# Copyright (C) 2012, 2013, 2015, 2016 Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# test response rate limiting
#set -x
USAGE="$0: [-x]"
while getopts "x" c; do
case $c in
x) set -x;;
esac
done
exit 1
fi
# really quit on control-C
trap 'exit 1' 1 2 15
ret=0
ret=1
echo "$*"
}
# Wait until soon after the start of a second to make results consistent.
# The start of a second credits a rate limit.
# This would be far easier in C or by assuming a modern version of perl.
while true; do
return
fi
done
}
# turn off ${HOME}/.digrc
# $1=number of tests $2=target domain $3=dig options
QNUM=1
BURST_LIMIT=$1; shift
CNT='XXX'
eval FILENAME="mdig.out-$BURST_DOM_BASE"
DOMS=""
do
eval BURST_DOM="$BURST_DOM_BASE"
done
-e '/^;; ADDITIONAL/,/^$/d' \
-e 's/^[^;].* \([^ ]\{1,\}\)$/\1/p' \
-e 's/;; flags.* tc .*/TC/p' \
-e 's/;; .* status: NXDOMAIN.*/NXDOMAIN/p' \
-e 's/;; .* status: NOERROR.*/NOERROR/p' \
-e 's/;; .* status: SERVFAIL.*/SERVFAIL/p' \
QNUM=`expr $QNUM + $BURST_LIMIT`
}
# compare integers $1 and $2; ensure the difference is no more than $3
}
# $1=domain $2=IP address $3=# of IP addresses $4=TC $5=drop
# $6=NXDOMAIN $7=SERVFAIL or other errors
# count simple truncated and truncated NXDOMAIN as TC
# count NXDOMAIN and truncated NXDOMAIN as NXDOMAIN
fi
}
ns2/named.stats | tail -1`
C=`expr 0$C + 0`
}
#########
# Tests of referrals to "." must be done before the hints are loaded
# or with "additional-from-cache no"
# basic rate limiting
# delay allows an additional response.
sleep 1
# Request 30 different qnames to try a wildcard.
# These should be counted and limited but are not. See RT33138.
# IP TC drop NXDOMAIN SERVFAIL NOERROR
# referrals to "."
# check 13 results including 1 second delay that allows an additional response
# Check the wild card answers.
# The parent name of the 30 requests is counted.
# These should be limited but are not. See RT33138.
#########
# 10 identical recursive responses are limited
# 10 different recursive responses are not limited
# 10 different NXDOMAIN responses are limited based on the parent name.
# We count 13 responses because we count truncated NXDOMAIN responses
# as both truncated and NXDOMAIN.
#########
# IP TC drop NXDOMAIN SERVFAIL NOERROR
# TCP responses are not rate limited
# whitelisted client is not rate limited
# Errors such as SERVFAIL are rate limited.
# NODATA responses are counted as the same regardless of qtype.
#########
# IP TC drop NXDOMAIN SERVFAIL NOERROR
# all-per-second
# The qnames are all unique but the client IP address is constant.
QNUM=101
#########
setret "I: \"would limit\" not found in log file."
sleep 2
if [ -f named.pid ]; then
setret "I: named should not have started, but did"
fi
echo "I:exit status: $ret"
#[ $ret -ne 0 ] && echo "I:test failure overridden"
#[ $status -eq 0 ] || exit 1