From d70d5ad3085ef48ff1dc2c6b2b608d0b3919c8d4 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Fri, 19 Apr 2019 13:58:00 +0200 Subject: [PATCH] dnsdist: Check the EDNS payload size more strictly in our tests --- regression-tests.dnsdist/dnsdisttests.py | 3 +++ regression-tests.dnsdist/test_EDNSOptions.py | 2 +- .../test_EDNSSelfGenerated.py | 26 +++++++++---------- .../test_EdnsClientSubnet.py | 8 +++--- 4 files changed, 21 insertions(+), 18 deletions(-) diff --git a/regression-tests.dnsdist/dnsdisttests.py b/regression-tests.dnsdist/dnsdisttests.py index 70527759b..0d87c2798 100644 --- a/regression-tests.dnsdist/dnsdisttests.py +++ b/regression-tests.dnsdist/dnsdisttests.py @@ -520,10 +520,12 @@ class DNSDistTest(unittest.TestCase): def checkMessageEDNSWithoutOptions(self, expected, received): self.assertEquals(expected, received) self.assertEquals(received.edns, 0) + self.assertEquals(expected.payload, received.payload) def checkMessageEDNSWithoutECS(self, expected, received, withCookies=0): self.assertEquals(expected, received) self.assertEquals(received.edns, 0) + self.assertEquals(expected.payload, received.payload) self.assertEquals(len(received.options), withCookies) if withCookies: for option in received.options: @@ -532,6 +534,7 @@ class DNSDistTest(unittest.TestCase): def checkMessageEDNSWithECS(self, expected, received, additionalOptions=0): self.assertEquals(expected, received) self.assertEquals(received.edns, 0) + self.assertEquals(expected.payload, received.payload) self.assertEquals(len(received.options), 1 + additionalOptions) hasECS = False for option in received.options: diff --git a/regression-tests.dnsdist/test_EDNSOptions.py b/regression-tests.dnsdist/test_EDNSOptions.py index a655fd5ba..0315ed589 100644 --- a/regression-tests.dnsdist/test_EDNSOptions.py +++ b/regression-tests.dnsdist/test_EDNSOptions.py @@ -260,7 +260,7 @@ class TestEDNSOptionsAddingECS(EDNSOptionsBase): """ name = 'cookie.ednsoptions-ecs.tests.powerdns.com.' eco = cookiesoption.CookiesOption(b'deadbeef', b'deadbeef') - query = dns.message.make_query(name, 'A', 'IN', use_edns=True, payload=4096, options=[eco]) + query = dns.message.make_query(name, 'A', 'IN', use_edns=True, payload=512, options=[eco]) ecso = clientsubnetoption.ClientSubnetOption('127.0.0.1', 24) expectedQuery = dns.message.make_query(name, 'A', 'IN', use_edns=True, options=[eco,ecso], payload=512) response = dns.message.make_response(query) diff --git a/regression-tests.dnsdist/test_EDNSSelfGenerated.py b/regression-tests.dnsdist/test_EDNSSelfGenerated.py index c5cb99bd7..fdaeec32a 100644 --- a/regression-tests.dnsdist/test_EDNSSelfGenerated.py +++ b/regression-tests.dnsdist/test_EDNSSelfGenerated.py @@ -65,7 +65,7 @@ class TestEDNSSelfGenerated(DNSDistTest): query = dns.message.make_query(name, 'A', 'IN') # dnsdist set RA = RD for spoofed responses query.flags &= ~dns.flags.RD - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=1042) expectedResponse.answer.append(dns.rrset.from_text(name, 60, dns.rdataclass.IN, @@ -83,7 +83,7 @@ class TestEDNSSelfGenerated(DNSDistTest): """ name = 'edns-no-do.rcode.edns-self.tests.powerdns.com.' query = dns.message.make_query(name, 'A', 'IN', use_edns=True, payload=4096, want_dnssec=False) - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=1042) expectedResponse.set_rcode(dns.rcode.REFUSED) for method in ("sendUDPQuery", "sendTCPQuery"): @@ -95,7 +95,7 @@ class TestEDNSSelfGenerated(DNSDistTest): name = 'edns-no-do.tc.edns-self.tests.powerdns.com.' query = dns.message.make_query(name, 'A', 'IN', use_edns=True, payload=4096, want_dnssec=False) - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=1042) expectedResponse.flags |= dns.flags.TC for method in ("sendUDPQuery", "sendTCPQuery"): @@ -107,7 +107,7 @@ class TestEDNSSelfGenerated(DNSDistTest): name = 'edns-no-do.lua.edns-self.tests.powerdns.com.' query = dns.message.make_query(name, 'A', 'IN', use_edns=True, payload=4096, want_dnssec=False) - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=1042) expectedResponse.set_rcode(dns.rcode.NXDOMAIN) for method in ("sendUDPQuery", "sendTCPQuery"): @@ -121,7 +121,7 @@ class TestEDNSSelfGenerated(DNSDistTest): query = dns.message.make_query(name, 'A', 'IN', use_edns=True, payload=4096, want_dnssec=False) # dnsdist set RA = RD for spoofed responses query.flags &= ~dns.flags.RD - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=1042) expectedResponse.answer.append(dns.rrset.from_text(name, 60, dns.rdataclass.IN, @@ -141,7 +141,7 @@ class TestEDNSSelfGenerated(DNSDistTest): """ name = 'edns-do.rcode.edns-self.tests.powerdns.com.' query = dns.message.make_query(name, 'A', 'IN', use_edns=True, payload=4096, want_dnssec=True) - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=1042) expectedResponse.set_rcode(dns.rcode.REFUSED) for method in ("sendUDPQuery", "sendTCPQuery"): @@ -153,7 +153,7 @@ class TestEDNSSelfGenerated(DNSDistTest): name = 'edns-do.tc.edns-self.tests.powerdns.com.' query = dns.message.make_query(name, 'A', 'IN', use_edns=True, payload=4096, want_dnssec=True) - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=1042) expectedResponse.flags |= dns.flags.TC for method in ("sendUDPQuery", "sendTCPQuery"): @@ -165,7 +165,7 @@ class TestEDNSSelfGenerated(DNSDistTest): name = 'edns-do.lua.edns-self.tests.powerdns.com.' query = dns.message.make_query(name, 'A', 'IN', use_edns=True, payload=4096, want_dnssec=True) - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=1042) expectedResponse.set_rcode(dns.rcode.NXDOMAIN) for method in ("sendUDPQuery", "sendTCPQuery"): @@ -179,7 +179,7 @@ class TestEDNSSelfGenerated(DNSDistTest): query = dns.message.make_query(name, 'A', 'IN', use_edns=True, payload=4096, want_dnssec=True) # dnsdist set RA = RD for spoofed responses query.flags &= ~dns.flags.RD - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=1042) expectedResponse.answer.append(dns.rrset.from_text(name, 60, dns.rdataclass.IN, @@ -200,7 +200,7 @@ class TestEDNSSelfGenerated(DNSDistTest): name = 'edns-options.rcode.edns-self.tests.powerdns.com.' ecso = clientsubnetoption.ClientSubnetOption('127.0.0.1', 24) query = dns.message.make_query(name, 'A', 'IN', use_edns=True, options=[ecso], payload=512, want_dnssec=True) - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=1042) expectedResponse.set_rcode(dns.rcode.REFUSED) for method in ("sendUDPQuery", "sendTCPQuery"): @@ -212,7 +212,7 @@ class TestEDNSSelfGenerated(DNSDistTest): name = 'edns-options.tc.edns-self.tests.powerdns.com.' query = dns.message.make_query(name, 'A', 'IN', use_edns=True, options=[ecso], payload=512, want_dnssec=True) - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=1042) expectedResponse.flags |= dns.flags.TC for method in ("sendUDPQuery", "sendTCPQuery"): @@ -224,7 +224,7 @@ class TestEDNSSelfGenerated(DNSDistTest): name = 'edns-options.lua.edns-self.tests.powerdns.com.' query = dns.message.make_query(name, 'A', 'IN', use_edns=True, options=[ecso], payload=512, want_dnssec=True) - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=1042) expectedResponse.set_rcode(dns.rcode.NXDOMAIN) for method in ("sendUDPQuery", "sendTCPQuery"): @@ -238,7 +238,7 @@ class TestEDNSSelfGenerated(DNSDistTest): query = dns.message.make_query(name, 'A', 'IN', use_edns=True, options=[ecso], payload=512, want_dnssec=True) # dnsdist set RA = RD for spoofed responses query.flags &= ~dns.flags.RD - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=1042) expectedResponse.answer.append(dns.rrset.from_text(name, 60, dns.rdataclass.IN, diff --git a/regression-tests.dnsdist/test_EdnsClientSubnet.py b/regression-tests.dnsdist/test_EdnsClientSubnet.py index 87acf47da..241783fba 100644 --- a/regression-tests.dnsdist/test_EdnsClientSubnet.py +++ b/regression-tests.dnsdist/test_EdnsClientSubnet.py @@ -166,7 +166,7 @@ class TestEdnsClientSubnetNoOverride(DNSDistTest): response = dns.message.make_response(expectedQuery) ecsoResponse = clientsubnetoption.ClientSubnetOption('127.0.0.1', 24, scope=24) response.use_edns(edns=True, payload=4096, options=[ecsoResponse]) - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=4096) rrset = dns.rrset.from_text(name, 3600, dns.rdataclass.IN, @@ -241,7 +241,7 @@ class TestEdnsClientSubnetNoOverride(DNSDistTest): ecoResponse = cookiesoption.CookiesOption(b'deadbeef', b'deadbeef') ecsoResponse = clientsubnetoption.ClientSubnetOption('127.0.0.1', 24, scope=24) response.use_edns(edns=True, payload=4096, options=[ecsoResponse, ecoResponse]) - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=4096) rrset = dns.rrset.from_text(name, 3600, dns.rdataclass.IN, @@ -279,7 +279,7 @@ class TestEdnsClientSubnetNoOverride(DNSDistTest): ecoResponse = cookiesoption.CookiesOption(b'deadbeef', b'deadbeef') ecsoResponse = clientsubnetoption.ClientSubnetOption('127.0.0.1', 24, scope=24) response.use_edns(edns=True, payload=4096, options=[ecoResponse, ecsoResponse, ecoResponse]) - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=4096) rrset = dns.rrset.from_text(name, 3600, dns.rdataclass.IN, @@ -365,7 +365,7 @@ class TestEdnsClientSubnetOverride(DNSDistTest): dns.rdatatype.A, '127.0.0.1') response.answer.append(rrset) - expectedResponse = dns.message.make_response(query) + expectedResponse = dns.message.make_response(query, our_payload=4096) expectedResponse.answer.append(rrset) for method in ("sendUDPQuery", "sendTCPQuery"): -- 2.50.1