1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
-- SPDX-License-Identifier: GPL-3.0-or-later
local ffi = require('ffi')
-- hook for iter_refuse_toomany.rpl
local function check_max_number_of_upstream_queries(maxcnt)
return function (state, req)
local vals = worker.stats()
local upstream_packets = vals.ipv4 + vals.ipv6
log_info(ffi.C.LOG_GRP_TESTS, '%d packets sent to upstream', upstream_packets)
local answ_f
if upstream_packets > maxcnt then -- . + com. + ????
answ_f = policy.ANSWER(
{ [kres.type.TXT] = { ttl=300, rdata='\4fail' } })
else
answ_f = policy.ANSWER(
{ [kres.type.TXT] = { ttl=300, rdata='\4pass' } })
end
return answ_f(state, req)
end
end
policy.add(
policy.suffix(check_max_number_of_upstream_queries(8),
policy.todnames({'refused.trigger.check.max.number.of.upstream.queries.'})
)
)
policy.add(
policy.suffix(check_max_number_of_upstream_queries(16),
policy.todnames({'glueless.trigger.check.max.number.of.upstream.queries.'})
)
)
-- hook end iter_refuse_toomany.rpl
trust_anchors.remove('.')
{% for TAF in TRUST_ANCHOR_FILES %}
-- trust_anchors.add_file('{{TAF}}')
{% endfor %}
{% raw %}
-- Disable RFC5011 TA update
if ta_update then
modules.unload('ta_update')
end
-- Disable RFC8145 signaling, scenario doesn't provide expected answers
if ta_signal_query then
modules.unload('ta_signal_query')
end
-- Disable RFC8109 priming, scenario doesn't provide expected answers
if priming then
modules.unload('priming')
end
-- Disable this module because it make one priming query
if detect_time_skew then
modules.unload('detect_time_skew')
end
_hint_root_file('hints')
cache.size = 2*MB
log_level('debug')
policy.add(policy.all(policy.DEBUG_ALWAYS))
{% endraw %}
net = { '{{SELF_ADDR}}' }
{% if DO_IP6 == "true" %}
net.ipv6 = true
{% else %}
net.ipv6 = false
{% endif %}
{% if DO_IP4 == "true" %}
net.ipv4 = true
{% else %}
net.ipv4 = false
{% endif %}
{% if QMIN == "false" %}
option('NO_MINIMIZE', true)
{% else %}
option('NO_MINIMIZE', false)
{% endif %}
-- Self-checks on globals
assert(help() ~= nil)
assert(worker.id ~= nil)
-- Self-checks on facilities
assert(cache.count() == 0)
assert(cache.stats() ~= nil)
assert(cache.backends() ~= nil)
assert(worker.stats() ~= nil)
assert(net.interfaces() ~= nil)
-- Self-checks on loaded stuff
assert(net.list()[1].transport.ip == '{{SELF_ADDR}}')
assert(#modules.list() > 0)
-- Self-check timers
ev = event.recurrent(1 * sec, function (ev) return 1 end)
event.cancel(ev)
ev = event.after(0, function (ev) return 1 end)
|
