From eb4ba438f72fb577fb86344913c5146365b29f44 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 5 Nov 2015 07:11:51 +0900 Subject: [PATCH] return_validation_chain + roadblock_avoidance bug --- src/dnssec.c | 20 ++++++++++++++++---- src/request-internal.c | 34 +++++++++++++++++++++++++++++----- src/types-internal.h | 2 ++ 3 files changed, 47 insertions(+), 9 deletions(-) diff --git a/src/dnssec.c b/src/dnssec.c index 1629764e..db0b7caa 100644 --- a/src/dnssec.c +++ b/src/dnssec.c @@ -1108,6 +1108,15 @@ static void add_question2val_chain(struct mem_funcs *mf, /************* Schedule Queries to Provision Validation Chain *************** *****************************************************************************/ +static getdns_dict *CD_extension(getdns_dns_req *dnsreq) +{ + return !dnsreq->dnssec_roadblock_avoidance + ? dnssec_ok_checking_disabled + : !dnsreq->avoid_dnssec_roadblocks + ? dnssec_ok_checking_disabled_roadblock_avoidance + : dnssec_ok_checking_disabled_avoid_roadblocks; +} + static void check_chain_complete(chain_head *chain); static void val_chain_node_soa_cb(getdns_dns_req *dnsreq); static void val_chain_sched_soa_node(chain_node *node) @@ -1127,7 +1136,7 @@ static void val_chain_sched_soa_node(chain_node *node) if (! node->soa_req && ! _getdns_general_loop(context, loop, name, GETDNS_RRTYPE_SOA, - dnssec_ok_checking_disabled, node, &dnsreq, NULL, + CD_extension(node->chains->netreq->owner), node, &dnsreq, NULL, val_chain_node_soa_cb)) node->soa_req = dnsreq->netreqs[0]; @@ -1174,13 +1183,15 @@ static void val_chain_sched_node(chain_node *node) if (! node->dnskey_req /* not scheduled */ && ! _getdns_general_loop(context, loop, name, GETDNS_RRTYPE_DNSKEY, - dnssec_ok_checking_disabled, node, &dnsreq, NULL, val_chain_node_cb)) + CD_extension(node->chains->netreq->owner), + node, &dnsreq, NULL, val_chain_node_cb)) node->dnskey_req = dnsreq->netreqs[0]; if (! node->ds_req && node->parent /* not root */ && ! _getdns_general_loop(context, loop, name, GETDNS_RRTYPE_DS, - dnssec_ok_checking_disabled, node, &dnsreq, NULL, val_chain_node_cb)) + CD_extension(node->chains->netreq->owner), + node, &dnsreq, NULL, val_chain_node_cb)) node->ds_req = dnsreq->netreqs[0]; } @@ -1216,7 +1227,8 @@ static void val_chain_sched_ds_node(chain_node *node) if (! node->ds_req && node->parent /* not root */ && ! _getdns_general_loop(context, loop, name, GETDNS_RRTYPE_DS, - dnssec_ok_checking_disabled, node, &ds_req, NULL, val_chain_node_cb)) + CD_extension(node->chains->netreq->owner), + node, &ds_req, NULL, val_chain_node_cb)) node->ds_req = ds_req->netreqs[0]; } diff --git a/src/request-internal.c b/src/request-internal.c index e18d384d..5c8de2bc 100644 --- a/src/request-internal.c +++ b/src/request-internal.c @@ -48,6 +48,21 @@ getdns_dict dnssec_ok_checking_disabled_spc = { }; getdns_dict *dnssec_ok_checking_disabled = &dnssec_ok_checking_disabled_spc; +getdns_dict dnssec_ok_checking_disabled_roadblock_avoidance_spc = { + { RBTREE_NULL, 0, (int (*)(const void *, const void *)) strcmp }, + { 0 } +}; +getdns_dict *dnssec_ok_checking_disabled_roadblock_avoidance + = &dnssec_ok_checking_disabled_roadblock_avoidance_spc; + +getdns_dict dnssec_ok_checking_disabled_avoid_roadblocks_spc = { + { RBTREE_NULL, 0, (int (*)(const void *, const void *)) strcmp }, + { 0 } +}; +getdns_dict *dnssec_ok_checking_disabled_avoid_roadblocks + = &dnssec_ok_checking_disabled_avoid_roadblocks_spc; + + static int is_extension_set(getdns_dict *extensions, const char *extension) { @@ -56,7 +71,9 @@ is_extension_set(getdns_dict *extensions, const char *extension) if (! extensions) return 0; - else if (extensions == dnssec_ok_checking_disabled) + else if (extensions == dnssec_ok_checking_disabled + || extensions == dnssec_ok_checking_disabled_roadblock_avoidance + || extensions == dnssec_ok_checking_disabled_avoid_roadblocks) return 0; r = getdns_dict_get_int(extensions, extension, &value); @@ -297,14 +314,19 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop, int edns_cookies = is_extension_set(extensions, "edns_cookies"); #ifdef DNSSEC_ROADBLOCK_AVOIDANCE + int avoid_dnssec_roadblocks + = (extensions == dnssec_ok_checking_disabled_avoid_roadblocks); int dnssec_roadblock_avoidance = is_extension_set(extensions, "dnssec_roadblock_avoidance") - || (extensions == dnssec_ok_checking_disabled); + || (extensions == dnssec_ok_checking_disabled_roadblock_avoidance) + || avoid_dnssec_roadblocks; #endif int dnssec_extension_set = dnssec_return_status || dnssec_return_only_secure || dnssec_return_validation_chain || (extensions == dnssec_ok_checking_disabled) + || (extensions == dnssec_ok_checking_disabled_roadblock_avoidance) + || (extensions == dnssec_ok_checking_disabled_avoid_roadblocks) #ifdef DNSSEC_ROADBLOCK_AVOIDANCE || dnssec_roadblock_avoidance #endif @@ -343,7 +365,9 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop, size_t max_query_sz, max_response_sz, netreq_sz, dnsreq_base_sz; uint8_t *region; - if (extensions == dnssec_ok_checking_disabled) + if (extensions == dnssec_ok_checking_disabled || + extensions == dnssec_ok_checking_disabled_roadblock_avoidance || + extensions == dnssec_ok_checking_disabled_avoid_roadblocks) extensions = NULL; have_add_opt_parameters = getdns_dict_get_dict(extensions, @@ -392,7 +416,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop, /* (x + 7) / 8 * 8 to align on 8 byte boundries */ #ifdef DNSSEC_ROADBLOCK_AVOIDANCE if (context->resolution_type == GETDNS_RESOLUTION_RECURSING - && !dnssec_roadblock_avoidance) + && (!dnssec_roadblock_avoidance || avoid_dnssec_roadblocks)) #else if (context->resolution_type == GETDNS_RESOLUTION_RECURSING) #endif @@ -459,7 +483,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop, result->edns_cookies = edns_cookies; #ifdef DNSSEC_ROADBLOCK_AVOIDANCE result->dnssec_roadblock_avoidance = dnssec_roadblock_avoidance; - result->avoid_dnssec_roadblocks = 0; + result->avoid_dnssec_roadblocks = avoid_dnssec_roadblocks; #endif result->edns_client_subnet_private = context->edns_client_subnet_private; result->tls_query_padding_blocksize = context->tls_query_padding_blocksize; diff --git a/src/types-internal.h b/src/types-internal.h index 7fdd6f71..c1ca1e3e 100644 --- a/src/types-internal.h +++ b/src/types-internal.h @@ -364,6 +364,8 @@ typedef struct getdns_dns_req { /* utility methods */ extern getdns_dict *dnssec_ok_checking_disabled; +extern getdns_dict *dnssec_ok_checking_disabled_roadblock_avoidance; +extern getdns_dict *dnssec_ok_checking_disabled_avoid_roadblocks; /* dns request utils */ getdns_dns_req *_getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,