From: W.C.A. Wijngaards Date: Wed, 16 Jul 2025 09:46:04 +0000 (+0200) Subject: - Add unit tests for non-ecs aggregation. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a1150078f29e14b36c8e4d9d05a263a5e6abbc5b;p=thirdparty%2Funbound.git - Add unit tests for non-ecs aggregation. --- diff --git a/doc/Changelog b/doc/Changelog index 79e2585d9..8daacc052 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -3,6 +3,7 @@ from AOSP Lab Nankai University. - Tag for 1.23.1 with the release of 1.23.0 and the CVE fix, the repository continues with the previous fixes, with 1.23.2. + - Add unit tests for non-ecs aggregation. 12 July 2025: Yorgos - Merge #1289 from Roland van Rijswijk-Deij: Add extra statistic to diff --git a/testdata/subnet_noecs_mult.crpl b/testdata/subnet_noecs_mult.crpl new file mode 100644 index 000000000..3e2acefb0 --- /dev/null +++ b/testdata/subnet_noecs_mult.crpl @@ -0,0 +1,334 @@ +# config +server: + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 17 + module-config: "subnetcache iterator" + qname-minimisation: no + minimal-responses: yes + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test subnet with no edns subnet from server multiple times +; Multiple queries are sent to a server that does not reply with the +; edns-subnet option. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 50 52 + ADDRESS 1.2.3.4 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. host.example.com. 4 86400 3600 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname ednsdata +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION ADDITIONAL + ; Match this subnet option + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ; This is the response, without the subnet option + HEX_ANSWER_BEGIN; + 00 00 84 00 00 01 00 01 ; ID 0 QR AA NOERROR + 00 00 00 01 03 77 77 77 ; www.example.com A (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 + C0 0C 00 01 00 01 00 00 0E 10 ; www.example.com. A IN 3600 + 00 04 0A 14 1E 2C ; rdata 10.20.30.44 + 00 00 29 10 00 00 00 + 80 00 00 00 + HEX_ANSWER_END +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname ednsdata +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION ADDITIONAL + ; Match this subnet option + HEX_EDNSDATA_BEGIN + ; client is 127.2.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 02 00 ; address + HEX_EDNSDATA_END + ; This is the response, without the subnet option + HEX_ANSWER_BEGIN; + 00 00 84 00 00 01 00 01 ; ID 0 QR AA NOERROR + 00 00 00 01 03 77 77 77 ; www.example.com A (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 + C0 0C 00 01 00 01 00 00 0E 10 ; www.example.com. A IN 3600 + 00 04 0A 14 1E 2C ; rdata 10.20.30.44 + 00 00 29 10 00 00 00 + 80 00 00 00 + HEX_ANSWER_END +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname ednsdata +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION ADDITIONAL + ; Match this subnet option + HEX_EDNSDATA_BEGIN + ; client is 127.3.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 03 00 ; address + HEX_EDNSDATA_END + ; This is the response, without the subnet option + HEX_ANSWER_BEGIN; + 00 00 84 00 00 01 00 01 ; ID 0 QR AA NOERROR + 00 00 00 01 03 77 77 77 ; www.example.com A (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 + C0 0C 00 01 00 01 00 00 0E 10 ; www.example.com. A IN 3600 + 00 04 0A 14 1E 2C ; rdata 10.20.30.44 + 00 00 29 10 00 00 00 + 80 00 00 00 + HEX_ANSWER_END +ENTRY_END + +; The answer for a query without subnet +;ENTRY_BEGIN +;MATCH opcode qtype qname +;ADJUST copy_id +;REPLY QR AA NOERROR +;SECTION QUESTION +;www.example.com. IN A +;SECTION ANSWER +;www.example.com. IN A 10.20.30.40 +;ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 53 57 + ADDRESS 1.2.3.4 +; The answer for a query without subnet +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN + HEX_ANSWER_BEGIN; + 00 00 01 00 00 01 00 00 ; ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 11 00 ; ip4, scope 17, source 0 + 7f 00 00 ; 127.0.0.0/17 + HEX_ANSWER_END +ENTRY_END + +STEP 20 QUERY +ENTRY_BEGIN + HEX_ANSWER_BEGIN; + 00 00 01 00 00 01 00 00 ; ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 11 00 ; ip4, scope 17, source 0 + 7f 02 00 ; 127.2.0.0/17 + HEX_ANSWER_END +ENTRY_END + +STEP 30 QUERY +ENTRY_BEGIN + HEX_ANSWER_BEGIN; + 00 00 01 00 00 01 00 00 ; ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 11 00 ; ip4, scope 17, source 0 + 7f 03 00 ; 127.3.0.0/17 + HEX_ANSWER_END +ENTRY_END + +; recursion happens here. +; The upstream server RANGE starts responding at STEP 50. +STEP 50 TRAFFIC + +; The upstream server now responds for the nonsubnet response. +STEP 55 TRAFFIC + +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +;www.example.com. IN A 10.20.30.44 +SECTION ADDITIONAL +; HEX_EDNSDATA_BEGIN +; ; client is 127.3.0.1 +; 00 08 ; OPC +; 00 07 ; option length +; 00 01 ; Family +; 11 00 ; source mask, scopemask +; 7f 03 00 ; address +; HEX_EDNSDATA_END +ENTRY_END + +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +;www.example.com. IN A 10.20.30.44 +SECTION ADDITIONAL +; HEX_EDNSDATA_BEGIN +; ; client is 127.2.0.1 +; 00 08 ; OPC +; 00 07 ; option length +; 00 01 ; Family +; 11 00 ; source mask, scopemask +; 7f 02 00 ; address +; HEX_EDNSDATA_END +ENTRY_END + +STEP 80 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +;www.example.com. IN A 10.20.30.44 +SECTION ADDITIONAL +; HEX_EDNSDATA_BEGIN +; ; client is 127.0.0.1 +; 00 08 ; OPC +; 00 07 ; option length +; 00 01 ; Family +; 11 00 ; source mask, scopemask +; 7f 00 00 ; address +; HEX_EDNSDATA_END +ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_noecs_refused.crpl b/testdata/subnet_noecs_refused.crpl new file mode 100644 index 000000000..39fbe85b4 --- /dev/null +++ b/testdata/subnet_noecs_refused.crpl @@ -0,0 +1,159 @@ +# config +server: + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 17 + module-config: "subnetcache iterator" + qname-minimisation: no + minimal-responses: yes + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test subnet with no edns subnet support but it is refused +; The query is sent to a server that does not reply with the edns-subnet +; option. The upstream server sends rcode refused. That results in a +; NULL return_msg. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. host.example.com. 4 86400 3600 86400 3600 +ENTRY_END + +; This matches the no EDNS subnet info queries that are made for the +; fallback without subnet. The answer is refused. +ENTRY_BEGIN +MATCH opcode qtype qname ednsdata +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +;www.example.com. IN A 10.20.30.40 +ENTRY_END + +; This matches the initial query with edns subnet in the query, +; the answer has no edns subnet in the reply. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +;ENTRY_BEGIN +;REPLY RD DO +;SECTION QUESTION +;www.example.com. IN A +; but send this query with subnet scope zero in the query, because that +; makes the reply possibly get stored in the cache. +; +; query with subnet 0.0.0.0/0. +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 08 + + 00 08 00 04 ; OPC, optlen + 00 01 00 00 ; ip4, scope 0, source 0 + ;0.0.0.0/0 +HEX_ANSWER_END +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +;www.example.com. IN A 10.20.30.40 +ENTRY_END +SCENARIO_END diff --git a/testdata/subnet_noecs_support.crpl b/testdata/subnet_noecs_support.crpl new file mode 100644 index 000000000..0c9826c83 --- /dev/null +++ b/testdata/subnet_noecs_support.crpl @@ -0,0 +1,127 @@ +# config +server: + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 17 + module-config: "subnetcache iterator" + qname-minimisation: no + minimal-responses: yes + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test subnet with no edns subnet support from the server +; The query is sent to a server that does not reply with the edns-subnet +; option. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. host.example.com. 4 86400 3600 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +SCENARIO_END