interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

dnssec_status in netreqs

This commit is contained in:
Willem Toorop 2015-06-29 22:23:01 +02:00
parent 2b83bddd4d
commit 407ecffb67
5 changed files with 47 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/dnssec.c
View File

@ -1251,15 +1251,29 @@ static void chain_validate_dnssec(chain_head *chain, rrset_iter *tas)
{ {
chain_head *head; chain_head *head;
/* The netreq status is the worst for any head */
for (head = chain; head; head = head->next) { for (head = chain; head; head = head->next) {
switch (chain_head_validate(head, tas)) { switch (chain_head_validate(head, tas)) {
case GETDNS_DNSSEC_SECURE: if (!head->netreq->bogus)
head->netreq->secure = 1; case GETDNS_DNSSEC_SECURE:
break; if (head->netreq->dnssec_status ==
case GETDNS_DNSSEC_BOGUS : head->netreq->bogus = 1; GETDNS_DNSSEC_INDETERMINATE)
head->netreq->secure = 0; head->netreq->dnssec_status =
break; GETDNS_DNSSEC_SECURE;
default : break; break;
case GETDNS_DNSSEC_INSECURE:
if (head->netreq->dnssec_status != GETDNS_DNSSEC_BOGUS)
head->netreq->dnssec_status =
GETDNS_DNSSEC_INSECURE;
break;
case GETDNS_DNSSEC_BOGUS :
head->netreq->dnssec_status = GETDNS_DNSSEC_BOGUS;
break;
default:
break;
} }
} }
} }

3
src/request-internal.c
View File

@ -96,8 +96,7 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
net_req->state = NET_REQ_NOT_SENT; net_req->state = NET_REQ_NOT_SENT;
net_req->owner = owner; net_req->owner = owner;
net_req->secure = 0; net_req->dnssec_status = GETDNS_DNSSEC_INDETERMINATE;
net_req->bogus = 0;
net_req->upstream = NULL; net_req->upstream = NULL;
net_req->fd = -1; net_req->fd = -1;

4
src/stub.c
View File

@ -1220,10 +1220,6 @@ upstream_read_cb(void *userarg)
upstream->tcp.read_buf = NULL; upstream->tcp.read_buf = NULL;
upstream->upstreams->current = 0; upstream->upstreams->current = 0;
/* TODO: DNSSEC */
netreq->secure = 0;
netreq->bogus = 0;
stub_cleanup(netreq); stub_cleanup(netreq);
/* More to read/write for syncronous lookups? */ /* More to read/write for syncronous lookups? */

5
src/types-internal.h
View File

@ -196,9 +196,8 @@ typedef struct getdns_network_req
/* request class */ /* request class */
uint16_t request_class; uint16_t request_class;
/* result */ /* dnssec status */
int secure; int dnssec_status;
int bogus;
/* For stub resolving */ /* For stub resolving */
struct getdns_upstream *upstream; struct getdns_upstream *upstream;

38
src/util-internal.c
View File

@ -734,21 +734,22 @@ create_getdns_response(getdns_dns_req *completed_request)
continue; continue;
nreplies++; nreplies++;
if (netreq->secure) if (netreq->dnssec_status == GETDNS_DNSSEC_SECURE)
nsecure++; nsecure++;
else if (! netreq->bogus) else if (! netreq->dnssec_status != GETDNS_DNSSEC_BOGUS)
ninsecure++; ninsecure++;
if (dnssec_return_status && netreq->bogus)
if (dnssec_return_status &&
netreq->dnssec_status == GETDNS_DNSSEC_BOGUS)
nbogus++; nbogus++;
else if (GLDNS_RCODE_NOERROR ==
GLDNS_RCODE_WIRE(netreq->response))
nanswers++;
if (! completed_request->dnssec_return_validation_chain) { if (! completed_request->dnssec_return_validation_chain) {
if (dnssec_return_status && netreq->bogus) if (dnssec_return_status &&
netreq->dnssec_status == GETDNS_DNSSEC_BOGUS)
continue; continue;
else if (completed_request->dnssec_return_only_secure else if (completed_request->dnssec_return_only_secure
&& ! netreq->secure) && netreq->dnssec_status != GETDNS_DNSSEC_SECURE)
continue; continue;
} }
if (!(reply = priv_getdns_create_reply_dict(context, if (!(reply = priv_getdns_create_reply_dict(context,
@ -763,15 +764,18 @@ create_getdns_response(getdns_dns_req *completed_request)
result, "canonical_name", canonical_name)) result, "canonical_name", canonical_name))
goto error; goto error;
} }
/* TODO: Check instead if canonical_name for request_type
* is in the answer section.
*/
if (GLDNS_RCODE_NOERROR ==
GLDNS_RCODE_WIRE(netreq->response))
nanswers++;
if (dnssec_return_status || if (dnssec_return_status ||
completed_request->dnssec_return_validation_chain) { completed_request->dnssec_return_validation_chain) {
if (getdns_dict_set_int(reply, "dnssec_status", if (getdns_dict_set_int(reply, "dnssec_status",
( netreq->secure ? GETDNS_DNSSEC_SECURE netreq->dnssec_status))
: netreq->bogus ? GETDNS_DNSSEC_BOGUS
: rrsigs_in_answer &&
context->has_ta ? GETDNS_DNSSEC_INDETERMINATE
: GETDNS_DNSSEC_INSECURE )))
goto error; goto error;
} }
@ -861,8 +865,12 @@ getdns_apply_network_result(getdns_network_req* netreq,
{ {
size_t dname_len; size_t dname_len;
netreq->secure = ub_res->secure; if (ub_res->bogus)
netreq->bogus = ub_res->bogus; netreq->dnssec_status = GETDNS_DNSSEC_BOGUS;
else if (ub_res->secure)
netreq->dnssec_status = GETDNS_DNSSEC_SECURE;
else if (netreq->owner->context->has_ta)
netreq->dnssec_status = GETDNS_DNSSEC_INSECURE;
if (ub_res == NULL) /* Timeout */ if (ub_res == NULL) /* Timeout */
return GETDNS_RETURN_GOOD; return GETDNS_RETURN_GOOD;