[thirdparty/pdns.git] / regression-tests.dnsdist / test_DynBlocksGroup.py

#!/usr/bin/env python
import base64
import socket
import time
import dns
from dnsdisttests import DNSDistTest
from dnsdistDynBlockTests import DynBlocksTest, waitForMaintenanceToRun, _maintenanceWaitTime

class TestDynBlockGroupQPS(DynBlocksTest):

    _config_template = """
    local dbr = dynBlockRulesGroup()
    dbr:setQueryRate(%d, %d, "Exceeded query rate", %d)

    function maintenance()
	    dbr:apply()
    end
    newServer{address="127.0.0.1:%s"}
    webserver("127.0.0.1:%s")
    setWebserverConfig({password="%s", apiKey="%s"})
    """
    _config_params = ['_dynBlockQPS', '_dynBlockPeriod', '_dynBlockDuration', '_testServerPort', '_webServerPort', '_webServerBasicAuthPasswordHashed', '_webServerAPIKeyHashed']

    def testDynBlocksQRate(self):
        """
        Dyn Blocks (Group): QRate
        """
        name = 'qrate.group.dynblocks.tests.powerdns.com.'
        self.doTestQRate(name)

class TestDynBlockGroupQPSRefused(DynBlocksTest):

    _config_template = """
    local dbr = dynBlockRulesGroup()
    dbr:setQueryRate(%d, %d, "Exceeded query rate", %d)

    function maintenance()
	    dbr:apply()
    end
    setDynBlocksAction(DNSAction.Refused)
    newServer{address="127.0.0.1:%s"}
    """

    def testDynBlocksQRate(self):
        """
        Dyn Blocks (Group): QRate refused
        """
        name = 'qraterefused.group.dynblocks.tests.powerdns.com.'
        self.doTestQRateRCode(name, dns.rcode.REFUSED)

class TestDynBlockGroupQPSActionRefused(DynBlocksTest):

    _config_template = """
    local dbr = dynBlockRulesGroup()
    dbr:setQueryRate(%d, %d, "Exceeded query rate", %d, DNSAction.Refused)

    function maintenance()
	    dbr:apply()
    end
    setDynBlocksAction(DNSAction.Drop)
    newServer{address="127.0.0.1:%s"}
    """

    def testDynBlocksQRate(self):
        """
        Dyn Blocks (group): QRate refused (action)
        """
        name = 'qrateactionrefused.group.dynblocks.tests.powerdns.com.'
        self.doTestQRateRCode(name, dns.rcode.REFUSED)

class TestDynBlockGroupExcluded(DynBlocksTest):

    _config_template = """
    local dbr = dynBlockRulesGroup()
    dbr:setQueryRate(%d, %d, "Exceeded query rate", %d)
    dbr:excludeRange("127.0.0.1/32")

    function maintenance()
	    dbr:apply()
    end

    newServer{address="127.0.0.1:%s"}
    """

    def testExcluded(self):
        """
        Dyn Blocks (group) : Excluded from the dynamic block rules
        """
        name = 'excluded.group.dynblocks.tests.powerdns.com.'
        query = dns.message.make_query(name, 'A', 'IN')
        response = dns.message.make_response(query)
        rrset = dns.rrset.from_text(name,
                                    60,
                                    dns.rdataclass.IN,
                                    dns.rdatatype.A,
                                    '192.0.2.1')
        response.answer.append(rrset)

        allowed = 0
        sent = 0
        for _ in range((self._dynBlockQPS * self._dynBlockPeriod) + 1):
            (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
            sent = sent + 1
            if receivedQuery:
                receivedQuery.id = query.id
                self.assertEqual(query, receivedQuery)
                self.assertEqual(response, receivedResponse)
                allowed = allowed + 1
            else:
                # the query has not reached the responder,
                # let's clear the response queue
                self.clearToResponderQueue()

        # we should not have been blocked
        self.assertEqual(allowed, sent)

        waitForMaintenanceToRun()

        # we should still not be blocked
        (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
        receivedQuery.id = query.id
        self.assertEqual(query, receivedQuery)
        self.assertEqual(receivedResponse, receivedResponse)

class TestDynBlockGroupExcludedViaNMG(DynBlocksTest):

    _config_template = """
    local nmg = newNMG()
    nmg:addMask("127.0.0.1/32")

    local dbr = dynBlockRulesGroup()
    dbr:setQueryRate(%d, %d, "Exceeded query rate", %d)
    dbr:excludeRange(nmg)

    function maintenance()
	    dbr:apply()
    end

    newServer{address="127.0.0.1:%s"}
    """

    def testExcluded(self):
        """
        Dyn Blocks (group) : Excluded (via NMG) from the dynamic block rules
        """
        name = 'excluded-nmg.group.dynblocks.tests.powerdns.com.'
        query = dns.message.make_query(name, 'A', 'IN')
        response = dns.message.make_response(query)
        rrset = dns.rrset.from_text(name,
                                    60,
                                    dns.rdataclass.IN,
                                    dns.rdatatype.A,
                                    '192.0.2.1')
        response.answer.append(rrset)

        allowed = 0
        sent = 0
        for _ in range((self._dynBlockQPS * self._dynBlockPeriod) + 1):
            (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
            sent = sent + 1
            if receivedQuery:
                receivedQuery.id = query.id
                self.assertEqual(query, receivedQuery)
                self.assertEqual(response, receivedResponse)
                allowed = allowed + 1
            else:
                # the query has not reached the responder,
                # let's clear the response queue
                self.clearToResponderQueue()

        # we should not have been blocked
        self.assertEqual(allowed, sent)

        waitForMaintenanceToRun()

        # we should still not be blocked
        (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
        receivedQuery.id = query.id
        self.assertEqual(query, receivedQuery)
        self.assertEqual(receivedResponse, receivedResponse)

class TestDynBlockGroupNoOp(DynBlocksTest):

    _config_template = """
    local dbr = dynBlockRulesGroup()
    dbr:setQueryRate(%d, %d, "Exceeded query rate", %d, DNSAction.NoOp)

    function maintenance()
	    dbr:apply()
    end

    newServer{address="127.0.0.1:%s"}
    webserver("127.0.0.1:%s")
    setWebserverConfig({password="%s", apiKey="%s"})
    """
    _config_params = ['_dynBlockQPS', '_dynBlockPeriod', '_dynBlockDuration', '_testServerPort', '_webServerPort', '_webServerBasicAuthPasswordHashed', '_webServerAPIKeyHashed']

    def testNoOp(self):
        """
        Dyn Blocks (group) : NoOp
        """
        name = 'noop.group.dynblocks.tests.powerdns.com.'
        query = dns.message.make_query(name, 'A', 'IN')
        response = dns.message.make_response(query)
        rrset = dns.rrset.from_text(name,
                                    60,
                                    dns.rdataclass.IN,
                                    dns.rdatatype.A,
                                    '192.0.2.1')
        response.answer.append(rrset)

        allowed = 0
        sent = 0
        for _ in range((self._dynBlockQPS * self._dynBlockPeriod) + 1):
            (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
            sent = sent + 1
            if receivedQuery:
                receivedQuery.id = query.id
                self.assertEqual(query, receivedQuery)
                self.assertEqual(response, receivedResponse)
                allowed = allowed + 1
            else:
                # the query has not reached the responder,
                # let's clear the response queue
                self.clearToResponderQueue()

        # a dynamic rule should have been inserted, but the queries should still go on
        self.assertEqual(allowed, sent)

        waitForMaintenanceToRun()

        # the rule should still be present, but the queries pass through anyway
        (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
        receivedQuery.id = query.id
        self.assertEqual(query, receivedQuery)
        self.assertEqual(receivedResponse, receivedResponse)

        # check that the rule has been inserted
        self.doTestDynBlockViaAPI('127.0.0.1/32', 'Exceeded query rate', 1, self._dynBlockDuration, 0, sent)

class TestDynBlockGroupWarning(DynBlocksTest):

    _dynBlockWarningQPS = 5
    _dynBlockQPS = 20
    _config_template = """
    local dbr = dynBlockRulesGroup()
    dbr:setQueryRate(%d, %d, "Exceeded query rate", %d, DNSAction.Drop, %d)

    function maintenance()
	    dbr:apply()
    end

    newServer{address="127.0.0.1:%s"}
    webserver("127.0.0.1:%s")
    setWebserverConfig({password="%s", apiKey="%s"})
    """
    _config_params = ['_dynBlockQPS', '_dynBlockPeriod', '_dynBlockDuration', '_dynBlockWarningQPS', '_testServerPort', '_webServerPort', '_webServerBasicAuthPasswordHashed', '_webServerAPIKeyHashed']

    def testWarning(self):
        """
        Dyn Blocks (group) : Warning
        """
        name = 'warning.group.dynblocks.tests.powerdns.com.'
        query = dns.message.make_query(name, 'A', 'IN')
        response = dns.message.make_response(query)
        rrset = dns.rrset.from_text(name,
                                    60,
                                    dns.rdataclass.IN,
                                    dns.rdatatype.A,
                                    '192.0.2.1')
        response.answer.append(rrset)

        allowed = 0
        sent = 0
        for _ in range((self._dynBlockWarningQPS * self._dynBlockPeriod) + 1):
            (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
            sent = sent + 1
            if receivedQuery:
                receivedQuery.id = query.id
                self.assertEqual(query, receivedQuery)
                self.assertEqual(response, receivedResponse)
                allowed = allowed + 1
            else:
                # the query has not reached the responder,
                # let's clear the response queue
                self.clearToResponderQueue()

        # a dynamic rule should have been inserted, but the queries should
        # still go on because we are still at warning level
        self.assertEqual(allowed, sent)

        waitForMaintenanceToRun()

        # the rule should still be present, but the queries pass through anyway
        (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
        receivedQuery.id = query.id
        self.assertEqual(query, receivedQuery)
        self.assertEqual(receivedResponse, receivedResponse)

        # check that the rule has been inserted
        self.doTestDynBlockViaAPI('127.0.0.1/32', 'Exceeded query rate', 1, self._dynBlockDuration, 0, sent)

        self.doTestQRate(name)

class TestDynBlockGroupPort(DNSDistTest):

    _dynBlockQPS = 20
    _dynBlockPeriod = 2
    # this needs to be greater than maintenanceWaitTime
    _dynBlockDuration = _maintenanceWaitTime + 1
    _config_template = """
    local dbr = dynBlockRulesGroup()
    dbr:setQueryRate(%d, %d, "Exceeded query rate", %d, DNSAction.Drop)
    -- take the exact port into account
    dbr:setMasks(32, 128, 16)

    function maintenance()
	    dbr:apply()
    end
    newServer{address="127.0.0.1:%d"}
    """
    _config_params = ['_dynBlockQPS', '_dynBlockPeriod', '_dynBlockDuration', '_testServerPort']

    def testPort(self):
        """
        Dyn Blocks (group): Exact port matching
        """
        name = 'port.group.dynblocks.tests.powerdns.com.'
        query = dns.message.make_query(name, 'A', 'IN')
        response = dns.message.make_response(query)
        rrset = dns.rrset.from_text(name,
                                    60,
                                    dns.rdataclass.IN,
                                    dns.rdatatype.A,
                                    '192.0.2.1')
        response.answer.append(rrset)

        allowed = 0
        sent = 0
        for _ in range((self._dynBlockQPS * self._dynBlockPeriod) + 1):
            (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
            sent = sent + 1
            if receivedQuery:
                receivedQuery.id = query.id
                self.assertEqual(query, receivedQuery)
                self.assertEqual(response, receivedResponse)
                allowed = allowed + 1
            else:
                # the query has not reached the responder,
                # let's clear the response queue
                self.clearToResponderQueue()

        # we might be already blocked, but we should have been able to send
        # at least self._dynBlockQPS queries
        self.assertGreaterEqual(allowed, self._dynBlockQPS)

        if allowed == sent:
            waitForMaintenanceToRun()

        # we should now be dropped for up to self._dynBlockDuration + self._dynBlockPeriod
        (_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False)
        self.assertEqual(receivedResponse, None)

        # use a new socket, so a new port
        self._toResponderQueue.put(response, True, 1.0)
        newsock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        newsock.settimeout(1.0)
        newsock.connect(("127.0.0.1", self._dnsDistPort))
        newsock.send(query.to_wire())
        receivedResponse = newsock.recv(4096)
        if receivedResponse:
            receivedResponse = dns.message.from_wire(receivedResponse)
        receivedQuery = self._fromResponderQueue.get(True, 1.0)
        receivedQuery.id = query.id
        self.assertEqual(query, receivedQuery)
        self.assertEqual(response, receivedResponse)
Commit	Line	Data
8c87daac RG	1	#!/usr/bin/env python
	2	import base64
	3	import socket
	4	import time
	5	import dns
	6	from dnsdisttests import DNSDistTest
	7	from dnsdistDynBlockTests import DynBlocksTest, waitForMaintenanceToRun, _maintenanceWaitTime
	8
	9	class TestDynBlockGroupQPS(DynBlocksTest):
	10
	11	_config_template = """
	12	local dbr = dynBlockRulesGroup()
	13	dbr:setQueryRate(%d, %d, "Exceeded query rate", %d)
	14
	15	function maintenance()
	16	dbr:apply()
	17	end
	18	newServer{address="127.0.0.1:%s"}
	19	webserver("127.0.0.1:%s")
	20	setWebserverConfig({password="%s", apiKey="%s"})
	21	"""
	22	_config_params = ['_dynBlockQPS', '_dynBlockPeriod', '_dynBlockDuration', '_testServerPort', '_webServerPort', '_webServerBasicAuthPasswordHashed', '_webServerAPIKeyHashed']
	23
	24	def testDynBlocksQRate(self):
	25	"""
	26	Dyn Blocks (Group): QRate
	27	"""
	28	name = 'qrate.group.dynblocks.tests.powerdns.com.'
	29	self.doTestQRate(name)
	30
	31	class TestDynBlockGroupQPSRefused(DynBlocksTest):
	32
	33	_config_template = """
	34	local dbr = dynBlockRulesGroup()
	35	dbr:setQueryRate(%d, %d, "Exceeded query rate", %d)
	36
	37	function maintenance()
	38	dbr:apply()
	39	end
	40	setDynBlocksAction(DNSAction.Refused)
	41	newServer{address="127.0.0.1:%s"}
	42	"""
	43
	44	def testDynBlocksQRate(self):
	45	"""
	46	Dyn Blocks (Group): QRate refused
	47	"""
	48	name = 'qraterefused.group.dynblocks.tests.powerdns.com.'
	49	self.doTestQRateRCode(name, dns.rcode.REFUSED)
	50
	51	class TestDynBlockGroupQPSActionRefused(DynBlocksTest):
	52
	53	_config_template = """
	54	local dbr = dynBlockRulesGroup()
	55	dbr:setQueryRate(%d, %d, "Exceeded query rate", %d, DNSAction.Refused)
	56
	57	function maintenance()
	58	dbr:apply()
	59	end
	60	setDynBlocksAction(DNSAction.Drop)
	61	newServer{address="127.0.0.1:%s"}
	62	"""
	63
	64	def testDynBlocksQRate(self):
65	"""
66	Dyn Blocks (group): QRate refused (action)
67	"""
68	name = 'qrateactionrefused.group.dynblocks.tests.powerdns.com.'
69	self.doTestQRateRCode(name, dns.rcode.REFUSED)
70
71	class TestDynBlockGroupExcluded(DynBlocksTest):
72
73	_config_template = """
74	local dbr = dynBlockRulesGroup()
75	dbr:setQueryRate(%d, %d, "Exceeded query rate", %d)
76	dbr:excludeRange("127.0.0.1/32")
77
78	function maintenance()
79	dbr:apply()
80	end
81
82	newServer{address="127.0.0.1:%s"}
83	"""
84
85	def testExcluded(self):
86	"""
87	Dyn Blocks (group) : Excluded from the dynamic block rules
88	"""
89	name = 'excluded.group.dynblocks.tests.powerdns.com.'
90	query = dns.message.make_query(name, 'A', 'IN')
91	response = dns.message.make_response(query)
92	rrset = dns.rrset.from_text(name,
93	60,
94	dns.rdataclass.IN,
95	dns.rdatatype.A,
96	'192.0.2.1')
97	response.answer.append(rrset)
98
99	allowed = 0
100	sent = 0
101	for _ in range((self._dynBlockQPS * self._dynBlockPeriod) + 1):
102	(receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
103	sent = sent + 1
104	if receivedQuery:
105	receivedQuery.id = query.id
106	self.assertEqual(query, receivedQuery)
107	self.assertEqual(response, receivedResponse)
108	allowed = allowed + 1
109	else:
110	# the query has not reached the responder,
111	# let's clear the response queue
112	self.clearToResponderQueue()
113
114	# we should not have been blocked
115	self.assertEqual(allowed, sent)
116
117	waitForMaintenanceToRun()
118
119	# we should still not be blocked
120	(receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
121	receivedQuery.id = query.id
122	self.assertEqual(query, receivedQuery)
123	self.assertEqual(receivedResponse, receivedResponse)
124
125	class TestDynBlockGroupExcludedViaNMG(DynBlocksTest):
126
127	_config_template = """
128	local nmg = newNMG()
129	nmg:addMask("127.0.0.1/32")
130
131	local dbr = dynBlockRulesGroup()
132	dbr:setQueryRate(%d, %d, "Exceeded query rate", %d)
133	dbr:excludeRange(nmg)
134
135	function maintenance()
136	dbr:apply()
137	end
138
139	newServer{address="127.0.0.1:%s"}
140	"""
141
142	def testExcluded(self):
143	"""
144	Dyn Blocks (group) : Excluded (via NMG) from the dynamic block rules
145	"""
146	name = 'excluded-nmg.group.dynblocks.tests.powerdns.com.'
147	query = dns.message.make_query(name, 'A', 'IN')
148	response = dns.message.make_response(query)
149	rrset = dns.rrset.from_text(name,
150	60,
151	dns.rdataclass.IN,
152	dns.rdatatype.A,
153	'192.0.2.1')
154	response.answer.append(rrset)
155
156	allowed = 0
157	sent = 0
158	for _ in range((self._dynBlockQPS * self._dynBlockPeriod) + 1):
159	(receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
160	sent = sent + 1
161	if receivedQuery:
162	receivedQuery.id = query.id
163	self.assertEqual(query, receivedQuery)
164	self.assertEqual(response, receivedResponse)
165	allowed = allowed + 1
166	else:
167	# the query has not reached the responder,
168	# let's clear the response queue
169	self.clearToResponderQueue()
170
171	# we should not have been blocked
172	self.assertEqual(allowed, sent)
173
174	waitForMaintenanceToRun()
175
176	# we should still not be blocked
177	(receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
178	receivedQuery.id = query.id
179	self.assertEqual(query, receivedQuery)
180	self.assertEqual(receivedResponse, receivedResponse)
181
182	class TestDynBlockGroupNoOp(DynBlocksTest):
183
184	_config_template = """
185	local dbr = dynBlockRulesGroup()
186	dbr:setQueryRate(%d, %d, "Exceeded query rate", %d, DNSAction.NoOp)
187
188	function maintenance()
189	dbr:apply()
190	end
191
192	newServer{address="127.0.0.1:%s"}
193	webserver("127.0.0.1:%s")
194	setWebserverConfig({password="%s", apiKey="%s"})
195	"""
196	_config_params = ['_dynBlockQPS', '_dynBlockPeriod', '_dynBlockDuration', '_testServerPort', '_webServerPort', '_webServerBasicAuthPasswordHashed', '_webServerAPIKeyHashed']
197
198	def testNoOp(self):
199	"""
200	Dyn Blocks (group) : NoOp
201	"""
202	name = 'noop.group.dynblocks.tests.powerdns.com.'
203	query = dns.message.make_query(name, 'A', 'IN')
204	response = dns.message.make_response(query)
205	rrset = dns.rrset.from_text(name,
206	60,
207	dns.rdataclass.IN,
208	dns.rdatatype.A,
209	'192.0.2.1')
210	response.answer.append(rrset)
211
212	allowed = 0
213	sent = 0
214	for _ in range((self._dynBlockQPS * self._dynBlockPeriod) + 1):
215	(receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
216	sent = sent + 1
217	if receivedQuery:
218	receivedQuery.id = query.id
219	self.assertEqual(query, receivedQuery)
220	self.assertEqual(response, receivedResponse)
221	allowed = allowed + 1
222	else:
223	# the query has not reached the responder,
224	# let's clear the response queue
225	self.clearToResponderQueue()
226
227	# a dynamic rule should have been inserted, but the queries should still go on
228	self.assertEqual(allowed, sent)
229
230	waitForMaintenanceToRun()
231
232	# the rule should still be present, but the queries pass through anyway
233	(receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
234	receivedQuery.id = query.id
235	self.assertEqual(query, receivedQuery)
236	self.assertEqual(receivedResponse, receivedResponse)
237
238	# check that the rule has been inserted
239	self.doTestDynBlockViaAPI('127.0.0.1/32', 'Exceeded query rate', 1, self._dynBlockDuration, 0, sent)
240
241	class TestDynBlockGroupWarning(DynBlocksTest):
242
243	_dynBlockWarningQPS = 5
244	_dynBlockQPS = 20
245	_config_template = """
246	local dbr = dynBlockRulesGroup()
247	dbr:setQueryRate(%d, %d, "Exceeded query rate", %d, DNSAction.Drop, %d)
248
249	function maintenance()
250	dbr:apply()
251	end
252
253	newServer{address="127.0.0.1:%s"}
254	webserver("127.0.0.1:%s")
255	setWebserverConfig({password="%s", apiKey="%s"})
256	"""
257	_config_params = ['_dynBlockQPS', '_dynBlockPeriod', '_dynBlockDuration', '_dynBlockWarningQPS', '_testServerPort', '_webServerPort', '_webServerBasicAuthPasswordHashed', '_webServerAPIKeyHashed']
258
259	def testWarning(self):
260	"""
261	Dyn Blocks (group) : Warning
262	"""
263	name = 'warning.group.dynblocks.tests.powerdns.com.'
264	query = dns.message.make_query(name, 'A', 'IN')
265	response = dns.message.make_response(query)
266	rrset = dns.rrset.from_text(name,
267	60,
268	dns.rdataclass.IN,
269	dns.rdatatype.A,
270	'192.0.2.1')
271	response.answer.append(rrset)
272
273	allowed = 0
274	sent = 0
275	for _ in range((self._dynBlockWarningQPS * self._dynBlockPeriod) + 1):
276	(receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
277	sent = sent + 1
278	if receivedQuery:
279	receivedQuery.id = query.id
280	self.assertEqual(query, receivedQuery)
281	self.assertEqual(response, receivedResponse)
282	allowed = allowed + 1
283	else:
284	# the query has not reached the responder,
285	# let's clear the response queue
286	self.clearToResponderQueue()
287
288	# a dynamic rule should have been inserted, but the queries should
289	# still go on because we are still at warning level
290	self.assertEqual(allowed, sent)
291
292	waitForMaintenanceToRun()
293
294	# the rule should still be present, but the queries pass through anyway
295	(receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
296	receivedQuery.id = query.id
297	self.assertEqual(query, receivedQuery)
298	self.assertEqual(receivedResponse, receivedResponse)
299
300	# check that the rule has been inserted
301	self.doTestDynBlockViaAPI('127.0.0.1/32', 'Exceeded query rate', 1, self._dynBlockDuration, 0, sent)
302
303	self.doTestQRate(name)
304
305	class TestDynBlockGroupPort(DNSDistTest):
306
307	_dynBlockQPS = 20
308	_dynBlockPeriod = 2
309	# this needs to be greater than maintenanceWaitTime
310	_dynBlockDuration = _maintenanceWaitTime + 1
311	_config_template = """
312	local dbr = dynBlockRulesGroup()
313	dbr:setQueryRate(%d, %d, "Exceeded query rate", %d, DNSAction.Drop)
314	-- take the exact port into account
315	dbr:setMasks(32, 128, 16)
316
317	function maintenance()
318	dbr:apply()
319	end
320	newServer{address="127.0.0.1:%d"}
321	"""
322	_config_params = ['_dynBlockQPS', '_dynBlockPeriod', '_dynBlockDuration', '_testServerPort']
323
324	def testPort(self):
325	"""
326	Dyn Blocks (group): Exact port matching
327	"""
328	name = 'port.group.dynblocks.tests.powerdns.com.'
329	query = dns.message.make_query(name, 'A', 'IN')
330	response = dns.message.make_response(query)
331	rrset = dns.rrset.from_text(name,
332	60,
333	dns.rdataclass.IN,
334	dns.rdatatype.A,
335	'192.0.2.1')
336	response.answer.append(rrset)
337
338	allowed = 0
339	sent = 0
340	for _ in range((self._dynBlockQPS * self._dynBlockPeriod) + 1):
341	(receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
342	sent = sent + 1
343	if receivedQuery:
344	receivedQuery.id = query.id
345	self.assertEqual(query, receivedQuery)
346	self.assertEqual(response, receivedResponse)
347	allowed = allowed + 1
348	else:
349	# the query has not reached the responder,
350	# let's clear the response queue
351	self.clearToResponderQueue()
352
353	# we might be already blocked, but we should have been able to send
354	# at least self._dynBlockQPS queries
355	self.assertGreaterEqual(allowed, self._dynBlockQPS)
356
357	if allowed == sent:
358	waitForMaintenanceToRun()
359
360	# we should now be dropped for up to self._dynBlockDuration + self._dynBlockPeriod
361	(_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False)
362	self.assertEqual(receivedResponse, None)
363
364	# use a new socket, so a new port
365	self._toResponderQueue.put(response, True, 1.0)
366	newsock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
367	newsock.settimeout(1.0)
368	newsock.connect(("127.0.0.1", self._dnsDistPort))
369	newsock.send(query.to_wire())
370	receivedResponse = newsock.recv(4096)
371	if receivedResponse:
372	receivedResponse = dns.message.from_wire(receivedResponse)
373	receivedQuery = self._fromResponderQueue.get(True, 1.0)
374	receivedQuery.id = query.id
375	self.assertEqual(query, receivedQuery)
376	self.assertEqual(response, receivedResponse)