diff options
Diffstat (limited to 'bin/tests/system/dnstap')
45 files changed, 1813 insertions, 0 deletions
diff --git a/bin/tests/system/dnstap/README b/bin/tests/system/dnstap/README new file mode 100644 index 0000000..856fe48 --- /dev/null +++ b/bin/tests/system/dnstap/README @@ -0,0 +1,27 @@ +Copyright (C) Internet Systems Consortium, Inc. ("ISC") + +SPDX-License-Identifier: MPL-2.0 + +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, you can obtain one at https://mozilla.org/MPL/2.0/. + +See the COPYRIGHT file distributed with this work for additional +information regarding copyright ownership. + +The "large-answer.fstrm" file was generated by configuring a named instance +compiled with --enable-dnstap and --enable-fixed-rrset with the following +directives: + + minimal-responses yes; + rrset-order { order fixed; }; + dnstap { auth response; }; + dnstap-identity none; + dnstap-output file "large-answer.fstrm"; + +The captured RRset from the "example." zone was created using: + + $GENERATE 1-48 @ IN A 127.0.0.$ + +A server instance set up this way was then queried non-recursively (RD=0) for +"example/A". diff --git a/bin/tests/system/dnstap/bad-fstrm-reopen-interval.conf b/bin/tests/system/dnstap/bad-fstrm-reopen-interval.conf new file mode 100644 index 0000000..fd673d6 --- /dev/null +++ b/bin/tests/system/dnstap/bad-fstrm-reopen-interval.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-reopen-interval 1x; +}; diff --git a/bin/tests/system/dnstap/bad-fstrm-set-buffer-hint-max.conf b/bin/tests/system/dnstap/bad-fstrm-set-buffer-hint-max.conf new file mode 100644 index 0000000..cdab66b --- /dev/null +++ b/bin/tests/system/dnstap/bad-fstrm-set-buffer-hint-max.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-buffer-hint 65537; +}; diff --git a/bin/tests/system/dnstap/bad-fstrm-set-buffer-hint-min.conf b/bin/tests/system/dnstap/bad-fstrm-set-buffer-hint-min.conf new file mode 100644 index 0000000..c5444e9 --- /dev/null +++ b/bin/tests/system/dnstap/bad-fstrm-set-buffer-hint-min.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-buffer-hint 1023; +}; diff --git a/bin/tests/system/dnstap/bad-fstrm-set-flush-timeout-max.conf b/bin/tests/system/dnstap/bad-fstrm-set-flush-timeout-max.conf new file mode 100644 index 0000000..05ab1d9 --- /dev/null +++ b/bin/tests/system/dnstap/bad-fstrm-set-flush-timeout-max.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-flush-timeout 0; +}; diff --git a/bin/tests/system/dnstap/bad-fstrm-set-flush-timeout-min.conf b/bin/tests/system/dnstap/bad-fstrm-set-flush-timeout-min.conf new file mode 100644 index 0000000..398b1ab --- /dev/null +++ b/bin/tests/system/dnstap/bad-fstrm-set-flush-timeout-min.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-flush-timeout 601; +}; diff --git a/bin/tests/system/dnstap/bad-fstrm-set-input-queue-size-max.conf b/bin/tests/system/dnstap/bad-fstrm-set-input-queue-size-max.conf new file mode 100644 index 0000000..d6c4120 --- /dev/null +++ b/bin/tests/system/dnstap/bad-fstrm-set-input-queue-size-max.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-input-queue-size 1; +}; diff --git a/bin/tests/system/dnstap/bad-fstrm-set-input-queue-size-min.conf b/bin/tests/system/dnstap/bad-fstrm-set-input-queue-size-min.conf new file mode 100644 index 0000000..787f656 --- /dev/null +++ b/bin/tests/system/dnstap/bad-fstrm-set-input-queue-size-min.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-input-queue-size 16385; +}; diff --git a/bin/tests/system/dnstap/bad-fstrm-set-input-queue-size-po2.conf b/bin/tests/system/dnstap/bad-fstrm-set-input-queue-size-po2.conf new file mode 100644 index 0000000..ae713d3 --- /dev/null +++ b/bin/tests/system/dnstap/bad-fstrm-set-input-queue-size-po2.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-input-queue-size 513; +}; diff --git a/bin/tests/system/dnstap/bad-fstrm-set-output-notify-threshold.conf b/bin/tests/system/dnstap/bad-fstrm-set-output-notify-threshold.conf new file mode 100644 index 0000000..643e2b8 --- /dev/null +++ b/bin/tests/system/dnstap/bad-fstrm-set-output-notify-threshold.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-output-notify-threshold 0; +}; diff --git a/bin/tests/system/dnstap/bad-fstrm-set-output-queue-size-max.conf b/bin/tests/system/dnstap/bad-fstrm-set-output-queue-size-max.conf new file mode 100644 index 0000000..853713f --- /dev/null +++ b/bin/tests/system/dnstap/bad-fstrm-set-output-queue-size-max.conf @@ -0,0 +1,19 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + /* + * This value is system dependent and matches IOV_MAX. + */ + fstrm-set-output-queue-size 10000000; +}; diff --git a/bin/tests/system/dnstap/bad-fstrm-set-output-queue-size-min.conf b/bin/tests/system/dnstap/bad-fstrm-set-output-queue-size-min.conf new file mode 100644 index 0000000..7940c89 --- /dev/null +++ b/bin/tests/system/dnstap/bad-fstrm-set-output-queue-size-min.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-output-queue-size 1; +}; diff --git a/bin/tests/system/dnstap/bad-fstrm-set-reopen-interval-max.conf b/bin/tests/system/dnstap/bad-fstrm-set-reopen-interval-max.conf new file mode 100644 index 0000000..9cfa9e3 --- /dev/null +++ b/bin/tests/system/dnstap/bad-fstrm-set-reopen-interval-max.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-reopen-interval 601; +}; diff --git a/bin/tests/system/dnstap/bad-fstrm-set-reopen-interval-min.conf b/bin/tests/system/dnstap/bad-fstrm-set-reopen-interval-min.conf new file mode 100644 index 0000000..be6a640 --- /dev/null +++ b/bin/tests/system/dnstap/bad-fstrm-set-reopen-interval-min.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-reopen-interval 0; +}; diff --git a/bin/tests/system/dnstap/bad-missing-dnstap-output-view.conf b/bin/tests/system/dnstap/bad-missing-dnstap-output-view.conf new file mode 100644 index 0000000..853da36 --- /dev/null +++ b/bin/tests/system/dnstap/bad-missing-dnstap-output-view.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view "view" { + dnstap { client; auth; }; +}; diff --git a/bin/tests/system/dnstap/bad-missing-dnstap-output.conf b/bin/tests/system/dnstap/bad-missing-dnstap-output.conf new file mode 100644 index 0000000..b5565e2 --- /dev/null +++ b/bin/tests/system/dnstap/bad-missing-dnstap-output.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnstap { client; auth; }; + recursion yes; +}; diff --git a/bin/tests/system/dnstap/bad-size-version.conf b/bin/tests/system/dnstap/bad-size-version.conf new file mode 100644 index 0000000..8e31528 --- /dev/null +++ b/bin/tests/system/dnstap/bad-size-version.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnstap-output unix "/tmp/dnstap.sock" size 10k versions 3; +}; diff --git a/bin/tests/system/dnstap/clean.sh b/bin/tests/system/dnstap/clean.sh new file mode 100644 index 0000000..b9e476f --- /dev/null +++ b/bin/tests/system/dnstap/clean.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +rm -f */named.conf +rm -f */named.memstats +rm -f */named.run +rm -f */named.run.prev +rm -f */named.stats +rm -f dig.out* +rm -f dnstap.* +rm -f fstrm_capture.out.* +rm -f ns*/dnstap.out +rm -f ns*/dnstap.out.save +rm -f ns*/dnstap.out.save.? +rm -f ns*/managed-keys.bind* +rm -f ns*/named.lock +rm -f ns2/dnstap.out.* +rm -f ns2/example.db ns2/example.db.jnl +rm -f ns3/dnstap.out.* +rm -f ydump.out diff --git a/bin/tests/system/dnstap/good-dnstap-in-options.conf b/bin/tests/system/dnstap/good-dnstap-in-options.conf new file mode 100644 index 0000000..17feb5e --- /dev/null +++ b/bin/tests/system/dnstap/good-dnstap-in-options.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnstap-output unix "/var/run/named/dnstap.sock"; + dnstap-identity hostname; + dnstap { client response; }; +}; diff --git a/bin/tests/system/dnstap/good-dnstap-in-view.conf b/bin/tests/system/dnstap/good-dnstap-in-view.conf new file mode 100644 index 0000000..2c17f6c --- /dev/null +++ b/bin/tests/system/dnstap/good-dnstap-in-view.conf @@ -0,0 +1,21 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnstap-output unix "/var/run/named/dnstap.sock"; + dnstap-identity hostname; +}; + +view "view" { + dnstap { client response; }; +}; diff --git a/bin/tests/system/dnstap/good-fstrm-reopen-interval.conf b/bin/tests/system/dnstap/good-fstrm-reopen-interval.conf new file mode 100644 index 0000000..d525262 --- /dev/null +++ b/bin/tests/system/dnstap/good-fstrm-reopen-interval.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-reopen-interval 5m; +}; diff --git a/bin/tests/system/dnstap/good-fstrm-set-buffer-hint.conf b/bin/tests/system/dnstap/good-fstrm-set-buffer-hint.conf new file mode 100644 index 0000000..c550647 --- /dev/null +++ b/bin/tests/system/dnstap/good-fstrm-set-buffer-hint.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-buffer-hint 8192; +}; diff --git a/bin/tests/system/dnstap/good-fstrm-set-flush-timeout.conf b/bin/tests/system/dnstap/good-fstrm-set-flush-timeout.conf new file mode 100644 index 0000000..dd9abf0 --- /dev/null +++ b/bin/tests/system/dnstap/good-fstrm-set-flush-timeout.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-flush-timeout 1; +}; diff --git a/bin/tests/system/dnstap/good-fstrm-set-input-queue-size.conf b/bin/tests/system/dnstap/good-fstrm-set-input-queue-size.conf new file mode 100644 index 0000000..d01b8f8 --- /dev/null +++ b/bin/tests/system/dnstap/good-fstrm-set-input-queue-size.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-input-queue-size 512; +}; diff --git a/bin/tests/system/dnstap/good-fstrm-set-output-notify-threshold.conf b/bin/tests/system/dnstap/good-fstrm-set-output-notify-threshold.conf new file mode 100644 index 0000000..2619dc0 --- /dev/null +++ b/bin/tests/system/dnstap/good-fstrm-set-output-notify-threshold.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-output-notify-threshold 32; +}; diff --git a/bin/tests/system/dnstap/good-fstrm-set-output-queue-model-mpsc.conf b/bin/tests/system/dnstap/good-fstrm-set-output-queue-model-mpsc.conf new file mode 100644 index 0000000..a81ff7c --- /dev/null +++ b/bin/tests/system/dnstap/good-fstrm-set-output-queue-model-mpsc.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-output-queue-model mpsc; +}; diff --git a/bin/tests/system/dnstap/good-fstrm-set-output-queue-model-spsc.conf b/bin/tests/system/dnstap/good-fstrm-set-output-queue-model-spsc.conf new file mode 100644 index 0000000..7b394eb --- /dev/null +++ b/bin/tests/system/dnstap/good-fstrm-set-output-queue-model-spsc.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-output-queue-model spsc; +}; diff --git a/bin/tests/system/dnstap/good-fstrm-set-output-queue-size.conf b/bin/tests/system/dnstap/good-fstrm-set-output-queue-size.conf new file mode 100644 index 0000000..87bf028 --- /dev/null +++ b/bin/tests/system/dnstap/good-fstrm-set-output-queue-size.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-output-queue-size 64; +}; diff --git a/bin/tests/system/dnstap/good-fstrm-set-reopen-interval.conf b/bin/tests/system/dnstap/good-fstrm-set-reopen-interval.conf new file mode 100644 index 0000000..116d3ae --- /dev/null +++ b/bin/tests/system/dnstap/good-fstrm-set-reopen-interval.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + fstrm-set-reopen-interval 5; +}; diff --git a/bin/tests/system/dnstap/good-size-unlimited.conf b/bin/tests/system/dnstap/good-size-unlimited.conf new file mode 100644 index 0000000..8cb9712 --- /dev/null +++ b/bin/tests/system/dnstap/good-size-unlimited.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnstap-output file "/tmp/dnstap.log" + size unlimited versions unlimited suffix increment; +}; diff --git a/bin/tests/system/dnstap/good-size-version.conf b/bin/tests/system/dnstap/good-size-version.conf new file mode 100644 index 0000000..ca1fba3 --- /dev/null +++ b/bin/tests/system/dnstap/good-size-version.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnstap-output file "/tmp/dnstap.log" + size 10k versions 3 suffix timestamp; +}; diff --git a/bin/tests/system/dnstap/large-answer.fstrm b/bin/tests/system/dnstap/large-answer.fstrm Binary files differnew file mode 100644 index 0000000..873b315 --- /dev/null +++ b/bin/tests/system/dnstap/large-answer.fstrm diff --git a/bin/tests/system/dnstap/ns1/named.conf.in b/bin/tests/system/dnstap/ns1/named.conf.in new file mode 100644 index 0000000..7f3fb29 --- /dev/null +++ b/bin/tests/system/dnstap/ns1/named.conf.in @@ -0,0 +1,47 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.1; + notify-source 10.53.0.1; + transfer-source 10.53.0.1; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.1; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + statistics-file "named.stats"; + dnstap-identity "ns1"; + dnstap-version "xxx"; + dnstap-output file "dnstap.out" size 30k versions 10; + dnstap { all; }; + send-cookie no; + require-server-cookie no; + dnssec-validation yes; + qname-minimization disabled; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "." { + type primary; + file "root.db"; +}; diff --git a/bin/tests/system/dnstap/ns1/root.db b/bin/tests/system/dnstap/ns1/root.db new file mode 100644 index 0000000..17780d1 --- /dev/null +++ b/bin/tests/system/dnstap/ns1/root.db @@ -0,0 +1,24 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 +. IN SOA gson.nominum.com. a.root.servers.nil. ( + 2000042100 ; serial + 600 ; refresh + 600 ; retry + 1200 ; expire + 600 ; minimum + ) +. NS a.root-servers.nil. +a.root-servers.nil. A 10.53.0.1 + +example. NS ns2.example. +ns2.example. A 10.53.0.2 diff --git a/bin/tests/system/dnstap/ns2/example.db.in b/bin/tests/system/dnstap/ns2/example.db.in new file mode 100644 index 0000000..7f88dec --- /dev/null +++ b/bin/tests/system/dnstap/ns2/example.db.in @@ -0,0 +1,30 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$ORIGIN . +$TTL 300 ; 5 minutes +example IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +example. NS ns2.example. +ns2.example. A 10.53.0.2 + +$ORIGIN example. +a A 10.0.0.1 +a A 10.0.0.3 +a A 10.0.0.5 + MX 10 mail.example. + +mail A 10.0.0.2 diff --git a/bin/tests/system/dnstap/ns2/named.conf.in b/bin/tests/system/dnstap/ns2/named.conf.in new file mode 100644 index 0000000..badc225 --- /dev/null +++ b/bin/tests/system/dnstap/ns2/named.conf.in @@ -0,0 +1,53 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion yes; + notify yes; + statistics-file "named.stats"; + dnstap-identity "ns2"; + dnstap-version "xxx"; + dnstap-output file "dnstap.out" size unlimited versions unlimited; + dnstap { all; }; + send-cookie no; + require-server-cookie no; + dnssec-validation yes; + qname-minimization disabled; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "." { + type hint; + file "../../common/root.hint"; +}; + +zone "example" { + type primary; + file "example.db"; + allow-update { any; }; +}; diff --git a/bin/tests/system/dnstap/ns3/named.args b/bin/tests/system/dnstap/ns3/named.args new file mode 100644 index 0000000..7937dee --- /dev/null +++ b/bin/tests/system/dnstap/ns3/named.args @@ -0,0 +1,2 @@ +# Using "-n 1" allows GL #1795 to be reliably reproduced +-D dnstap-ns3 -X named.lock -m record -c named.conf -d 99 -g -U 4 -n 1 -T maxcachesize=2097152 diff --git a/bin/tests/system/dnstap/ns3/named.conf.in b/bin/tests/system/dnstap/ns3/named.conf.in new file mode 100644 index 0000000..a5ee2ed --- /dev/null +++ b/bin/tests/system/dnstap/ns3/named.conf.in @@ -0,0 +1,50 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.3; + notify-source 10.53.0.3; + transfer-source 10.53.0.3; + port @PORT@; + directory "."; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + listen-on-v6 { none; }; + recursion yes; + notify yes; + dnstap-identity "ns3"; + dnstap-version "xxx"; + dnstap-output file "dnstap.out"; + dnstap { all; }; + send-cookie no; + require-server-cookie no; + minimal-responses no; + dnssec-validation yes; + qname-minimization disabled; +}; + +server 10.53.0.1 { tcp-only yes; }; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "." { + type hint; + file "../../common/root.hint"; +}; diff --git a/bin/tests/system/dnstap/ns4/named.conf.in b/bin/tests/system/dnstap/ns4/named.conf.in new file mode 100644 index 0000000..e2a9207 --- /dev/null +++ b/bin/tests/system/dnstap/ns4/named.conf.in @@ -0,0 +1,49 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.4; + notify-source 10.53.0.4; + transfer-source 10.53.0.4; + port @PORT@; + directory "."; + pid-file "named.pid"; + listen-on { 10.53.0.4; }; + listen-on-v6 { none; }; + recursion yes; + notify yes; + dnstap-identity "ns4"; + dnstap-version "xxx"; + dnstap-output unix "dnstap.out"; + dnstap { all; }; + send-cookie no; + require-server-cookie no; + dnssec-validation yes; + qname-minimization disabled; +}; + +server 10.53.0.1 { tcp-only yes; }; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "." { + type hint; + file "../../common/root.hint"; +}; diff --git a/bin/tests/system/dnstap/prereq.sh b/bin/tests/system/dnstap/prereq.sh new file mode 100644 index 0000000..f0748f3 --- /dev/null +++ b/bin/tests/system/dnstap/prereq.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +. ../conf.sh + +$FEATURETEST --enable-dnstap || { + echo_i "This test requires dnstap support." >&2 + exit 255 +} +exit 0 diff --git a/bin/tests/system/dnstap/setup.sh b/bin/tests/system/dnstap/setup.sh new file mode 100644 index 0000000..90a257e --- /dev/null +++ b/bin/tests/system/dnstap/setup.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +. ../conf.sh + +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf + +cp ns2/example.db.in ns2/example.db diff --git a/bin/tests/system/dnstap/tests.sh b/bin/tests/system/dnstap/tests.sh new file mode 100644 index 0000000..c5d4f0a --- /dev/null +++ b/bin/tests/system/dnstap/tests.sh @@ -0,0 +1,857 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +set -e + +. ../conf.sh + +DIGOPTS="+short -p ${PORT}" +RNDCCMD="$RNDC -p ${CONTROLPORT} -c ../common/rndc.conf" + +status=0 + +# dnstap_data_ready <fstrm_capture_PID> <capture_file> <min_file_size> +# Flushes capture_file and checks wheter its size is >= min_file_size. +dnstap_data_ready() { + # Process id of running fstrm_capture. + fstrm_capture_pid=$1 + # Output file provided to fstrm_capture via -w switch. + capture_file=$2 + # Minimum expected file size. + min_size_expected=$3 + + kill -HUP $fstrm_capture_pid + file_size=$(wc -c < "$capture_file" | tr -d ' ') + if [ $file_size -lt $min_size_expected ]; then + return 1 + fi +} + + +for bad in bad-*.conf +do + ret=0 + echo_i "checking that named-checkconf detects error in $bad" + { $CHECKCONF $bad > /dev/null 2>&1; rc=$?; } || true + if [ $rc != 1 ]; then echo_i "failed"; ret=1; fi + status=$((status + ret)) +done + +for good in good-*.conf +do + ret=0 + echo_i "checking that named-checkconf detects no error in $good" + { $CHECKCONF $good > /dev/null 2>&1; rc=$?; } || true + if [ $rc != 0 ]; then echo_i "failed"; ret=1; fi + status=$((status + ret)) +done + +echo_i "wait for servers to finish loading" +ret=0 +wait_for_log 20 "all zones loaded" ns1/named.run || ret=1 +wait_for_log 20 "all zones loaded" ns2/named.run || ret=1 +wait_for_log 20 "all zones loaded" ns3/named.run || ret=1 +wait_for_log 20 "all zones loaded" ns4/named.run || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +# both the 'a.example/A' lookup and the './NS' lookup to ns1 +# need to complete before reopening/rolling for the counts to +# be correct. + +echo_i "prime cache" +ret=0 +$DIG $DIGOPTS @10.53.0.3 a.example > dig.out || true +wait_for_log 20 "(.): reset client" ns1/named.run || true +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +# check three different dnstap reopen/roll methods: +# ns1: dnstap-reopen; ns2: dnstap -reopen; ns3: dnstap -roll +mv ns1/dnstap.out ns1/dnstap.out.save +mv ns2/dnstap.out ns2/dnstap.out.save + +if [ -n "$FSTRM_CAPTURE" ] ; then + ret=0 + echo_i "starting fstrm_capture" + $FSTRM_CAPTURE -t protobuf:dnstap.Dnstap -u ns4/dnstap.out \ + -w dnstap.out > fstrm_capture.out.1 2>&1 & + fstrm_capture_pid=$! + wait_for_log 10 "socket path ns4/dnstap.out" fstrm_capture.out.1 || ret=1 + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) +fi + +echo_i "reopen/roll capture streams" +ret=0 +$RNDCCMD -s 10.53.0.1 dnstap-reopen | sed 's/^/ns1 /' | cat_i +$RNDCCMD -s 10.53.0.2 dnstap -reopen | sed 's/^/ns2 /' | cat_i +$RNDCCMD -s 10.53.0.3 dnstap -roll | sed 's/^/ns3 /' | cat_i +$RNDCCMD -s 10.53.0.4 dnstap -reopen | sed 's/^/ns4 /' | cat_i + +echo_i "send test traffic" +ret=0 +$DIG $DIGOPTS @10.53.0.3 a.example > dig.out || ret=1 + +# send an UPDATE to ns2 +$NSUPDATE <<- EOF +server 10.53.0.2 ${PORT} +zone example +update add b.example 3600 in a 10.10.10.10 +send +EOF + +# XXX: file output should be flushed once a second according +# to the libfstrm source, but it doesn't seem to happen until +# enough data has accumulated. to get all the output, we stop +# the name servers, forcing a flush on shutdown. it would be +# nice to find a better way to do this. +$RNDCCMD -s 10.53.0.1 stop | sed 's/^/ns1 /' | cat_i +$RNDCCMD -s 10.53.0.2 stop | sed 's/^/ns2 /' | cat_i +$RNDCCMD -s 10.53.0.3 stop | sed 's/^/ns3 /' | cat_i + +sleep 1 + +echo_i "checking initial message counts" + +udp1=$($DNSTAPREAD ns1/dnstap.out.save | grep "UDP " | wc -l) +tcp1=$($DNSTAPREAD ns1/dnstap.out.save | grep "TCP " | wc -l) +aq1=$($DNSTAPREAD ns1/dnstap.out.save | grep "AQ " | wc -l) +ar1=$($DNSTAPREAD ns1/dnstap.out.save | grep "AR " | wc -l) +cq1=$($DNSTAPREAD ns1/dnstap.out.save | grep "CQ " | wc -l) +cr1=$($DNSTAPREAD ns1/dnstap.out.save | grep "CR " | wc -l) +rq1=$($DNSTAPREAD ns1/dnstap.out.save | grep "RQ " | wc -l) +rr1=$($DNSTAPREAD ns1/dnstap.out.save | grep "RR " | wc -l) +uq1=$($DNSTAPREAD ns1/dnstap.out.save | grep "UQ " | wc -l) +ur1=$($DNSTAPREAD ns1/dnstap.out.save | grep "UR " | wc -l) + +udp2=$($DNSTAPREAD ns2/dnstap.out.save | grep "UDP " | wc -l) +tcp2=$($DNSTAPREAD ns2/dnstap.out.save | grep "TCP " | wc -l) +aq2=$($DNSTAPREAD ns2/dnstap.out.save | grep "AQ " | wc -l) +ar2=$($DNSTAPREAD ns2/dnstap.out.save | grep "AR " | wc -l) +cq2=$($DNSTAPREAD ns2/dnstap.out.save | grep "CQ " | wc -l) +cr2=$($DNSTAPREAD ns2/dnstap.out.save | grep "CR " | wc -l) +rq2=$($DNSTAPREAD ns2/dnstap.out.save | grep "RQ " | wc -l) +rr2=$($DNSTAPREAD ns2/dnstap.out.save | grep "RR " | wc -l) +uq2=$($DNSTAPREAD ns2/dnstap.out.save | grep "UQ " | wc -l) +ur2=$($DNSTAPREAD ns2/dnstap.out.save | grep "UR " | wc -l) + +mv ns3/dnstap.out.0 ns3/dnstap.out.save +udp3=$($DNSTAPREAD ns3/dnstap.out.save | grep "UDP " | wc -l) +tcp3=$($DNSTAPREAD ns3/dnstap.out.save | grep "TCP " | wc -l) +aq3=$($DNSTAPREAD ns3/dnstap.out.save | grep "AQ " | wc -l) +ar3=$($DNSTAPREAD ns3/dnstap.out.save | grep "AR " | wc -l) +cq3=$($DNSTAPREAD ns3/dnstap.out.save | grep "CQ " | wc -l) +cr3=$($DNSTAPREAD ns3/dnstap.out.save | grep "CR " | wc -l) +rq3=$($DNSTAPREAD ns3/dnstap.out.save | grep "RQ " | wc -l) +rr3=$($DNSTAPREAD ns3/dnstap.out.save | grep "RR " | wc -l) +uq3=$($DNSTAPREAD ns3/dnstap.out.save | grep "UQ " | wc -l) +ur3=$($DNSTAPREAD ns3/dnstap.out.save | grep "UR " | wc -l) + +echo_i "checking UDP message counts" +ret=0 +[ $udp1 -eq 0 ] || { + echo_i "ns1 $udp1 expected 0" + ret=1 +} +[ $udp2 -eq 2 ] || { + echo_i "ns2 $udp2 expected 2" + ret=1 +} +[ $udp3 -eq 4 ] || { + echo_i "ns3 $udp3 expected 4" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking TCP message counts" +ret=0 +[ $tcp1 -eq 6 ] || { + echo_i "ns1 $tcp1 expected 6" + ret=1 +} +[ $tcp2 -eq 2 ] || { + echo_i "ns2 $tcp2 expected 2" + ret=1 +} +[ $tcp3 -eq 6 ] || { + echo_i "ns3 $tcp3 expected 6" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking AUTH_QUERY message counts" +ret=0 +[ $aq1 -eq 3 ] || { + echo_i "ns1 $aq1 exepcted 3" + ret=1 +} +[ $aq2 -eq 2 ] || { + echo_i "ns2 $aq2 expected 2" + ret=1 +} +[ $aq3 -eq 1 ] || { + echo_i "ns3 $aq3 expected 1" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking AUTH_RESPONSE message counts" +ret=0 +[ $ar1 -eq 2 ] || { + echo_i "ns1 $ar1 expected 2" + ret=1 +} +[ $ar2 -eq 1 ] || { + echo_i "ns2 $ar2 expected 1" + ret=1 +} +[ $ar3 -eq 0 ] || { + echo_i "ns3 $ar3 expected 0" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking CLIENT_QUERY message counts" +ret=0 +[ $cq1 -eq 0 ] || { + echo_i "ns1 $cq1 expected 0" + ret=1 +} +[ $cq2 -eq 0 ] || { + echo_i "ns2 $cq2 expected 0" + ret=1 +} +[ $cq3 -eq 1 ] || { + echo_i "ns3 $cq3 expected 1" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking CLIENT_RESPONSE message counts" +ret=0 +[ $cr1 -eq 1 ] || { + echo_i "ns1 $cr1 expected 1" + ret=1 +} +[ $cr2 -eq 1 ] || { + echo_i "ns2 $cr2 expected 1" + ret=1 +} +[ $cr3 -eq 2 ] || { + echo_i "ns3 $cr3 expected 2" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking RESOLVER_QUERY message counts" +ret=0 +[ $rq1 -eq 0 ] || { + echo_i "ns1 $rq1 expected 0" + ret=1 +} +[ $rq2 -eq 0 ] || { + echo_i "ns2 $rq2 expected 0" + ret=1 +} +[ $rq3 -eq 3 ] || { + echo_i "ns3 $rq3 expected 3" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking RESOLVER_RESPONSE message counts" +ret=0 +[ $rr1 -eq 0 ] || { + echo_i "ns1 $rr1 expected 0" + ret=1 +} +[ $rr2 -eq 0 ] || { + echo_i "ns2 $rr2 expected 0" + ret=1 +} +[ $rr3 -eq 3 ] || { + echo_i "ns3 $rr3 expected 3" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking UPDATE_QUERY message counts" +ret=0 +[ $uq1 -eq 0 ] || { + echo_i "ns1 $uq1 expected 0" + ret=1 +} +[ $uq2 -eq 0 ] || { + echo_i "ns2 $uq2 expected 0" + ret=1 +} +[ $uq3 -eq 0 ] || { + echo_i "ns3 $uq3 expected 0" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking UPDATE_RESPONSE message counts" +ret=0 +[ $ur1 -eq 0 ] || { + echo_i "ns1 $ur1 expected 0" + ret=1 +} +[ $ur2 -eq 0 ] || { + echo_i "ns2 $ur2 expected 0" + ret=1 +} +[ $ur3 -eq 0 ] || { + echo_i "ns3 $ur3 expected 0" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking reopened message counts" + +udp1=$($DNSTAPREAD ns1/dnstap.out | grep "UDP " | wc -l) +tcp1=$($DNSTAPREAD ns1/dnstap.out | grep "TCP " | wc -l) +aq1=$($DNSTAPREAD ns1/dnstap.out | grep "AQ " | wc -l) +ar1=$($DNSTAPREAD ns1/dnstap.out | grep "AR " | wc -l) +cq1=$($DNSTAPREAD ns1/dnstap.out | grep "CQ " | wc -l) +cr1=$($DNSTAPREAD ns1/dnstap.out | grep "CR " | wc -l) +rq1=$($DNSTAPREAD ns1/dnstap.out | grep "RQ " | wc -l) +rr1=$($DNSTAPREAD ns1/dnstap.out | grep "RR " | wc -l) +uq1=$($DNSTAPREAD ns1/dnstap.out | grep "UQ " | wc -l) +ur1=$($DNSTAPREAD ns1/dnstap.out | grep "UR " | wc -l) + +udp2=$($DNSTAPREAD ns2/dnstap.out | grep "UDP " | wc -l) +tcp2=$($DNSTAPREAD ns2/dnstap.out | grep "TCP " | wc -l) +aq2=$($DNSTAPREAD ns2/dnstap.out | grep "AQ " | wc -l) +ar2=$($DNSTAPREAD ns2/dnstap.out | grep "AR " | wc -l) +cq2=$($DNSTAPREAD ns2/dnstap.out | grep "CQ " | wc -l) +cr2=$($DNSTAPREAD ns2/dnstap.out | grep "CR " | wc -l) +rq2=$($DNSTAPREAD ns2/dnstap.out | grep "RQ " | wc -l) +rr2=$($DNSTAPREAD ns2/dnstap.out | grep "RR " | wc -l) +uq2=$($DNSTAPREAD ns2/dnstap.out | grep "UQ " | wc -l) +ur2=$($DNSTAPREAD ns2/dnstap.out | grep "UR " | wc -l) + +udp3=$($DNSTAPREAD ns3/dnstap.out | grep "UDP " | wc -l) +tcp3=$($DNSTAPREAD ns3/dnstap.out | grep "TCP " | wc -l) +aq3=$($DNSTAPREAD ns3/dnstap.out | grep "AQ " | wc -l) +ar3=$($DNSTAPREAD ns3/dnstap.out | grep "AR " | wc -l) +cq3=$($DNSTAPREAD ns3/dnstap.out | grep "CQ " | wc -l) +cr3=$($DNSTAPREAD ns3/dnstap.out | grep "CR " | wc -l) +rq3=$($DNSTAPREAD ns3/dnstap.out | grep "RQ " | wc -l) +rr3=$($DNSTAPREAD ns3/dnstap.out | grep "RR " | wc -l) +uq3=$($DNSTAPREAD ns3/dnstap.out | grep "UQ " | wc -l) +ur3=$($DNSTAPREAD ns3/dnstap.out | grep "UR " | wc -l) + +echo_i "checking UDP message counts" +ret=0 +[ $udp1 -eq 0 ] || { + echo_i "ns1 $udp1 expected 0" + ret=1 +} +[ $udp2 -eq 2 ] || { + echo_i "ns2 $udp2 expected 2" + ret=1 +} +[ $udp3 -eq 2 ] || { + echo_i "ns3 $udp3 expected 2" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking TCP message counts" +ret=0 +[ $tcp1 -eq 0 ] || { + echo_i "ns1 $tcp1 expected 0" + ret=1 +} +[ $tcp2 -eq 0 ] || { + echo_i "ns2 $tcp2 expected 0" + ret=1 +} +[ $tcp3 -eq 0 ] || { + echo_i "ns3 $tcp3 expected 0" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking AUTH_QUERY message counts" +ret=0 +[ $aq1 -eq 0 ] || { + echo_i "ns1 $aq1 exepcted 0" + ret=1 +} +[ $aq2 -eq 0 ] || { + echo_i "ns2 $aq2 expected 0" + ret=1 +} +[ $aq3 -eq 0 ] || { + echo_i "ns3 $aq3 expected 0" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking AUTH_RESPONSE message counts" +ret=0 +[ $ar1 -eq 0 ] || { + echo_i "ns1 $ar1 expected 0" + ret=1 +} +[ $ar2 -eq 0 ] || { + echo_i "ns2 $ar2 expected 0" + ret=1 +} +[ $ar3 -eq 0 ] || { + echo_i "ns3 $ar3 expected 0" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking CLIENT_QUERY message counts" +ret=0 +[ $cq1 -eq 0 ] || { + echo_i "ns1 $cq1 expected 0" + ret=1 +} +[ $cq2 -eq 0 ] || { + echo_i "ns2 $cq2 expected 0" + ret=1 +} +[ $cq3 -eq 1 ] || { + echo_i "ns3 $cq3 expected 1" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking CLIENT_RESPONSE message counts" +ret=0 +[ $cr1 -eq 0 ] || { + echo_i "ns1 $cr1 expected 0" + ret=1 +} +[ $cr2 -eq 0 ] || { + echo_i "ns2 $cr2 expected 0" + ret=1 +} +[ $cr3 -eq 1 ] || { + echo_i "ns3 $cr3 expected 1" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking RESOLVER_QUERY message counts" +ret=0 +[ $rq1 -eq 0 ] || { + echo_i "ns1 $rq1 expected 0" + ret=1 +} +[ $rq2 -eq 0 ] || { + echo_i "ns2 $rq2 expected 0" + ret=1 +} +[ $rq3 -eq 0 ] || { + echo_i "ns3 $rq3 expected 0" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking RESOLVER_RESPONSE message counts" +ret=0 +[ $rr1 -eq 0 ] || { + echo_i "ns1 $rr1 expected 0" + ret=1 +} +[ $rr2 -eq 0 ] || { + echo_i "ns2 $rr2 expected 0" + ret=1 +} +[ $rr3 -eq 0 ] || { + echo_i "ns3 $rr3 expected 0" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking UPDATE_QUERY message counts" +ret=0 +[ $uq1 -eq 0 ] || { + echo_i "ns1 $uq1 expected 0" + ret=1 +} +[ $uq2 -eq 1 ] || { + echo_i "ns2 $uq2 expected 1" + ret=1 +} +[ $uq3 -eq 0 ] || { + echo_i "ns3 $uq3 expected 0" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking UPDATE_RESPONSE message counts" +ret=0 +[ $ur1 -eq 0 ] || { + echo_i "ns1 $ur1 expected 0" + ret=1 +} +[ $ur2 -eq 1 ] || { + echo_i "ns2 $ur2 expected 1" + ret=1 +} +[ $ur3 -eq 0 ] || { + echo_i "ns3 $ur3 expected 0" + ret=1 +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking whether destination UDP port is logged for client queries" +ret=0 +$DNSTAPREAD ns3/dnstap.out.save | grep -Eq "CQ [0-9:.]+ -> 10.53.0.3:${PORT} UDP" || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +HAS_PYYAML=0 +if [ -x "$PYTHON" ] ; then + $PYTHON -c "import yaml" 2> /dev/null && HAS_PYYAML=1 +fi + +if [ $HAS_PYYAML -ne 0 ] ; then + echo_i "checking dnstap-read YAML output" + ret=0 + { + $PYTHON ydump.py "$DNSTAPREAD" "ns3/dnstap.out.save" > ydump.out || ret=1 + } | cat_i + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) +fi + +echo_i "checking dnstap-read hex output" +ret=0 +hex=$($DNSTAPREAD -x ns3/dnstap.out | tail -1) +echo $hex | $WIRETEST > dnstap.hex +grep 'status: NOERROR' dnstap.hex > /dev/null 2>&1 || ret=1 +grep 'ANSWER: 3, AUTHORITY: 1' dnstap.hex > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +if [ -n "$FSTRM_CAPTURE" ] ; then + $DIG $DIGOPTS @10.53.0.4 a.example > dig.out + + # send an UPDATE to ns4 + $NSUPDATE <<- EOF > nsupdate.out 2>&1 && ret=1 + server 10.53.0.4 ${PORT} + zone example + update add b.example 3600 in a 10.10.10.10 + send +EOF + grep "update failed: NOTAUTH" nsupdate.out > /dev/null || ret=1 + + echo_i "checking unix socket message counts" + sleep 2 + retry_quiet 5 dnstap_data_ready $fstrm_capture_pid dnstap.out 450 || { + echo_i "dnstap output file smaller than expected" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + kill $fstrm_capture_pid + wait + udp4=$($DNSTAPREAD dnstap.out | grep "UDP " | wc -l) + tcp4=$($DNSTAPREAD dnstap.out | grep "TCP " | wc -l) + aq4=$($DNSTAPREAD dnstap.out | grep "AQ " | wc -l) + ar4=$($DNSTAPREAD dnstap.out | grep "AR " | wc -l) + cq4=$($DNSTAPREAD dnstap.out | grep "CQ " | wc -l) + cr4=$($DNSTAPREAD dnstap.out | grep "CR " | wc -l) + rq4=$($DNSTAPREAD dnstap.out | grep "RQ " | wc -l) + rr4=$($DNSTAPREAD dnstap.out | grep "RR " | wc -l) + uq4=$($DNSTAPREAD dnstap.out | grep "UQ " | wc -l) + ur4=$($DNSTAPREAD dnstap.out | grep "UR " | wc -l) + + echo_i "checking UDP message counts" + ret=0 + [ $udp4 -eq 4 ] || { + echo_i "ns4 $udp4 expected 4" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + echo_i "checking TCP message counts" + ret=0 + [ $tcp4 -eq 0 ] || { + echo_i "ns4 $tcp4 expected 0" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + echo_i "checking AUTH_QUERY message counts" + ret=0 + [ $aq4 -eq 0 ] || { + echo_i "ns4 $aq4 expected 0" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + echo_i "checking AUTH_RESPONSE message counts" + ret=0 + [ $ar4 -eq 0 ] || { + echo_i "ns4 $ar4 expected 0" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + echo_i "checking CLIENT_QUERY message counts" + ret=0 + [ $cq4 -eq 1 ] || { + echo_i "ns4 $cq4 expected 1" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + echo_i "checking CLIENT_RESPONSE message counts" + ret=0 + [ $cr4 -eq 1 ] || { + echo_i "ns4 $cr4 expected 1" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + echo_i "checking RESOLVER_QUERY message counts" + ret=0 + [ $rq4 -eq 0 ] || { + echo_i "ns4 $rq4 expected 0" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + echo_i "checking RESOLVER_RESPONSE message counts" + ret=0 + [ $rr4 -eq 0 ] || { + echo_i "ns4 $rr4 expected 0" + ret=1 + } + + echo_i "checking UPDATE_QUERY message counts" + ret=0 + [ $uq4 -eq 1 ] || { + echo_i "ns4 $uq4 expected 1" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + echo_i "checking UPDATE_RESPONSE message counts" + ret=0 + [ $ur4 -eq 1 ] || { + echo_i "ns4 $ur4 expected 1" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + mv dnstap.out dnstap.out.save + + echo_i "restarting fstrm_capture" + $FSTRM_CAPTURE -t protobuf:dnstap.Dnstap -u ns4/dnstap.out \ + -w dnstap.out > fstrm_capture.out.2 2>&1 & + fstrm_capture_pid=$! + wait_for_log 10 "socket path ns4/dnstap.out" fstrm_capture.out.2 || { + echo_i "failed" + ret=1 + } + $RNDCCMD -s 10.53.0.4 dnstap -reopen | sed 's/^/ns4 /' | cat_i + $DIG $DIGOPTS @10.53.0.4 a.example > dig.out + + echo_i "checking reopened unix socket message counts" + sleep 2 + retry_quiet 5 dnstap_data_ready $fstrm_capture_pid dnstap.out 270 || { + echo_i "dnstap output file smaller than expected" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + kill $fstrm_capture_pid + wait + udp4=$($DNSTAPREAD dnstap.out | grep "UDP " | wc -l) + tcp4=$($DNSTAPREAD dnstap.out | grep "TCP " | wc -l) + aq4=$($DNSTAPREAD dnstap.out | grep "AQ " | wc -l) + ar4=$($DNSTAPREAD dnstap.out | grep "AR " | wc -l) + cq4=$($DNSTAPREAD dnstap.out | grep "CQ " | wc -l) + cr4=$($DNSTAPREAD dnstap.out | grep "CR " | wc -l) + rq4=$($DNSTAPREAD dnstap.out | grep "RQ " | wc -l) + rr4=$($DNSTAPREAD dnstap.out | grep "RR " | wc -l) + uq4=$($DNSTAPREAD dnstap.out | grep "UQ " | wc -l) + ur4=$($DNSTAPREAD dnstap.out | grep "UR " | wc -l) + + echo_i "checking UDP message counts" + ret=0 + [ $udp4 -eq 2 ] || { + echo_i "ns4 $udp4 expected 2" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + echo_i "checking TCP message counts" + ret=0 + [ $tcp4 -eq 0 ] || { + echo_i "ns4 $tcp4 expected 0" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + echo_i "checking AUTH_QUERY message counts" + ret=0 + [ $aq4 -eq 0 ] || { + echo_i "ns4 $aq4 expected 0" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + echo_i "checking AUTH_RESPONSE message counts" + ret=0 + [ $ar4 -eq 0 ] || { + echo_i "ns4 $ar4 expected 0" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + echo_i "checking CLIENT_QUERY message counts" + ret=0 + [ $cq4 -eq 1 ] || { + echo_i "ns4 $cq4 expected 1" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + echo_i "checking CLIENT_RESPONSE message counts" + ret=0 + [ $cr4 -eq 1 ] || { + echo_i "ns4 $cr4 expected 1" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + echo_i "checking RESOLVER_QUERY message counts" + ret=0 + [ $rq4 -eq 0 ] || { + echo_i "ns4 $rq4 expected 0" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + echo_i "checking RESOLVER_RESPONSE message counts" + ret=0 + [ $rr4 -eq 0 ] || { + echo_i "ns4 $rr4 expected 0" + ret=1 + } + + echo_i "checking UPDATE_QUERY message counts" + ret=0 + [ $uq4 -eq 0 ] || { + echo_i "ns4 $uq4 expected 0" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + echo_i "checking UPDATE_RESPONSE message counts" + ret=0 + [ $ur4 -eq 0 ] || { + echo_i "ns4 $ur4 expected 0" + ret=1 + } + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) +fi + +echo_i "checking large packet printing" +ret=0 +# Expect one occurrence of "opcode: QUERY" below "reponse_message_data" and +# another one below "response_message". +lines=$($DNSTAPREAD -y large-answer.fstrm | grep -c "opcode: QUERY") +[ $lines -eq 2 ] || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +_test_dnstap_roll() ( + ip="$1" + ns="$2" + n="$3" + + $RNDCCMD -s "${ip}" dnstap -roll "${n}" | sed "s/^/${ns} /" | cat_i && + files=$(find "$ns" -name "dnstap.out.[0-9]" | wc -l) && + test "$files" -eq "${n}" && test "$files" -ge "1" || return 1 +) + + +test_dnstap_roll() { + echo_i "checking 'rndc -roll $4' ($1)" + ret=0 + + try=0 + while test $try -lt 12 + do + touch "$3/dnstap.out.$try" + try=$((try + 1)) + done + + _repeat 10 _test_dnstap_roll $2 $3 $4 || ret=1 + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status+ret)) +} + +start_server --noclean --restart --port "${PORT}" ns3 +test_dnstap_roll "no versions" 10.53.0.3 ns3 6 +test_dnstap_roll "no versions" 10.53.0.3 ns3 3 +test_dnstap_roll "no versions" 10.53.0.3 ns3 1 + +start_server --noclean --restart --port "${PORT}" ns2 +test_dnstap_roll "versions" 10.53.0.2 ns2 6 +test_dnstap_roll "versions" 10.53.0.2 ns2 3 +test_dnstap_roll "versions" 10.53.0.2 ns2 1 + +echo_i "exit status: $status" +[ "$status" -eq 0 ] || exit 1 diff --git a/bin/tests/system/dnstap/tests_dnstap.py b/bin/tests/system/dnstap/tests_dnstap.py new file mode 100644 index 0000000..ca687b0 --- /dev/null +++ b/bin/tests/system/dnstap/tests_dnstap.py @@ -0,0 +1,83 @@ +#!/usr/bin/python3 + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import os +import re +import subprocess + +import pytest + +pytest.importorskip("dns", minversion="2.0.0") +import dns.resolver + + +def run_rndc(server, rndc_command): + """ + Send the specified 'rndc_command' to 'server' with a timeout of 10 seconds + """ + rndc = os.getenv("RNDC") + port = os.getenv("CONTROLPORT") + + cmdline = [rndc, "-c", "../common/rndc.conf", "-p", port, "-s", server] + cmdline.extend(rndc_command) + + subprocess.check_output(cmdline, stderr=subprocess.STDOUT, timeout=10) + + +def test_dnstap_dispatch_socket_addresses(named_port): + # Prepare for querying ns3. + resolver = dns.resolver.Resolver() + resolver.nameservers = ["10.53.0.3"] + resolver.port = named_port + + # Send some query to ns3 so that it records something in its dnstap file. + ans = resolver.resolve("mail.example.", "A") + assert ans[0].address == "10.0.0.2" + + # Before continuing, roll dnstap file to ensure it is flushed to disk. + run_rndc("10.53.0.3", ["dnstap", "-roll", "1"]) + + # Move the dnstap file aside so that it is retained for troubleshooting. + os.rename(os.path.join("ns3", "dnstap.out.0"), "dnstap.out.resolver_addresses") + + # Read the contents of the dnstap file using dnstap-read. + output = subprocess.check_output( + [os.getenv("DNSTAPREAD"), "dnstap.out.resolver_addresses"], encoding="utf-8" + ) + + # Check whether all frames contain the expected addresses. + # + # Expected dnstap-read output format: + # + # 22-Jun-2022 12:09:06.168 RR 10.53.0.3:0 -> 10.53.0.1:7523 TCP ... + # 22-Jun-2022 12:09:06.168 RR 10.53.0.3:0 <- 10.53.0.1:7523 TCP ... + # 22-Jun-2022 12:09:06.168 RQ 10.53.0.3:56306 -> 10.53.0.2:7523 UDP ... + # 22-Jun-2022 12:09:06.168 RQ 10.53.0.3:56306 <- 10.53.0.2:7523 UDP ... + # + bad_frames = [] + inspected_frames = 0 + addr_regex = r"^10\.53\.0\.[0-9]+:[0-9]{1,5}$" + for line in output.splitlines(): + _, _, frame_type, addr1, _, addr2, _ = line.split(" ", 6) + # Only inspect RESOLVER_QUERY and RESOLVER_RESPONSE frames. + if frame_type not in ("RQ", "RR"): + continue + inspected_frames += 1 + if not re.match(addr_regex, addr1) or not re.match(addr_regex, addr2): + bad_frames.append(line) + + assert ( + len(bad_frames) == 0 + ), "{} out of {} inspected frames contain unexpected addresses:\n\n{}".format( + len(bad_frames), inspected_frames, "\n".join(bad_frames) + ) diff --git a/bin/tests/system/dnstap/tests_sh_dnstap.py b/bin/tests/system/dnstap/tests_sh_dnstap.py new file mode 100644 index 0000000..8094f0d --- /dev/null +++ b/bin/tests/system/dnstap/tests_sh_dnstap.py @@ -0,0 +1,14 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + + +def test_dnstap(run_tests_sh): + run_tests_sh() diff --git a/bin/tests/system/dnstap/ydump.py b/bin/tests/system/dnstap/ydump.py new file mode 100644 index 0000000..ab7e3c9 --- /dev/null +++ b/bin/tests/system/dnstap/ydump.py @@ -0,0 +1,29 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import sys + +try: + import yaml +except (ModuleNotFoundError, ImportError): + print("No python yaml module, skipping") + sys.exit(1) + +import subprocess +import pprint + +DNSTAP_READ = sys.argv[1] +DATAFILE = sys.argv[2] +ARGS = [DNSTAP_READ, "-y", DATAFILE] + +with subprocess.Popen(ARGS, stdout=subprocess.PIPE) as f: + for y in yaml.load_all(f.stdout, Loader=yaml.SafeLoader): + pprint.pprint(y) |