From f82aaedbdc4e1df71862ae1cee2e8805d05c2970 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Mon, 29 May 2023 17:47:55 +0000
Subject: [PATCH] Add clients-per-query checks for the fetchlimit system test

Check if clients-per-query quota works as expected with or without
a positive stale-answer-client-timeout value and serve-stale answers
enabled.

(cherry picked from commit 3bb2babcd075df1da244e8c6f178e1cb99d3e123)
---
 bin/tests/system/fetchlimit/ans4/ans.pl       |  4 +
 bin/tests/system/fetchlimit/clean.sh          |  4 +-
 .../system/fetchlimit/ns5/named1.conf.in      | 46 ++++++++++
 .../system/fetchlimit/ns5/named2.conf.in      | 49 ++++++++++
 bin/tests/system/fetchlimit/ns5/root.hint     | 14 +++
 bin/tests/system/fetchlimit/setup.sh          |  1 +
 bin/tests/system/fetchlimit/tests.sh          | 91 ++++++++++++++++++-
 7 files changed, 207 insertions(+), 2 deletions(-)
 create mode 100644 bin/tests/system/fetchlimit/ns5/named1.conf.in
 create mode 100644 bin/tests/system/fetchlimit/ns5/named2.conf.in
 create mode 100644 bin/tests/system/fetchlimit/ns5/root.hint

diff --git a/bin/tests/system/fetchlimit/ans4/ans.pl b/bin/tests/system/fetchlimit/ans4/ans.pl
index 5a265c4725..f44cf8b7e9 100644
--- a/bin/tests/system/fetchlimit/ans4/ans.pl
+++ b/bin/tests/system/fetchlimit/ans4/ans.pl
@@ -78,6 +78,10 @@ for (;;) {
 	}
 
 	if ($donotrespond == 0) {
+		if (index($qname, "latency") == 0) {
+			# 50ms latency
+			select(undef, undef, undef, 0.05);
+		}
 		$sock->send($packet->data);
 		print "RESPONSE:\n";
 		$packet->print;
diff --git a/bin/tests/system/fetchlimit/clean.sh b/bin/tests/system/fetchlimit/clean.sh
index 935d91bba8..20bbd60e1d 100644
--- a/bin/tests/system/fetchlimit/clean.sh
+++ b/bin/tests/system/fetchlimit/clean.sh
@@ -11,9 +11,11 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-rm -f */named.conf */named.memstats */ans.run */named.recursing */named.run
+rm -f */named.conf */named.memstats */ans.run */named.recursing */named.run */named.run.prev
 rm -f ans4/norespond
 rm -f burst.input.*
 rm -f dig.out*
+rm -f wait_for_message.*
 rm -f ns*/managed-keys.bind*
 rm -f ns3/named.stats ns3/named.stats.prev ns3/named_dump.db
+rm -f ns5/named.stats ns5/named.stats.prev
diff --git a/bin/tests/system/fetchlimit/ns5/named1.conf.in b/bin/tests/system/fetchlimit/ns5/named1.conf.in
new file mode 100644
index 0000000000..d3c62c225c
--- /dev/null
+++ b/bin/tests/system/fetchlimit/ns5/named1.conf.in
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+	query-source address 10.53.0.5;
+	notify-source 10.53.0.5;
+	transfer-source 10.53.0.5;
+	port @PORT@;
+	directory ".";
+	pid-file "named.pid";
+	listen-on { 10.53.0.5; };
+	listen-on-v6 { none; };
+	recursion yes;
+	dnssec-validation yes;
+	notify yes;
+	clients-per-query 5;
+	max-clients-per-query 10;
+};
+
+server 10.53.0.4 {
+	edns no;
+};
+
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm @DEFAULT_HMAC@;
+};
+
+controls {
+	inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+zone "." {
+	type hint;
+	file "root.hint";
+};
diff --git a/bin/tests/system/fetchlimit/ns5/named2.conf.in b/bin/tests/system/fetchlimit/ns5/named2.conf.in
new file mode 100644
index 0000000000..cb33d30716
--- /dev/null
+++ b/bin/tests/system/fetchlimit/ns5/named2.conf.in
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+	query-source address 10.53.0.5;
+	notify-source 10.53.0.5;
+	transfer-source 10.53.0.5;
+	port @PORT@;
+	directory ".";
+	pid-file "named.pid";
+	listen-on { 10.53.0.5; };
+	listen-on-v6 { none; };
+	recursion yes;
+	dnssec-validation yes;
+	notify yes;
+	stale-answer-enable yes;
+	stale-cache-enable yes;
+	stale-answer-client-timeout 1800;
+	clients-per-query 5;
+	max-clients-per-query 10;
+};
+
+server 10.53.0.4 {
+	edns no;
+};
+
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm @DEFAULT_HMAC@;
+};
+
+controls {
+	inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+zone "." {
+	type hint;
+	file "root.hint";
+};
diff --git a/bin/tests/system/fetchlimit/ns5/root.hint b/bin/tests/system/fetchlimit/ns5/root.hint
new file mode 100644
index 0000000000..e0f186c2f8
--- /dev/null
+++ b/bin/tests/system/fetchlimit/ns5/root.hint
@@ -0,0 +1,14 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 999999
+.			 IN NS	a.root-servers.nil.
+a.root-servers.nil.	 IN A	10.53.0.1
diff --git a/bin/tests/system/fetchlimit/setup.sh b/bin/tests/system/fetchlimit/setup.sh
index d02972fccc..f98749bc75 100644
--- a/bin/tests/system/fetchlimit/setup.sh
+++ b/bin/tests/system/fetchlimit/setup.sh
@@ -16,3 +16,4 @@
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named1.conf.in ns3/named.conf
+copy_setports ns5/named1.conf.in ns5/named.conf
diff --git a/bin/tests/system/fetchlimit/tests.sh b/bin/tests/system/fetchlimit/tests.sh
index e1b74e44c8..454bc726c7 100644
--- a/bin/tests/system/fetchlimit/tests.sh
+++ b/bin/tests/system/fetchlimit/tests.sh
@@ -25,7 +25,7 @@ burst() {
     rm -f burst.input.$$
     while [ $num -gt 0 ]; do
         num=$((num-1))
-        if [ "${5}" == "dup" ]; then
+        if [ "${5}" = "dup" ]; then
             # burst with duplicate queries
             echo "${2}${3}.lamesub.example A" >> burst.input.$$
         else
@@ -47,6 +47,15 @@ stat() {
     return 0
 }
 
+_wait_for_message() (
+	nextpartpeek "$1" > wait_for_message.$n
+	grep -F "$2" wait_for_message.$n >/dev/null
+)
+
+wait_for_message() (
+	retry_quiet 20 _wait_for_message "$@"
+)
+
 n=0
 status=0
 
@@ -230,5 +239,85 @@ drops=`grep 'queries dropped due to recursive client limit' ns3/named.stats | se
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
 
+nextpart ns5/named.run >/dev/null
+
+n=$((n + 1))
+echo_i "checking clients are dropped at the clients-per-query limit ($n)"
+ret=0
+test -f ans4/norespond && rm -f ans4/norespond
+for try in 1 2 3 4 5; do
+    burst 10.53.0.5 latency $try 20 "dup"
+    sleep 1
+done
+wait_for_message ns5/named.run "clients-per-query increased to 10" || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n + 1))
+echo_i "checking drop statistics ($n)"
+ret=0
+rm -f ns5/named.stats
+rndccmd 10.53.0.5 stats
+for try in 1 2 3 4 5; do
+    [ -f ns5/named.stats ] && break
+    sleep 1
+done
+zspill=`grep 'spilled due to clients per query' ns5/named.stats | sed 's/ *\([0-9][0-9]*\) spilled.*/\1/'`
+[ -z "$zspill" ] && zspill=0
+# ns5 configuration:
+#   clients-per-query 5
+#   max-clients-per-query 10
+# expected spills:
+#   15 (out of 20) spilled for the first burst, and 10 (out of 20) spilled for
+#   the next 4 bursts (because of auto-tuning): 15 + (4 * 10) == 55
+expected=55
+[ "$zspill" -eq "$expected" ] || ret=1
+echo_i "$zspill clients spilled (expected $expected)"
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+echo_i "stop ns5"
+stop_server --use-rndc --port ${CONTROLPORT} ns5
+copy_setports ns5/named2.conf.in ns5/named.conf
+echo_i "start ns5"
+start_server --noclean --restart --port ${PORT} ns5
+
+nextpart ns5/named.run >/dev/null
+
+n=$((n + 1))
+echo_i "checking clients are dropped at the clients-per-query limit with stale-answer-client-timeout ($n)"
+ret=0
+test -f ans4/norespond && rm -f ans4/norespond
+for try in 1 2 3 4 5; do
+    burst 10.53.0.5 latency $try 20 "dup"
+    sleep 1
+done
+wait_for_message ns5/named.run "clients-per-query increased to 10" || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n + 1))
+echo_i "checking drop statistics ($n)"
+ret=0
+rm -f ns5/named.stats
+rndccmd 10.53.0.5 stats
+for try in 1 2 3 4 5; do
+    [ -f ns5/named.stats ] && break
+    sleep 1
+done
+zspill=`grep 'spilled due to clients per query' ns5/named.stats | sed 's/ *\([0-9][0-9]*\) spilled.*/\1/'`
+[ -z "$zspill" ] && zspill=0
+# ns5 configuration:
+#   clients-per-query 5
+#   max-clients-per-query 10
+# expected spills:
+#   15 (out of 20) spilled for the first burst, and 10 (out of 20) spilled for
+#   the next 4 bursts (because of auto-tuning): 15 + (4 * 10) == 55
+expected=55
+[ "$zspill" -eq "$expected" ] || ret=1
+echo_i "$zspill clients spilled (expected $expected)"
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1