mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 21:47:59 +00:00
Code Issues Releases Wiki Activity

[master] make rrl system test more robust

Browse Source 
4509.	[test]		Make the rrl system test more reliable on slower
			machines by using mdig instead of dig. [RT #43280]
This commit is contained in:
Evan Hunt 2016-11-02 20:56:02 -07:00
parent c99d977674
commit 1e2aca8d90
3 changed files with 53 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -1,3 +1,6 @@
4509. [test] Make the rrl system test more reliable on slower
machines by using mdig instead of dig. [RT #43280]
4508. [placeholder] 4508. [placeholder]
4507. [bug] Named could incorrectly log 'allows updates by IP 4507. [bug] Named could incorrectly log 'allows updates by IP

2
bin/tests/system/rrl/clean.sh
View File

@ -8,7 +8,7 @@
# Clean up after rrl tests. # Clean up after rrl tests.
rm -f dig.out* rm -f dig.out* *mdig.out*
rm -f */named.memstats */named.run */named.stats */log-* */session.key rm -f */named.memstats */named.run */named.stats */log-* */session.key
rm -f ns3/bl*.db */*.jnl */*.core */*.pid rm -f ns3/bl*.db */*.jnl */*.core */*.pid
rm -f ns*/named.lock rm -f ns*/named.lock

100
bin/tests/system/rrl/tests.sh
View File

@ -59,39 +59,34 @@ sec_start () {
# turn off ${HOME}/.digrc # turn off ${HOME}/.digrc
HOME=/dev/null; export HOME HOME=/dev/null; export HOME
# $1=result name $2=domain name $3=dig options
digcmd () {
OFILE=$1; shift
DIG_DOM=$1; shift
ARGS="+nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 $* $DIG_DOM @$ns2"
#echo I:dig $ARGS 1>&2
START=`date +%y%m%d%H%M.%S`
RESULT=`$DIG $ARGS 2>&1 | tee $OFILE=TEMP \
| sed -n -e '/^;; AUTHORITY/,/^$/d' \
-e '/^;; ADDITIONAL/,/^$/d' \
-e 's/^[^;].* \([^ ]\{1,\}\)$/\1/p' \
-e 's/;; flags.* tc .*/TC/p' \
-e 's/;; .* status: NXDOMAIN.*/NXDOMAIN/p' \
-e 's/;; .* status: SERVFAIL.*/SERVFAIL/p' \
-e 's/;; connection timed out.*/drop/p' \
-e 's/;; communications error to.*/drop/p' \
| tr -d '\n'`
mv "$OFILE=TEMP" "$OFILE=$RESULT"
touch -t $START "$OFILE=$RESULT"
}
# $1=number of tests $2=target domain $3=dig options # $1=number of tests $2=target domain $3=dig options
QNUM=1 QNUM=1
burst () { burst () {
BURST_LIMIT=$1; shift BURST_LIMIT=$1; shift
BURST_DOM_BASE="$1"; shift BURST_DOM_BASE="$1"; shift
XCNT=$CNT
CNT='XXX'
eval FILENAME="mdig.out-$BURST_DOM_BASE"
CNT=$XCNT
DOMS=""
CNTS=`$PERL -e 'for ( $i = 0; $i < '$BURST_LIMIT'; $i++) { printf "%03d\n", '$QNUM' + $i; }'` CNTS=`$PERL -e 'for ( $i = 0; $i < '$BURST_LIMIT'; $i++) { printf "%03d\n", '$QNUM' + $i; }'`
for CNT in $CNTS for CNT in $CNTS
do do
eval BURST_DOM="$BURST_DOM_BASE" eval BURST_DOM="$BURST_DOM_BASE"
FILE="dig.out-$BURST_DOM-$CNT" DOMS="$DOMS $BURST_DOM"
digcmd $FILE $BURST_DOM $* &
done done
ARGS="+nocookie +continue +time=1 +tries=1 -p 5300 $* @$ns2 $DOMS"
$MDIG $ARGS 2>&1 | tee -a full-$FILENAME | sed -n -e '/^;; AUTHORITY/,/^$/d' \
-e '/^;; ADDITIONAL/,/^$/d' \
-e 's/^[^;].* \([^ ]\{1,\}\)$/\1/p' \
-e 's/;; flags.* tc .*/TC/p' \
-e 's/;; .* status: NXDOMAIN.*/NXDOMAIN/p' \
-e 's/;; .* status: NOERROR.*/NOERROR/p' \
-e 's/;; .* status: SERVFAIL.*/SERVFAIL/p' \
-e 's/response failed with timed out.*/drop/p' \
-e 's/;; communications error to.*/drop/p' >> $FILENAME
QNUM=`expr $QNUM + $BURST_LIMIT` QNUM=`expr $QNUM + $BURST_LIMIT`
} }
@ -103,16 +98,15 @@ range () {
# $1=domain $2=IP address $3=# of IP addresses $4=TC $5=drop # $1=domain $2=IP address $3=# of IP addresses $4=TC $5=drop
# $6=NXDOMAIN $7=SERVFAIL or other errors # $6=NXDOMAIN $7=SERVFAIL or other errors
ck_result() { ck_result() {
BAD= BAD=no
wait ADDRS=`egrep "^$2$" mdig.out-$1 2>/dev/null | wc -l`
ADDRS=`ls dig.out-$1-*=$2 2>/dev/null | wc -l`
# count simple truncated and truncated NXDOMAIN as TC # count simple truncated and truncated NXDOMAIN as TC
TC=`ls dig.out-$1-*=TC dig.out-$1-*=NXDOMAINTC 2>/dev/null | wc -l` TC=`egrep "^TC|NXDOMAINTC$" mdig.out-$1 2>/dev/null | wc -l`
DROP=`ls dig.out-$1-*=drop 2>/dev/null | wc -l` DROP=`egrep "^drop$" mdig.out-$1 2>/dev/null | wc -l`
# count NXDOMAIN and truncated NXDOMAIN as NXDOMAIN # count NXDOMAIN and truncated NXDOMAIN as NXDOMAIN
NXDOMAIN=`ls dig.out-$1-*=NXDOMAIN dig.out-$1-*=NXDOMAINTC 2>/dev/null \ NXDOMAIN=`egrep "^NXDOMAIN|NXDOMAINTC$" mdig.out-$1 2>/dev/null | wc -l`
| wc -l` SERVFAIL=`egrep "^SERVFAIL$" mdig.out-$1 2>/dev/null | wc -l`
SERVFAIL=`ls dig.out-$1-*=SERVFAIL 2>/dev/null | wc -l` NOERROR=`egrep "^NOERROR$" mdig.out-$1 2>/dev/null | wc -l`
range $ADDRS "$3" 1 || range $ADDRS "$3" 1 ||
setret "I:"$ADDRS" instead of $3 '$2' responses for $1" && setret "I:"$ADDRS" instead of $3 '$2' responses for $1" &&
@ -133,9 +127,13 @@ ck_result() {
range $SERVFAIL "$7" 1 || range $SERVFAIL "$7" 1 ||
setret "I:"$SERVFAIL" instead of $7 error responses for $1" && setret "I:"$SERVFAIL" instead of $7 error responses for $1" &&
BAD=yes BAD=yes
range $NOERROR "$8" 1 ||
setret "I:"$NOERROR" instead of $8 NOERROR responses for $1" &&
BAD=yes
if test -z "$BAD"; then if test -z "$BAD"; then
rm -f dig.out-$1-* rm -f mdig.out-$1
fi fi
} }
@ -161,7 +159,7 @@ sec_start
burst 5 a1.tld3 +norec burst 5 a1.tld3 +norec
# basic rate limiting # basic rate limiting
burst 3 a1.tld2 burst 3 a1.tld2
# 1 second delay allows an additional response. # delay allows an additional response.
sleep 1 sleep 1
burst 10 a1.tld2 burst 10 a1.tld2
# Request 30 different qnames to try a wildcard. # Request 30 different qnames to try a wildcard.
@ -169,18 +167,18 @@ burst 30 'x$CNT.a2.tld2'
# These should be counted and limited but are not. See RT33138. # These should be counted and limited but are not. See RT33138.
burst 10 'y.x$CNT.a2.tld2' burst 10 'y.x$CNT.a2.tld2'
# IP TC drop NXDOMAIN SERVFAIL # IP TC drop NXDOMAIN SERVFAIL NOERROR
# referrals to "." # referrals to "."
ck_result a1.tld3 '' 2 1 2 0 0 ck_result a1.tld3 x 0 1 2 0 0 2
# check 13 results including 1 second delay that allows an additional response # check 13 results including 1 second delay that allows an additional response
ck_result a1.tld2 192.0.2.1 3 4 6 0 0 ck_result a1.tld2 192.0.2.1 3 4 6 0 0 8
# Check the wild card answers. # Check the wild card answers.
# The parent name of the 30 requests is counted. # The parent name of the 30 requests is counted.
ck_result 'x*.a2.tld2' 192.0.2.2 2 10 18 0 0 ck_result 'x*.a2.tld2' 192.0.2.2 2 10 18 0 0 12
# These should be limited but are not. See RT33138. # These should be limited but are not. See RT33138.
ck_result 'y.x*.a2.tld2' 192.0.2.2 10 0 0 0 0 ck_result 'y.x*.a2.tld2' 192.0.2.2 10 0 0 0 0 10
######### #########
sec_start sec_start
@ -190,15 +188,15 @@ burst 10 'y$CNT.a3.tld3'
burst 10 'z$CNT.a4.tld2' burst 10 'z$CNT.a4.tld2'
# 10 identical recursive responses are limited # 10 identical recursive responses are limited
ck_result 'x.a3.tld3' 192.0.3.3 2 3 5 0 0 ck_result 'x.a3.tld3' 192.0.3.3 2 3 5 0 0 5
# 10 different recursive responses are not limited # 10 different recursive responses are not limited
ck_result 'y*.a3.tld3' 192.0.3.3 10 0 0 0 0 ck_result 'y*.a3.tld3' 192.0.3.3 10 0 0 0 0 10
# 10 different NXDOMAIN responses are limited based on the parent name. # 10 different NXDOMAIN responses are limited based on the parent name.
# We count 13 responses because we count truncated NXDOMAIN responses # We count 13 responses because we count truncated NXDOMAIN responses
# as both truncated and NXDOMAIN. # as both truncated and NXDOMAIN.
ck_result 'z*.a4.tld2' x 0 3 5 5 0 ck_result 'z*.a4.tld2' x 0 3 5 5 0 0
$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats $RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats
ckstats first dropped 36 ckstats first dropped 36
@ -211,22 +209,22 @@ sec_start
burst 10 a5.tld2 +tcp burst 10 a5.tld2 +tcp
burst 10 a6.tld2 -b $ns7 burst 10 a6.tld2 -b $ns7
burst 10 a7.tld4 burst 10 a7.tld4
burst 2 a8.tld2 AAAA burst 2 a8.tld2 -t AAAA
burst 2 a8.tld2 TXT burst 2 a8.tld2 -t TXT
burst 2 a8.tld2 SPF burst 2 a8.tld2 -t SPF
# IP TC drop NXDOMAIN SERVFAIL # IP TC drop NXDOMAIN SERVFAIL NOERROR
# TCP responses are not rate limited # TCP responses are not rate limited
ck_result a5.tld2 192.0.2.5 10 0 0 0 0 ck_result a5.tld2 192.0.2.5 10 0 0 0 0 10
# whitelisted client is not rate limited # whitelisted client is not rate limited
ck_result a6.tld2 192.0.2.6 10 0 0 0 0 ck_result a6.tld2 192.0.2.6 10 0 0 0 0 10
# Errors such as SERVFAIL are rate limited. # Errors such as SERVFAIL are rate limited.
ck_result a7.tld4 x 0 0 8 0 2 ck_result a7.tld4 x 0 0 8 0 2 0
# NODATA responses are counted as the same regardless of qtype. # NODATA responses are counted as the same regardless of qtype.
ck_result a8.tld2 '' 2 2 2 0 0 ck_result a8.tld2 x 0 2 2 0 0 4
$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats $RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats
ckstats second dropped 46 ckstats second dropped 46
@ -236,13 +234,13 @@ ckstats second truncated 23
######### #########
sec_start sec_start
# IP TC drop NXDOMAIN SERVFAIL # IP TC drop NXDOMAIN SERVFAIL NOERROR
# all-per-second # all-per-second
# The qnames are all unique but the client IP address is constant. # The qnames are all unique but the client IP address is constant.
QNUM=101 QNUM=101
burst 60 'all$CNT.a9.tld2' burst 60 'all$CNT.a9.tld2'
ck_result 'a*.a9.tld2' 192.0.2.8 50 0 10 0 0 ck_result 'a*.a9.tld2' 192.0.2.8 50 0 10 0 0 50
$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats $RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats
ckstats final dropped 56 ckstats final dropped 56