mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-23 16:20:26 -05:00
- trustanchor tags are sorted. reusable routine to fetch taglist.
git-svn-id: file:///svn/unbound/trunk@4056 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
ca48de34e9
commit
f374268521
4 changed files with 60 additions and 29 deletions
|
|
@ -785,8 +785,9 @@ static void
|
||||||
chaos_trustanchor(sldns_buffer* pkt, struct edns_data* edns, struct worker* w)
|
chaos_trustanchor(sldns_buffer* pkt, struct edns_data* edns, struct worker* w)
|
||||||
{
|
{
|
||||||
int max_txt = 16;
|
int max_txt = 16;
|
||||||
int max_ids = 32;
|
int max_tags = 32;
|
||||||
char* str_array[16];
|
char* str_array[16];
|
||||||
|
uint16_t tags[32];
|
||||||
int num = 0;
|
int num = 0;
|
||||||
struct trust_anchor* ta;
|
struct trust_anchor* ta;
|
||||||
|
|
||||||
|
|
@ -799,12 +800,15 @@ chaos_trustanchor(sldns_buffer* pkt, struct edns_data* edns, struct worker* w)
|
||||||
/* fill the string with contents */
|
/* fill the string with contents */
|
||||||
lock_basic_lock(&w->env.anchors->lock);
|
lock_basic_lock(&w->env.anchors->lock);
|
||||||
RBTREE_FOR(ta, struct trust_anchor*, w->env.anchors->tree) {
|
RBTREE_FOR(ta, struct trust_anchor*, w->env.anchors->tree) {
|
||||||
int numid = 0;
|
int i, numtag;
|
||||||
char* str = (char*)regional_alloc(w->scratchpad, 255);
|
char* str;
|
||||||
size_t str_len = 255;
|
size_t str_len = 255;
|
||||||
if(!str || num == max_txt) continue;
|
if(num == max_txt) continue;
|
||||||
|
str = (char*)regional_alloc(w->scratchpad, 255);
|
||||||
|
if(!str) continue;
|
||||||
lock_basic_lock(&ta->lock);
|
lock_basic_lock(&ta->lock);
|
||||||
if(ta->numDS == 0 && ta->numDNSKEY == 0) {
|
numtag = anchor_list_keytags(ta, tags, max_tags);
|
||||||
|
if(numtag == 0) {
|
||||||
/* empty, insecure point */
|
/* empty, insecure point */
|
||||||
lock_basic_unlock(&ta->lock);
|
lock_basic_unlock(&ta->lock);
|
||||||
continue;
|
continue;
|
||||||
|
|
@ -815,30 +819,11 @@ chaos_trustanchor(sldns_buffer* pkt, struct edns_data* edns, struct worker* w)
|
||||||
/* spool name of anchor */
|
/* spool name of anchor */
|
||||||
(void)sldns_wire2str_dname_buf(ta->name, ta->namelen, str, str_len);
|
(void)sldns_wire2str_dname_buf(ta->name, ta->namelen, str, str_len);
|
||||||
str_len -= strlen(str); str += strlen(str);
|
str_len -= strlen(str); str += strlen(str);
|
||||||
/* spool DS */
|
/* spool tags */
|
||||||
if(ta->numDS != 0 && ta->ds_rrset) {
|
for(i=0; i<numtag; i++) {
|
||||||
struct packed_rrset_data* d=(struct packed_rrset_data*)
|
snprintf(str, str_len, " %u", (unsigned)tags[i]);
|
||||||
ta->ds_rrset->entry.data;
|
|
||||||
size_t i;
|
|
||||||
for(i=0; i<d->count; i++) {
|
|
||||||
uint16_t tag = ds_get_keytag(ta->ds_rrset, i);
|
|
||||||
if(numid++ > max_ids) continue;
|
|
||||||
snprintf(str, str_len, " %u", (unsigned)tag);
|
|
||||||
str_len -= strlen(str); str += strlen(str);
|
str_len -= strlen(str); str += strlen(str);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
/* spool DNSKEY */
|
|
||||||
if(ta->numDNSKEY != 0 && ta->dnskey_rrset) {
|
|
||||||
struct packed_rrset_data* d=(struct packed_rrset_data*)
|
|
||||||
ta->dnskey_rrset->entry.data;
|
|
||||||
size_t i;
|
|
||||||
for(i=0; i<d->count; i++) {
|
|
||||||
uint16_t tag = dnskey_calc_keytag(ta->dnskey_rrset, i);
|
|
||||||
if(numid++ > max_ids) continue;
|
|
||||||
snprintf(str, str_len, " %u", (unsigned)tag);
|
|
||||||
str_len -= strlen(str); str += strlen(str);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
lock_basic_unlock(&ta->lock);
|
lock_basic_unlock(&ta->lock);
|
||||||
}
|
}
|
||||||
lock_basic_unlock(&w->env.anchors->lock);
|
lock_basic_unlock(&w->env.anchors->lock);
|
||||||
|
|
@ -879,7 +864,7 @@ answer_chaos(struct worker* w, struct query_info* qinfo,
|
||||||
chaos_replystr(pkt, (char**)&"no hostname", 1, edns, w);
|
chaos_replystr(pkt, (char**)&"no hostname", 1, edns, w);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else chaos_replystr(pkt, &cfg->identity, 1, edns, w);
|
else chaos_replystr(pkt, (char**)&cfg->identity, 1, edns, w);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
if(query_dname_compare(qinfo->qname,
|
if(query_dname_compare(qinfo->qname,
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@
|
||||||
of TXT RRs with a string like "example.com. 2345 1234" with
|
of TXT RRs with a string like "example.com. 2345 1234" with
|
||||||
the trust anchors and their keytags.
|
the trust anchors and their keytags.
|
||||||
- Fix that looped DNAMEs do not cause unbound to spend effort.
|
- Fix that looped DNAMEs do not cause unbound to spend effort.
|
||||||
|
- trustanchor tags are sorted. reusable routine to fetch taglist.
|
||||||
|
|
||||||
13 March 2017: Wouter
|
13 March 2017: Wouter
|
||||||
- testbound understands Deckard MATCH rcode question answer commands.
|
- testbound understands Deckard MATCH rcode question answer commands.
|
||||||
|
|
|
||||||
|
|
@ -1273,3 +1273,37 @@ anchors_delete_insecure(struct val_anchors* anchors, uint16_t c,
|
||||||
anchors_delfunc(&ta->node, NULL);
|
anchors_delfunc(&ta->node, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** compare two keytags, return -1, 0 or 1 */
|
||||||
|
static int
|
||||||
|
keytag_compare(const void* x, const void* y)
|
||||||
|
{
|
||||||
|
return *(uint16_t*)x - *(uint16_t*)y;
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
anchor_list_keytags(struct trust_anchor* ta, uint16_t* list, int num)
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
int ret = 0;
|
||||||
|
if(ta->numDS == 0 && ta->numDNSKEY == 0)
|
||||||
|
return 0; /* insecure point */
|
||||||
|
if(ta->numDS != 0 && ta->ds_rrset) {
|
||||||
|
struct packed_rrset_data* d=(struct packed_rrset_data*)
|
||||||
|
ta->ds_rrset->entry.data;
|
||||||
|
for(i=0; i<d->count; i++) {
|
||||||
|
if(ret == num) continue;
|
||||||
|
list[ret++] = ds_get_keytag(ta->ds_rrset, i);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(ta->numDNSKEY != 0 && ta->dnskey_rrset) {
|
||||||
|
struct packed_rrset_data* d=(struct packed_rrset_data*)
|
||||||
|
ta->dnskey_rrset->entry.data;
|
||||||
|
for(i=0; i<d->count; i++) {
|
||||||
|
if(ret == num) continue;
|
||||||
|
list[ret++] = dnskey_calc_keytag(
|
||||||
|
ta->dnskey_rrset, i);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
qsort(list, ret, sizeof(*list), keytag_compare);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -216,4 +216,15 @@ int anchors_add_insecure(struct val_anchors* anchors, uint16_t c, uint8_t* nm);
|
||||||
void anchors_delete_insecure(struct val_anchors* anchors, uint16_t c,
|
void anchors_delete_insecure(struct val_anchors* anchors, uint16_t c,
|
||||||
uint8_t* nm);
|
uint8_t* nm);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get a list of keytags for the trust anchor. Zero tags for insecure points.
|
||||||
|
* @param ta: trust anchor (locked by caller).
|
||||||
|
* @param list: array of uint16_t.
|
||||||
|
* @param num: length of array.
|
||||||
|
* @return number of keytags filled into array. If total number of keytags is
|
||||||
|
* bigger than the array, it is truncated at num. On errors, less keytags
|
||||||
|
* are filled in. The array is sorted.
|
||||||
|
*/
|
||||||
|
int anchor_list_keytags(struct trust_anchor* ta, uint16_t* list, int num);
|
||||||
|
|
||||||
#endif /* VALIDATOR_VAL_ANCHOR_H */
|
#endif /* VALIDATOR_VAL_ANCHOR_H */
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue