tests.sh revision 06e28e50bd06bf3127b560c97a81f67306bacb02
# Copyright (C) 2011-2014 Internet Systems Consortium, Inc. ("ISC")
#
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id$
# test response policy zones (RPZ)
USAGE="$0: [-x]"
while getopts "x" c; do
case $c in
x) set -x;;
esac
done
exit 1
fi
# really quit on control-C
trap 'exit 1' 1 2 15
TS='%H:%M:%S '
TS=
date "+I:${TS}$*"
fi
}
RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s"
shift
fi
# Default to +noauth and @$ns3
# Also default to -bX where X is the @value so that OS X will choose
# the right IP source address.
-e '/-b/!s/@\([^ ]*\)/@\1 -b\1/' \
-e '/+n?o?auth/!s/.*/+noauth &/'`
#echo I:dig $digcmd_args 1>&2
}
# set DIGNM=file name for dig output
TEST_NUM=0
while test -f $DIGNM; do
done
}
ret=1
echo "$*"
}
# (re)load the reponse policy zones with the rules in the file $TEST_FILE
if $NSUPDATE -v $TEST_FILE; then :
else
echo "I:failed to update policy zone with $TEST_FILE"
exit 1
fi
fi
}
# try to ensure that the server really has stopped
# and won't mess with ns$1/name.pid
sleep 1
echo "I:killing ns$1 server $PID"
kill -9 $PID
fi
fi
fi
done
fi
}
# $1=server and irrelevant args $2=error message
fi
eval CKALIVE_IP=\$ns$CKALIVE_NS
$RNDCCMD $CKALIVE_IP status >/dev/null 2>&1 && return 0
setret "$2"
# restart the server to avoid stalling waiting for it to stop
return 1
}
HOST=$1
LABEL="$2"
NSDIR="$3"
EXPECTED="$4"
$NSDIR/named.stats | tail -1`
eval "OLD_CNT=0\$${NSDIR}_CNT"
fi
eval "${NSDIR}_CNT=$NEW_CNT"
}
HOST=$1
LABEL="$2"
NSDIR="$3"
MIN="$4"
MAX="$5"
$NSDIR/named.stats | tail -1`
eval "OLD_CNT=0\$${NSDIR}_CNT"
fi
eval "${NSDIR}_CNT=$NEW_CNT"
}
# $1=message $2=optional test file name
ret=0
TEST_FILE=$2
else
fi
TEST_NUM=0
}
# remove the previous set of test rules
fi
}
rm -f $*
fi
}
# $1=dig args $2=other dig output file
#ckalive "$1" "I:server crashed by 'dig $1'" || return 1
setret "I:'dig $1' AA and AD set;"
setret "I:'dig $1' AD set;"
fi
if $PERL $SYSTEMTESTTOP/digcomp.pl $DIGNM $2 >/dev/null; then
return 1
fi
clean_result ${DIGNM}*
return 0
fi
return 1
}
# check only that the server does not crash
# $1=target domain $2=optional query type
ckalive "$*" "I:server crashed by 'dig $*'"
}
# check rewrite to NXDOMAIN
# $1=target domain $2=optional query type
digcmd $* \
-e 's/^[a-z].* IN RRSIG /;xxx &/' \
}
# check rewrite to NODATA
# $1=target domain $2=optional query type
digcmd $* \
}
# check rewrite to an address
# modify the output so that it is easily compared, but save the original line
# $1=IPv4 address $2=digcmd args $3=optional TTL
ADDR=$1
#ckalive "$2" "I:server crashed by 'dig $2'" || return 1
return 1
fi
return 1
fi
clean_result ${DIGNM}*
}
# Check that a response is not rewritten
# Use $ns1 instead of the authority for most test domains, $ns2 to prevent
# spurious differences for `dig +norecurse`
# $1=optional "TCP" remaining args for dig
}
# check against a 'here document'
}
# check dropped response
DROPPED='^;; connection timed out; no servers could be reached'
clean_result ${DIGNM}*
return 0
fi
return 1
}
# make prototype files to check against rewritten results
status=0
nochange . # 1 do not crash or rewrite root
goodsoa="rpz.tld2. hostmaster.ns.tld2. 2 3600 1200 604800 60"
do
sleep 1
done
goodsoa="rpz.tld2. hostmaster.ns.tld2. 3 3600 1200 604800 60"
do
sleep 1
done
# check that IP addresses for previous group were deleted from the radix tree
start_group "radix tree deletions"
# these tests assume "min-ns-dots 0"
else
echo "I:NSDNAME not checked; named configured with --disable-rpz-nsdname"
fi
# these tests assume "min-ns-dots 0"
else
echo "I:NSIP not checked; named configured with --disable-rpz-nsip"
fi
# policies in ./test5 overridden by response-policy{} in ns3/named.conf
# and in ns5/named.conf
# check that miscellaneous bugs are still absent
nocrash www.redirect -t$Q
nocrash www.credirect -t$Q
done
# This is not a bug, because any data leaked by writing 24.4.3.2.10.rpz-ip
# (or whatever) is available by publishing "foo A 10.2.3.4" and then
# resolving foo.
# nxdomain 32.3.2.1.127.rpz-ip
# superficial test for major performance bugs
if test -n "$QPERF"; then
date "+I:${TS}checking performance $1"
# Dry run to prime everything
comment "before dry run $1"
comment "before real test $1"
comment "after test $1"
if test "$X" != "$3"; then
fi
}
}
# get qps with rpz
# turn off rpz and measure qps again
MIN_PERCENT=30
echo "I:$RPZ qps with rpz or $PERCENT% is below $MIN_PERCENT% of $NORPZ qps"
fi
fi
else
echo "I:performance not checked; queryperf not available"
fi
# restart the main test RPZ server to see if that creates a core file
if test -z "$HAVE_CORE"; then
restart 3
fi
if test -n "$EMSGS"; then
fi
echo "I:checking that ttl values are not zeroed when qtype is '*'"
# regression test for RT #36272: the success condition
# is the slave server not crashing.
$NSUPDATE -p 5300 << EOF
server $1
ttl 300
update $2 $3 IN CNAME .
update $2 $4 IN CNAME .
send
EOF
sleep 2
}
done
done
echo "I:checking checking that going from a empty policy zone works"
sleep 1
echo "I:exit status: $status"
exit $status