[v9_9] make rrl system test more robust

4508. [test] Make the rrl system test more reliable on slower machines by using mdig instead of dig. [RT #43280] (cherry picked from commiti 1ecdb4d59e)
2026-06-12 07:00:05 -04:00 · 2016-11-02 20:53:59 -07:00 · 2016-11-02 20:53:59 -07:00 · 4ba653c366
commit 4ba653c366
parent fcf72a5474
6 changed files with 2035 additions and 81 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+4508.	[test]		Make the rrl system test more reliable on slower
+			machines by using mdig instead of dig. [RT #43280]
+
 4507.	[bug]		Named could incorrectly log 'allows updates by IP
 			address, which is insecure' [RT #43432]

--- a/bin/tests/Makefile.in
+++ b/bin/tests/Makefile.in
@ -13,8 +13,6 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: Makefile.in,v 1.145 2011/02/03 05:41:53 marka Exp $
-
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
@ -22,18 +20,20 @@ top_srcdir =	@top_srcdir@
@BIND9_MAKE_INCLUDES@

 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \
-		${LWRES_INCLUDES} ${OMAPI_INCLUDES}
+		${LWRES_INCLUDES} ${OMAPI_INCLUDES} ${BIND9_INCLUDES}

 CDEFINES =
 CWARNINGS =
 BACKTRACECFLAGS = @BACKTRACECFLAGS@

+BIND9LIBS =	../../lib/bind9/libbind9.@A@
 DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 ISCLIBS =	../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@
 ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ @DNS_CRYPTO_LIBS@
 ISCCFGLIBS = 	../../lib/isccfg/libisccfg.@A@
 LWRESLIBS =	../../lib/lwres/liblwres.@A@

+BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
 ISCDEPNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@
@ -49,7 +49,7 @@ SUBDIRS =	atomic db dst master mem hashes names net rbt resolver \
 # cfg_test is needed for regenerating doc/misc/options

 # Alphabetically
-TARGETS =	cfg_test@EXEEXT@ wire_test@EXEEXT@
+TARGETS =	cfg_test@EXEEXT@ wire_test@EXEEXT@ mdig@EXEEXT@

 # All the other tests are optional and not built by default.

@ -93,7 +93,7 @@ XTARGETS =	adb_test@EXEEXT@ \
 		zone_test@EXEEXT@

 # Alphabetically
-SRCS =		cfg_test.c wire_test.c ${XSRCS}
+SRCS =		cfg_test.c mdig.c wire_test.c ${XSRCS}

 XSRCS =		adb_test.c \
 		byaddr_test.c \
@ -310,6 +310,10 @@ cfg_test@EXEEXT@: cfg_test.@O@ ${ISCCFGDEPLIBS} ${ISCDEPLIBS}
 	${LIBTOOL_MODE_LINK} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ cfg_test.@O@ \
 		${ISCCFGLIBS} ${DNSLIBS} ${ISCLIBS} ${LIBS}

+mdig@EXEEXT@: mdig.@O@ ${BIND9DEPLIBS} ${ISCDEPLIBS} ${DNSDEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ mdig.@O@ \
+		${BIND9LIBS} ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
 distclean::
 	rm -f headerdep_test.sh

--- a/bin/tests/mdig.c
+++ b/bin/tests/mdig.c
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@ -15,8 +15,6 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: conf.sh.in,v 1.71 2011/12/05 17:10:50 each Exp $
-
 #
 # Common configuration data for system tests, to be sourced into
 # other shell scripts.
@ -59,6 +57,7 @@ NSLOOKUP=$TOP/bin/dig/nslookup
 FEATURETEST=$TOP/bin/tests/system/feature-test

 RANDFILE=$TOP/bin/tests/system/random.data
+MDIG=$TOP/bin/tests/mdig


 # The "stress" test is not run by default since it creates enough
@ -116,6 +115,7 @@ export JOURNALPRINT
 export KEYFRLAB
 export KEYGEN
 export LWRESD
+export MDIG
 export NAMED
 export NSLOOKUP
 export NSUPDATE
--- a/bin/tests/system/rrl/clean.sh
+++ b/bin/tests/system/rrl/clean.sh
@ -16,6 +16,6 @@

 # Clean up after rrl tests.

-rm -f dig.out*
+rm -f dig.out* *mdig.out*
 rm -f  */named.memstats */named.run */named.stats */log-* */session.key
 rm -f ns3/bl*.db */*.jnl */*.core */*.pid
--- a/bin/tests/system/rrl/tests.sh
+++ b/bin/tests/system/rrl/tests.sh
@ -66,79 +66,81 @@ sec_start () {
 # turn off ${HOME}/.digrc
 HOME=/dev/null; export HOME

-#   $1=result name  $2=domain name  $3=dig options
-digcmd () {
-    OFILE=$1; shift
-    DIG_DOM=$1; shift
-    ARGS="+nosearch +time=1 +tries=1 +ignore -p 5300 $* $DIG_DOM @$ns2"
-    #echo I:dig $ARGS 1>&2
-    START=`date +%y%m%d%H%M.%S`
-    RESULT=`$DIG $ARGS 2>&1 | tee $OFILE=TEMP				\
-	    | sed -n -e '/^;; AUTHORITY/,/^$/d'				\
-		-e '/^;; ADDITIONAL/,/^$/d'				\
-		-e  's/^[^;].*	\([^	 ]\{1,\}\)$/\1/p'		\
-		-e 's/;; flags.* tc .*/TC/p'				\
-		-e 's/;; .* status: NXDOMAIN.*/NXDOMAIN/p'		\
-		-e 's/;; .* status: SERVFAIL.*/SERVFAIL/p'		\
-		-e 's/;; connection timed out.*/drop/p'			\
-		-e 's/;; communications error to.*/drop/p'		\
-	    | tr -d '\n'`
-    mv "$OFILE=TEMP" "$OFILE=$RESULT"
-    touch -t $START "$OFILE=$RESULT"
-}
-
-
 #   $1=number of tests  $2=target domain  $3=dig options
 QNUM=1
 burst () {
    BURST_LIMIT=$1; shift
    BURST_DOM_BASE="$1"; shift
+
+    XCNT=$CNT
+    CNT='XXX'
+    eval FILENAME="mdig.out-$BURST_DOM_BASE"
+    CNT=$XCNT
+
+    DOMS=""
    CNTS=`$PERL -e 'for ( $i = 0; $i < '$BURST_LIMIT'; $i++) { printf "%03d\n", '$QNUM' + $i; }'`
    for CNT in $CNTS
    do
-	eval BURST_DOM="$BURST_DOM_BASE"
-	FILE="dig.out-$BURST_DOM-$CNT"
-	digcmd $FILE $BURST_DOM $* &
+        eval BURST_DOM="$BURST_DOM_BASE"
+        DOMS="$DOMS $BURST_DOM"
    done
+    ARGS="+nocookie +continue +time=1 +tries=1 -p 5300 $* @$ns2 $DOMS"
+    $MDIG $ARGS 2>&1 | tee -a full-$FILENAME | sed -n -e '/^;; AUTHORITY/,/^$/d'			\
+		-e '/^;; ADDITIONAL/,/^$/d'				\
+		-e 's/^[^;].*	\([^	 ]\{1,\}\)$/\1/p'		\
+		-e 's/;; flags.* tc .*/TC/p'				\
+		-e 's/;; .* status: NXDOMAIN.*/NXDOMAIN/p'		\
+		-e 's/;; .* status: NOERROR.*/NOERROR/p'		\
+		-e 's/;; .* status: SERVFAIL.*/SERVFAIL/p'		\
+		-e 's/response failed with timed out.*/drop/p'		\
+		-e 's/;; communications error to.*/drop/p' >> $FILENAME
    QNUM=`expr $QNUM + $BURST_LIMIT`
 }

+# compare integers $1 and $2; ensure the difference is no more than $3
+range () {
+    $PERL -e 'if (abs(int($ARGV[0]) - int($ARGV[1])) > int($ARGV[2])) { exit(1) }' $1 $2 $3
+}

 #   $1=domain  $2=IP address  $3=# of IP addresses  $4=TC  $5=drop
 #	$6=NXDOMAIN  $7=SERVFAIL or other errors
 ck_result() {
-    BAD=
-    wait
-    ADDRS=`ls dig.out-$1-*=$2				2>/dev/null | wc -l`
+    BAD=no
+    ADDRS=`egrep "^$2$" mdig.out-$1				2>/dev/null | wc -l`
    # count simple truncated and truncated NXDOMAIN as TC
-    TC=`ls dig.out-$1-*=TC dig.out-$1-*=NXDOMAINTC	2>/dev/null | wc -l`
-    DROP=`ls dig.out-$1-*=drop				2>/dev/null | wc -l`
+    TC=`egrep "^TC|NXDOMAINTC$" mdig.out-$1			2>/dev/null | wc -l`
+    DROP=`egrep "^drop$" mdig.out-$1				2>/dev/null | wc -l`
    # count NXDOMAIN and truncated NXDOMAIN as NXDOMAIN
-    NXDOMAIN=`ls dig.out-$1-*=NXDOMAIN  dig.out-$1-*=NXDOMAINTC	2>/dev/null \
-							| wc -l`
-    SERVFAIL=`ls dig.out-$1-*=SERVFAIL			2>/dev/null | wc -l`
-    if test $ADDRS -ne "$3"; then
-	setret "I:"$ADDRS" instead of $3 '$2' responses for $1"
-	BAD=yes
-    fi
-    if test $TC -ne "$4"; then
-	setret "I:"$TC" instead of $4 truncation responses for $1"
-	BAD=yes
-    fi
-    if test $DROP -ne "$5"; then
-	setret "I:"$DROP" instead of $5 dropped responses for $1"
-	BAD=yes
-    fi
-    if test $NXDOMAIN -ne "$6"; then
-	setret "I:"$NXDOMAIN" instead of $6 NXDOMAIN responses for $1"
-	BAD=yes
-    fi
-    if test $SERVFAIL -ne "$7"; then
-	setret "I:"$SERVFAIL" instead of $7 error responses for $1"
-	BAD=yes
-    fi
+    NXDOMAIN=`egrep "^NXDOMAIN|NXDOMAINTC$" mdig.out-$1		2>/dev/null | wc -l`
+    SERVFAIL=`egrep "^SERVFAIL$" mdig.out-$1			2>/dev/null | wc -l`
+    NOERROR=`egrep "^NOERROR$" mdig.out-$1			2>/dev/null | wc -l`
+    
+    range $ADDRS "$3" 1 ||
+    setret "I:"$ADDRS" instead of $3 '$2' responses for $1" &&
+    BAD=yes
+    
+    range $TC "$4" 1 ||
+    setret "I:"$TC" instead of $4 truncation responses for $1" &&
+    BAD=yes
+    
+    range $DROP "$5" 1 ||
+    setret "I:"$DROP" instead of $5 dropped responses for $1" &&
+    BAD=yes
+    
+    range $NXDOMAIN "$6" 1 ||
+    setret "I:"$NXDOMAIN" instead of $6 NXDOMAIN responses for $1" &&
+    BAD=yes
+    
+    range $SERVFAIL "$7" 1 ||
+    setret "I:"$SERVFAIL" instead of $7 error responses for $1" &&
+    BAD=yes
+
+    range $NOERROR "$8" 1 ||
+    setret "I:"$NOERROR" instead of $8 NOERROR responses for $1" &&
+    BAD=yes
+    
    if test -z "$BAD"; then
-	rm -f dig.out-$1-*
+	rm -f mdig.out-$1
    fi
 }

@ -164,7 +166,7 @@ sec_start
 burst 5 a1.tld3 +norec
 # basic rate limiting
 burst 3 a1.tld2
-# 1 second delay allows an additional response.
+# delay allows an additional response.
 sleep 1
 burst 10 a1.tld2
 # Request 30 different qnames to try a wildcard.
@ -172,18 +174,18 @@ burst 30 'x$CNT.a2.tld2'
 # These should be counted and limited but are not.  See RT33138.
 burst 10 'y.x$CNT.a2.tld2'

-#					IP      TC      drop  NXDOMAIN SERVFAIL
+#					IP      TC      drop  NXDOMAIN SERVFAIL NOERROR
 # referrals to "."
-ck_result   a1.tld3	''		2	1	2	0	0
+ck_result   a1.tld3	x		0	1	2	0	0	2
 # check 13 results including 1 second delay that allows an additional response
-ck_result   a1.tld2	192.0.2.1	3	4	6	0	0
+ck_result   a1.tld2	192.0.2.1	3	4	6	0	0	8

 # Check the wild card answers.
 # The parent name of the 30 requests is counted.
-ck_result 'x*.a2.tld2'	192.0.2.2	2	10	18	0	0
+ck_result 'x*.a2.tld2'	192.0.2.2	2	10	18	0	0	12

 # These should be limited but are not.  See RT33138.
-ck_result 'y.x*.a2.tld2' 192.0.2.2	10	0	0	0	0
+ck_result 'y.x*.a2.tld2' 192.0.2.2	10	0	0	0	0	10

 #########
 sec_start
@ -193,15 +195,15 @@ burst 10 'y$CNT.a3.tld3'
 burst 10 'z$CNT.a4.tld2'

 # 10 identical recursive responses are limited
-ck_result 'x.a3.tld3'	192.0.3.3	2	3	5	0	0
+ck_result 'x.a3.tld3'	192.0.3.3	2	3	5	0	0	5

 # 10 different recursive responses are not limited
-ck_result 'y*.a3.tld3'	192.0.3.3	10	0	0	0	0
+ck_result 'y*.a3.tld3'	192.0.3.3	10	0	0	0	0	10

 # 10 different NXDOMAIN responses are limited based on the parent name.
 #   We count 13 responses because we count truncated NXDOMAIN responses
 #   as both truncated and NXDOMAIN.
-ck_result 'z*.a4.tld2'	x		0	3	5	5	0
+ck_result 'z*.a4.tld2'	x		0	3	5	5	0	0

 $RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats
 ckstats first dropped 36
@ -214,22 +216,22 @@ sec_start
 burst 10 a5.tld2 +tcp
 burst 10 a6.tld2 -b $ns7
 burst 10 a7.tld4
-burst 2 a8.tld2 AAAA
-burst 2 a8.tld2 TXT
-burst 2 a8.tld2 SPF
+burst 2 a8.tld2 -t AAAA
+burst 2 a8.tld2 -t TXT
+burst 2 a8.tld2 -t SPF

-#					IP      TC      drop  NXDOMAIN SERVFAIL
+#					IP      TC      drop  NXDOMAIN SERVFAIL NOERROR
 # TCP responses are not rate limited
-ck_result a5.tld2	192.0.2.5	10	0	0	0	0
+ck_result a5.tld2	192.0.2.5	10	0	0	0	0	10

 # whitelisted client is not rate limited
-ck_result a6.tld2	192.0.2.6	10	0	0	0	0
+ck_result a6.tld2	192.0.2.6	10	0	0	0	0	10

 # Errors such as SERVFAIL are rate limited.
-ck_result a7.tld4	x		0	0	8	0	2
+ck_result a7.tld4	x		0	0	8	0	2	0

 # NODATA responses are counted as the same regardless of qtype.
-ck_result a8.tld2	''		2	2	2	0	0
+ck_result a8.tld2	x		0	2	2	0	0	4

 $RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats
 ckstats second dropped 46
@ -239,13 +241,13 @@ ckstats second truncated 23
 #########
 sec_start

-#					IP      TC      drop  NXDOMAIN SERVFAIL
+#					IP      TC      drop  NXDOMAIN SERVFAIL NOERROR
 # all-per-second
 #   The qnames are all unique but the client IP address is constant.
 QNUM=101
 burst 60 'all$CNT.a9.tld2'

-ck_result 'a*.a9.tld2'	192.0.2.8	50	0	10	0	0
+ck_result 'a*.a9.tld2'	192.0.2.8	50	0	10	0	0	50

 $RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats
 ckstats final dropped 56