Commit 75727c97 authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

added a test case for EDNS BADVERS


git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1358 e5f2f494-b856-4b98-b285-d166d9295462
parent 32bf6c47
......@@ -70,6 +70,9 @@ public:
/// so that we can specifically remove that one should the database
/// file change
isc::auth::ConstDataSrcPtr cur_datasrc_;
/// Currently non-configurable, but will be.
static const uint16_t DEFAULT_LOCAL_UDPSIZE = 4096;
};
AuthSrvImpl::AuthSrvImpl() {
......@@ -100,7 +103,7 @@ public:
void
makeErrorMessage(Message& message, MessageRenderer& renderer,
const Rcode& rcode)
const Rcode& rcode, const bool verbose_mode)
{
// extract the parameters that should be kept.
// XXX: with the current implementation, it's not easy to set EDNS0
......@@ -120,6 +123,7 @@ makeErrorMessage(Message& message, MessageRenderer& renderer,
message.setQid(qid);
message.setOpcode(opcode);
message.setHeaderFlag(MessageFlag::QR());
message.setUDPSize(AuthSrvImpl::DEFAULT_LOCAL_UDPSIZE);
if (rd) {
message.setHeaderFlag(MessageFlag::RD());
}
......@@ -129,6 +133,12 @@ makeErrorMessage(Message& message, MessageRenderer& renderer,
for_each(questions.begin(), questions.end(), QuestionInserter(&message));
message.setRcode(rcode);
message.toWire(renderer);
if (verbose_mode) {
cerr << "sending an error response (" <<
boost::lexical_cast<string>(renderer.getLength())
<< " bytes):\n" << message.toText() << endl;
}
}
}
......@@ -161,13 +171,15 @@ AuthSrv::processMessage(InputBuffer& request_buffer, Message& message,
cerr << "returning " << error.getRcode().toText() << ": "
<< error.what() << endl;
}
makeErrorMessage(message, response_renderer, error.getRcode());
makeErrorMessage(message, response_renderer, error.getRcode(),
verbose_mode);
return (true);
} catch (const Exception& ex) {
if (verbose_mode) {
cerr << "returning SERVFAIL: " << ex.what() << endl;
}
makeErrorMessage(message, response_renderer, Rcode::SERVFAIL());
makeErrorMessage(message, response_renderer, Rcode::SERVFAIL(),
verbose_mode);
return (true);
} // other exceptions will be handled at a higher layer.
......@@ -182,12 +194,14 @@ AuthSrv::processMessage(InputBuffer& request_buffer, Message& message,
if (verbose_mode) {
cerr << "unsupported opcode" << endl;
}
makeErrorMessage(message, response_renderer, Rcode::NOTIMP());
makeErrorMessage(message, response_renderer, Rcode::NOTIMP(),
verbose_mode);
return (true);
}
if (message.getRRCount(Section::QUESTION()) != 1) {
makeErrorMessage(message, response_renderer, Rcode::FORMERR());
makeErrorMessage(message, response_renderer, Rcode::FORMERR(),
verbose_mode);
return (true);
}
......@@ -198,7 +212,7 @@ AuthSrv::processMessage(InputBuffer& request_buffer, Message& message,
message.setHeaderFlag(MessageFlag::AA());
message.setRcode(Rcode::NOERROR());
message.setDNSSECSupported(dnssec_ok);
message.setUDPSize(4096); // XXX: hardcoding
message.setUDPSize(AuthSrvImpl::DEFAULT_LOCAL_UDPSIZE);
try {
Query query(message, dnssec_ok);
......
......@@ -182,12 +182,13 @@ TEST_F(AuthSrvTest, shortQuestion) {
TEST_F(AuthSrvTest, shortAnswer) {
createDataFromFile("testdata/shortanswer_fromWire");
EXPECT_EQ(true, server.processMessage(*ibuffer, parse_message,
response_renderer, true, true));
headerCheck(parse_message, default_qid, Rcode::FORMERR(), opcode.getCode(),
QR_FLAG, 1, 0, 0, 0);
response_renderer, true, false));
// This is a bogus query, but question section is valid. So the response
// should copy the question section.
headerCheck(parse_message, default_qid, Rcode::FORMERR(), opcode.getCode(),
QR_FLAG, 1, 0, 0, 0);
QuestionIterator qit = parse_message.beginQuestion();
EXPECT_EQ(Name("example.com"), (*qit)->getName());
EXPECT_EQ(RRClass::IN(), (*qit)->getClass());
......@@ -196,4 +197,19 @@ TEST_F(AuthSrvTest, shortAnswer) {
EXPECT_TRUE(qit == parse_message.endQuestion());
}
// Query with unsupported version of EDNS.
TEST_F(AuthSrvTest, ednsBadVers) {
createDataFromFile("testdata/queryBadEDNS_fromWire");
EXPECT_EQ(true, server.processMessage(*ibuffer, parse_message,
response_renderer, true, false));
// The response must have an EDNS OPT RR in the additional section.
// Note that the DNSSEC DO bit is cleared even if this bit in the query
// is set. This is a limitation of the current implementation.
headerCheck(parse_message, default_qid, Rcode::BADVERS(), opcode.getCode(),
QR_FLAG, 1, 0, 0, 1);
EXPECT_EQ(4096, parse_message.getUDPSize());
EXPECT_FALSE(parse_message.isDNSSECSupported());
}
}
###
### This data file was auto-generated from queryBadEDNS_fromWire.spec
###
# Header Section
# ID=4149 QR=Query Opcode=QUERY(0) Rcode=NOERROR(0)
1035 0000
# QDCNT=1, ANCNT=0, NSCNT=0, ARCNT=1
0001 0000 0000 0001
# Question Section
# QNAME=example.com. QTYPE=A(1) QCLASS=IN(1)
076578616d706c6503636f6d00 0001 0001
# EDNS OPT RR
# NAME=. TYPE=OPT(41) UDPSize=4096 ExtRcode=0 Version=1 DO=1
00 0029 1000 0001 8000
# RDLEN=0
0000
#
# A QUERY message with unsupported version of EDNS..
#
[header]
arcount: 1
# use default
[question]
# use default
[edns]
version: 1
do: 1
......@@ -5,6 +5,6 @@
[header]
# use default
ancount: 1
arcount: 1
[question]
# use default
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment