From: Otto Moerbeek Date: Wed, 1 Feb 2023 14:45:05 +0000 (+0100) Subject: A few unit tests X-Git-Tag: dnsdist-1.8.0-rc1~37^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=171376f16832b177df60385c4eb3922bd791491f;p=thirdparty%2Fpdns.git A few unit tests --- diff --git a/pdns/recursordist/aggressive_nsec.cc b/pdns/recursordist/aggressive_nsec.cc index 61cd873bb9..fbd338a3f3 100644 --- a/pdns/recursordist/aggressive_nsec.cc +++ b/pdns/recursordist/aggressive_nsec.cc @@ -256,10 +256,9 @@ static size_t computeCommonPrefix(const string& one, const string& two) // If the NSEC3 hashes have a long common prefix, they deny only a small subset of all possible hashes // So don't take the trouble to store those. -static bool isSmallCoveringNSEC3(const DNSName& owner, const std::shared_ptr& nsec) +bool AggressiveNSECCache::isSmallCoveringNSEC3(const DNSName& owner, const std::string& nextHash) { std::string ownerHash(fromBase32Hex(owner.getRawLabel(0))); - const std::string& nextHash = nsec->d_nexthash; auto commonPrefix = computeCommonPrefix(ownerHash, nextHash); return commonPrefix > AggressiveNSECCache::s_maxNSEC3CommonPrefix; } @@ -314,7 +313,7 @@ void AggressiveNSECCache::insertNSEC(const DNSName& zone, const DNSName& owner, return; } - if (isSmallCoveringNSEC3(owner, content)) { + if (isSmallCoveringNSEC3(owner, content->d_nexthash)) { /* not accepting small covering answers since they only deny a small subset */ return; } diff --git a/pdns/recursordist/aggressive_nsec.hh b/pdns/recursordist/aggressive_nsec.hh index 64b23ea3a4..b2b48083f9 100644 --- a/pdns/recursordist/aggressive_nsec.hh +++ b/pdns/recursordist/aggressive_nsec.hh @@ -78,6 +78,9 @@ public: return d_nsec3WildcardHits; } + // exported for unit test purposes + static bool isSmallCoveringNSEC3(const DNSName& owner, const std::string& nextHash); + void prune(time_t now); size_t dumpToFile(std::unique_ptr& fp, const struct timeval& now); diff --git a/pdns/recursordist/test-aggressive_nsec_cc.cc b/pdns/recursordist/test-aggressive_nsec_cc.cc index 7e0058efca..2968450dae 100644 --- a/pdns/recursordist/test-aggressive_nsec_cc.cc +++ b/pdns/recursordist/test-aggressive_nsec_cc.cc @@ -6,6 +6,26 @@ BOOST_AUTO_TEST_SUITE(aggressive_nsec_cc) +BOOST_AUTO_TEST_CASE(test_small_coverering_nsec3) +{ + AggressiveNSECCache::s_maxNSEC3CommonPrefix = 1; + + const std::tuple table[] = { + { "gujhshp2lhmnpoo9qde4blg4gq3hgl99", "gujhshp2lhmnpoo9qde4blg4gq3hgl9a", 157, true}, + { "gujhshp2lhmnpoo9qde4blg4gq3hgl99", "gujhshp2lhmnpoo9qde4blg4gq3hgl9a", 158, false}, + { "0ujhshp2lhmnpoo9qde4blg4gq3hgl99", "vujhshp2lhmnpoo9qde4blg4gq3hgl9a", 0, false}, + { "0ujhshp2lhmnpoo9qde4blg4gq3hgl99", "7ujhshp2lhmnpoo9qde4blg4gq3hgl9a", 1, true}, + { "0ujhshp2lhmnpoo9qde4blg4gq3hgl99", "7ujhshp2lhmnpoo9qde4blg4gq3hgl9a", 2, false}, + { "0ujhshp2lhmnpoo9qde4blg4gq3hgl99", "fujhshp2lhmnpoo9qde4blg4gq3hgl9a", 1, false}, + { "0ujhshp2lhmnpoo9qde4blg4gq3hgl99", "8ujhshp2lhmnpoo9qde4blg4gq3hgl9a", 1, false}, + }; + + for (const auto& [owner, next, boundary, result]: table) { + AggressiveNSECCache::s_maxNSEC3CommonPrefix = boundary; + BOOST_CHECK_EQUAL(AggressiveNSECCache::isSmallCoveringNSEC3(DNSName(owner), fromBase32Hex(next)), result); + } +} + BOOST_AUTO_TEST_CASE(test_aggressive_nsec_nxdomain) { std::unique_ptr sr;