interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #316 from wtoorop/devel/roadblocks_and_valchains 

Devel/roadblocks and valchains
This commit is contained in:
wtoorop 2017-08-18 15:55:56 +02:00 committed by GitHub
parent 5701fb99c9 e11dc92df1
commit da7083f55a
3 changed files with 101 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
src/dnssec.c
View File

@ -550,11 +550,26 @@ static chain_head *add_rrset2val_chain(struct mem_funcs *mf,
/* Also, try to prevent adding double rrsets */
if ( rrset->rr_class == head->rrset.rr_class
&& rrset->rr_type == head->rrset.rr_type
&& rrset->pkt == head->rrset.pkt
&& rrset->pkt_len == head->rrset.pkt_len
&& _dname_equal(rrset->name, head->rrset.name))
return NULL;
&& _dname_equal(rrset->name, head->rrset.name)) {
if (rrset->pkt == head->rrset.pkt &&
rrset->pkt_len == head->rrset.pkt_len)
return NULL;
else {
/* Anticipate resubmissions due to
* roadblock avoidance */
head->rrset.pkt = rrset->pkt;
head->rrset.pkt_len = rrset->pkt_len;
return head;
}
}
if ( rrset->rr_class == head->rrset.rr_class
&& rrset->rr_type == head->rrset.rr_type
&& rrset->pkt != head->rrset.pkt
&& _dname_equal(rrset->name, head->rrset.name)) {
return NULL;
}
for (label = labels; label < last_label; label++) {
if (! _dname_is_parent(*label, head->rrset.name))
break;
@ -2416,6 +2431,7 @@ static int key_proves_nonexistance(
* ========================+
* First find the closest encloser.
*/
if (*rrset->name)
for ( nc_name = rrset->name, ce_name = rrset->name + *rrset->name + 1
; *ce_name ; nc_name = ce_name, ce_name += *ce_name + 1) {
@ -3029,19 +3045,50 @@ static void check_chain_complete(chain_head *chain)
&& !dnsreq->avoid_dnssec_roadblocks
&& dnsreq->netreqs[0]->dnssec_status == GETDNS_DNSSEC_BOGUS) {
int r = GETDNS_RETURN_GOOD;
getdns_network_req **netreq_p, *netreq;
uint64_t now_ms = 0;
dnsreq->avoid_dnssec_roadblocks = 1;
dnsreq->chain->lock += 1;
for ( netreq_p = dnsreq->netreqs
; !r && (netreq = *netreq_p)
; (netreq = *netreq_p)
; netreq_p++) {
_getdns_netreq_change_state(netreq, NET_REQ_NOT_SENT);
netreq->dnssec_status =
GETDNS_DNSSEC_INDETERMINATE;
netreq->owner = dnsreq;
r = _getdns_submit_netreq(netreq, &now_ms);
(void) _getdns_submit_netreq(netreq, &now_ms);
}
if (!dnsreq->dnssec_return_validation_chain)
return;
for ( head = chain; head ; head = next ) {
next = head->next;
for ( node_count = head->node_count
, node = head->parent
; node_count
; node_count--, node = node->parent ) {
if (node->dnskey_req) {
_getdns_netreq_change_state(
node->dnskey_req,
NET_REQ_NOT_SENT);
node->dnskey_req->owner->
avoid_dnssec_roadblocks = 1;
(void) _getdns_submit_netreq(
node->dnskey_req, &now_ms);
}
if (node->ds_req) {
_getdns_netreq_change_state(
node->ds_req, NET_REQ_NOT_SENT);
node->ds_req->owner->
avoid_dnssec_roadblocks = 1;
(void) _getdns_submit_netreq(
node->ds_req, &now_ms);
}
}
}
return;
}
@ -3185,11 +3232,16 @@ void _getdns_get_validation_chain(getdns_dns_req *dnsreq)
getdns_network_req *netreq, **netreq_p;
chain_head *chain = NULL, *chain_p;
if (dnsreq->validating)
if (dnsreq->avoid_dnssec_roadblocks) {
chain = dnsreq->chain;
} else if (dnsreq->validating)
return;
dnsreq->validating = 1;
for (netreq_p = dnsreq->netreqs; (netreq = *netreq_p) ; netreq_p++) {
if (dnsreq->avoid_dnssec_roadblocks && chain->lock == 0)
; /* pass */
else for (netreq_p = dnsreq->netreqs; (netreq = *netreq_p) ; netreq_p++) {
if (! netreq->response
|| netreq->response_len < GLDNS_HEADER_SIZE
|| ( GLDNS_RCODE_WIRE(netreq->response)
@ -3217,6 +3269,9 @@ void _getdns_get_validation_chain(getdns_dns_req *dnsreq)
if (chain_p->lock) chain_p->lock--;
}
dnsreq->chain = chain;
if (dnsreq->avoid_dnssec_roadblocks && chain->lock)
chain->lock -= 1;
check_chain_complete(chain);
} else {
dnsreq->validating = 0;

7
src/general.c
View File

@ -59,6 +59,9 @@ void _getdns_call_user_callback(getdns_dns_req *dnsreq, getdns_dict *response)
{
_getdns_context_clear_outbound_request(dnsreq);
#if defined(REQ_DEBUG) && REQ_DEBUG
debug_req(__FUNC__, *dnsreq->netreqs);
#endif
if (dnsreq->user_callback) {
dnsreq->context->processing = 1;
dnsreq->user_callback(dnsreq->context,
@ -211,6 +214,7 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
#ifdef STUB_NATIVE_DNSSEC
|| (dns_req->context->resolution_type == GETDNS_RESOLUTION_STUB
&& !dns_req->avoid_dnssec_roadblocks
&& (dns_req->dnssec_return_status ||
dns_req->dnssec_return_only_secure ||
dns_req->dnssec_return_all_statuses
@ -228,6 +232,9 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
NULL, NULL, (getdns_eventloop_callback)
_getdns_validation_chain_timeout));
#if defined(REQ_DEBUG) && REQ_DEBUG
debug_req("getting validation chain for ", *dns_req->netreqs);
#endif
_getdns_get_validation_chain(dns_req);
} else
_getdns_call_user_callback(

33
src/tools/getdns_query.c
View File

@ -81,6 +81,8 @@ static uint16_t request_type = GETDNS_RRTYPE_NS;
static int timeout, edns0_size, padding_blocksize;
static int async = 0, interactive = 0;
static enum { GENERAL, ADDRESS, HOSTNAME, SERVICE } calltype = GENERAL;
static int bogus_answers = 0;
static int check_dnssec = 0;
static int get_rrtype(const char *t)
{
@ -317,6 +319,7 @@ static getdns_return_t validate_chain(getdns_dict *response)
break;
case GETDNS_DNSSEC_BOGUS:
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_BOGUS\n");
bogus_answers += 1;
break;
case GETDNS_DNSSEC_INDETERMINATE:
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_INDETERMINATE\n");
@ -346,6 +349,7 @@ static getdns_return_t validate_chain(getdns_dict *response)
break;
case GETDNS_DNSSEC_BOGUS:
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_BOGUS\n");
bogus_answers += 1;
break;
case GETDNS_DNSSEC_INDETERMINATE:
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_INDETERMINATE\n");
@ -389,6 +393,14 @@ void callback(getdns_context *context, getdns_callback_type_t callback_type,
if (callback_type == GETDNS_CALLBACK_COMPLETE) {
if (verbosity) printf("Response code was: GOOD. Status was: Callback with ID %"PRIu64" was successful.\n",
trans_id);
if (check_dnssec) {
uint32_t dnssec_status = GETDNS_DNSSEC_SECURE;
(void )getdns_dict_get_int(response,
"/replies_tree/0/dnssec_status", &dnssec_status);
if (dnssec_status == GETDNS_DNSSEC_BOGUS)
bogus_answers += 1;
}
} else if (callback_type == GETDNS_CALLBACK_CANCEL)
fprintf(stderr,
@ -403,7 +415,6 @@ void callback(getdns_context *context, getdns_callback_type_t callback_type,
getdns_get_errorstr_by_id(callback_type));
}
getdns_dict_destroy(response);
response = NULL;
}
#define CONTINUE ((getdns_return_t)-2)
@ -578,6 +589,9 @@ getdns_return_t parse_args(int argc, char **argv)
continue;
} else if (arg[0] == '+') {
if (strncmp(arg+1, "dnssec_", 7) == 0)
check_dnssec = 1;
if (arg[1] == 's' && arg[2] == 'i' && arg[3] == 't' &&
(arg[4] == '=' || arg[4] == '\0')) {
if ((r = set_cookie(extensions, arg+4))) {
@ -1196,6 +1210,7 @@ getdns_return_t do_the_call(void)
fprintf( stdout, "%s\n", response_str);
if (verbosity) fprintf( stdout, "SYNC call completed.\n");
validate_chain(response);
free(response_str);
} else {
@ -1208,8 +1223,18 @@ getdns_return_t do_the_call(void)
if (verbosity)
fprintf(stdout, "Response code was: GOOD. Status was: %s\n",
getdns_get_errorstr_by_id(status));
if (response)
if (response) {
if (check_dnssec) {
uint32_t dnssec_status = GETDNS_DNSSEC_SECURE;
(void )getdns_dict_get_int(response,
"/replies_tree/0/dnssec_status",
&dnssec_status);
if (dnssec_status == GETDNS_DNSSEC_BOGUS)
bogus_answers += 1;
}
getdns_dict_destroy(response);
}
}
getdns_dict_destroy(address);
return r;
@ -1790,5 +1815,7 @@ done_destroy_context:
if (!i_am_stubby && verbosity)
fprintf(stdout, "\nAll done.\n");
return r;
return r ? r
: bogus_answers ? GETDNS_DNSSEC_BOGUS
: GETDNS_RETURN_GOOD;
}