelisted client is not rate limited -ck_result a6.tld2 192.0.2.6 10 0 0 0 0 +ck_result a6.tld2 192.0.2.6 10 0 0 0 0 10 # Errors such as SERVFAIL are rate limited. -ck_result a7.tld4 x 0 0 8 0 2 +ck_result a7.tld4 x 0 0 8 0 2 0 # NODATA responses are counted as the same regardless of qtype. -ck_result a8.tld2 '' 2 2 2 0 0 +ck_result a8.tld2 x 0 2 2 0 0 4 $RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats ckstats second dropped 46 @@ -236,13 +234,13 @@ ckstats second truncated 23 ######### sec_start -# IP TC drop NXDOMAIN SERVFAIL +# IP TC drop NXDOMAIN SERVFAIL NOERROR # all-per-second # The qnames are all unique but the client IP address is constant. QNUM=101 burst 60 'all$CNT.a9.tld2' -ck_result 'a*.a9.tld2' 192.0.2.8 50 0 10 0 0 +ck_result 'a*.a9.tld2' 192.0.2.8 50 0 10 0 0 50 $RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats ckstats final dropped 56