resolved: add dns_packet_set_flags()

[thirdparty/systemd.git] / src / resolve / resolved-dns-dnssec.c

diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 608a8a2191a609feeaa70d00c15043bb6b0377c8..2d06775dca4036e62e754021d8f718678176c79a 100644 (file)
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -25,12 +25,26 @@
 #include "dns-domain.h"
 #include "resolved-dns-dnssec.h"
 #include "resolved-dns-packet.h"
+#include "string-table.h"
 
 /* Open question:
  *
  * How does the DNSSEC canonical form of a hostname with a label
  * containing a dot look like, the way DNS-SD does it?
  *
+ * TODO:
+ *
+ *   - Iterative validation
+ *   - NSEC proof of non-existance
+ *   - NSEC3 proof of non-existance
+ *   - Make trust anchor store read additional DS+DNSKEY data from disk
+ *   - wildcard zones compatibility
+ *   - multi-label zone compatibility
+ *   - DMSSEC cname/dname compatibility
+ *   - per-interface DNSSEC setting
+ *   - DSA support
+ *   - EC support?
+ *
  * */
 
 #define VERIFY_RRS_MAX 256
@@ -555,7 +569,6 @@ int dnssec_verify_rrset_search(
 }
 
 int dnssec_canonicalize(const char *n, char *buffer, size_t buffer_max) {
-        _cleanup_free_ char *s = NULL;
         size_t c = 0;
         int r;
 
@@ -697,3 +710,10 @@ finish:
         gcry_md_close(md);
         return r;
 }
+
+static const char* const dnssec_mode_table[_DNSSEC_MODE_MAX] = {
+        [DNSSEC_NO] = "no",
+        [DNSSEC_TRUST] = "trust",
+        [DNSSEC_YES] = "yes",
+};
+DEFINE_STRING_TABLE_LOOKUP(dnssec_mode, DnssecMode);