diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/Makefile.am | 4 | ||||
-rw-r--r-- | tests/Makefile.in | 104 | ||||
-rw-r--r-- | tests/contrib/test_atomic.c | 165 | ||||
-rw-r--r-- | tests/knot/semantic_check_data/soa.duplicate | 5 | ||||
-rw-r--r-- | tests/knot/semantic_check_data/soa.missing | 3 | ||||
-rw-r--r-- | tests/knot/semantic_check_data/soa.multiple | 5 | ||||
-rw-r--r-- | tests/knot/test_confdb.c | 4 | ||||
-rw-r--r-- | tests/knot/test_confio.c | 7 | ||||
-rw-r--r-- | tests/knot/test_query_module.c | 15 | ||||
-rw-r--r-- | tests/knot/test_semantic_check.in | 5 | ||||
-rw-r--r-- | tests/libdnssec/test_key.c | 2 | ||||
-rw-r--r-- | tests/libdnssec/test_key_algorithm.c | 6 | ||||
-rw-r--r-- | tests/libdnssec/test_key_ds.c | 4 | ||||
-rw-r--r-- | tests/libdnssec/test_sign.c | 8 | ||||
-rw-r--r-- | tests/libknot/test_control.c | 4 | ||||
-rw-r--r-- | tests/libknot/test_xdp_tcp.c | 49 | ||||
-rw-r--r-- | tests/libknot/test_yptrafo.c | 7 | ||||
-rw-r--r-- | tests/modules/test_rrl.c | 482 | ||||
-rw-r--r-- | tests/tap/files.c | 4 |
19 files changed, 667 insertions, 216 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index c173b61..bbcf8b8 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -14,7 +14,8 @@ if HAVE_DAEMON LDADD += \ $(top_builddir)/src/libknotd.la \ $(liburcu_LIBS) \ - $(systemd_LIBS) + $(systemd_LIBS) \ + $(libdbus_LIBS) endif HAVE_DAEMON LDADD += \ @@ -47,6 +48,7 @@ libtap_la_SOURCES = \ EXTRA_PROGRAMS = tap/runtests check_PROGRAMS = \ + contrib/test_atomic \ contrib/test_base32hex \ contrib/test_base64 \ contrib/test_base64url \ diff --git a/tests/Makefile.in b/tests/Makefile.in index 3170082..b0c576a 100644 --- a/tests/Makefile.in +++ b/tests/Makefile.in @@ -90,14 +90,16 @@ host_triplet = @host@ @HAVE_DAEMON_TRUE@am__append_1 = \ @HAVE_DAEMON_TRUE@ $(top_builddir)/src/libknotd.la \ @HAVE_DAEMON_TRUE@ $(liburcu_LIBS) \ -@HAVE_DAEMON_TRUE@ $(systemd_LIBS) +@HAVE_DAEMON_TRUE@ $(systemd_LIBS) \ +@HAVE_DAEMON_TRUE@ $(libdbus_LIBS) EXTRA_PROGRAMS = tap/runtests$(EXEEXT) \ libzscanner/zscanner-tool$(EXEEXT) -check_PROGRAMS = contrib/test_base32hex$(EXEEXT) \ - contrib/test_base64$(EXEEXT) contrib/test_base64url$(EXEEXT) \ - contrib/test_heap$(EXEEXT) contrib/test_inet_ntop$(EXEEXT) \ - contrib/test_net$(EXEEXT) contrib/test_net_shortwrite$(EXEEXT) \ +check_PROGRAMS = contrib/test_atomic$(EXEEXT) \ + contrib/test_base32hex$(EXEEXT) contrib/test_base64$(EXEEXT) \ + contrib/test_base64url$(EXEEXT) contrib/test_heap$(EXEEXT) \ + contrib/test_inet_ntop$(EXEEXT) contrib/test_net$(EXEEXT) \ + contrib/test_net_shortwrite$(EXEEXT) \ contrib/test_qp-trie$(EXEEXT) contrib/test_qp-cow$(EXEEXT) \ contrib/test_siphash$(EXEEXT) contrib/test_sockaddr$(EXEEXT) \ contrib/test_spinlock$(EXEEXT) contrib/test_string$(EXEEXT) \ @@ -236,13 +238,23 @@ AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = -contrib_test_base32hex_SOURCES = contrib/test_base32hex.c -contrib_test_base32hex_OBJECTS = contrib/test_base32hex.$(OBJEXT) -contrib_test_base32hex_LDADD = $(LDADD) +contrib_test_atomic_SOURCES = contrib/test_atomic.c +contrib_test_atomic_OBJECTS = contrib/test_atomic.$(OBJEXT) +contrib_test_atomic_LDADD = $(LDADD) am__DEPENDENCIES_1 = @HAVE_DAEMON_TRUE@am__DEPENDENCIES_2 = \ @HAVE_DAEMON_TRUE@ $(top_builddir)/src/libknotd.la \ -@HAVE_DAEMON_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +@HAVE_DAEMON_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ +@HAVE_DAEMON_TRUE@ $(am__DEPENDENCIES_1) +contrib_test_atomic_DEPENDENCIES = libtap.la $(am__DEPENDENCIES_2) \ + $(top_builddir)/src/libknot.la \ + $(top_builddir)/src/libdnssec.la \ + $(top_builddir)/src/libcontrib.la \ + $(top_builddir)/src/libzscanner.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +contrib_test_base32hex_SOURCES = contrib/test_base32hex.c +contrib_test_base32hex_OBJECTS = contrib/test_base32hex.$(OBJEXT) +contrib_test_base32hex_LDADD = $(LDADD) contrib_test_base32hex_DEPENDENCIES = libtap.la $(am__DEPENDENCIES_2) \ $(top_builddir)/src/libknot.la \ $(top_builddir)/src/libdnssec.la \ @@ -1058,7 +1070,8 @@ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src depcomp = $(SHELL) $(top_srcdir)/depcomp am__maybe_remake_depfiles = depfiles -am__depfiles_remade = contrib/$(DEPDIR)/test_base32hex.Po \ +am__depfiles_remade = contrib/$(DEPDIR)/test_atomic.Po \ + contrib/$(DEPDIR)/test_base32hex.Po \ contrib/$(DEPDIR)/test_base64.Po \ contrib/$(DEPDIR)/test_base64url.Po \ contrib/$(DEPDIR)/test_heap.Po \ @@ -1155,20 +1168,21 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(libtap_la_SOURCES) contrib/test_base32hex.c \ - contrib/test_base64.c contrib/test_base64url.c \ - contrib/test_heap.c contrib/test_inet_ntop.c \ - contrib/test_net.c contrib/test_net_shortwrite.c \ - contrib/test_qp-cow.c contrib/test_qp-trie.c \ - contrib/test_siphash.c contrib/test_sockaddr.c \ - contrib/test_spinlock.c contrib/test_string.c \ - contrib/test_strtonum.c contrib/test_time.c \ - contrib/test_toeplitz.c contrib/test_wire_ctx.c \ - $(knot_test_acl_SOURCES) knot/test_changeset.c \ - $(knot_test_conf_SOURCES) knot/test_conf_tools.c \ - $(knot_test_confdb_SOURCES) $(knot_test_confio_SOURCES) \ - knot/test_digest.c knot/test_dthreads.c knot/test_fdset.c \ - knot/test_journal.c knot/test_kasp_db.c knot/test_node.c \ +SOURCES = $(libtap_la_SOURCES) contrib/test_atomic.c \ + contrib/test_base32hex.c contrib/test_base64.c \ + contrib/test_base64url.c contrib/test_heap.c \ + contrib/test_inet_ntop.c contrib/test_net.c \ + contrib/test_net_shortwrite.c contrib/test_qp-cow.c \ + contrib/test_qp-trie.c contrib/test_siphash.c \ + contrib/test_sockaddr.c contrib/test_spinlock.c \ + contrib/test_string.c contrib/test_strtonum.c \ + contrib/test_time.c contrib/test_toeplitz.c \ + contrib/test_wire_ctx.c $(knot_test_acl_SOURCES) \ + knot/test_changeset.c $(knot_test_conf_SOURCES) \ + knot/test_conf_tools.c $(knot_test_confdb_SOURCES) \ + $(knot_test_confio_SOURCES) knot/test_digest.c \ + knot/test_dthreads.c knot/test_fdset.c knot/test_journal.c \ + knot/test_kasp_db.c knot/test_node.c \ $(knot_test_process_query_SOURCES) knot/test_query_module.c \ knot/test_requestor.c knot/test_server.c \ knot/test_unreachable.c knot/test_worker_pool.c \ @@ -1197,18 +1211,18 @@ SOURCES = $(libtap_la_SOURCES) contrib/test_base32hex.c \ libknot/test_yptrafo.c $(libzscanner_zscanner_tool_SOURCES) \ modules/test_onlinesign.c modules/test_rrl.c tap/runtests.c \ utils/test_lookup.c -DIST_SOURCES = $(libtap_la_SOURCES) contrib/test_base32hex.c \ - contrib/test_base64.c contrib/test_base64url.c \ - contrib/test_heap.c contrib/test_inet_ntop.c \ - contrib/test_net.c contrib/test_net_shortwrite.c \ - contrib/test_qp-cow.c contrib/test_qp-trie.c \ - contrib/test_siphash.c contrib/test_sockaddr.c \ - contrib/test_spinlock.c contrib/test_string.c \ - contrib/test_strtonum.c contrib/test_time.c \ - contrib/test_toeplitz.c contrib/test_wire_ctx.c \ - $(am__knot_test_acl_SOURCES_DIST) knot/test_changeset.c \ - $(am__knot_test_conf_SOURCES_DIST) knot/test_conf_tools.c \ - $(am__knot_test_confdb_SOURCES_DIST) \ +DIST_SOURCES = $(libtap_la_SOURCES) contrib/test_atomic.c \ + contrib/test_base32hex.c contrib/test_base64.c \ + contrib/test_base64url.c contrib/test_heap.c \ + contrib/test_inet_ntop.c contrib/test_net.c \ + contrib/test_net_shortwrite.c contrib/test_qp-cow.c \ + contrib/test_qp-trie.c contrib/test_siphash.c \ + contrib/test_sockaddr.c contrib/test_spinlock.c \ + contrib/test_string.c contrib/test_strtonum.c \ + contrib/test_time.c contrib/test_toeplitz.c \ + contrib/test_wire_ctx.c $(am__knot_test_acl_SOURCES_DIST) \ + knot/test_changeset.c $(am__knot_test_conf_SOURCES_DIST) \ + knot/test_conf_tools.c $(am__knot_test_confdb_SOURCES_DIST) \ $(am__knot_test_confio_SOURCES_DIST) knot/test_digest.c \ knot/test_dthreads.c knot/test_fdset.c knot/test_journal.c \ knot/test_kasp_db.c knot/test_node.c \ @@ -1397,6 +1411,8 @@ infodir = @infodir@ install_sh = @install_sh@ libbpf_CFLAGS = @libbpf_CFLAGS@ libbpf_LIBS = @libbpf_LIBS@ +libdbus_CFLAGS = @libdbus_CFLAGS@ +libdbus_LIBS = @libdbus_LIBS@ libdir = @libdir@ libdnssec_SONAME = @libdnssec_SONAME@ libdnssec_SOVERSION = @libdnssec_SOVERSION@ @@ -1408,8 +1424,6 @@ libfstrm_CFLAGS = @libfstrm_CFLAGS@ libfstrm_LIBS = @libfstrm_LIBS@ libidn2_CFLAGS = @libidn2_CFLAGS@ libidn2_LIBS = @libidn2_LIBS@ -libidn_CFLAGS = @libidn_CFLAGS@ -libidn_LIBS = @libidn_LIBS@ libknot_SONAME = @libknot_SONAME@ libknot_SOVERSION = @libknot_SOVERSION@ libknot_VERSION_INFO = @libknot_VERSION_INFO@ @@ -1427,7 +1441,6 @@ libprotobuf_c_CFLAGS = @libprotobuf_c_CFLAGS@ libprotobuf_c_LIBS = @libprotobuf_c_LIBS@ liburcu_CFLAGS = @liburcu_CFLAGS@ liburcu_LIBS = @liburcu_LIBS@ -liburcu_PKGCONFIG = @liburcu_PKGCONFIG@ libxdp_CFLAGS = @libxdp_CFLAGS@ libxdp_LIBS = @libxdp_LIBS@ libzscanner_SONAME = @libzscanner_SONAME@ @@ -1609,6 +1622,12 @@ contrib/$(am__dirstamp): contrib/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) contrib/$(DEPDIR) @: > contrib/$(DEPDIR)/$(am__dirstamp) +contrib/test_atomic.$(OBJEXT): contrib/$(am__dirstamp) \ + contrib/$(DEPDIR)/$(am__dirstamp) + +contrib/test_atomic$(EXEEXT): $(contrib_test_atomic_OBJECTS) $(contrib_test_atomic_DEPENDENCIES) $(EXTRA_contrib_test_atomic_DEPENDENCIES) contrib/$(am__dirstamp) + @rm -f contrib/test_atomic$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(contrib_test_atomic_OBJECTS) $(contrib_test_atomic_LDADD) $(LIBS) contrib/test_base32hex.$(OBJEXT): contrib/$(am__dirstamp) \ contrib/$(DEPDIR)/$(am__dirstamp) @@ -2179,6 +2198,7 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@contrib/$(DEPDIR)/test_atomic.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@contrib/$(DEPDIR)/test_base32hex.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@contrib/$(DEPDIR)/test_base64.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@contrib/$(DEPDIR)/test_base64url.Po@am__quote@ # am--include-marker @@ -2486,7 +2506,8 @@ clean-am: clean-checkLTLIBRARIES clean-checkPROGRAMS clean-generic \ clean-libtool mostlyclean-am distclean: distclean-am - -rm -f contrib/$(DEPDIR)/test_base32hex.Po + -rm -f contrib/$(DEPDIR)/test_atomic.Po + -rm -f contrib/$(DEPDIR)/test_base32hex.Po -rm -f contrib/$(DEPDIR)/test_base64.Po -rm -f contrib/$(DEPDIR)/test_base64url.Po -rm -f contrib/$(DEPDIR)/test_heap.Po @@ -2621,7 +2642,8 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f contrib/$(DEPDIR)/test_base32hex.Po + -rm -f contrib/$(DEPDIR)/test_atomic.Po + -rm -f contrib/$(DEPDIR)/test_base32hex.Po -rm -f contrib/$(DEPDIR)/test_base64.Po -rm -f contrib/$(DEPDIR)/test_base64url.Po -rm -f contrib/$(DEPDIR)/test_heap.Po diff --git a/tests/contrib/test_atomic.c b/tests/contrib/test_atomic.c new file mode 100644 index 0000000..88cae40 --- /dev/null +++ b/tests/contrib/test_atomic.c @@ -0,0 +1,165 @@ +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +#include <pthread.h> +#include <signal.h> +#include <tap/basic.h> + +#include "contrib/atomic.h" +#include "knot/server/dthreads.h" + +#define THREADS 16 +#define CYCLES1 100000 +#define CYCLES2 2000000 +#define CYCLES3 100000 +#define UPPER 0xffffffff00000000 +#define LOWER 0x00000000ffffffff +#define UPPER_PTR ((void *) UPPER) +#define LOWER_PTR ((void *) LOWER) + +static volatile knot_atomic_uint64_t counter_add = 0; +static volatile knot_atomic_uint64_t counter_sub = 0; +static volatile knot_atomic_uint64_t atomic_var; +static volatile knot_atomic_ptr_t atomic_var2; +static int errors = 0; +static int uppers; +static int lowers; +static int uppers_count = 0; +static int lowers_count = 0; +static pthread_mutex_t mx; + +static int thread_add(struct dthread *thread) +{ + for (int i = 0; i < CYCLES1; i++) { + ATOMIC_ADD(counter_add, 7); + ATOMIC_SUB(counter_sub, 7); + } + + return 0; +} + +static int thread_set(struct dthread *thread) +{ + u_int64_t val = (dt_get_id(thread) % 2) ? UPPER : LOWER; + + for (int i = 0; i < CYCLES2; i++) { + ATOMIC_SET(atomic_var, val); + volatile u_int64_t read = ATOMIC_GET(atomic_var); + if (read != UPPER && read != LOWER) { + // Non-atomic counter, won't be accurate! + // However, it's sufficient for fault detection. + errors++; + } + } + + return 0; +} + +static int thread_xchg(struct dthread *thread) +{ + void *val = (dt_get_id(thread) % 2) ? UPPER_PTR : LOWER_PTR; + + pthread_mutex_lock(&mx); + if (val == UPPER_PTR) { + uppers++; + } else { + lowers++; + }; + pthread_mutex_unlock(&mx); + + for (int i = 0; i < CYCLES3; i++) { + val = ATOMIC_XCHG(atomic_var2, val); + if (val != UPPER_PTR && val != LOWER_PTR) { + // Non-atomic counter, won't be accurate! + // However, it's sufficient for fault detection. + errors++; + return 0; + } + } + + pthread_mutex_lock(&mx); + if (val == UPPER_PTR) { + uppers_count++; + } else if (val == LOWER_PTR) { + lowers_count++; + }; + pthread_mutex_unlock(&mx); + + return 0; +} + +// Signal handler +static void interrupt_handle(int s) +{ +} + +int main(int argc, char *argv[]) +{ + plan_lazy(); + + // Register service and signal handler + struct sigaction sa; + sa.sa_handler = interrupt_handle; + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; + sigaction(SIGALRM, &sa, NULL); // Interrupt + + // Test for atomicity of ATOMIC_ADD and ATOMIC_SUB. + dt_unit_t *unit = dt_create(THREADS, thread_add, NULL, NULL); + dt_start(unit); + dt_join(unit); + dt_delete(&unit); + + is_int(THREADS * CYCLES1 * 7, counter_add, "atomicity of ATOMIC_ADD"); + is_int(THREADS * CYCLES1 * 7, -counter_sub, "atomicity of ATOMIC_SUB"); + + // Test for atomicity of ATOMIC_SET and ATOMIC_GET. + unit = dt_create(THREADS, thread_set, NULL, NULL); + dt_start(unit); + dt_join(unit); + dt_delete(&unit); + + is_int(0, errors, "atomicity of ATOMIC_SET / ATOMIC_GET"); + + // Test for atomicity of ATOMIC_XCHG. + errors = 0; + uppers = 0; // Initialize in code so as to calm down Coverity. + lowers = 0; // Idem. + + atomic_var2 = UPPER_PTR; + uppers++; + + pthread_mutex_init(&mx, NULL); + unit = dt_create(THREADS, thread_xchg, NULL, NULL); + dt_start(unit); + dt_join(unit); + dt_delete(&unit); + pthread_mutex_destroy(&mx); + + if (atomic_var2 == UPPER_PTR) { + uppers_count++; + } else if (atomic_var2 == LOWER_PTR) { + lowers_count++; + } else { + errors++; + } + + is_int(0, errors, "set/get atomicity of ATOMIC_XCHG"); + is_int(uppers, uppers_count, "atomicity of ATOMIC_XCHG"); + is_int(lowers, lowers_count, "atomicity of ATOMIC_XCHG"); + + return 0; +} diff --git a/tests/knot/semantic_check_data/soa.duplicate b/tests/knot/semantic_check_data/soa.duplicate new file mode 100644 index 0000000..8b84745 --- /dev/null +++ b/tests/knot/semantic_check_data/soa.duplicate @@ -0,0 +1,5 @@ +$ORIGIN example.com. + +@ SOA dns1 hostmaster 1 1000 360 10000 7200 +@ NS example.net. +@ SOA dns1 hostmaster 1 1000 360 10000 7200 diff --git a/tests/knot/semantic_check_data/soa.missing b/tests/knot/semantic_check_data/soa.missing new file mode 100644 index 0000000..cda9e84 --- /dev/null +++ b/tests/knot/semantic_check_data/soa.missing @@ -0,0 +1,3 @@ +$ORIGIN example.com. + +@ NS example.net. diff --git a/tests/knot/semantic_check_data/soa.multiple b/tests/knot/semantic_check_data/soa.multiple new file mode 100644 index 0000000..f41485c --- /dev/null +++ b/tests/knot/semantic_check_data/soa.multiple @@ -0,0 +1,5 @@ +$ORIGIN example.com. + +@ SOA dns1 hostmaster 1 1000 360 10000 7200 +@ NS example.net. +@ SOA dns1 hostmaster 2 1000 360 10000 7200 diff --git a/tests/knot/test_confdb.c b/tests/knot/test_confdb.c index e149f8d..28e4e0e 100644 --- a/tests/knot/test_confdb.c +++ b/tests/knot/test_confdb.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -392,7 +392,7 @@ static void test_conf_db_unset(conf_t *conf, knot_db_txn_t *txn) // Unset multivalued item with id - all data at one step (non-null data!). check_unset(conf, txn, C_ZONE, C_MASTER, (uint8_t *)"id", 2, KNOT_EOK, - NULL + 1, 0, NULL, 0); + (void *)8, 0, NULL, 0); // Unset group id. check_unset(conf, txn, C_ZONE, NULL, (uint8_t *)"id", 2, KNOT_EOK, diff --git a/tests/knot/test_confio.c b/tests/knot/test_confio.c index 44bc7c5..07bad05 100644 --- a/tests/knot/test_confio.c +++ b/tests/knot/test_confio.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -999,7 +999,7 @@ static const yp_item_t desc_server[] = { static const yp_item_t desc_xdp[] = { { C_UDP, YP_TBOOL, YP_VNONE }, { C_TCP, YP_TBOOL, YP_VNONE }, - { C_QUIC, YP_TBOOL, YP_VNONE }, + { C_QUIC, YP_TBOOL, YP_VNONE }, { C_TCP_MAX_CLIENTS, YP_TINT, YP_VNONE }, { C_TCP_INBUF_MAX_SIZE, YP_TINT, YP_VNONE }, { C_TCP_OUTBUF_MAX_SIZE,YP_TINT, YP_VNONE }, @@ -1007,6 +1007,9 @@ static const yp_item_t desc_xdp[] = { { C_TCP_IDLE_RESET, YP_TINT, YP_VNONE }, { C_TCP_RESEND, YP_TINT, YP_VNONE }, { C_ROUTE_CHECK, YP_TBOOL, YP_VNONE }, + { C_RING_SIZE, YP_TINT, YP_VNONE }, + { C_BUSYPOLL_BUDGET, YP_TINT, YP_VNONE }, + { C_BUSYPOLL_TIMEOUT, YP_TINT, YP_VNONE }, { NULL } }; diff --git a/tests/knot/test_query_module.c b/tests/knot/test_query_module.c index 4ab14d2..d31fa7c 100644 --- a/tests/knot/test_query_module.c +++ b/tests/knot/test_query_module.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,11 +20,10 @@ #include "libknot/libknot.h" #include "knot/nameserver/query_module.h" -#include "libknot/packet/pkt.h" /* Universal processing stage. */ -unsigned state_visit(unsigned state, knot_pkt_t *pkt, knotd_qdata_t *qdata, - knotd_mod_t *mod) +knotd_state_t state_visit(knotd_state_t state, knot_pkt_t *pkt, knotd_qdata_t *qdata, + knotd_mod_t *mod) { /* Visit current state */ bool *state_map = (bool *)mod; @@ -49,8 +48,8 @@ int main(int argc, char *argv[]) /* Register all stage visits. */ int ret = KNOT_EOK; - for (unsigned stage = KNOTD_STAGE_BEGIN; stage < KNOTD_STAGES; ++stage) { - ret = query_plan_step(plan, stage, state_visit, state_map); + for (unsigned stage = KNOTD_STAGE_PROTO_BEGIN; stage < KNOTD_STAGES; ++stage) { + ret = query_plan_step(plan, stage, QUERY_HOOK_TYPE_GENERAL, state_visit, state_map); if (ret != KNOT_EOK) { break; } @@ -59,10 +58,10 @@ int main(int argc, char *argv[]) /* Execute the plan. */ int state = 0, next_state = 0; - for (unsigned stage = KNOTD_STAGE_BEGIN; stage < KNOTD_STAGES; ++stage) { + for (unsigned stage = KNOTD_STAGE_PROTO_BEGIN; stage < KNOTD_STAGES; ++stage) { struct query_step *step = NULL; WALK_LIST(step, plan->stage[stage]) { - next_state = step->process(state, NULL, NULL, step->ctx); + next_state = step->general_hook(state, NULL, NULL, step->ctx); if (next_state != state + 1) { break; } diff --git a/tests/knot/test_semantic_check.in b/tests/knot/test_semantic_check.in index 73fb6e7..e91e9dc 100644 --- a/tests/knot/test_semantic_check.in +++ b/tests/knot/test_semantic_check.in @@ -48,6 +48,8 @@ if [ ! -x $KZONECHECK ]; then fi # error messages exported from knot/src/zone/semantic-check.c +SOA_NONE="missing SOA at the zone apex" +SOA_MULTIPLE="multiple SOA records" CDNSKEY_NONE="missing CDNSKEY" CDNSKEY_NO_CDS="CDNSKEY without corresponding CDS" CDNSKEY_DELETE="invalid CDNSKEY/CDS for DNSSEC delete algorithm" @@ -74,6 +76,8 @@ RRSIG_UNVERIFIABLE="no valid signature for a record" plan_lazy +expect_error "soa.missing" 1 1 "$SOA_MISSING" +expect_error "soa.multiple" 1 1 "$SOA_MULTIPLE" expect_error "cname_extra_01.zone" 1 1 "$CNAME_EXTRA_RECORDS" expect_error "cname_extra_02.signed" 1 1 "$CNAME_EXTRA_RECORDS" expect_error "cname_multiple.zone" 1 1 "$CNAME_MULTIPLE" @@ -127,6 +131,7 @@ expect_error "cdnskey.delete.invalid.cdnskey" 0 1 "$CDNSKEY_DELETE" expect_error "delegation.signed" 0 1 "$NSEC_RDATA_BITMAP" expect_error "nsec_nonauth.invalid" 0 1 "$NSEC_EXTRA" +test_correct "soa.duplicate" test_correct "rrsig_ttl.signed" test_correct "no_error_delegation_bitmap.signed" test_correct "no_error_nsec3_optout.signed" diff --git a/tests/libdnssec/test_key.c b/tests/libdnssec/test_key.c index 4f05405..effbe1a 100644 --- a/tests/libdnssec/test_key.c +++ b/tests/libdnssec/test_key.c @@ -192,9 +192,7 @@ int main(void) static const keyinfo_t keys[] = { { "RSA", &SAMPLE_RSA_KEY }, { "ECDSA", &SAMPLE_ECDSA_KEY }, -#ifdef HAVE_ED25519 { "ED25519", &SAMPLE_ED25519_KEY }, -#endif #ifdef HAVE_ED448 { "ED448", &SAMPLE_ED448_KEY }, #endif diff --git a/tests/libdnssec/test_key_algorithm.c b/tests/libdnssec/test_key_algorithm.c index 6c62106..75eace7 100644 --- a/tests/libdnssec/test_key_algorithm.c +++ b/tests/libdnssec/test_key_algorithm.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -59,9 +59,7 @@ static void check_defaults(void) { is_int(2048, dnssec_algorithm_key_size_default(DNSSEC_KEY_ALGORITHM_RSA_SHA1_NSEC3), "rsa default"); is_int(256, dnssec_algorithm_key_size_default(DNSSEC_KEY_ALGORITHM_ECDSA_P256_SHA256), "ecc default"); -#ifdef HAVE_ED25519 is_int(256, dnssec_algorithm_key_size_default(DNSSEC_KEY_ALGORITHM_ED25519), "ed25519 default"); -#endif #ifdef HAVE_ED448 is_int(456, dnssec_algorithm_key_size_default(DNSSEC_KEY_ALGORITHM_ED448), "ed448 default"); #endif @@ -74,9 +72,7 @@ int main(void) // ranges ok_range(DNSSEC_KEY_ALGORITHM_RSA_SHA512, 1024, 4096, "RSA/SHA256"); ok_range(DNSSEC_KEY_ALGORITHM_ECDSA_P384_SHA384, 384, 384, "ECDSA/SHA384"); -#ifdef HAVE_ED25519 ok_range(DNSSEC_KEY_ALGORITHM_ED25519, 256, 256, "ED25519"); -#endif #ifdef HAVE_ED448 ok_range(DNSSEC_KEY_ALGORITHM_ED448, 456, 456, "ED448"); #endif diff --git a/tests/libdnssec/test_key_ds.c b/tests/libdnssec/test_key_ds.c index 29acf05..e076243 100644 --- a/tests/libdnssec/test_key_ds.c +++ b/tests/libdnssec/test_key_ds.c @@ -101,17 +101,13 @@ int main(int argc, char *argv[]) test_key("RSA", &SAMPLE_RSA_KEY); test_key("ECDSA", &SAMPLE_ECDSA_KEY); -#ifdef HAVE_ED25519 test_key("ED25519", &SAMPLE_ED25519_KEY); -#endif #ifdef HAVE_ED448 test_key("ED448", &SAMPLE_ED448_KEY); #endif test_errors(&SAMPLE_ECDSA_KEY); -#ifdef HAVE_ED25519 test_errors(&SAMPLE_ED25519_KEY); -#endif #ifdef HAVE_ED448 test_errors(&SAMPLE_ED448_KEY); #endif diff --git a/tests/libdnssec/test_sign.c b/tests/libdnssec/test_sign.c index bdb19fb..933206f 100644 --- a/tests/libdnssec/test_sign.c +++ b/tests/libdnssec/test_sign.c @@ -57,7 +57,6 @@ static const dnssec_binary_t signed_ecdsa = { .size = 64, .data = (uint8_t []) { 0xad, 0x2f, }}; -#ifdef HAVE_ED25519 static const dnssec_binary_t signed_ed25519 = { .size = 64, .data = (uint8_t []) { 0x0a, 0x9e, 0x51, 0x5f, 0x16, 0x89, 0x49, 0x27, 0x0e, 0x98, 0x34, 0xd3, 0x48, 0xef, 0x5a, 0x6e, @@ -67,8 +66,7 @@ static const dnssec_binary_t signed_ed25519 = { .size = 64, .data = (uint8_t []) 0x1d, 0x08, 0x10, 0x20, 0x1c, 0x01, 0x77, 0x1b, 0x5a, 0x48, 0xd6, 0xe5, 0x1c, 0xf9, 0xe3, 0xe0, 0x70, 0x34, 0x5e, 0x02, 0x49, 0xfb, 0x9e, 0x05, - }}; -#endif +}}; #ifdef HAVE_ED448 static const dnssec_binary_t signed_ed448 = { .size = 114, .data = (uint8_t []) { @@ -82,7 +80,7 @@ static const dnssec_binary_t signed_ed448 = { .size = 114, .data = (uint8_t []) 0xe9, 0xb9, 0x76, 0xb8, 0xa6, 0xa9, 0x0a, 0x4f, 0x18, 0xe1, 0x62, 0x27, 0x74, 0x99, 0x01, 0x98, 0x5f, 0xdb, 0xea, 0xdf, 0xab, 0x59, 0x6c, 0x79, 0xe2, 0xc2, 0x2a, 0x91, 0x29, 0x00 - }}; +}}; #endif static dnssec_binary_t binary_set_string(char *str) @@ -188,10 +186,8 @@ int main(void) check_key(&SAMPLE_RSA_KEY, &input_data, &signed_rsa, true); diag("ECDSA signing"); check_key(&SAMPLE_ECDSA_KEY, &input_data, &signed_ecdsa, false); -#ifdef HAVE_ED25519 diag("ED25519 signing"); check_key(&SAMPLE_ED25519_KEY, &input_data, &signed_ed25519, true); -#endif #ifdef HAVE_ED448 diag("ED448 signing"); check_key(&SAMPLE_ED448_KEY, &input_data, &signed_ed448, true); diff --git a/tests/libknot/test_control.c b/tests/libknot/test_control.c index 3846f31..3467be4 100644 --- a/tests/libknot/test_control.c +++ b/tests/libknot/test_control.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -109,7 +109,7 @@ static void ctl_server(const char *socket, size_t argc, knot_ctl_data_t *argv) knot_ctl_t *ctl = knot_ctl_alloc(); ok(ctl != NULL, "Allocate control"); - int ret = knot_ctl_bind(ctl, socket); + int ret = knot_ctl_bind(ctl, socket, 5); is_int(KNOT_EOK, ret, "Bind control socket"); ret = knot_ctl_accept(ctl); diff --git a/tests/libknot/test_xdp_tcp.c b/tests/libknot/test_xdp_tcp.c index 7f3b994..4e02f57 100644 --- a/tests/libknot/test_xdp_tcp.c +++ b/tests/libknot/test_xdp_tcp.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -213,7 +213,7 @@ void test_syn(void) knot_xdp_msg_t msg; knot_tcp_relay_t rl = { 0 }; prepare_msg(&msg, KNOT_XDP_MSG_SYN, 1, 2); - int ret = knot_tcp_recv(&rl, &msg, 1, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); + int ret = knot_tcp_recv(&rl, &msg, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); is_int(KNOT_EOK, ret, "SYN: relay OK"); ret = knot_tcp_send(test_sock, &rl, 1, 1); is_int(KNOT_EOK, ret, "SYN: send OK"); @@ -241,7 +241,7 @@ void test_syn_ack_no(void) knot_xdp_msg_t msg; knot_tcp_relay_t rl = { 0 }; prepare_msg(&msg, KNOT_XDP_MSG_SYN | KNOT_XDP_MSG_ACK, 1, 2); - int ret = knot_tcp_recv(&rl, &msg, 1, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); + int ret = knot_tcp_recv(&rl, &msg, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); is_int(KNOT_EOK, ret, "SYN+ACK deny: relay OK"); is_int(XDP_TCP_NOOP, rl.auto_answer, "SYN+ACK deny: no auto answer"); is_int(XDP_TCP_NOOP, rl.answer, "SYN+ACK deny: no answer"); @@ -256,7 +256,7 @@ void test_establish(void) knot_tcp_relay_t rl = { 0 }; prepare_msg(&msg, KNOT_XDP_MSG_ACK, 1, 2); prepare_seqack(&msg, 0, 1); - int ret = knot_tcp_recv(&rl, &msg, 1, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); + int ret = knot_tcp_recv(&rl, &msg, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); is_int(KNOT_EOK, ret, "establish: relay OK"); is_int(0, test_syn_table->usage, "SYN: no connection in SYN table"); is_int(1, test_table->usage, "SYN: one connection in normal table"); @@ -274,7 +274,7 @@ void test_syn_ack(void) knot_xdp_msg_t msg; knot_tcp_relay_t rl = { 0 }; prepare_msg(&msg, KNOT_XDP_MSG_SYN | KNOT_XDP_MSG_ACK, 1000, 2000); - int ret = knot_tcp_recv(&rl, &msg, 1, test_table, NULL, XDP_TCP_IGNORE_NONE); + int ret = knot_tcp_recv(&rl, &msg, test_table, NULL, XDP_TCP_IGNORE_NONE); is_int(KNOT_EOK, ret, "SYN+ACK: relay OK"); ret = knot_tcp_send(test_sock, &rl, 1, 1); is_int(KNOT_EOK, ret, "SYN+ACK: send OK"); @@ -315,7 +315,10 @@ void test_data_fragments(void) prepare_data(&msgs[3], "\x02""AB""\xff\xff""abcdefghijklmnopqrstuvwxyz...", 34); assert(test_table); - int ret = knot_tcp_recv(rls, msgs, CONNS, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); + int ret = KNOT_EOK; + for (int i = 0; i < CONNS && ret == KNOT_EOK; i++) { + ret = knot_tcp_recv(&rls[i], &msgs[i], test_table, test_syn_table, XDP_TCP_IGNORE_NONE); + } is_int(KNOT_EOK, ret, "fragments: relay OK"); assert(test_sock); ret = knot_tcp_send(test_sock, rls, CONNS, CONNS); @@ -374,7 +377,7 @@ void test_close(void) knot_xdp_msg_t wrong = msg; wrong.seqno += INT32_MAX; wrong.ackno += INT32_MAX; - int ret = knot_tcp_recv(&rl, &wrong, 1, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); + int ret = knot_tcp_recv(&rl, &wrong, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); is_int(KNOT_EOK, ret, "close: relay 0 OK"); is_int(KNOT_XDP_MSG_RST, rl.auto_answer, "close: reset wrong ackno"); is_int(rl.auto_seqno, wrong.ackno, "close: reset seqno"); @@ -383,7 +386,7 @@ void test_close(void) check_sent(0, 1, 0, 0); is_int(sent_seqno, wrong.ackno, "close: reset seqno sent"); - ret = knot_tcp_recv(&rl, &msg, 1, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); + ret = knot_tcp_recv(&rl, &msg, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); is_int(KNOT_EOK, ret, "close: relay 1 OK"); ret = knot_tcp_send(test_sock, &rl, 1, 1); is_int(KNOT_EOK, ret, "close: send OK"); @@ -395,7 +398,7 @@ void test_close(void) msg.flags &= ~KNOT_XDP_MSG_FIN; prepare_seqack(&msg, 0, 0); - ret = knot_tcp_recv(&rl, &msg, 1, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); + ret = knot_tcp_recv(&rl, &msg, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); is_int(KNOT_EOK, ret, "close: relay 2 OK"); ret = knot_tcp_send(test_sock, &rl, 1, 1); is_int(KNOT_EOK, ret, "close: send 2 OK"); @@ -418,7 +421,10 @@ void test_many(void) } knot_tcp_relay_t *rls = malloc(CONNS * sizeof(*rls)); - int ret = knot_tcp_recv(rls, msgs, CONNS, test_table, NULL, XDP_TCP_IGNORE_NONE); + int ret = KNOT_EOK; + for (int i = 0; i < CONNS && ret == KNOT_EOK; i++) { + ret = knot_tcp_recv(&rls[i], &msgs[i], test_table, NULL, XDP_TCP_IGNORE_NONE); + } is_int(KNOT_EOK, ret, "many: relay OK"); ret = knot_tcp_send(test_sock, rls, CONNS, CONNS); is_int(KNOT_EOK, ret, "many: relay send OK"); @@ -435,7 +441,7 @@ void test_many(void) fix_seqack(survive); prepare_data(survive, "\x00\x00", 2); assert(test_table); - ret = knot_tcp_recv(&surv_rl, survive, 1, test_table, NULL, XDP_TCP_IGNORE_NONE); + ret = knot_tcp_recv(&surv_rl, survive, test_table, NULL, XDP_TCP_IGNORE_NONE); is_int(KNOT_EOK, ret, "many/survivor: OK"); clean_sent(); @@ -479,7 +485,10 @@ void test_ibufs_size(void) for (int i = 0; i < CONNS; i++) { prepare_msg(&msgs[i], KNOT_XDP_MSG_SYN, i + 2000, 1); } - int ret = knot_tcp_recv(rls, msgs, CONNS, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); + int ret = KNOT_EOK; + for (int i = 0; i < CONNS && ret == KNOT_EOK; i++) { + ret = knot_tcp_recv(&rls[i], &msgs[i], test_table, test_syn_table, XDP_TCP_IGNORE_NONE); + } is_int(KNOT_EOK, ret, "ibufs: open OK"); ret = knot_tcp_send(test_sock, rls, CONNS, CONNS); is_int(KNOT_EOK, ret, "ibufs: first send OK"); @@ -488,14 +497,16 @@ void test_ibufs_size(void) msgs[i].flags = KNOT_XDP_MSG_TCP | KNOT_XDP_MSG_ACK; } fix_seqacks(msgs, CONNS); - (void)knot_tcp_recv(rls, msgs, CONNS, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); + for (int i = 0; i < CONNS && ret == KNOT_EOK; i++) { + ret = knot_tcp_recv(&rls[i], &msgs[i], test_table, test_syn_table, XDP_TCP_IGNORE_NONE); + } is_int(0, test_table->inbufs_total, "inbufs: initial total zero"); // first connection will start a fragment buf then finish it fix_seqack(&msgs[0]); prepare_data(&msgs[0], "\x00\x0a""lorem", 7); - ret = knot_tcp_recv(&rls[0], &msgs[0], 1, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); + ret = knot_tcp_recv(&rls[0], &msgs[0], test_table, test_syn_table, XDP_TCP_IGNORE_NONE); is_int(KNOT_EOK, ret, "ibufs: must be OK"); ret = knot_tcp_send(test_sock, &rls[0], 1, 1); is_int(KNOT_EOK, ret, "ibufs: must send OK"); @@ -509,7 +520,9 @@ void test_ibufs_size(void) prepare_data(&msgs[1], "\x00\xff""12345", 7); prepare_data(&msgs[2], "\xff\xff""abcde", 7); prepare_data(&msgs[3], "\xff\xff""abcde", 7); - ret = knot_tcp_recv(rls, msgs, CONNS, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); + for (int i = 0; i < CONNS && ret == KNOT_EOK; i++) { + ret = knot_tcp_recv(&rls[i], &msgs[i], test_table, test_syn_table, XDP_TCP_IGNORE_NONE); + } is_int(KNOT_EOK, ret, "inbufs: relay OK"); ret = knot_tcp_send(test_sock, rls, CONNS, CONNS); is_int(KNOT_EOK, ret, "inbufs: send OK"); @@ -546,11 +559,11 @@ void test_obufs(void) knot_tcp_relay_t rl = { 0 }; prepare_msg(&msg, KNOT_XDP_MSG_SYN, 1, 2); - (void)knot_tcp_recv(&rl, &msg, 1, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); // SYN + (void)knot_tcp_recv(&rl, &msg, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); // SYN (void)knot_tcp_send(test_sock, &rl, 1, 1); // SYN+ACK prepare_msg(&msg, KNOT_XDP_MSG_ACK, 1, 2); prepare_seqack(&msg, 0, 1); - (void)knot_tcp_recv(&rl, &msg, 1, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); // ACK + (void)knot_tcp_recv(&rl, &msg, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); // ACK size_t TEST_MSS = 1111; size_t DATA_LEN = 65535; // with 2-byte len prefix, this is > 64k == window_size @@ -588,7 +601,7 @@ void test_obufs(void) memset(&rl, 0, sizeof(rl)); prepare_seqack(&msg, 0, TEST_MSS); - ret = knot_tcp_recv(&rl, &msg, 1, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); + ret = knot_tcp_recv(&rl, &msg, test_table, test_syn_table, XDP_TCP_IGNORE_NONE); is_int(KNOT_EOK, ret, "obufs: ACKed data"); assert(rl.conn); rl.conn->window_size = 65536; diff --git a/tests/libknot/test_yptrafo.c b/tests/libknot/test_yptrafo.c index cd26632..d76dbc4 100644 --- a/tests/libknot/test_yptrafo.c +++ b/tests/libknot/test_yptrafo.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -326,7 +326,10 @@ int main(int argc, char *argv[]) int_test("11s", 11LL * 1, YP_STIME, min, max); int_test("11m", 11LL * 60, YP_STIME, min, max); int_test("11h", 11LL * 3600, YP_STIME, min, max); - int_test("11d", 11LL * 24 * 3600, YP_STIME, min, max); + int_test("6d", 6LL * 24 * 3600, YP_STIME, min, max); + int_test("4w", 4LL * 7 * 24 * 3600, YP_STIME, min, max); + int_test("11M", 11LL * 30 * 24 * 3600, YP_STIME, min, max); + int_test("2y", 2LL * 365 * 24 * 3600, YP_STIME, min, max); int_test("1025B", 1025LL, YP_SSIZE, min, max); int_test("61s", 61LL, YP_STIME, min, max); int_bad_test("20000000001", KNOT_ERANGE, YP_SNONE, min, max); diff --git a/tests/modules/test_rrl.c b/tests/modules/test_rrl.c index 6a5210f..448ff9a 100644 --- a/tests/modules/test_rrl.c +++ b/tests/modules/test_rrl.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,164 +15,404 @@ */ #include <tap/basic.h> +#include <pthread.h> +#include <sched.h> +#include <stdio.h> +#include <stdatomic.h> #include "libdnssec/crypto.h" #include "libdnssec/random.h" #include "libknot/libknot.h" +#include "contrib/openbsd/siphash.h" #include "contrib/sockaddr.h" + +#include "time.h" +int fakeclock_gettime(clockid_t clockid, struct timespec *tp); +#define clock_gettime fakeclock_gettime #include "knot/modules/rrl/functions.c" -#include "stdio.h" - -/* Enable time-dependent tests. */ -//#define ENABLE_TIMED_TESTS -#define RRL_SIZE 196613 -#define RRL_THREADS 8 -#define RRL_INSERTS (RRL_SIZE/(5*RRL_THREADS)) /* lf = 1/5 */ - -/* Disabled as default as it depends on random input. - * Table may be consistent even if some collision occur (and they may occur). - * Note: Disabled due to reported problems when running on VMs due to time - * flow inconsistencies. Should work alright on a host machine. - */ -#ifdef ENABLE_TIMED_TESTS -struct bucketmap { - unsigned i; - uint64_t x; +#undef clock_gettime + +#define RRL_THREADS 4 +//#define RRL_SYNC_WITH_REAL_TIME + +#define BATCH_QUERIES_LOG 3 // threads acquire queries in batches of 8 +#define HOSTS_LOG 3 // at most 6 attackers + 2 wildcard addresses for normal users +#define TICK_QUERIES_LOG 13 // at most 1024 queries per host per tick + +// Accessing RRL configuration of INSTANT/RATE limits for V4/V6 and specific prefix. +#define LIMIT(type, Vx, prefix) (RRL_MULT(Vx, prefix) * RRL_ ## type ## _LIMIT) + +#define RRL_CONFIG(Vx, name) RRL_ ## Vx ## _ ## name +#define RRL_MULT(Vx, prefix) get_mult(RRL_CONFIG(Vx, PREFIXES), RRL_CONFIG(Vx, RATE_MULT), RRL_CONFIG(Vx, PREFIXES_CNT), prefix) +static inline kru_price_t get_mult(uint8_t prefixes[], kru_price_t mults[], size_t cnt, uint8_t wanted_prefix) { + for (size_t i = 0; i < cnt; i++) + if (prefixes[i] == wanted_prefix) + return mults[i]; + assert(0); + return 0; +} + +// Macro correction depending on the table mode. +int DIFF = 0; + +// Instant limits and rate limits per msec. +#define INST(Vx, prefix) (LIMIT(INSTANT, Vx, prefix) + DIFF) +#define RATEM(Vx, prefix) (LIMIT(RATE, Vx, prefix) / 1000 + DIFF) + +// Expected range of limits for parallel test. +#define RANGE_INST(Vx, prefix) INST(Vx, prefix) - 1, INST(Vx, prefix) + RRL_THREADS - 1 +#define RANGE_RATEM(Vx, prefix) RATEM(Vx, prefix) - 1 - DIFF, RATEM(Vx, prefix) + RRL_THREADS - DIFF +#define RANGE_UNLIM(queries) queries, queries + +/* Fix seed for randomness in RLL module. Change if improbable collisions arise. (one byte) */ +#define RRL_SEED_GENERIC 1 +#define RRL_SEED_AVX2 1 + +struct kru_generic { + SIPHASH_KEY hash_key; + // ... +}; +struct kru_avx2 { + _Alignas(32) char hash_key[48]; + // ... +}; + +/* Override time in RRL module. */ +struct timespec fakeclock_start; +uint32_t fakeclock_tick = 0; + +void fakeclock_init(void) +{ + clock_gettime(CLOCK_MONOTONIC_COARSE, &fakeclock_start); + fakeclock_tick = 0; +} + +int fakeclock_gettime(clockid_t clockid, struct timespec *tp) +{ + uint32_t inc_msec = fakeclock_tick; + tp->tv_sec = fakeclock_start.tv_sec + (fakeclock_start.tv_nsec / 1000000 + inc_msec) / 1000; + tp->tv_nsec = (fakeclock_start.tv_nsec + (inc_msec % 1000) * 1000000) % 1000000000; + return 0; +} + +struct host { + uint32_t queries_per_tick; + int addr_family; + char *addr_format; + uint32_t min_passed, max_passed; + _Atomic uint32_t passed; +}; + +struct stage { + uint32_t first_tick, last_tick; + struct host hosts[1 << HOSTS_LOG]; }; -/*! \brief Unit runnable. */ struct runnable_data { - int passed; rrl_table_t *rrl; - struct sockaddr_storage *addr; - rrl_req_t *rq; - knot_dname_t *zone; + int prime; + _Atomic uint32_t *queries_acquired, *queries_done; + struct stage *stages; }; -static void* rrl_runnable(void *arg) +static void *rrl_runnable(void *arg) { struct runnable_data *d = (struct runnable_data *)arg; + size_t si = 0; + + char addr_str[40]; struct sockaddr_storage addr; - memcpy(&addr, d->addr, sizeof(struct sockaddr_storage)); - int lock = -1; - uint32_t now = time(NULL); - struct bucketmap *m = malloc(RRL_INSERTS * sizeof(struct bucketmap)); - for (unsigned i = 0; i < RRL_INSERTS; ++i) { - m[i].i = dnssec_random_uint32_t(); - ((struct sockaddr_in *) &addr)->sin_addr.s_addr = m[i].i; - rrl_item_t *b = rrl_hash(d->rrl, &addr, d->rq, d->zone, now, &lock); - rrl_unlock(d->rrl, lock); - m[i].x = b->netblk; + + while (true) { + uint32_t qi1 = atomic_fetch_add(d->queries_acquired, 1 << BATCH_QUERIES_LOG); + + /* increment time if needed; sync on incrementing using spinlock */ + uint32_t tick = qi1 >> TICK_QUERIES_LOG; + for (size_t i = 1; tick != fakeclock_tick; i++) { + if ((*d->queries_done >> TICK_QUERIES_LOG) >= tick) { + fakeclock_tick = tick; + } + if (i % (1<<14) == 0) sched_yield(); + __sync_synchronize(); + } + + /* increment stage if needed */ + while (tick > d->stages[si].last_tick) { + ++si; + if (!d->stages[si].first_tick) return NULL; + } + +#ifdef RRL_SYNC_WITH_REAL_TIME + { + struct timespec ts_fake, ts_real; + do { + fakeclock_gettime(CLOCK_MONOTONIC_COARSE, &ts_fake); + clock_gettime(CLOCK_MONOTONIC_COARSE, &ts_real); + } while (!((ts_real.tv_sec > ts_fake.tv_sec) || + ((ts_real.tv_sec == ts_fake.tv_sec) && (ts_real.tv_nsec >= ts_fake.tv_nsec)))); + } +#endif + + if (tick >= d->stages[si].first_tick) { + uint32_t qi2 = 0; + do { + uint32_t qi = qi1 + qi2; + + /* perform query qi */ + uint32_t hi = qi % (1 << HOSTS_LOG); + if (!d->stages[si].hosts[hi].queries_per_tick) continue; + uint32_t hqi = (qi % (1 << TICK_QUERIES_LOG)) >> HOSTS_LOG; // host query index within tick + if (hqi >= d->stages[si].hosts[hi].queries_per_tick) continue; + hqi += (qi >> TICK_QUERIES_LOG) * d->stages[si].hosts[hi].queries_per_tick; // across ticks + (void)snprintf(addr_str, sizeof(addr_str), d->stages[si].hosts[hi].addr_format, + hqi % 0xff, (hqi >> 8) % 0xff, (hqi >> 16) % 0xff); + sockaddr_set(&addr, d->stages[si].hosts[hi].addr_family, addr_str, 0); + + if (rrl_query(d->rrl, &addr, NULL) == KNOT_EOK) { + atomic_fetch_add(&d->stages[si].hosts[hi].passed, 1); + if (!d->rrl->rw_mode) { + rrl_update(d->rrl, &addr, 1); + } + } + + } while ((qi2 = (qi2 + d->prime) % (1 << BATCH_QUERIES_LOG))); + } + atomic_fetch_add(d->queries_done, 1 << BATCH_QUERIES_LOG); } - for (unsigned i = 0; i < RRL_INSERTS; ++i) { - ((struct sockaddr_in *) &addr)->sin_addr.s_addr = m[i].i; - rrl_item_t *b = rrl_hash(d->rrl, &addr, d->rq, d->zone, now, &lock); - rrl_unlock(d->rrl, lock); - if (b->netblk != m[i].x) { - d->passed = 0; +} + +char *impl_name = ""; +rrl_table_t *rrl = NULL; + +void count_test(char *desc, int expected_passing, double margin_fract, + int addr_family, char *addr_format, uint32_t min_value, uint32_t max_value) +{ + uint32_t max_queries = expected_passing > 0 ? 2 * expected_passing : -expected_passing; + struct sockaddr_storage addr; + char addr_str[40]; + int cnt = -1; + + for (size_t i = 0; i < max_queries; i++) { + (void)snprintf(addr_str, sizeof(addr_str), addr_format, + i % (max_value - min_value + 1) + min_value, + i / (max_value - min_value + 1) % 256); + sockaddr_set(&addr, addr_family, addr_str, 0); + if (rrl_query(rrl, &addr, NULL) != KNOT_EOK) { + cnt = i; + break; } + if (!rrl->rw_mode) { + rrl_update(rrl, &addr, 1); + } + } + + if (expected_passing < 0) expected_passing = -1; + if (margin_fract == 0) { + is_int(expected_passing, cnt, "rrl(%s): %-48s [%7d ]", impl_name, desc, expected_passing); + } else { + int max_diff = expected_passing * margin_fract; + ok((expected_passing - max_diff <= cnt) && (cnt <= expected_passing + max_diff), + "rrl(%s): %-48s [%7d <=%7d <=%7d ]", impl_name, desc, + expected_passing - max_diff, cnt, expected_passing + max_diff); } - free(m); - return NULL; } -static void rrl_hopscotch(struct runnable_data* rd) +void test_rrl(bool rw_mode) { - rd->passed = 1; + size_t RRL_TABLE_SIZE = (1 << 20); + uint32_t RRL_INSTANT_LIMIT = (1 << 7); + uint32_t RRL_RATE_LIMIT = (1 << 16); + if (rw_mode) { + RRL_INSTANT_LIMIT = (1 << 8); + RRL_RATE_LIMIT = (1 << 17); + } + + fakeclock_init(); + + /* create rrl table */ + rrl = rrl_create(RRL_TABLE_SIZE, RRL_INSTANT_LIMIT, RRL_RATE_LIMIT, rw_mode, 0); + ok(rrl != NULL, "rrl(%s): create", impl_name); + assert(rrl); + + if (KRU.initialize == KRU_GENERIC.initialize) { + struct kru_generic *kru = (struct kru_generic *) rrl->kru; + memset(&kru->hash_key, RRL_SEED_GENERIC, sizeof(kru->hash_key)); + } else if (KRU.initialize == KRU_AVX2.initialize) { + struct kru_avx2 *kru = (struct kru_avx2 *) rrl->kru; + memset(&kru->hash_key, RRL_SEED_AVX2, sizeof(kru->hash_key)); + } else { + assert(0); + } + + /* IPv4 multi-prefix tests */ + static_assert(RRL_V4_PREFIXES_CNT == 4, + "There are no more IPv4 limited prefixes (/32, /24, /20, /18 will be tested)."); + + count_test("IPv4 instant limit /32", INST(V4, 32), 0, + AF_INET, "128.0.0.0", 0, 0); + + count_test("IPv4 instant limit /32 not applied on /31", -1, 0, + AF_INET, "128.0.0.1", 0, 0); + + count_test("IPv4 instant limit /24", INST(V4, 24) - INST(V4, 32) - 1, 0, + AF_INET, "128.0.0.%d", 2, 255); + + count_test("IPv4 instant limit /24 not applied on /23", -1, 0, + AF_INET, "128.0.1.0", 0, 0); + + count_test("IPv4 instant limit /20", INST(V4, 20) - INST(V4, 24) - 1, 0.001, + AF_INET, "128.0.%d.%d", 2, 15); + + count_test("IPv4 instant limit /20 not applied on /19", -1, 0, + AF_INET, "128.0.16.0", 0, 0); + + count_test("IPv4 instant limit /18", INST(V4, 18) - INST(V4, 20) - 1, 0.01, + AF_INET, "128.0.%d.%d", 17, 63); + + count_test("IPv4 instant limit /18 not applied on /17", -1, 0, + AF_INET, "128.0.64.0", 0, 0); + + /* IPv6 multi-prefix tests */ + static_assert(RRL_V6_PREFIXES_CNT == 5, + "There are no more IPv6 limited prefixes (/128, /64, /56, /48, /32 will be tested)."); + + count_test("IPv6 instant limit /128, independent to IPv4", INST(V6, 128), 0, + AF_INET6, "8000::", 0, 0); + + count_test("IPv6 instant limit /128 not applied on /127", -1, 0, + AF_INET6, "8000::1", 0, 0); + + count_test("IPv6 instant limit /64", INST(V6, 64) - INST(V6, 128) - 1, 0, + AF_INET6, "8000:0:0:0:%02x%02x::", 0x01, 0xff); + + count_test("IPv6 instant limit /64 not applied on /63", -1, 0, + AF_INET6, "8000:0:0:1::", 0, 0); + + count_test("IPv6 instant limit /56", INST(V6, 56) - INST(V6, 64) - 1, rw_mode ? 0 : 0.01, + AF_INET6, "8000:0:0:00%02x:%02x00::", 0x02, 0xff); + + count_test("IPv6 instant limit /56 not applied on /55", -1, 0, + AF_INET6, "8000:0:0:0100::", 0, 0); + + count_test("IPv6 instant limit /48", INST(V6, 48) - INST(V6, 56) - 1, 0.01, + AF_INET6, "8000:0:0:%02x%02x::", 0x02, 0xff); + + count_test("IPv6 instant limit /48 not applied on /47", -1, 0, + AF_INET6, "8000:0:1::", 0, 0); + + count_test("IPv6 instant limit /32", INST(V6, 32) - INST(V6, 48) - 1, rw_mode ? 0.001 : 0, + AF_INET6, "8000:0:%02x%02x::", 0x02, 0xff); + + count_test("IPv6 instant limit /32 not applied on /31", -1, 0, + AF_INET6, "8000:1::", 0, 0); + + /* limit after 1 msec */ + fakeclock_tick++; + + count_test("IPv4 rate limit /32 after 1 msec", RATEM(V4, 32), 0, + AF_INET, "128.0.0.0", 0, 0); + + count_test("IPv6 rate limit /128 after 1 msec", RATEM(V6, 128), 0, + AF_INET6, "8000::", 0, 0); + + /* parallel tests */ + struct stage stages[] = { + /* first tick, last tick, hosts */ + {32, 32, { + /* queries per tick, family, address, min passed, max passed */ + {1024, AF_INET, "%d.%d.%d.1", RANGE_UNLIM ( 1024 )}, + {1024, AF_INET, "3.3.3.3", RANGE_INST ( V4, 32 )}, + { 512, AF_INET, "4.4.4.4", RANGE_INST ( V4, 32 )}, + {1024, AF_INET6, "%x%x:%x00::1", RANGE_UNLIM ( 1024 )}, + {1024, AF_INET6, "3333::3333", RANGE_INST ( V6, 128 )}, + { 512, AF_INET6, "4444::4444", RANGE_INST ( V6, 128 )} + }}, + {33, 255, { + {1024, AF_INET, "%d.%d.%d.1", RANGE_UNLIM ( 1024 )}, + {1024, AF_INET, "3.3.3.3", RANGE_RATEM ( V4, 32 )}, + { 512, AF_INET, "4.4.4.4", RANGE_RATEM ( V4, 32 )}, + {1024, AF_INET6, "%x%x:%x00::1", RANGE_UNLIM ( 1024 )}, + {1024, AF_INET6, "3333::3333", RANGE_RATEM ( V6, 128 )}, + { 512, AF_INET6, "4444::4444", RANGE_RATEM ( V6, 128 )}, + }}, + {256, 511, { + {1024, AF_INET, "3.3.3.3", RANGE_RATEM ( V4, 32 )}, + {1024, AF_INET6, "3333::3333", RANGE_RATEM ( V6, 128 )} + }}, + {512, 512, { + {1024, AF_INET, "%d.%d.%d.1", RANGE_UNLIM ( 1024 )}, + {1024, AF_INET, "3.3.3.3", RANGE_RATEM ( V4, 32 )}, + { 512, AF_INET, "4.4.4.4", RANGE_INST ( V4, 32 )}, + {1024, AF_INET6, "%x%x:%x00::1", RANGE_UNLIM ( 1024 )}, + {1024, AF_INET6, "3333::3333", RANGE_RATEM ( V6, 128 )}, + { 512, AF_INET6, "4444::4444", RANGE_INST ( V6, 128 )} + }}, + {0} + }; + pthread_t thr[RRL_THREADS]; + struct runnable_data rd[RRL_THREADS]; + _Atomic uint32_t queries_acquired = 0, queries_done = 0; + int primes[] = {3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61}; + assert(sizeof(primes)/sizeof(*primes) >= RRL_THREADS); + for (unsigned i = 0; i < RRL_THREADS; ++i) { - pthread_create(thr + i, NULL, &rrl_runnable, rd); + rd[i].rrl = rrl; + rd[i].queries_acquired = &queries_acquired; + rd[i].queries_done = &queries_done; + rd[i].prime = primes[i]; + rd[i].stages = stages; + pthread_create(thr + i, NULL, &rrl_runnable, rd + i); } for (unsigned i = 0; i < RRL_THREADS; ++i) { pthread_join(thr[i], NULL); } -} -#endif -int main(int argc, char *argv[]) -{ - plan_lazy(); + unsigned si = 0; + do { + struct host * const h = stages[si].hosts; + uint32_t ticks = stages[si].last_tick - stages[si].first_tick + 1; + for (size_t i = 0; h[i].queries_per_tick; i++) { + ok( h[i].min_passed * ticks <= h[i].passed && h[i].passed <= h[i].max_passed * ticks, + "rrl(%s): parallel stage %d, addr %-25s [%7d <=%12.4f <=%7d ]", impl_name, + si, h[i].addr_format, h[i].min_passed, (double)h[i].passed / ticks, h[i].max_passed); + } + } while (stages[++si].first_tick); - dnssec_crypto_init(); + rrl_destroy(rrl); +} - /* Prepare query. */ - knot_pkt_t *query = knot_pkt_new(NULL, 512, NULL); - if (query == NULL) { - return KNOT_ERROR; /* Fatal */ +void test_rrl_mode(bool test_avx2, bool rw_mode) +{ + if (!rw_mode) { + DIFF = 1; } - knot_dname_t *qname = knot_dname_from_str_alloc("beef."); - int ret = knot_pkt_put_question(query, qname, KNOT_CLASS_IN, KNOT_RRTYPE_A); - knot_dname_free(qname, NULL); - if (ret != KNOT_EOK) { - knot_pkt_free(query); - return KNOT_ERROR; /* Fatal */ - } + KRU = KRU_GENERIC; + impl_name = "KRU_GENERIC"; + test_rrl(rw_mode); - /* Prepare response */ - uint8_t rbuf[65535]; - size_t rlen = sizeof(rbuf); - memcpy(rbuf, query->wire, query->size); - knot_wire_flags_set_qr(rbuf); + if (test_avx2) { + KRU = KRU_AVX2; + impl_name = "KRU_AVX2"; + test_rrl(rw_mode); + } else { + diag("AVX2 NOT available"); + } +} - rrl_req_t rq; - rq.wire = rbuf; - rq.len = rlen; - rq.query = query; - rq.flags = 0; +int main(int argc, char *argv[]) +{ + plan_lazy(); - /* 1. create rrl table */ - const uint32_t rate = 10; - rrl_table_t *rrl = rrl_create(RRL_SIZE, rate); - ok(rrl != NULL, "rrl: create"); + dnssec_crypto_init(); - /* 2. N unlimited requests. */ - knot_dname_t *zone = knot_dname_from_str_alloc("rrl."); + assert(KRU_GENERIC.initialize != KRU_AVX2.initialize); + bool test_avx2 = (KRU.initialize == KRU_AVX2.initialize); - struct sockaddr_storage addr; - struct sockaddr_storage addr6; - sockaddr_set(&addr, AF_INET, "1.2.3.4", 0); - sockaddr_set(&addr6, AF_INET6, "1122:3344:5566:7788::aabb", 0); - ret = 0; - for (unsigned i = 0; i < rate * RRL_CAPACITY; ++i) { - if (rrl_query(rrl, &addr, &rq, zone, NULL) != KNOT_EOK || - rrl_query(rrl, &addr6, &rq, zone, NULL) != KNOT_EOK) { - ret = KNOT_ELIMIT; - break; - } - } - is_int(0, ret, "rrl: unlimited IPv4/v6 requests"); - - /* 3. Endian-independent hash input buffer. */ - uint8_t buf[RRL_CLSBLK_MAXLEN]; - // CLS_LARGE + remote + dname wire. - uint8_t expectedv4[] = "\x10\x01\x02\x03\x00\x00\x00\x00\x00\x04""beef"; - rrl_classify(buf, sizeof(buf), &addr, &rq, qname); - is_int(0, memcmp(buf, expectedv4, sizeof(expectedv4)), "rrl: IPv4 hash input buffer"); - uint8_t expectedv6[] = "\x10\x11\x22\x33\x44\x55\x66\x77\x00\x04""beef"; - rrl_classify(buf, sizeof(buf), &addr6, &rq, qname); - is_int(0, memcmp(buf, expectedv6, sizeof(expectedv6)), "rrl: IPv6 hash input buffer"); - -#ifdef ENABLE_TIMED_TESTS - /* 5. limited request */ - ret = rrl_query(rrl, &addr, &rq, zone, NULL); - is_int(KNOT_ELIMIT, ret, "rrl: throttled IPv4 request"); - - /* 6. limited IPv6 request */ - ret = rrl_query(rrl, &addr6, &rq, zone, NULL); - is_int(KNOT_ELIMIT, ret, "rrl: throttled IPv6 request"); - - /* 8. hopscotch test */ - struct runnable_data rd = { - 1, rrl, &addr, &rq, zone - }; - rrl_hopscotch(&rd); - ok(rd.passed, "rrl: hashtable is ~ consistent"); -#endif + test_rrl_mode(test_avx2, true); + test_rrl_mode(test_avx2, false); - knot_dname_free(zone, NULL); - knot_pkt_free(query); - rrl_destroy(rrl); dnssec_crypto_cleanup(); return 0; } diff --git a/tests/tap/files.c b/tests/tap/files.c index f979d07..ac85277 100644 --- a/tests/tap/files.c +++ b/tests/tap/files.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -62,5 +62,5 @@ char *test_mkdtemp(void) bool test_rm_rf(const char *path) { - return remove_path(path); + return (remove_path(path, false) == KNOT_EOK); } |