1# #-- ratelimit.test --# 2# source the master var file when it's there 3[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master 4# use .tpkg.var.test for in test variable passing 5[ -f .tpkg.var.test ] && source .tpkg.var.test 6 7PRE="../.." 8. ../common.sh 9 10get_make 11(cd $PRE; $MAKE streamtcp) 12 13# These tests rely on second time precision. To combat false negatives the 14# tests run multiple times and we allow 1/3 of the runs to fail. 15total_runs=6 16success_threshold=4 # 2/3*total_runs 17 18successes=0 19echo "> Three parallel queries" 20# For this test we send three parallel queries and we expect only one of them 21# to be allowed through each second. 22for i in $(seq 1 $total_runs); do 23 $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1 24 if test "$?" -ne 0; then 25 echo "exit status not OK" 26 echo "> cat logfiles" 27 cat outfile 28 cat unbound.log 29 echo "Not OK" 30 exit 1 31 fi 32 cat outfile 33 if test `grep "rcode: SERVFAIL" outfile | wc -l` -eq 2; then 34 ((successes++)) 35 fi 36 # We don't have to wait for all the runs to complete if we know 37 # we passed the threshold. 38 if test $successes -ge $success_threshold; then 39 break 40 fi 41 sleep 1 42done 43if test $successes -ge $success_threshold; then 44 echo "Number of ratelimited queries OK for three parallel queries" 45else 46 echo "Number of ratelimited queries not OK for three parallel queries" 47 echo "> cat logfiles" 48 cat outfile 49 cat unbound.log 50 echo "Number of ratelimited queries not OK for three parallel queries" 51 exit 1 52fi 53 54echo "> Activating ratelimit-factor" 55echo "$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 3" 56$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 3 57if test $? -ne 0; then 58 echo "wrong exit value after success" 59 exit 1 60fi 61 62slipped_through=0 63echo "> Three parallel queries with ratelimit-factor" 64# For this test we send three parallel queries and we expect at least two of 65# them to be allowed through at a given second; one from the ratelimit itself 66# and one from the ratelimit-factor. 67for i in {1..10}; do 68 $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1 69 if test "$?" -ne 0; then 70 echo "exit status not OK" 71 echo "> cat logfiles" 72 cat outfile 73 cat unbound.log 74 echo "Not OK" 75 exit 1 76 fi 77 cat outfile 78 if test `grep "rcode: SERVFAIL" outfile | wc -l` -lt 2; then 79 slipped_through=1 80 break 81 fi 82 sleep 2 83done 84if test $slipped_through -eq 0; then 85 echo "ratelimit-factor did not work" 86 echo "> cat logfiles" 87 cat outfile 88 cat unbound.log 89 echo "ratelimit-factor did not work" 90 exit 1 91fi 92echo "ratelimit-factor OK" 93 94echo "> Disabling ratelimit-factor" 95echo "$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 0" 96$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 0 97if test $? -ne 0; then 98 echo "wrong exit value after success" 99 exit 1 100fi 101echo "> Activating ratelimit-backoff" 102echo "$PRE/unbound-control -c ub.conf set_option ratelimit-backoff: yes" 103$PRE/unbound-control -c ub.conf set_option ratelimit-backoff: yes 104if test $? -ne 0; then 105 echo "wrong exit value after success" 106 exit 1 107fi 108 109successes=0 110echo "> Three parallel queries with backoff" 111# For this test we send three parallel queries. The ratelimit should be reached 112# for that second. Then for the next second we again send three parallel 113# queries and we expect none of them to be allowed through because of the 114# backoff logic that keeps rolling the RATE_WINDOW based on demand. 115for i in $(seq 1 $total_runs); do 116 $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1 117 if test "$?" -ne 0; then 118 echo "exit status not OK" 119 echo "> cat logfiles" 120 cat outfile 121 cat unbound.log 122 echo "Not OK" 123 exit 1 124 fi 125 sleep 1 # Limit is reached; it should also be active for the next second 126 $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1 127 if test "$?" -ne 0; then 128 echo "exit status not OK" 129 echo "> cat logfiles" 130 cat outfile 131 cat unbound.log 132 echo "Not OK" 133 exit 1 134 fi 135 cat outfile 136 if test `grep "rcode: SERVFAIL" outfile | wc -l` -eq 3; then 137 ((successes++)) 138 fi 139 # We don't have to wait for all the runs to complete if we know 140 # we passed the threshold. 141 if test $successes -ge $success_threshold; then 142 break 143 fi 144done 145 146if test $successes -ge $success_threshold; then 147 echo "three parallel queries with backoff OK" 148else 149 echo "Number of ratelimited queries not OK for three parallel queries with backoff" 150 echo "> cat logfiles" 151 cat outfile 152 cat unbound.log 153 echo "Number of ratelimited queries not OK for three parallel queries with backoff" 154 exit 1 155fi 156 157echo "> Three parallel queries after backoff RATE_WINDOW" 158sleep 3 # Make sure the RATE_WINDOW is renewed 159# For this test we make three parallel queries after the RATE_WINDOW has passed 160# without any new demand and we expect at least one query to pass through. This 161# is to check that the backoff logic does not insist on past (outside of 162# RATE_WINDOW) limits. 163$PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1 164if test "$?" -ne 0; then 165 echo "exit status not OK" 166 echo "> cat logfiles" 167 cat outfile 168 cat unbound.log 169 echo "Not OK" 170 exit 1 171fi 172cat outfile 173if test `grep "rcode: NOERROR" outfile | wc -l` -gt 0; then 174 echo "Number of ratelimited queries OK for three parallel queries after backoff RATE_WINDOW" 175else 176 echo "Number of ratelimited queries not OK for three parallel queries after backoff RATE_WINDOW" 177 echo "> cat logfiles" 178 cat outfile 179 cat unbound.log 180 echo "Number of ratelimited queries not OK for three parallel queries after backoff RATE_WINDOW" 181 exit 1 182fi 183exit 0 184