upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

review fixes

Browse source 
git-svn-id: file:///svn/unbound/trunk@1853 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2009-09-25 15:20:29 +00:00
parent 2043463b6a
commit 5007a44e52
2 changed files with 15 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/Changelog
View file

@ -1,7 +1,8 @@
24 September 2009: Wouter 25 September 2009: Wouter
- so-rcvbuf: 4m option added. Set this on large busy servers to not - so-rcvbuf: 4m option added. Set this on large busy servers to not
drop the occasional packet in spikes due to full socket buffers. drop the occasional packet in spikes due to full socket buffers.
netstat -su keeps a counter of UDP dropped due to full buffers. netstat -su keeps a counter of UDP dropped due to full buffers.
- review of validator/autotrust.c, small fixes and comments.
23 September 2009: Wouter 23 September 2009: Wouter
- 5011 query failed counts verification failures, not lookup failures. - 5011 query failed counts verification failures, not lookup failures.

18
validator/autotrust.c
View file

@ -473,6 +473,7 @@ load_trustanchor(struct val_anchors* anchors, char* str, const char* fname)
tp->autr->file = strdup(fname); tp->autr->file = strdup(fname);
if(!tp->autr->file) { if(!tp->autr->file) {
lock_basic_unlock(&tp->lock); lock_basic_unlock(&tp->lock);
log_err("malloc failure");
return NULL; return NULL;
} }
} }
@ -544,6 +545,9 @@ autr_assemble(struct trust_anchor* tp)
return 0; return 0;
} }
} }
/* we have prepared the new keys so nothing can go wrong any more.
* And we are sure we cannot be left without trustanchor after
* an errors. Put in the new keys and remove old ones. */
/* free the old data */ /* free the old data */
autr_rrset_delete(tp->ds_rrset); autr_rrset_delete(tp->ds_rrset);
@ -605,7 +609,8 @@ parse_id(struct val_anchors* anchors, char* line)
return tp; return tp;
} }
/** parse variable from trustanchor header /**
* Parse variable from trustanchor header
* @param line: to parse * @param line: to parse
* @param anchors: the anchor is added to this, if "id:" is seen. * @param anchors: the anchor is added to this, if "id:" is seen.
* @param anchor: the anchor as result value or previously returned anchor * @param anchor: the anchor as result value or previously returned anchor
@ -690,6 +695,7 @@ int autr_read_file(struct val_anchors* anchors, const char* nm)
if((r = parse_var_line(line, anchors, &tp)) == -1) { if((r = parse_var_line(line, anchors, &tp)) == -1) {
log_err("could not parse auto-trust-anchor-file " log_err("could not parse auto-trust-anchor-file "
"%s line %d", nm, line_nr); "%s line %d", nm, line_nr);
fclose(fd);
return 0; return 0;
} else if(r == 1) { } else if(r == 1) {
continue; continue;
@ -819,10 +825,11 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp)
continue; continue;
str = ldns_rr2str(ta->rr); str = ldns_rr2str(ta->rr);
if(!str || !str[0]) { if(!str || !str[0]) {
free(str);
log_err("malloc failure writing %s", tp->autr->file); log_err("malloc failure writing %s", tp->autr->file);
continue; continue;
} }
str[strlen(str)-1] = 0; str[strlen(str)-1] = 0; /* remove newline */
fprintf(out, "%s ;;state=%d [%s] ;;count=%d " fprintf(out, "%s ;;state=%d [%s] ;;count=%d "
";;lastchange=%u ;;%s", str, (int)ta->s, ";;lastchange=%u ;;%s", str, (int)ta->s,
trustanchor_state2str(ta->s), (int)ta->pending_count, trustanchor_state2str(ta->s), (int)ta->pending_count,
@ -833,7 +840,8 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp)
fclose(out); fclose(out);
} }
/** verify if dnskey works for trust point /**
* Verify if dnskey works for trust point
* @param env: environment (with time) for verification * @param env: environment (with time) for verification
* @param ve: validator environment (with options) for verification. * @param ve: validator environment (with options) for verification.
* @param tp: trust point to verify with * @param tp: trust point to verify with
@ -858,7 +866,7 @@ verify_dnskey(struct module_env* env, struct val_env* ve,
/* verify with keys */ /* verify with keys */
enum sec_status sec = val_verify_rrset(env, ve, rrset, enum sec_status sec = val_verify_rrset(env, ve, rrset,
tp->dnskey_rrset); tp->dnskey_rrset);
verbose(VERB_ALGO, "autotrust: DNSKEY is %s", verbose(VERB_ALGO, "autotrust: validate DNSKEY with keys: %s",
sec_status_to_string(sec)); sec_status_to_string(sec));
if(sec == sec_status_secure) { if(sec == sec_status_secure) {
return 1; return 1;
@ -879,7 +887,7 @@ min_expiry(struct module_env* env, ldns_rr_list* rrset)
continue; continue;
t = ldns_rdf2native_int32(ldns_rr_rrsig_expiration(rr)); t = ldns_rdf2native_int32(ldns_rr_rrsig_expiration(rr));
if(t > *env->now) { if(t > *env->now) {
t = t - *env->now; t -= *env->now;
if(t < r) if(t < r)
r = t; r = t;
} }