mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-22 07:07:08 +00:00
184 lines
5.7 KiB
Plaintext
184 lines
5.7 KiB
Plaintext
# #-- ratelimit.test --#
|
|
# source the master var file when it's there
|
|
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
|
# use .tpkg.var.test for in test variable passing
|
|
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
|
|
|
PRE="../.."
|
|
. ../common.sh
|
|
|
|
get_make
|
|
(cd $PRE; $MAKE streamtcp)
|
|
|
|
# These tests rely on second time precision. To combat false negatives the
|
|
# tests run multiple times and we allow 1/3 of the runs to fail.
|
|
total_runs=6
|
|
success_threshold=4 # 2/3*total_runs
|
|
|
|
successes=0
|
|
echo "> Three parallel queries"
|
|
# For this test we send three parallel queries and we expect only one of them
|
|
# to be allowed through each second.
|
|
for i in $(seq 1 $total_runs); do
|
|
$PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1
|
|
if test "$?" -ne 0; then
|
|
echo "exit status not OK"
|
|
echo "> cat logfiles"
|
|
cat outfile
|
|
cat unbound.log
|
|
echo "Not OK"
|
|
exit 1
|
|
fi
|
|
cat outfile
|
|
if test `grep "rcode: SERVFAIL" outfile | wc -l` -eq 2; then
|
|
((successes++))
|
|
fi
|
|
# We don't have to wait for all the runs to complete if we know
|
|
# we passed the threshold.
|
|
if test $successes -ge $success_threshold; then
|
|
break
|
|
fi
|
|
sleep 1
|
|
done
|
|
if test $successes -ge $success_threshold; then
|
|
echo "Number of ratelimited queries OK for three parallel queries"
|
|
else
|
|
echo "Number of ratelimited queries not OK for three parallel queries"
|
|
echo "> cat logfiles"
|
|
cat outfile
|
|
cat unbound.log
|
|
echo "Number of ratelimited queries not OK for three parallel queries"
|
|
exit 1
|
|
fi
|
|
|
|
echo "> Activating ratelimit-factor"
|
|
echo "$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 3"
|
|
$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 3
|
|
if test $? -ne 0; then
|
|
echo "wrong exit value after success"
|
|
exit 1
|
|
fi
|
|
|
|
slipped_through=0
|
|
echo "> Three parallel queries with ratelimit-factor"
|
|
# For this test we send three parallel queries and we expect at least two of
|
|
# them to be allowed through at a given second; one from the ratelimit itself
|
|
# and one from the ratelimit-factor.
|
|
for i in {1..10}; do
|
|
$PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1
|
|
if test "$?" -ne 0; then
|
|
echo "exit status not OK"
|
|
echo "> cat logfiles"
|
|
cat outfile
|
|
cat unbound.log
|
|
echo "Not OK"
|
|
exit 1
|
|
fi
|
|
cat outfile
|
|
if test `grep "rcode: SERVFAIL" outfile | wc -l` -lt 2; then
|
|
slipped_through=1
|
|
break
|
|
fi
|
|
sleep 2
|
|
done
|
|
if test $slipped_through -eq 0; then
|
|
echo "ratelimit-factor did not work"
|
|
echo "> cat logfiles"
|
|
cat outfile
|
|
cat unbound.log
|
|
echo "ratelimit-factor did not work"
|
|
exit 1
|
|
fi
|
|
echo "ratelimit-factor OK"
|
|
|
|
echo "> Disabling ratelimit-factor"
|
|
echo "$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 0"
|
|
$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 0
|
|
if test $? -ne 0; then
|
|
echo "wrong exit value after success"
|
|
exit 1
|
|
fi
|
|
echo "> Activating ratelimit-backoff"
|
|
echo "$PRE/unbound-control -c ub.conf set_option ratelimit-backoff: yes"
|
|
$PRE/unbound-control -c ub.conf set_option ratelimit-backoff: yes
|
|
if test $? -ne 0; then
|
|
echo "wrong exit value after success"
|
|
exit 1
|
|
fi
|
|
|
|
successes=0
|
|
echo "> Three parallel queries with backoff"
|
|
# For this test we send three parallel queries. The ratelimit should be reached
|
|
# for that second. Then for the next second we again send three parallel
|
|
# queries and we expect none of them to be allowed through because of the
|
|
# backoff logic that keeps rolling the RATE_WINDOW based on demand.
|
|
for i in $(seq 1 $total_runs); do
|
|
$PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1
|
|
if test "$?" -ne 0; then
|
|
echo "exit status not OK"
|
|
echo "> cat logfiles"
|
|
cat outfile
|
|
cat unbound.log
|
|
echo "Not OK"
|
|
exit 1
|
|
fi
|
|
sleep 1 # Limit is reached; it should also be active for the next second
|
|
$PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1
|
|
if test "$?" -ne 0; then
|
|
echo "exit status not OK"
|
|
echo "> cat logfiles"
|
|
cat outfile
|
|
cat unbound.log
|
|
echo "Not OK"
|
|
exit 1
|
|
fi
|
|
cat outfile
|
|
if test `grep "rcode: SERVFAIL" outfile | wc -l` -eq 3; then
|
|
((successes++))
|
|
fi
|
|
# We don't have to wait for all the runs to complete if we know
|
|
# we passed the threshold.
|
|
if test $successes -ge $success_threshold; then
|
|
break
|
|
fi
|
|
done
|
|
|
|
if test $successes -ge $success_threshold; then
|
|
echo "three parallel queries with backoff OK"
|
|
else
|
|
echo "Number of ratelimited queries not OK for three parallel queries with backoff"
|
|
echo "> cat logfiles"
|
|
cat outfile
|
|
cat unbound.log
|
|
echo "Number of ratelimited queries not OK for three parallel queries with backoff"
|
|
exit 1
|
|
fi
|
|
|
|
echo "> Three parallel queries after backoff RATE_WINDOW"
|
|
sleep 3 # Make sure the RATE_WINDOW is renewed
|
|
# For this test we make three parallel queries after the RATE_WINDOW has passed
|
|
# without any new demand and we expect at least one query to pass through. This
|
|
# is to check that the backoff logic does not insist on past (outside of
|
|
# RATE_WINDOW) limits.
|
|
$PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1
|
|
if test "$?" -ne 0; then
|
|
echo "exit status not OK"
|
|
echo "> cat logfiles"
|
|
cat outfile
|
|
cat unbound.log
|
|
echo "Not OK"
|
|
exit 1
|
|
fi
|
|
cat outfile
|
|
if test `grep "rcode: NOERROR" outfile | wc -l` -gt 0; then
|
|
echo "Number of ratelimited queries OK for three parallel queries after backoff RATE_WINDOW"
|
|
else
|
|
echo "Number of ratelimited queries not OK for three parallel queries after backoff RATE_WINDOW"
|
|
echo "> cat logfiles"
|
|
cat outfile
|
|
cat unbound.log
|
|
echo "Number of ratelimited queries not OK for three parallel queries after backoff RATE_WINDOW"
|
|
exit 1
|
|
fi
|
|
exit 0
|