Browse Source

added a test case for EDNS BADVERS

git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1358 e5f2f494-b856-4b98-b285-d166d9295462
JINMEI Tatuya 15 years ago
parent
commit
75727c97da

+ 20 - 6
src/bin/auth/auth_srv.cc

@@ -70,6 +70,9 @@ public:
     /// so that we can specifically remove that one should the database
     /// file change
     isc::auth::ConstDataSrcPtr cur_datasrc_;
+
+    /// Currently non-configurable, but will be.
+    static const uint16_t DEFAULT_LOCAL_UDPSIZE = 4096;
 };
 
 AuthSrvImpl::AuthSrvImpl() {
@@ -100,7 +103,7 @@ public:
 
 void
 makeErrorMessage(Message& message, MessageRenderer& renderer,
-                 const Rcode& rcode)
+                 const Rcode& rcode, const bool verbose_mode)
 {
     // extract the parameters that should be kept.
     // XXX: with the current implementation, it's not easy to set EDNS0
@@ -120,6 +123,7 @@ makeErrorMessage(Message& message, MessageRenderer& renderer,
     message.setQid(qid);
     message.setOpcode(opcode);
     message.setHeaderFlag(MessageFlag::QR());
+    message.setUDPSize(AuthSrvImpl::DEFAULT_LOCAL_UDPSIZE);
     if (rd) {
         message.setHeaderFlag(MessageFlag::RD());
     }
@@ -129,6 +133,12 @@ makeErrorMessage(Message& message, MessageRenderer& renderer,
     for_each(questions.begin(), questions.end(), QuestionInserter(&message));
     message.setRcode(rcode);
     message.toWire(renderer);
+
+    if (verbose_mode) {
+        cerr << "sending an error response (" <<
+            boost::lexical_cast<string>(renderer.getLength())
+             << " bytes):\n" << message.toText() << endl;
+    }
 }
 }
 
@@ -161,13 +171,15 @@ AuthSrv::processMessage(InputBuffer& request_buffer, Message& message,
             cerr << "returning " <<  error.getRcode().toText() << ": "
                  << error.what() << endl;
         }
-        makeErrorMessage(message, response_renderer, error.getRcode());
+        makeErrorMessage(message, response_renderer, error.getRcode(),
+                         verbose_mode);
         return (true);
     } catch (const Exception& ex) {
         if (verbose_mode) {
             cerr << "returning SERVFAIL: " << ex.what() << endl;
         }
-        makeErrorMessage(message, response_renderer, Rcode::SERVFAIL());
+        makeErrorMessage(message, response_renderer, Rcode::SERVFAIL(),
+                         verbose_mode);
         return (true);
     } // other exceptions will be handled at a higher layer.
 
@@ -182,12 +194,14 @@ AuthSrv::processMessage(InputBuffer& request_buffer, Message& message,
         if (verbose_mode) {
             cerr << "unsupported opcode" << endl;
         }
-        makeErrorMessage(message, response_renderer, Rcode::NOTIMP());
+        makeErrorMessage(message, response_renderer, Rcode::NOTIMP(),
+                         verbose_mode);
         return (true);
     }
 
     if (message.getRRCount(Section::QUESTION()) != 1) {
-        makeErrorMessage(message, response_renderer, Rcode::FORMERR());
+        makeErrorMessage(message, response_renderer, Rcode::FORMERR(),
+                         verbose_mode);
         return (true);
     }
 
@@ -198,7 +212,7 @@ AuthSrv::processMessage(InputBuffer& request_buffer, Message& message,
     message.setHeaderFlag(MessageFlag::AA());
     message.setRcode(Rcode::NOERROR());
     message.setDNSSECSupported(dnssec_ok);
-    message.setUDPSize(4096);   // XXX: hardcoding
+    message.setUDPSize(AuthSrvImpl::DEFAULT_LOCAL_UDPSIZE);
 
     try {
         Query query(message, dnssec_ok);

+ 19 - 3
src/bin/auth/tests/auth_srv_unittest.cc

@@ -182,12 +182,13 @@ TEST_F(AuthSrvTest, shortQuestion) {
 TEST_F(AuthSrvTest, shortAnswer) {
     createDataFromFile("testdata/shortanswer_fromWire");
     EXPECT_EQ(true, server.processMessage(*ibuffer, parse_message,
-                                           response_renderer, true, true));
-    headerCheck(parse_message, default_qid, Rcode::FORMERR(), opcode.getCode(),
-                QR_FLAG, 1, 0, 0, 0);
+                                           response_renderer, true, false));
 
     // This is a bogus query, but question section is valid.  So the response
     // should copy the question section.
+    headerCheck(parse_message, default_qid, Rcode::FORMERR(), opcode.getCode(),
+                QR_FLAG, 1, 0, 0, 0);
+
     QuestionIterator qit = parse_message.beginQuestion();
     EXPECT_EQ(Name("example.com"), (*qit)->getName());
     EXPECT_EQ(RRClass::IN(), (*qit)->getClass());
@@ -196,4 +197,19 @@ TEST_F(AuthSrvTest, shortAnswer) {
     EXPECT_TRUE(qit == parse_message.endQuestion());
 }
 
+// Query with unsupported version of EDNS.
+TEST_F(AuthSrvTest, ednsBadVers) {
+    createDataFromFile("testdata/queryBadEDNS_fromWire");
+    EXPECT_EQ(true, server.processMessage(*ibuffer, parse_message,
+                                           response_renderer, true, false));
+
+    // The response must have an EDNS OPT RR in the additional section.
+    // Note that the DNSSEC DO bit is cleared even if this bit in the query
+    // is set.  This is a limitation of the current implementation.
+    headerCheck(parse_message, default_qid, Rcode::BADVERS(), opcode.getCode(),
+                QR_FLAG, 1, 0, 0, 1);
+    EXPECT_EQ(4096, parse_message.getUDPSize());
+    EXPECT_FALSE(parse_message.isDNSSECSupported());
+}
+
 }

+ 19 - 0
src/bin/auth/tests/testdata/queryBadEDNS_fromWire

@@ -0,0 +1,19 @@
+###
+### This data file was auto-generated from queryBadEDNS_fromWire.spec
+###
+
+# Header Section
+# ID=4149 QR=Query Opcode=QUERY(0) Rcode=NOERROR(0)
+1035 0000
+# QDCNT=1, ANCNT=0, NSCNT=0, ARCNT=1
+0001 0000 0000 0001
+
+# Question Section
+# QNAME=example.com. QTYPE=A(1) QCLASS=IN(1)
+076578616d706c6503636f6d00 0001 0001
+
+# EDNS OPT RR
+# NAME=. TYPE=OPT(41) UDPSize=4096 ExtRcode=0 Version=1 DO=1
+00 0029 1000 0001 8000
+# RDLEN=0
+0000

+ 12 - 0
src/bin/auth/tests/testdata/queryBadEDNS_fromWire.spec

@@ -0,0 +1,12 @@
+#
+# A QUERY message with unsupported version of EDNS..
+#
+
+[header]
+arcount: 1
+# use default
+[question]
+# use default
+[edns]
+version: 1
+do: 1

+ 1 - 1
src/bin/auth/tests/testdata/shortanswer_fromWire.spec

@@ -5,6 +5,6 @@
 
 [header]
 # use default
-ancount: 1
+arcount: 1
 [question]
 # use default