interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

dnssec_status in netreqs

This commit is contained in:
Willem Toorop 2015-06-29 22:23:01 +02:00
parent 2b83bddd4d
commit 407ecffb67
5 changed files with 47 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/dnssec.c
View File

@ -1251,15 +1251,29 @@ static void chain_validate_dnssec(chain_head *chain, rrset_iter *tas)
{
chain_head *head;
/* The netreq status is the worst for any head */
for (head = chain; head; head = head->next) {
switch (chain_head_validate(head, tas)) {
case GETDNS_DNSSEC_SECURE: if (!head->netreq->bogus)
head->netreq->secure = 1;
break;
case GETDNS_DNSSEC_BOGUS : head->netreq->bogus = 1;
head->netreq->secure = 0;
break;
default : break;
case GETDNS_DNSSEC_SECURE:
if (head->netreq->dnssec_status ==
GETDNS_DNSSEC_INDETERMINATE)
head->netreq->dnssec_status =
GETDNS_DNSSEC_SECURE;
break;
case GETDNS_DNSSEC_INSECURE:
if (head->netreq->dnssec_status != GETDNS_DNSSEC_BOGUS)
head->netreq->dnssec_status =
GETDNS_DNSSEC_INSECURE;
break;
case GETDNS_DNSSEC_BOGUS :
head->netreq->dnssec_status = GETDNS_DNSSEC_BOGUS;
break;
default:
break;
}
}
}

3
src/request-internal.c
View File

@ -96,8 +96,7 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
net_req->state = NET_REQ_NOT_SENT;
net_req->owner = owner;
net_req->secure = 0;
net_req->bogus = 0;
net_req->dnssec_status = GETDNS_DNSSEC_INDETERMINATE;
net_req->upstream = NULL;
net_req->fd = -1;

4
src/stub.c
View File

@ -1220,10 +1220,6 @@ upstream_read_cb(void *userarg)
upstream->tcp.read_buf = NULL;
upstream->upstreams->current = 0;
/* TODO: DNSSEC */
netreq->secure = 0;
netreq->bogus = 0;
stub_cleanup(netreq);
/* More to read/write for syncronous lookups? */

5
src/types-internal.h
View File

@ -196,9 +196,8 @@ typedef struct getdns_network_req
/* request class */
uint16_t request_class;
/* result */
int secure;
int bogus;
/* dnssec status */
int dnssec_status;
/* For stub resolving */
struct getdns_upstream *upstream;

38
src/util-internal.c
View File

@ -734,21 +734,22 @@ create_getdns_response(getdns_dns_req *completed_request)
continue;
nreplies++;
if (netreq->secure)
if (netreq->dnssec_status == GETDNS_DNSSEC_SECURE)
nsecure++;
else if (! netreq->bogus)
else if (! netreq->dnssec_status != GETDNS_DNSSEC_BOGUS)
ninsecure++;
if (dnssec_return_status && netreq->bogus)
if (dnssec_return_status &&
netreq->dnssec_status == GETDNS_DNSSEC_BOGUS)
nbogus++;
else if (GLDNS_RCODE_NOERROR ==
GLDNS_RCODE_WIRE(netreq->response))
nanswers++;
if (! completed_request->dnssec_return_validation_chain) {
if (dnssec_return_status && netreq->bogus)
if (dnssec_return_status &&
netreq->dnssec_status == GETDNS_DNSSEC_BOGUS)
continue;
else if (completed_request->dnssec_return_only_secure
&& ! netreq->secure)
&& netreq->dnssec_status != GETDNS_DNSSEC_SECURE)
continue;
}
if (!(reply = priv_getdns_create_reply_dict(context,
@ -763,15 +764,18 @@ create_getdns_response(getdns_dns_req *completed_request)
result, "canonical_name", canonical_name))
goto error;
}
/* TODO: Check instead if canonical_name for request_type
* is in the answer section.
*/
if (GLDNS_RCODE_NOERROR ==
GLDNS_RCODE_WIRE(netreq->response))
nanswers++;
if (dnssec_return_status ||
completed_request->dnssec_return_validation_chain) {
if (getdns_dict_set_int(reply, "dnssec_status",
( netreq->secure ? GETDNS_DNSSEC_SECURE
: netreq->bogus ? GETDNS_DNSSEC_BOGUS
: rrsigs_in_answer &&
context->has_ta ? GETDNS_DNSSEC_INDETERMINATE
: GETDNS_DNSSEC_INSECURE )))
netreq->dnssec_status))
goto error;
}
@ -861,8 +865,12 @@ getdns_apply_network_result(getdns_network_req* netreq,
{
size_t dname_len;
netreq->secure = ub_res->secure;
netreq->bogus = ub_res->bogus;
if (ub_res->bogus)
netreq->dnssec_status = GETDNS_DNSSEC_BOGUS;
else if (ub_res->secure)
netreq->dnssec_status = GETDNS_DNSSEC_SECURE;
else if (netreq->owner->context->has_ta)
netreq->dnssec_status = GETDNS_DNSSEC_INSECURE;
if (ub_res == NULL) /* Timeout */
return GETDNS_RETURN_GOOD;