fprintf(stderr, "args:\n");
fprintf(stderr, "\t--edns-version\n");
fprintf(stderr, "\t--enable-dnsrps\n");
+ fprintf(stderr, "\t--enable-dnstap\n");
fprintf(stderr, "\t--gethostname\n");
fprintf(stderr, "\t--gssapi\n");
fprintf(stderr, "\t--have-dlopen\n");
#endif /* ifdef USE_DNSRPS */
}
+ if (strcmp(argv[1], "--enable-dnstap") == 0) {
+#ifdef HAVE_DNSTAP
+ return (0);
+#else /* ifdef HAVE_DNSTAP */
+ return (1);
+#endif /* ifdef HAVE_DNSTAP */
+ }
+
if (strcmp(argv[1], "--gethostname") == 0) {
char hostname[MAXHOSTNAMELEN];
int n;
copy_setports ns2/named.conf.in ns2/named.conf
copy_setports ns3/named.conf.in ns3/named.conf
+if ../feature-test --enable-dnstap
+then
+ cat <<'EOF' > ns3/dnstap.conf
+ dnstap-identity "ns3";
+ dnstap-version "xxx";
+ dnstap-output file "dnstap.out";
+ dnstap { all; };
+EOF
+else
+ echo "/* DNSTAP NOT ENABLED */" >ns3/dnstap.conf
+fi
+
+
#
# SIG(0) required cryptographic support which may not be configured.
#
-keyname=`$KEYGEN -q -n HOST -a RSASHA1 -b 1024 -T KEY sig0.example2 2>/dev/null | $D2U`
+keyname=`$KEYGEN -q -n HOST -a RSASHA1 -b 1024 -T KEY sig0.example2 2>keyname.err`
if test -n "$keyname"
then
cat ns1/example1.db $keyname.key > ns1/example2.db
else
cat ns1/example1.db > ns1/example2.db
fi
+cat_i < keyname.err
. $SYSTEMTESTTOP/conf.sh
DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}"
+RNDCCMD="$RNDC -p ${CONTROLPORT} -c ../common/rndc.conf"
status=0
n=1
+capture_dnstap() {
+ retry_quiet 20 test -f ns3/dnstap.out && mv ns3/dnstap.out dnstap.out.$n
+ $RNDCCMD -s 10.53.0.3 dnstap -reopen
+}
+
+uq_equals_ur() {
+ "$DNSTAPREAD" dnstap.out.$n |
+ awk '$3 == "UQ" { UQ+=1 } $3 == "UR" { UR += 1 } END { print UQ+0, UR+0 }' > dnstapread.out$n
+ read UQ UR < dnstapread.out$n
+ echo_i "UQ=$UQ UR=$UR"
+ test $UQ -eq $UR || return 1
+}
echo_i "waiting for servers to be ready for testing ($n)"
for i in 1 2 3 4 5 6 7 8 9 10
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
+if $FEATURETEST --enable-dnstap
+then
+ echo_i "checking DNSTAP logging of UPDATE forwarded update replies ($n)"
+ ret=0
+ capture_dnstap
+ uq_equals_ur || ret=1
+ if [ $ret != 0 ] ; then echo_i "failed"; fi
+ status=`expr $status + $ret`
+ n=`expr $n + 1`
+fi
+
echo_i "updating zone (unsigned) ($n)"
ret=0
$NSUPDATE -- - <<EOF || ret=1
digcomp knowngood.after2 dig.out.ns2 || ret=1
digcomp knowngood.after2 dig.out.ns3 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
+
+if $FEATURETEST --enable-dnstap
+then
+ echo_i "checking DNSTAP logging of UPDATE forwarded update replies ($n)"
+ ret=0
+ capture_dnstap
+ uq_equals_ur || ret=1
+ if [ $ret != 0 ] ; then echo_i "failed"; fi
+ status=`expr $status + $ret`
+ n=`expr $n + 1`
+fi
n=`expr $n + 1`
echo_i "checking update forwarding to dead master ($n)"
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
+if $FEATURETEST --enable-dnstap
+then
+ echo_i "checking DNSTAP logging of UPDATE forwarded update replies ($n)"
+ ret=0
+ capture_dnstap
+ uq_equals_ur && ret=1
+ if [ $ret != 0 ] ; then echo_i "failed"; fi
+ status=`expr $status + $ret`
+ n=`expr $n + 1`
+fi
+
if test -f keyname
then
echo_i "checking update forwarding to with sig0 ($n)"
if [ $ret != 0 ] ; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
+
+ if $FEATURETEST --enable-dnstap
+ then
+ echo_i "checking DNSTAP logging of UPDATE forwarded update replies ($n)"
+ ret=0
+ capture_dnstap
+ uq_equals_ur || ret=1
+ if [ $ret != 0 ] ; then echo_i "failed"; fi
+ status=`expr $status + $ret`
+ n=`expr $n + 1`
+ fi
fi
echo_i "exit status: $status"
projects / thirdparty / bind9.git / commitdiff
