From: Ondřej Surý Date: Wed, 1 Dec 2021 11:22:59 +0000 (+0100) Subject: Add TCP connection reset test X-Git-Tag: v9.17.21~7^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c17919019ef0af8226e5bb61214b805bb3e2451;p=thirdparty%2Fbind9.git Add TCP connection reset test The TCP connection reset test starts mock UDP and TCP server which always returns empty DNS answer with TC bit set over UDP and resets the TCP connection after five seconds. When tested without the fix, the DNS query to 10.53.0.2 times out and the ns2 server hangs at shutdown. --- diff --git a/bin/tests/system/Makefile.am b/bin/tests/system/Makefile.am index 5fe5b2d8338..da153d66158 100644 --- a/bin/tests/system/Makefile.am +++ b/bin/tests/system/Makefile.am @@ -213,7 +213,7 @@ if HAVE_PYTHON TESTS += kasp keymgr2kasp tcp pipelined if HAVE_PYMOD_DNS -TESTS += checkds qmin cookie timeouts +TESTS += checkds dispatch qmin cookie timeouts if HAVE_PERLMOD_NET_DNS TESTS += dnssec diff --git a/bin/tests/system/dispatch/ans3/ans.py b/bin/tests/system/dispatch/ans3/ans.py new file mode 100644 index 00000000000..e243a740dc2 --- /dev/null +++ b/bin/tests/system/dispatch/ans3/ans.py @@ -0,0 +1,99 @@ +############################################################################ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. +############################################################################ + +import os +import select +import signal +import socket +import sys +import time + +import dns.flags +import dns.message + + +def port(): + env_port = os.getenv("PORT") + if env_port is None: + env_port = 5300 + else: + env_port = int(env_port) + + return env_port + + +def udp_listen(port): + udp = socket.socket(type=socket.SOCK_DGRAM) + udp.bind(('10.53.0.3', port)) + + return udp + + +def tcp_listen(port): + tcp = socket.socket(type=socket.SOCK_STREAM) + tcp.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + tcp.bind(('10.53.0.3', port)) + tcp.listen(100) + + return tcp + + +def udp_tc_once(udp): + qrybytes, clientaddr = udp.recvfrom(65535) + qry = dns.message.from_wire(qrybytes) + answ = dns.message.make_response(qry) + answ.flags |= dns.flags.TC + answbytes = answ.to_wire() + udp.sendto(answbytes, clientaddr) + + +def tcp_once(tcp): + csock, _clientaddr = tcp.accept() + time.sleep(5) + csock.close() + + +def sigterm(signum, frame): + os.remove('ans.pid') + sys.exit(0) + + +def write_pid(): + with open('ans.pid', 'w') as f: + pid = os.getpid() + f.write("{}".format(pid)) + + +signal.signal(signal.SIGTERM, sigterm) +write_pid() + +udp = udp_listen(port()) +tcp = tcp_listen(port()) + +input = [udp, tcp] + +while True: + try: + inputready, outputready, exceptready = select.select(input, [], []) + except select.error: + break + except socket.error: + break + except KeyboardInterrupt: + break + + for s in inputready: + if s == udp: + udp_tc_once(udp) + if s == tcp: + tcp_once(tcp) + +sigterm(signal.SIGTERM, 0) diff --git a/bin/tests/system/dispatch/clean.sh b/bin/tests/system/dispatch/clean.sh new file mode 100644 index 00000000000..dee2d6fb032 --- /dev/null +++ b/bin/tests/system/dispatch/clean.sh @@ -0,0 +1,12 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +rm -f ns*/named.run ns*/named.conf ns*/named.pid ns*/managed-keys.bind* +rm -f ans*/ans.run ans*/ans.pid +rm -f ns*/named.memstats diff --git a/bin/tests/system/dispatch/conftest.py b/bin/tests/system/dispatch/conftest.py new file mode 100644 index 00000000000..96db32f9098 --- /dev/null +++ b/bin/tests/system/dispatch/conftest.py @@ -0,0 +1,25 @@ +############################################################################ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. +############################################################################ + +import os +import pytest + + +@pytest.fixture +def port(request): + # pylint: disable=unused-argument + env_port = os.getenv("PORT") + if env_port is None: + env_port = 5300 + else: + env_port = int(env_port) + + return env_port diff --git a/bin/tests/system/dispatch/ns1/named.conf.in b/bin/tests/system/dispatch/ns1/named.conf.in new file mode 100644 index 00000000000..9f924967af1 --- /dev/null +++ b/bin/tests/system/dispatch/ns1/named.conf.in @@ -0,0 +1,42 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +options { + port @PORT@; + pid-file "named.pid"; + + listen-on { 10.53.0.1; }; + query-source address 10.53.0.1; + notify-source 10.53.0.1; + transfer-source 10.53.0.1; + + listen-on-v6 { fd92:7065:b8e:ffff::1; }; + query-source-v6 address fd92:7065:b8e:ffff::1; + notify-source-v6 fd92:7065:b8e:ffff::1; + transfer-source-v6 fd92:7065:b8e:ffff::1; + + recursion no; + servfail-ttl 0; +}; + +zone "." { + type primary; + file "root.db"; +}; diff --git a/bin/tests/system/dispatch/ns1/root.db b/bin/tests/system/dispatch/ns1/root.db new file mode 100644 index 00000000000..2e8ca62f67a --- /dev/null +++ b/bin/tests/system/dispatch/ns1/root.db @@ -0,0 +1,14 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +. 300 SOA . . 0 0 0 0 0 +. 300 NS ns.nil. +ns.nil. 300 A 10.53.0.1 +example. 300 NS ns.example. +ns.example. 300 A 10.53.0.2 diff --git a/bin/tests/system/dispatch/ns2/example.db b/bin/tests/system/dispatch/ns2/example.db new file mode 100644 index 00000000000..0e879784ca2 --- /dev/null +++ b/bin/tests/system/dispatch/ns2/example.db @@ -0,0 +1,6 @@ +example. 86400 IN SOA ns.example. root.example. 43 10800 900 604800 86400 +example. 86400 IN NS ns.example. +ns.example. A 10.53.0.2 + +ns.sub.example. A 10.53.0.3 +sub.example. NS ns.sub.example. diff --git a/bin/tests/system/dispatch/ns2/named.conf.in b/bin/tests/system/dispatch/ns2/named.conf.in new file mode 100644 index 00000000000..d410de813a3 --- /dev/null +++ b/bin/tests/system/dispatch/ns2/named.conf.in @@ -0,0 +1,47 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +options { + port @PORT@; + pid-file "named.pid"; + + listen-on { 10.53.0.2; }; + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + + listen-on-v6 { fd92:7065:b8e:ffff::2; }; + query-source-v6 address fd92:7065:b8e:ffff::2; + notify-source-v6 fd92:7065:b8e:ffff::2; + transfer-source-v6 fd92:7065:b8e:ffff::2; + + recursion yes; + servfail-ttl 0; +}; + +zone "." { + type hint; + file "../../common/root.hint"; +}; + +zone "example" { + type primary; + file "example.db"; +}; diff --git a/bin/tests/system/dispatch/setup.sh b/bin/tests/system/dispatch/setup.sh new file mode 100644 index 00000000000..5c160b922eb --- /dev/null +++ b/bin/tests/system/dispatch/setup.sh @@ -0,0 +1,15 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +. ../conf.sh + +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf diff --git a/bin/tests/system/dispatch/tests-connreset.py b/bin/tests/system/dispatch/tests-connreset.py new file mode 100644 index 00000000000..c846fcf2250 --- /dev/null +++ b/bin/tests/system/dispatch/tests-connreset.py @@ -0,0 +1,25 @@ +#!/usr/bin/python3 +############################################################################ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. +############################################################################ + +import pytest + +pytest.importorskip("dns") +import dns.message +import dns.query +import dns.rcode + + +def test_connreset(port): + msg = dns.message.make_query("sub.example.", "A", want_dnssec=True, + use_edns=0, payload=1232) + ans = dns.query.udp(msg, "10.53.0.2", timeout=10, port=port) + assert ans.rcode() == dns.rcode.SERVFAIL diff --git a/util/copyrights b/util/copyrights index 1a784947698..408c3d0c14f 100644 --- a/util/copyrights +++ b/util/copyrights @@ -228,6 +228,11 @@ ./bin/tests/system/digdelv/setup.sh SH 2018,2019,2020,2021 ./bin/tests/system/digdelv/tests.sh SH 2015,2016,2017,2018,2019,2020,2021 ./bin/tests/system/digdelv/yamlget.py PYTHON 2019,2020,2021 +./bin/tests/system/dispatch/ans3/ans.py PYTHON 2021 +./bin/tests/system/dispatch/clean.sh SH 2021 +./bin/tests/system/dispatch/conftest.py PYTHON 2021 +./bin/tests/system/dispatch/setup.sh SH 2021 +./bin/tests/system/dispatch/tests-connreset.py PYTHON-BIN 2021 ./bin/tests/system/ditch.pl PERL 2015,2016,2018,2019,2020,2021 ./bin/tests/system/dlzexternal/clean.sh SH 2010,2012,2014,2015,2016,2018,2019,2020,2021 ./bin/tests/system/dlzexternal/driver/driver.c C 2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021