1 # #-- ip_ratelimit.test --#
2 # source the master var file when it's there
3 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
4 # use .tpkg.var.test for in test variable passing
5 [ -f .tpkg.var.test ] && source .tpkg.var.test
11 (cd $PRE; $MAKE streamtcp)
13 # These tests rely on second time precision. To combat false negatives the
14 # tests run multiple times and we allow 1/3 of the runs to fail.
16 success_threshold=4 # 2/3*total_runs
18 if dig -h 2>&1 | grep "cookie" >/dev/null; then
24 echo "> First get a valid cookie"
25 dig @127.0.0.1 -p $UNBOUND_PORT +ednsopt=10:0102030405060708 $nocookie +tcp +retry=0 +time=1 test. TXT >outfile 2>&1
26 if test "$?" -ne 0; then
27 echo "exit status not OK"
34 if test `grep "COOKIE: " outfile | wc -l` -ne 1; then
35 echo "Could not get cookie"
42 cookie=`grep "COOKIE: " outfile | cut -d ' ' -f 3`
45 echo "> Three parallel queries with backoff and cookie"
46 # For this test we send three parallel queries. The ratelimit should be reached
47 # for that second. We send a query to verify that there is no reply.
48 # Then for the next second we again send three parallel queries and we expect
49 # none of them to be allowed through because of the backoff logic that keeps
50 # rolling the RATE_WINDOW based on demand.
51 # Again we send another query but with a valid cookie and we expect to receive
53 for i in $(seq 1 $total_runs); do
55 $PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1
56 if test "$?" -ne 0; then
57 echo "exit status not OK"
64 # Expect no answer because of limit
65 dig @127.0.0.1 -p $UNBOUND_PORT $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1
66 if test "$?" -eq 0; then
70 $PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1
71 if test "$?" -ne 0; then
72 echo "exit status not OK"
79 # Expect answer because of DNS cookie
80 dig @127.0.0.1 -p $UNBOUND_PORT +ednsopt=10:$cookie $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1
81 if test "$?" -ne 0; then
85 # We don't have to wait for all the runs to complete if we know
86 # we passed the threshold.
87 if test $successes -ge $success_threshold; then
92 if test $successes -ge $success_threshold; then
93 echo "Three parallel queries with backoff and cookie OK"
95 echo "Three parallel queries with backoff and cookie NOT OK"
99 echo "Three parallel queries with backoff and cookie NOT OK"
103 echo "> Activating ip-ratelimit-cookie"
104 echo "$PRE/unbound-control -c ub.conf set_option ip-ratelimit-cookie: 1"
105 $PRE/unbound-control -c ub.conf set_option ip-ratelimit-cookie: 1
106 if test $? -ne 0; then
107 echo "wrong exit value after success"
112 echo "> Three parallel queries with backoff and cookie with ip-ratelimit-cookie"
113 # This is the exact same test as above with the exception that we don't expect
114 # an answer on the last query because ip-ratelimit-cookie is now enabled.
115 for i in $(seq 1 $total_runs); do
117 $PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1
118 if test "$?" -ne 0; then
119 echo "exit status not OK"
120 echo "> cat logfiles"
126 # Expect no answer because of limit
127 dig @127.0.0.1 -p $UNBOUND_PORT $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1
128 if test "$?" -eq 0; then
132 $PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1
133 if test "$?" -ne 0; then
134 echo "exit status not OK"
135 echo "> cat logfiles"
141 # Expect no answer because of ip-ratelimit-cookie
142 dig @127.0.0.1 -p $UNBOUND_PORT +ednsopt=10:$cookie $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1
143 if test "$?" -eq 0; then
147 # We don't have to wait for all the runs to complete if we know
148 # we passed the threshold.
149 if test $successes -ge $success_threshold; then
154 if test $successes -ge $success_threshold; then
155 echo "Three parallel queries with backoff and cookie with ip-ratelimit-cookie OK"
157 echo "Three parallel queries with backoff and cookie with ip-ratelimit-cookie NOT OK"
158 echo "> cat logfiles"
161 echo "Three parallel queries with backoff and cookie with ip-ratelimit-cookie NOT OK"