From: Otto Moerbeek Date: Tue, 8 Oct 2024 11:58:46 +0000 (+0200) Subject: Add regression test for FWCatz X-Git-Tag: rec-5.2.0-alpha1~7^2~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bafe49decf5c4d6124b3a2b8582e1e0b05f669d1;p=thirdparty%2Fpdns.git Add regression test for FWCatz --- diff --git a/regression-tests.recursor-dnssec/requirements.in b/regression-tests.recursor-dnssec/requirements.in index 6e04a1f902..9f4dab033b 100644 --- a/regression-tests.recursor-dnssec/requirements.in +++ b/regression-tests.recursor-dnssec/requirements.in @@ -8,3 +8,4 @@ pyasn1==0.4.8 pysnmp>=5,<6 requests>=2.1.0 Twisted>0.15.0 +pyyaml==6.0.1 diff --git a/regression-tests.recursor-dnssec/requirements.txt b/regression-tests.recursor-dnssec/requirements.txt index b2dffa08a9..2624c8ce18 100644 --- a/regression-tests.recursor-dnssec/requirements.txt +++ b/regression-tests.recursor-dnssec/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.11 +# This file is autogenerated by pip-compile with Python 3.12 # by the following command: # # pip-compile --generate-hashes requirements.in @@ -263,6 +263,10 @@ pyasn1==0.4.8 \ # via # -r requirements.in # pysnmp +pyasyncore==1.0.4 \ + --hash=sha256:2c7a8b9b750ba6260f1e5a061456d61320a80579c6a43d42183417da89c7d5d6 \ + --hash=sha256:9e5f6dc9dc057c56370b7a5cdb4c4670fd4b0556de2913ed1f428cd6a5366895 + # via pysnmp pycparser==2.22 \ --hash=sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6 \ --hash=sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc @@ -283,6 +287,59 @@ pytest==8.3.3 \ --hash=sha256:70b98107bd648308a7952b06e6ca9a50bc660be218d53c257cc1fc94fda10181 \ --hash=sha256:a6853c7375b2663155079443d2e45de913a911a11d669df02a50814944db57b2 # via -r requirements.in +pyyaml==6.0.1 \ + --hash=sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5 \ + --hash=sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc \ + --hash=sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df \ + --hash=sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741 \ + --hash=sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206 \ + --hash=sha256:18aeb1bf9a78867dc38b259769503436b7c72f7a1f1f4c93ff9a17de54319b27 \ + --hash=sha256:1d4c7e777c441b20e32f52bd377e0c409713e8bb1386e1099c2415f26e479595 \ + --hash=sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62 \ + --hash=sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98 \ + --hash=sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696 \ + --hash=sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290 \ + --hash=sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9 \ + --hash=sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d \ + --hash=sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6 \ + --hash=sha256:4fb147e7a67ef577a588a0e2c17b6db51dda102c71de36f8549b6816a96e1867 \ + --hash=sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47 \ + --hash=sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486 \ + --hash=sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6 \ + --hash=sha256:596106435fa6ad000c2991a98fa58eeb8656ef2325d7e158344fb33864ed87e3 \ + --hash=sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007 \ + --hash=sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938 \ + --hash=sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0 \ + --hash=sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c \ + --hash=sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735 \ + --hash=sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d \ + --hash=sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28 \ + --hash=sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4 \ + --hash=sha256:9046c58c4395dff28dd494285c82ba00b546adfc7ef001486fbf0324bc174fba \ + --hash=sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8 \ + --hash=sha256:a08c6f0fe150303c1c6b71ebcd7213c2858041a7e01975da3a99aed1e7a378ef \ + --hash=sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5 \ + --hash=sha256:afd7e57eddb1a54f0f1a974bc4391af8bcce0b444685d936840f125cf046d5bd \ + --hash=sha256:b1275ad35a5d18c62a7220633c913e1b42d44b46ee12554e5fd39c70a243d6a3 \ + --hash=sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0 \ + --hash=sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515 \ + --hash=sha256:baa90d3f661d43131ca170712d903e6295d1f7a0f595074f151c0aed377c9b9c \ + --hash=sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c \ + --hash=sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924 \ + --hash=sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34 \ + --hash=sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43 \ + --hash=sha256:c8098ddcc2a85b61647b2590f825f3db38891662cfc2fc776415143f599bb859 \ + --hash=sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673 \ + --hash=sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54 \ + --hash=sha256:d858aa552c999bc8a8d57426ed01e40bef403cd8ccdd0fc5f6f04a00414cac2a \ + --hash=sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b \ + --hash=sha256:f003ed9ad21d6a4713f0a9b5a7a0a79e08dd0f221aff4525a2be4c346ee60aab \ + --hash=sha256:f22ac1c3cac4dbc50079e965eba2c1058622631e526bd9afd45fedd49ba781fa \ + --hash=sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c \ + --hash=sha256:fca0e3a251908a499833aa292323f32437106001d436eca0e6e7833256674585 \ + --hash=sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d \ + --hash=sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f + # via -r requirements.in requests==2.32.3 \ --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \ --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6 diff --git a/regression-tests.recursor-dnssec/test_FWCatz.py b/regression-tests.recursor-dnssec/test_FWCatz.py new file mode 100644 index 0000000000..f77330e62c --- /dev/null +++ b/regression-tests.recursor-dnssec/test_FWCatz.py @@ -0,0 +1,395 @@ +import dns +import json +import os +import requests +import socket +import struct +import sys +import threading +import time +import yaml + +from recursortests import RecursorTest + +class FWCatzServer(object): + + def __init__(self, port): + self._currentSerial = 0 + self._targetSerial = 1 + self._serverPort = port + listener = threading.Thread(name='FWCatz Listener', target=self._listener, args=[]) + listener.daemon = True + listener.start() + + def getCurrentSerial(self): + return self._currentSerial + + def moveToSerial(self, newSerial): + if newSerial == self._currentSerial: + return False + + if newSerial != self._currentSerial + 1: + raise AssertionError("Asking the FWCatz server to serve serial %d, already serving %d" % (newSerial, self._currentSerial)) + self._targetSerial = newSerial + return True + + def _getAnswer(self, message): + + response = dns.message.make_response(message) + records = [] + + if message.question[0].rdtype == dns.rdatatype.AXFR: + if self._currentSerial != 0: + print('Received an AXFR query but IXFR expected because the current serial is %d' % (self._currentSerial)) + return (None, self._currentSerial) + + newSerial = self._targetSerial + records = [ + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('version.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.TXT, '2'), + dns.rrset.from_text('a.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'a.'), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial) + ] + + elif message.question[0].rdtype == dns.rdatatype.IXFR: + oldSerial = message.authority[0][0].serial + + # special case for the 9th update, which might get skipped + if oldSerial != self._currentSerial and self._currentSerial != 9: + print('Received an IXFR query with an unexpected serial %d, expected %d' % (oldSerial, self._currentSerial)) + return (None, self._currentSerial) + + newSerial = self._targetSerial + if newSerial == 2: + records = [ + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % oldSerial), + # no deletion + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('b.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'b.'), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial) + ] + elif newSerial == 3: + records = [ + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % oldSerial), + dns.rrset.from_text('a.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'a.'), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + # no addition + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial) + ] + elif newSerial == 4: + records = [ + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % oldSerial), + dns.rrset.from_text('b.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'b.'), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('c.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'c.'), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial) + ] + elif newSerial == 5: + # this one is a bit special, we are answering with a full AXFR + records = [ + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('version.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.TXT, '2'), + dns.rrset.from_text('d.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'd.'), + dns.rrset.from_text('e.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'e.'), + dns.rrset.from_text('f.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'f.'), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial) + ] + elif newSerial == 6: + # back to IXFR + records = [ + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % oldSerial), + dns.rrset.from_text('d.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'd.'), + dns.rrset.from_text('e.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'e.'), + dns.rrset.from_text('f.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'f.'), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('e.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'ee.'), + dns.rrset.from_text('group.e.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.TXT, 'GROUP'), + dns.rrset.from_text('f.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'ff.'), + dns.rrset.from_text('g.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'gg.'), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial) + ] + elif newSerial == 7: + records = [ + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % oldSerial), + dns.rrset.from_text('e.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'ee.'), + dns.rrset.from_text('group.e.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.TXT, 'GROUP'), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('e.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'e.'), + dns.rrset.from_text('f.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'f.'), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial) + ] + elif newSerial == 8: + # this one is a bit special too, we are answering with a full AXFR and the new zone is empty + records = [ + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('version.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.TXT, '2'), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial) + ] + elif newSerial == 9: + # IXFR inserting a duplicate, we should not crash and skip it + records = [ + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % oldSerial), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('version.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.TXT, '2'), + dns.rrset.from_text('dup1.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'dup.'), + dns.rrset.from_text('dup2.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'dup.'), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial) + ] + elif newSerial == 10: + # full AXFR to make sure we are removing the duplicate, adding a record, to check that the update was correctly applied + records = [ + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('version.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.TXT, '2'), + dns.rrset.from_text('f.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'f.'), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial) + ] + elif newSerial == 11: + # IXFR with two deltas, the first one adding a 'g' and the second one removing 'f' + records = [ + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % (newSerial + 1)), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % oldSerial), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('g.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'g.'), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % newSerial), + dns.rrset.from_text('f.zones.forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.PTR, 'f.'), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % (newSerial + 1)), + dns.rrset.from_text('forward.catz.', 60, dns.rdataclass.IN, dns.rdatatype.SOA, 'ns.forward.catz. hostmaster.forward.catz. %d 3600 3600 3600 1' % (newSerial + 1)), + ] + # this one has two updates in one + newSerial = newSerial + 1 + self._targetSerial = self._targetSerial + 1 + + response.answer = records + return (newSerial, response) + + def _connectionHandler(self, conn): + data = None + while True: + data = conn.recv(2) + if not data: + break + (datalen,) = struct.unpack("!H", data) + data = conn.recv(datalen) + if not data: + break + + message = dns.message.from_wire(data) + if len(message.question) != 1: + print('Invalid FWCatz query, qdcount is %d' % (len(message.question))) + break + if not message.question[0].rdtype in [dns.rdatatype.AXFR, dns.rdatatype.IXFR]: + print('Invalid FWCatz query, qtype is %d' % (message.question.rdtype)) + break + (serial, answer) = self._getAnswer(message) + if not answer: + print('Unable to get a response for %s %d' % (message.question[0].name, message.question[0].rdtype)) + break + + wire = answer.to_wire() + lenprefix = struct.pack("!H", len(wire)) + + for b in lenprefix: + conn.send(bytes([b])) + time.sleep(0.5) + + conn.send(wire) + self._currentSerial = serial + break + + conn.close() + + def _listener(self): + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1) + try: + sock.bind(("127.0.0.1", self._serverPort)) + except socket.error as e: + print("Error binding in the FWCatz listener: %s" % str(e)) + sys.exit(1) + + sock.listen(100) + while True: + try: + (conn, _) = sock.accept() + thread = threading.Thread(name='FWCatz Connection Handler', + target=self._connectionHandler, + args=[conn]) + thread.daemon = True + thread.start() + + except socket.error as e: + print('Error in FWCatz socket: %s' % str(e)) + sock.close() + +fwCatzServerPort = 4250 +fwCatzServer = FWCatzServer(fwCatzServerPort) + +class FWCatzXFRRecursorTest(RecursorTest): + """ + This test makes sure that we correctly update FW cat zones via AXFR then IXFR + """ + + global fwCatzServerPort + _confdir = 'FWCatzXFRRecursor' + _wsPort = 8042 + _wsTimeout = 2 + _wsPassword = 'secretpassword' + _apiKey = 'secretapikey' + _config_template = """ +logging: + loglevel: 7 +webservice: + webserver: true + port: %d + address: 127.0.0.1 + password: %s + api_key: %s + api_dir: configs/%s +packetcache: + disable: true +incoming: + allow_notify_from: [127.0.0.0/8] +recursor: + forwarding_catalog_zones: + - zone: forward.catz + xfr: + # The first server is a bogus one, to test that we correctly fail over to the second one + addresses: [127.0.0.1:9999, 127.0.0.1:%d] + refresh: 1 + notify_allowed: true + groups: + - name: '' + forwarders: [1.2.3.4] + - name: 'GROUP' + forwarders: [4.5.6.7] + notify_allowed: true + recurse: true +""" % (_wsPort, _wsPassword, _apiKey, _confdir, fwCatzServerPort) + + _xfrDone = 0 + + @classmethod + def generateRecursorConfig(cls, confdir): + super(FWCatzXFRRecursorTest, cls).generateRecursorYamlConfig(confdir, False) + + def sendNotify(self): + notify = dns.message.make_query('forward.catz', 'SOA', want_dnssec=False) + notify.set_opcode(4) # notify + res = self.sendUDPQuery(notify) + self.assertRcodeEqual(res, dns.rcode.NOERROR) + self.assertEqual(res.opcode(), 4) + self.assertEqual(res.question[0].to_text(), 'forward.catz. IN SOA') + + def checkForwards(self, expected): + with open('configs/' + self._confdir + '/catzone.forward.catz.') as file: + reality = yaml.safe_load(file); + self.assertEqual(expected, reality) + + def waitUntilCorrectSerialIsLoaded(self, serial, timeout=5): + global fwCatzServer + + fwCatzServer.moveToSerial(serial) + + attempts = 0 + while attempts < timeout: + currentSerial = fwCatzServer.getCurrentSerial() + if currentSerial > serial: + raise AssertionError("Expected serial %d, got %d" % (serial, currentSerial)) + if currentSerial == serial: + self._xfrDone = self._xfrDone + 1 + return + + attempts = attempts + 1 + time.sleep(1) + + raise AssertionError("Waited %d seconds for the serial to be updated to %d but the serial is still %d" % (timeout, serial, currentSerial)) + + def testFWCatz(self): + # Fresh catz does not need a notify + self.waitForTCPSocket("127.0.0.1", self._wsPort) + # first zone + self.waitUntilCorrectSerialIsLoaded(1) + self.checkForwards({'forward_zones': [ + {'zone': 'a.', 'forwarders': ['1.2.3.4']} + ]}) + + # second zone + self.sendNotify() + self.waitUntilCorrectSerialIsLoaded(2) + self.checkForwards({'forward_zones': [ + {'zone': 'a.', 'forwarders': ['1.2.3.4']}, + {'zone': 'b.', 'forwarders': ['1.2.3.4']} + ]}) + + # third zone + self.sendNotify() + self.waitUntilCorrectSerialIsLoaded(3) + self.checkForwards({'forward_zones': [ + {'zone': 'b.', 'forwarders': ['1.2.3.4']} + ]}) + + # fourth zone + self.sendNotify() + self.waitUntilCorrectSerialIsLoaded(4) + self.checkForwards({'forward_zones': [ + {'zone': 'c.', 'forwarders': ['1.2.3.4']} + ]}) + + # fifth zone, we should get a full AXFR this time + self.sendNotify() + self.waitUntilCorrectSerialIsLoaded(5) + self.checkForwards({'forward_zones': [ + {'zone': 'd.', 'forwarders': ['1.2.3.4']}, + {'zone': 'e.', 'forwarders': ['1.2.3.4']}, + {'zone': 'f.', 'forwarders': ['1.2.3.4']} + ]}) + + # sixth zone + self.sendNotify() + self.waitUntilCorrectSerialIsLoaded(6) + self.checkForwards({'forward_zones': [ + {'zone': 'ee.', 'forwarders': ['4.5.6.7'], 'notify_allowed': True, 'recurse': True}, + {'zone': 'ff.', 'forwarders': ['1.2.3.4']}, + {'zone': 'gg.', 'forwarders': ['1.2.3.4']} + ]}) + + # seventh zone + self.sendNotify() + self.waitUntilCorrectSerialIsLoaded(7) + self.checkForwards({'forward_zones': [ + {'zone': 'e.', 'forwarders': ['1.2.3.4']}, + {'zone': 'ff.', 'forwarders': ['1.2.3.4']}, + {'zone': 'f.', 'forwarders': ['1.2.3.4']}, + {'zone': 'gg.', 'forwarders': ['1.2.3.4']} + ]}) + + # eighth zone, all entries should be gone + self.sendNotify() + self.waitUntilCorrectSerialIsLoaded(8) + self.checkForwards({}) + + # 9th zone has a duplicate, it gets skipped + global fwCatzServer + fwCatzServer.moveToSerial(9) + self.sendNotify() + time.sleep(3) + self.sendNotify() + self.waitUntilCorrectSerialIsLoaded(10) + + # the next update will update the zone twice + fwCatzServer.moveToSerial(11) + self.sendNotify() + time.sleep(3) + self.sendNotify() + self.waitUntilCorrectSerialIsLoaded(12) + self.checkForwards({'forward_zones': [ + {'zone': 'g.', 'forwarders': ['1.2.3.4']} + ]}) + +