From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Wed, 24 Mar 2021 10:27:15 +0000 (+0100)
Subject: dnsdist: Add regression tests for the number of conns per frontend
X-Git-Tag: rec-4.6.0-alpha0~1^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d4d57f5630f0e3495e60410c9a3a0883ae0d6ea1;p=thirdparty%2Fpdns.git

dnsdist: Add regression tests for the number of conns per frontend
---

diff --git a/regression-tests.dnsdist/test_DOH.py b/regression-tests.dnsdist/test_DOH.py
index 861c3983ca..0c89e56d15 100644
--- a/regression-tests.dnsdist/test_DOH.py
+++ b/regression-tests.dnsdist/test_DOH.py
@@ -1136,3 +1136,69 @@ class TestDOHForwardedForNoTrusted(DNSDistDOHTest):
 
         self.assertEquals(self._rcode, 403)
         self.assertEquals(receivedResponse, b'dns query not allowed because of ACL')
+
+class TestDOHFrontendLimits(DNSDistDOHTest):
+
+    # this test suite uses a different responder port
+    # because it uses a different health check configuration
+    _testServerPort = 5395
+    _answerUnexpected = True
+
+    _serverKey = 'server.key'
+    _serverCert = 'server.chain'
+    _serverName = 'tls.tests.dnsdist.org'
+    _caCert = 'ca.pem'
+    _dohServerPort = 8443
+    _dohBaseURL = ("https://%s:%d/" % (_serverName, _dohServerPort))
+
+    _skipListeningOnCL = True
+    _maxTCPConnsPerDOHFrontend = 5
+    _config_template = """
+    newServer{address="127.0.0.1:%s"}
+    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, { maxConcurrentTCPConnections=%d })
+    """
+    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_maxTCPConnsPerDOHFrontend']
+    _verboseMode = True
+
+    def testTCPConnsPerDOHFrontend(self):
+        """
+        DoH Frontend Limits: Maximum number of conns per DoH frontend
+        """
+        name = 'maxconnsperfrontend.doh.tests.powerdns.com.'
+        query = b"GET / HTTP/1.0\r\n\r\n"
+        conns = []
+
+        for idx in range(self._maxTCPConnsPerDOHFrontend + 1):
+            try:
+                conns.append(self.openTLSConnection(self._dohServerPort, self._serverName, self._caCert))
+            except:
+                conns.append(None)
+
+        count = 0
+        failed = 0
+        for conn in conns:
+            if not conn:
+                failed = failed + 1
+                continue
+
+            try:
+                conn.send(query)
+                response = conn.recv(65535)
+                if response:
+                    count = count + 1
+                else:
+                    failed = failed + 1
+            except:
+                failed = failed + 1
+
+        for conn in conns:
+            if conn:
+                conn.close()
+
+        # wait a bit to be sure that dnsdist closed the connections
+        # and decremented the counters on its side, otherwise subsequent
+        # connections will be dropped
+        time.sleep(1)
+
+        self.assertEqual(count, self._maxTCPConnsPerDOHFrontend)
+        self.assertEqual(failed, 1)
diff --git a/regression-tests.dnsdist/test_TCPLimits.py b/regression-tests.dnsdist/test_TCPLimits.py
index 17bc9a5fb1..32250f937b 100644
--- a/regression-tests.dnsdist/test_TCPLimits.py
+++ b/regression-tests.dnsdist/test_TCPLimits.py
@@ -129,3 +129,55 @@ class TestTCPLimits(DNSDistTest):
         self.assertAlmostEquals(end - start, self._maxTCPConnDuration, delta=2)
 
         conn.close()
+
+class TestTCPFrontendLimits(DNSDistTest):
+
+    # this test suite uses a different responder port
+    # because it uses a different health check configuration
+    _testServerPort = 5395
+    _answerUnexpected = True
+
+    _skipListeningOnCL = True
+    _tcpIdleTimeout = 2
+    _maxTCPConnsPerFrontend = 10
+    _config_template = """
+    newServer{address="127.0.0.1:%s"}
+    setLocal("%s:%d", {maxConcurrentTCPConnections=%d})
+    """
+    _config_params = ['_testServerPort', '_dnsDistListeningAddr', '_dnsDistPort', '_maxTCPConnsPerFrontend']
+    _verboseMode = True
+
+    def testTCPConnsPerFrontend(self):
+        """
+        TCP Frontend Limits: Maximum number of conns per frontend
+        """
+        name = 'maxconnsperfrontend.tcp.tests.powerdns.com.'
+        query = dns.message.make_query(name, 'A', 'IN')
+        conns = []
+
+        for idx in range(self._maxTCPConnsPerFrontend + 1):
+            conns.append(self.openTCPConnection())
+
+        count = 0
+        failed = 0
+        for conn in conns:
+            try:
+                self.sendTCPQueryOverConnection(conn, query)
+                response = self.recvTCPResponseOverConnection(conn)
+                if response:
+                    count = count + 1
+                else:
+                    failed = failed + 1
+            except:
+                failed = failed + 1
+
+        for conn in conns:
+            conn.close()
+
+        # wait a bit to be sure that dnsdist closed the connections
+        # and decremented the counters on its side, otherwise subsequent
+        # connections will be dropped
+        time.sleep(1)
+
+        self.assertEqual(count, self._maxTCPConnsPerFrontend)
+        self.assertEqual(failed, 1)
diff --git a/regression-tests.dnsdist/test_TLS.py b/regression-tests.dnsdist/test_TLS.py
index e0bb572c02..40f0127d7e 100644
--- a/regression-tests.dnsdist/test_TLS.py
+++ b/regression-tests.dnsdist/test_TLS.py
@@ -4,6 +4,7 @@ import dns
 import socket
 import ssl
 import subprocess
+import time
 import unittest
 from dnsdisttests import DNSDistTest
 
@@ -348,3 +349,69 @@ class TestDOTWithCache(DNSDistTest):
             self.sendTCPQueryOverConnection(conn, query, response=None)
             receivedResponse = self.recvTCPResponseOverConnection(conn, useQueue=False)
             self.assertEquals(receivedResponse, response)
+
+class TestTLSFrontendLimits(DNSDistTest):
+
+    # this test suite uses a different responder port
+    # because it uses a different health check configuration
+    _testServerPort = 5395
+    _answerUnexpected = True
+
+    _serverKey = 'server.key'
+    _serverCert = 'server.chain'
+    _serverName = 'tls.tests.dnsdist.org'
+    _caCert = 'ca.pem'
+    _tlsServerPort = 8453
+
+    _skipListeningOnCL = True
+    _tcpIdleTimeout = 2
+    _maxTCPConnsPerTLSFrontend = 5
+    _config_template = """
+    newServer{address="127.0.0.1:%s"}
+    addTLSLocal("127.0.0.1:%s", "%s", "%s", { provider="openssl", maxConcurrentTCPConnections=%d })
+    """
+    _config_params = ['_testServerPort', '_tlsServerPort', '_serverCert', '_serverKey', '_maxTCPConnsPerTLSFrontend']
+    _verboseMode = True
+
+    def testTCPConnsPerTLSFrontend(self):
+        """
+        TLS Frontend Limits: Maximum number of conns per TLS frontend
+        """
+        name = 'maxconnspertlsfrontend.tls.tests.powerdns.com.'
+        query = dns.message.make_query(name, 'A', 'IN')
+        conns = []
+
+        for idx in range(self._maxTCPConnsPerTLSFrontend + 1):
+            try:
+                conns.append(self.openTLSConnection(self._tlsServerPort, self._serverName, self._caCert))
+            except:
+                conns.append(None)
+
+        count = 0
+        failed = 0
+        for conn in conns:
+            if not conn:
+                failed = failed + 1
+                continue
+
+            try:
+                self.sendTCPQueryOverConnection(conn, query)
+                response = self.recvTCPResponseOverConnection(conn)
+                if response:
+                    count = count + 1
+                else:
+                    failed = failed + 1
+            except:
+                failed = failed + 1
+
+        for conn in conns:
+            if conn:
+                conn.close()
+
+        # wait a bit to be sure that dnsdist closed the connections
+        # and decremented the counters on its side, otherwise subsequent
+        # connections will be dropped
+        time.sleep(1)
+
+        self.assertEqual(count, self._maxTCPConnsPerTLSFrontend)
+        self.assertEqual(failed, 1)