Home | History | Annotate | Line # | Download | only in padding 
      1 #!/bin/sh
      2 
      3 # Copyright (C) Internet Systems Consortium, Inc. ("ISC")
      4 #
      5 # SPDX-License-Identifier: MPL-2.0
      6 #
      7 # This Source Code Form is subject to the terms of the Mozilla Public
      8 # License, v. 2.0.  If a copy of the MPL was not distributed with this
      9 # file, you can obtain one at https://mozilla.org/MPL/2.0/.
     10 #
     11 # See the COPYRIGHT file distributed with this work for additional
     12 # information regarding copyright ownership.
     13 
     14 set -e
     15 
     16 . ../conf.sh
     17 
     18 n=0
     19 status=0
     20 
     21 DIGOPTS="-p ${PORT}"
     22 RNDCCMD="$RNDC -c ../_common/rndc.conf -p ${CONTROLPORT} -s"
     23 
     24 getcookie() {
     25   awk '$2 == "COOKIE:" {
     26 		print $3;
     27 	}' <$1
     28 }
     29 
     30 echo_i "checking that dig handles padding ($n)"
     31 ret=0
     32 n=$((n + 1))
     33 $DIG $DIGOPTS +qr +padding=128 foo.example @10.53.0.2 >dig.out.test$n || ret=1
     34 grep "; PAD" dig.out.test$n >/dev/null || ret=1
     35 grep "; QUERY SIZE: 128" dig.out.test$n >/dev/null || ret=1
     36 if [ $ret != 0 ]; then echo_i "failed"; fi
     37 status=$((status + ret))
     38 
     39 echo_i "checking that dig added padding ($n)"
     40 ret=0
     41 n=$((n + 1))
     42 nextpart ns2/named.stats >/dev/null
     43 $RNDCCMD 10.53.0.2 stats
     44 wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1
     45 nextpart ns2/named.stats | grep "EDNS padding option received" >/dev/null || ret=1
     46 
     47 if [ $ret != 0 ]; then echo_i "failed"; fi
     48 status=$((status + ret))
     49 
     50 echo_i "checking that padding is added for TCP responses ($n)"
     51 ret=0
     52 n=$((n + 1))
     53 $DIG $DIGOPTS +vc +padding=128 foo.example @10.53.0.2 >dig.out.test$n || ret=1
     54 grep "; PAD" dig.out.test$n >/dev/null || ret=1
     55 grep "rcvd: 128" dig.out.test$n >/dev/null || ret=1
     56 if [ $ret != 0 ]; then echo_i "failed"; fi
     57 status=$((status + ret))
     58 
     59 echo_i "checking that padding is added to valid cookie responses ($n)"
     60 ret=0
     61 n=$((n + 1))
     62 $DIG $DIGOPTS +cookie foo.example @10.53.0.2 >dig.out.testc || ret=1
     63 cookie=$(getcookie dig.out.testc)
     64 $DIG $DIGOPTS +cookie=$cookie +padding=128 foo.example @10.53.0.2 >dig.out.test$n || ret=1
     65 grep "; PAD" dig.out.test$n >/dev/null || ret=1
     66 grep "rcvd: 128" dig.out.test$n >/dev/null || ret=1
     67 if [ $ret != 0 ]; then echo_i "failed"; fi
     68 status=$((status + ret))
     69 
     70 echo_i "checking that padding must be requested (TCP) ($n)"
     71 ret=0
     72 n=$((n + 1))
     73 $DIG $DIGOPTS +vc foo.example @10.53.0.2 >dig.out.test$n || ret=1
     74 grep "; PAD" dig.out.test$n >/dev/null && ret=1
     75 if [ $ret != 0 ]; then echo_i "failed"; fi
     76 status=$((status + ret))
     77 
     78 echo_i "checking that padding must be requested (valid cookie) ($n)"
     79 ret=0
     80 n=$((n + 1))
     81 $DIG $DIGOPTS +cookie=$cookie foo.example @10.53.0.2 >dig.out.test$n || ret=1
     82 grep "; PAD" dig.out.test$n >/dev/null && ret=1
     83 if [ $ret != 0 ]; then echo_i "failed"; fi
     84 status=$((status + ret))
     85 
     86 echo_i "checking that padding can be filtered out ($n)"
     87 ret=0
     88 n=$((n + 1))
     89 $DIG $DIGOPTS +vc +padding=128 -b 10.53.0.8 foo.example @10.53.0.2 >dig.out.test$n || ret=1
     90 grep "; PAD" dig.out.test$n >/dev/null && ret=1
     91 if [ $ret != 0 ]; then echo_i "failed"; fi
     92 status=$((status + ret))
     93 
     94 echo_i "checking that a TCP and padding server config enables padding ($n)"
     95 ret=0
     96 n=$((n + 1))
     97 nextpart ns2/named.stats >/dev/null
     98 $RNDCCMD 10.53.0.2 stats
     99 wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1
    100 opad=$(nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}')
    101 $DIG $DIGOPTS foo.example @10.53.0.3 >dig.out.test$n || ret=1
    102 $RNDCCMD 10.53.0.2 stats
    103 wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1
    104 npad=$(nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}')
    105 if [ "$opad" -eq "$npad" ]; then
    106   echo_i "error: opad ($opad) == npad ($npad)"
    107   ret=1
    108 fi
    109 if [ $ret != 0 ]; then echo_i "failed"; fi
    110 status=$((status + ret))
    111 
    112 echo_i "checking that a padding server config should enforce TCP ($n)"
    113 ret=0
    114 n=$((n + 1))
    115 nextpart ns2/named.stats >/dev/null
    116 $RNDCCMD 10.53.0.2 stats
    117 wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1
    118 opad=$(nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}')
    119 $DIG $DIGOPTS foo.example @10.53.0.4 >dig.out.test$n || ret=1
    120 $RNDCCMD 10.53.0.2 stats
    121 wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1
    122 npad=$(nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}')
    123 if [ "$opad" -ne "$npad" ]; then
    124   echo_i "error: opad ($opad) != npad ($npad)"
    125   ret=1
    126 fi
    127 if [ $ret != 0 ]; then echo_i "failed"; fi
    128 status=$((status + ret))
    129 
    130 echo_i "checking that zero-length padding option has no effect ($n)"
    131 ret=0
    132 n=$((n + 1))
    133 $DIG $DIGOPTS +qr +ednsopt=12 foo.example @10.53.0.2 >dig.out.test$n.1 || ret=1
    134 grep "; PAD" dig.out.test$n.1 >/dev/null || ret=1
    135 $DIG $DIGOPTS +qr +ednsopt=12:00 foo.example @10.53.0.2 >dig.out.test$n.2 || ret=1
    136 grep "; PAD" dig.out.test$n.2 >/dev/null || ret=1
    137 if [ $ret != 0 ]; then echo_i "failed"; fi
    138 status=$((status + ret))
    139 
    140 echo_i "exit status: $status"
    141 [ $status -eq 0 ] || exit 1
    142