mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

fix problems running dnsrps tests in rpz and rpzrecurse

Browse Source 
- set up server correctly when running the second test pass
- reset stats counters before the second pass
- clean up test output
This commit is contained in:
Evan Hunt 2018-08-27 18:58:01 -07:00
parent 261b7560b0
commit 6d05ec7dc1
6 changed files with 130 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bin/tests/system/rpz/ckdnsrps.sh
View File

@ -61,9 +61,11 @@ if ! $FEATURETEST --enable-dnsrps; then
fi fi
if [ -z "$TEST_DNSRPS" ]; then if [ -z "$TEST_DNSRPS" ]; then
add_conf "## DNSRPS testing is disabled" add_conf "## testing with native RPZ"
add_conf '#skip' add_conf '#skip'
exit 0 exit 0
else
add_conf "## testing with DNSRPS"
fi fi
if [ ! -x $DNSRPS_CMD ]; then if [ ! -x $DNSRPS_CMD ]; then

51
bin/tests/system/rpz/clean.sh
View File

@ -9,17 +9,42 @@
# Clean up after rpz tests. # Clean up after rpz tests.
rm -f proto.* dsset-* trusted.conf dig.out* nsupdate.tmp ns*/*tmp USAGE="$0: [-Px]"
rm -f ns*/*.key ns*/*.private ns2/tld2s.db ns2/bl.tld2.db DEBUG=
rm -f ns3/bl*.db ns*/*switch ns*/empty.db ns*/empty.db.jnl while getopts "Px" c; do
rm -f ns5/requests ns5/example.db ns5/bl.db ns5/*.perf case $c in
rm -f */named.memstats */*.run */named.stats */session.key x) set -x ;;
rm -f */*.log */*.jnl */*core */*.pid P) PARTIAL=set ;;
*) echo "$USAGE" 1>&2; exit 1;;
esac
done
shift `expr $OPTIND - 1 || true`
if test "$#" -ne 0; then
echo "$USAGE" 1>&2
exit 1
fi
# this might be called from setup.sh to partially clean up the files
# from the first test pass so the second pass can be set up correctly.
# remove those files first, then decide whether to remove the others.
rm -f ns*/*.key ns*/*.private
rm -f ns2/tld2s.db ns2/bl.tld2.db
rm -f ns3/bl*.db ns*/empty.db
rm -f ns5/example.db ns5/bl.db
rm -f */policy2.db rm -f */policy2.db
rm -f ns*/named.lock rm -f */*.jnl
rm -f ns*/named.conf
rm -f dnsrps*.conf if [ ${PARTIAL:-unset} = unset ]; then
rm -f dnsrpzd.conf rm -f proto.* dsset-* trusted.conf dig.out* nsupdate.tmp ns*/*tmp
rm -f dnsrpzd-license-cur.conf dnsrpzd.rpzf dnsrpzd.sock dnsrpzd.pid rm -f ns5/requests ns5/*.perf
rm -f tmp rm -f */named.memstats */*.run */*.run.prev */named.stats */session.key
rm -f ns*/managed-keys.bind* rm -f */*.log */*core */*.pid
rm -f ns*/named.lock
rm -f ns*/named.conf
rm -f ns*/*switch
rm -f dnsrps*.conf
rm -f dnsrpzd.conf
rm -f dnsrpzd-license-cur.conf dnsrpzd.rpzf dnsrpzd.sock dnsrpzd.pid
rm -f ns*/managed-keys.bind*
rm -f tmp
fi

21
bin/tests/system/rpz/setup.sh
View File

@ -18,14 +18,14 @@ SYSTEMTESTTOP=..
QPERF=`$SHELL qperf.sh` QPERF=`$SHELL qperf.sh`
USAGE="$0: [-Dx]" USAGE="$0: [-DNx]"
DEBUG= DEBUG=
while getopts "Dx" c; do while getopts "DNx" c; do
case $c in case $c in
x) set -x; DEBUG=-x;; x) set -x; DEBUG=-x ;;
D) TEST_DNSRPS="-D";; D) TEST_DNSRPS="-D" ;;
N) NOCLEAN=set;; N) PARTIAL=-P ;;
*) echo "$USAGE" 1>&2; exit 1;; *) echo "$USAGE" 1>&2; exit 1 ;;
esac esac
done done
shift `expr $OPTIND - 1 || true` shift `expr $OPTIND - 1 || true`
@ -34,7 +34,14 @@ if test "$#" -ne 0; then
exit 1 exit 1
fi fi
[ ${NOCLEAN:-unset} = unset ] && $SHELL clean.sh $DEBUG if [ ${NOCLEAN:-unset} = unset ]; then
$SHELL clean.sh $PARTIAL $DEBUG
fi
for dir in ns*; do
touch $dir/named.run
nextpart $dir/named.run > /dev/null
done
copy_setports ns1/named.conf.in ns1/named.conf copy_setports ns1/named.conf.in ns1/named.conf
copy_setports ns2/named.conf.in ns2/named.conf copy_setports ns2/named.conf.in ns2/named.conf

88
bin/tests/system/rpz/tests.sh
View File

@ -33,15 +33,13 @@ t=0
DEBUG= DEBUG=
SAVE_RESULTS= SAVE_RESULTS=
DNSRPS_TEST_MODE= # "" to test with and then without DNSRPS
ARGS= ARGS=
USAGE="$0: [-xS] [-D {1,2}]" USAGE="$0: [-xS]"
while getopts "xSD:" c; do while getopts "xS:" c; do
case $c in case $c in
x) set -x; DEBUG=-x; ARGS="$ARGS -x";; x) set -x; DEBUG=-x; ARGS="$ARGS -x";;
S) SAVE_RESULTS=-S; ARGS="$ARGS -S";; S) SAVE_RESULTS=-S; ARGS="$ARGS -S";;
D) DNSRPS_TEST_MODE="$OPTARG";; # with or without DNSRPZ
*) echo "$USAGE" 1>&2; exit 1;; *) echo "$USAGE" 1>&2; exit 1;;
esac esac
done done
@ -130,7 +128,7 @@ get_sn_fast () {
# $1=domain $2=DNS server IP address # $1=domain $2=DNS server IP address
FZONES=`sed -n -e 's/^zone "\(.*\)".*\(10.53.0..\).*/Z=\1;M=\2/p' dnsrpzd.conf` FZONES=`sed -n -e 's/^zone "\(.*\)".*\(10.53.0..\).*/Z=\1;M=\2/p' dnsrpzd.conf`
dnsrps_loaded() { dnsrps_loaded() {
test "$DNSRPS_TEST_MODE" = dnsrps || return test "$mode" = dnsrps || return
n=0 n=0
for V in $FZONES; do for V in $FZONES; do
eval "$V" eval "$V"
@ -157,7 +155,7 @@ dnsrps_loaded() {
ck_soa() { ck_soa() {
n=0 n=0
while true; do while true; do
if test "$DNSRPS_TEST_MODE" = dnsrps; then if test "$mode" = dnsrps; then
get_sn_fast "$2" get_sn_fast "$2"
test "$RSN" -eq "$1" && return test "$RSN" -eq "$1" && return
else else
@ -228,6 +226,11 @@ ckalive () {
return 1 return 1
} }
resetstats () {
NSDIR=$1
eval "${NSDIR}_CNT=''"
}
ckstats () { ckstats () {
HOST=$1 HOST=$1
LABEL="$2" LABEL="$2"
@ -410,43 +413,46 @@ EOF
sleep 2 sleep 2
} }
# make prototype files to check against rewritten results for mode in native dnsrps; do
digcmd nonexistent @$ns2 >proto.nxdomain
digcmd txt-only.tld2 @$ns2 >proto.nodata
case "$DNSRPS_TEST_MODE" in
''|native|dnsrps);;
*)
echo "bad test mode'${DNSRPS_TEST_MODE}' should be 'native' or 'dnsrps'"
exit 1
;;
esac
for mode in ${DNSRPS_TEST_MODE:-native dnsrps}
do
status=0 status=0
case ${mode} in case ${mode} in
native) native)
if [ ${DNSRPS_TEST_MODE:-unset} = unset -a -e dnsrps-only ] ; then if [ -e dnsrps-only ] ; then
echo_i "'dnsrps-only' found: skipping native RPZ sub-test" echo_i "'dnsrps-only' found: skipping native RPZ sub-test"
continue continue
else
echo_i "running native RPZ sub-test"
fi fi
;; ;;
dnsrps) dnsrps)
if [ ${DNSRPS_TEST_MODE:-unset} = unset -a -e dnsrps-off ] ; then if [ -e dnsrps-off ] ; then
echo_i "'dnsrps-off' found: skipping DNSRPS sub-test" echo_i "'dnsrps-off' found: skipping DNSRPS sub-test"
continue continue
fi fi
if grep '^#skip' dnsrps.conf > /dev/null ; then echo_i "attempting to configure servers with DNSRPS..."
echo_i "DNSRPS sub-test skipped"
continue
fi
$PERL $SYSTEMTESTTOP/stop.pl . $PERL $SYSTEMTESTTOP/stop.pl .
$SHELL ./setup.sh -N -D $DEBUG $SHELL ./setup.sh -N -D $DEBUG
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . for server in ns*; do
resetstats $server
done
sed -n 's/^## //p' dnsrps.conf | cat_i
if grep '^#fail' dnsrps.conf >/dev/null; then
echo_i "exit status: 1"
exit 1
fi
if grep '^#skip' dnsrps.conf > /dev/null; then
echo_i "DNSRPS sub-test skipped"
continue
else
echo_i "running DNSRPS sub-test"
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} .
fi
;; ;;
esac esac
sed -n 's/^## //p' dnsrps.conf | cat_i
# make prototype files to check against rewritten results
digcmd nonexistent @$ns2 >proto.nxdomain
digcmd txt-only.tld2 @$ns2 >proto.nodata
start_group "QNAME rewrites" test1 start_group "QNAME rewrites" test1
nochange . # 1 do not crash or rewrite root nochange . # 1 do not crash or rewrite root
@ -742,12 +748,14 @@ EOF
fi fi
# look for complaints from lib/dns/rpz.c and bin/name/query.c # look for complaints from lib/dns/rpz.c and bin/name/query.c
EMSGS=`egrep -l 'invalid rpz|rpz.*failed' ns*/named.run` for runfile in ns*/named.run; do
if test -n "$EMSGS"; then EMSGS=`nextpart $runfile | egrep -l 'invalid rpz|rpz.*failed'`
setret "error messages in $EMSGS starting with:" if test -n "$EMSGS"; then
egrep 'invalid rpz|rpz.*failed' ns*/named.run | \ setret "error messages in $runfile starting with:"
sed -e '10,$d' -e 's/^//' | cat_i egrep 'invalid rpz|rpz.*failed' ns*/named.run | \
fi sed -e '10,$d' -e 's/^//' | cat_i
fi
done
t=`expr $t + 1` t=`expr $t + 1`
echo_i "checking that ttl values are not zeroed when qtype is '*' (${t})" echo_i "checking that ttl values are not zeroed when qtype is '*' (${t})"
@ -756,23 +764,17 @@ EOF
if test ${ttl:=0} -eq 0; then setret "failed"; fi if test ${ttl:=0} -eq 0; then setret "failed"; fi
t=`expr $t + 1` t=`expr $t + 1`
echo_i "checking rpz updates/transfers with parent nodes added after children" \ echo_i "checking rpz updates/transfers with parent nodes added after children (${t})"
| tr -d '\n'
# regression test for RT #36272: the success condition # regression test for RT #36272: the success condition
# is the slave server not crashing. # is the slave server not crashing.
for i in 1 2 3 4 5; do for i in 1 2 3 4 5; do
nsd $ns5 add example.com.policy1. '*.example.com.policy1.' nsd $ns5 add example.com.policy1. '*.example.com.policy1.'
echo . | tr -d '\n'
nsd $ns5 delete example.com.policy1. '*.example.com.policy1.' nsd $ns5 delete example.com.policy1. '*.example.com.policy1.'
echo . | tr -d '\n'
done done
for i in 1 2 3 4 5; do for i in 1 2 3 4 5; do
nsd $ns5 add '*.example.com.policy1.' example.com.policy1. nsd $ns5 add '*.example.com.policy1.' example.com.policy1.
echo . | tr -d '\n'
nsd $ns5 delete '*.example.com.policy1.' example.com.policy1. nsd $ns5 delete '*.example.com.policy1.' example.com.policy1.
echo . | tr -d '\n'
done done
echo " (${t})"
t=`expr $t + 1` t=`expr $t + 1`
echo_i "checking that going from an empty policy zone works (${t})" echo_i "checking that going from an empty policy zone works (${t})"

7
bin/tests/system/rpzrecurse/setup.sh
View File

@ -16,12 +16,12 @@ set -e
SYSTEMTESTTOP=.. SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh . $SYSTEMTESTTOP/conf.sh
USAGE="$0: [-xD]" USAGE="$0: [-DNx]"
DEBUG= DEBUG=
while getopts "xD" c; do while getopts "DNx" c; do
case $c in case $c in
x) set -x; DEBUG=-x;; x) set -x; DEBUG=-x;;
D) TEST_DNSRPS="-D";; D) TEST_DNSRPS="-D";;
N) NOCLEAN=set;; N) NOCLEAN=set;;
*) echo "$USAGE" 1>&2; exit 1;; *) echo "$USAGE" 1>&2; exit 1;;
esac esac
@ -31,7 +31,6 @@ if test "$#" -ne 0; then
echo "$USAGE" 1>&2 echo "$USAGE" 1>&2
exit 1 exit 1
fi fi
OPTIND=1
[ ${NOCLEAN:-unset} = unset ] && $SHELL clean.sh $DEBUG [ ${NOCLEAN:-unset} = unset ] && $SHELL clean.sh $DEBUG

57
bin/tests/system/rpzrecurse/tests.sh
View File

@ -20,14 +20,13 @@ status=0
t=0 t=0
DEBUG= DEBUG=
DNSRPS_TEST_MODE= # "" to test with and then without DNSRPS
ARGS= ARGS=
USAGE="$0: [-xS] [-D {1,2}]" USAGE="$0: [-xS]"
while getopts "xSD:" c; do while getopts "xS:" c; do
case $c in case $c in
x) set -x; DEBUG=-x; ARGS="$ARGS -x";; x) set -x; DEBUG=-x; ARGS="$ARGS -x";;
D) DNSRPS_TEST_MODE="$OPTARG";; # with or without DNSRPS S) SAVE_RESULTS=-S; ARGS="$ARGS -S";;
*) echo "$USAGE" 1>&2; exit 1;; *) echo "$USAGE" 1>&2; exit 1;;
esac esac
done done
@ -39,7 +38,6 @@ fi
# really quit on control-C # really quit on control-C
trap 'exit 1' 1 2 15 trap 'exit 1' 1 2 15
DNSRPSCMD=../rpz/dnsrps DNSRPSCMD=../rpz/dnsrps
RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"
@ -107,43 +105,42 @@ add_test_marker() {
done done
} }
case "$DNSRPS_TEST_MODE" in for mode in native dnsrps; do
''|native|dnsrps);;
*)
echo "bad test mode'${DNSRPS_TEST_MODE}' should be 'native' or 'dnsrps'"
exit 1
;;
esac
for mode in ${DNSRPS_TEST_MODE:-native dnsrps}
do
status=0 status=0
case $mode in case $mode in
native) native)
if [ ${DNSRPS_TEST_MODE:-unset} = unset -a -e dnsrps-only ] ; then if [ -e dnsrps-only ] ; then
echo_i "'dnsrps-only' found: skipping native RPZ sub-test" echo_i "'dnsrps-only' found: skipping native RPZ sub-test"
continue continue
else
echo_i "running native RPZ sub-test"
fi fi
;; ;;
dnsrps) dnsrps)
if [ ${DNSRPS_TEST_MODE:-unset} = unset -a -e dnsrps-off ] ; then if [ -e dnsrps-off ] ; then
echo_i "'dnsrps-off' found: skipping DNSRPS sub-test" echo_i "'dnsrps-off' found: skipping DNSRPS sub-test"
continue continue
fi fi
if grep '^#skip' dnsrps.conf > /dev/null ; then echo_i "attempting to configure servers with DNSRPS..."
$PERL $SYSTEMTESTTOP/stop.pl .
$SHELL ./setup.sh -N -D $DEBUG
sed -n 's/^## //p' dnsrps.conf | cat_i
if grep '^#fail' dnsrps.conf >/dev/null; then
echo_i "exit status: 1"
exit 1
fi
if grep '^#skip' dnsrps.conf > /dev/null; then
echo_i "DNSRPS sub-test skipped" echo_i "DNSRPS sub-test skipped"
continue continue
else
echo_i "running DNSRPS sub-test"
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} .
fi fi
$SHELL ./setup.sh -N -D $DEBUG
$RNDCCMD 10.53.0.2 reload
$RNDCCMD 10.53.0.3 reload
$RNDCCMD 10.53.0.2 flush
$RNDCCMD 10.53.0.3 flush
;; ;;
esac esac
# show whether and why DNSRPS is enabled or disabled # show whether and why DNSRPS is enabled or disabled
sed -n 's/^## /I:/p' dnsrps.conf sed -n 's/^## //p' dnsrps.conf | cat_i
t=`expr $t + 1` t=`expr $t + 1`
echo_i "testing that l1.l0 exists without RPZ (${t})" echo_i "testing that l1.l0 exists without RPZ (${t})"
@ -261,7 +258,7 @@ do
echo_i "adding an NSDNAME policy" echo_i "adding an NSDNAME policy"
cp ns2/db.6a.00.policy.local ns2/saved.policy.local cp ns2/db.6a.00.policy.local ns2/saved.policy.local
cp ns2/db.6b.00.policy.local ns2/db.6a.00.policy.local cp ns2/db.6b.00.policy.local ns2/db.6a.00.policy.local
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/I:ns2 /' $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/I:ns2 /' | cat_i
test -f dnsrpzd.pid && $KILL -USR1 `cat dnsrpzd.pid` test -f dnsrpzd.pid && $KILL -USR1 `cat dnsrpzd.pid`
sleep 1 sleep 1
t=`expr $t + 1` t=`expr $t + 1`
@ -271,7 +268,7 @@ do
sleep 1 sleep 1
echo_i "removing the NSDNAME policy" echo_i "removing the NSDNAME policy"
cp ns2/db.6c.00.policy.local ns2/db.6a.00.policy.local cp ns2/db.6c.00.policy.local ns2/db.6a.00.policy.local
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/I:ns2 /' $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/I:ns2 /' | cat_i
test -f dnsrpzd.pid && $KILL -USR1 `cat dnsrpzd.pid` test -f dnsrpzd.pid && $KILL -USR1 `cat dnsrpzd.pid`
sleep 1 sleep 1
echo_i "resuming authority server" echo_i "resuming authority server"
@ -313,7 +310,7 @@ do
fi fi
echo_i "adding an NSDNAME policy" echo_i "adding an NSDNAME policy"
cp ns2/db.6b.00.policy.local ns2/db.6a.00.policy.local cp ns2/db.6b.00.policy.local ns2/db.6a.00.policy.local
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/I:ns2 /' $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/I:ns2 /' | cat_i
test -f dnsrpzd.pid && $KILL -USR1 `cat dnsrpzd.pid` test -f dnsrpzd.pid && $KILL -USR1 `cat dnsrpzd.pid`
sleep 1 sleep 1
t=`expr $t + 1` t=`expr $t + 1`
@ -323,7 +320,7 @@ do
sleep 1 sleep 1
echo_i "removing the policy zone" echo_i "removing the policy zone"
cp ns2/named.default.conf ns2/named.conf cp ns2/named.default.conf ns2/named.conf
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reconfig 2>&1 | sed 's/^/I:ns2 /' $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reconfig 2>&1 | sed 's/^/I:ns2 /' | cat_i
test -f dnsrpzd.pid && $KILL -USR1 `cat dnsrpzd.pid` test -f dnsrpzd.pid && $KILL -USR1 `cat dnsrpzd.pid`
sleep 1 sleep 1
echo_i "resuming authority server" echo_i "resuming authority server"