-24 September 2009: Wouter
+25 September 2009: Wouter
- so-rcvbuf: 4m option added. Set this on large busy servers to not
drop the occasional packet in spikes due to full socket buffers.
netstat -su keeps a counter of UDP dropped due to full buffers.
+ - review of validator/autotrust.c, small fixes and comments.
23 September 2009: Wouter
- 5011 query failed counts verification failures, not lookup failures.
tp->autr->file = strdup(fname);
if(!tp->autr->file) {
lock_basic_unlock(&tp->lock);
+ log_err("malloc failure");
return NULL;
}
}
return 0;
}
}
+ /* we have prepared the new keys so nothing can go wrong any more.
+ * And we are sure we cannot be left without trustanchor after
+ * an errors. Put in the new keys and remove old ones. */
/* free the old data */
autr_rrset_delete(tp->ds_rrset);
return tp;
}
-/** parse variable from trustanchor header
+/**
+ * Parse variable from trustanchor header
* @param line: to parse
* @param anchors: the anchor is added to this, if "id:" is seen.
* @param anchor: the anchor as result value or previously returned anchor
if((r = parse_var_line(line, anchors, &tp)) == -1) {
log_err("could not parse auto-trust-anchor-file "
"%s line %d", nm, line_nr);
+ fclose(fd);
return 0;
} else if(r == 1) {
continue;
continue;
str = ldns_rr2str(ta->rr);
if(!str || !str[0]) {
+ free(str);
log_err("malloc failure writing %s", tp->autr->file);
continue;
}
- str[strlen(str)-1] = 0;
+ str[strlen(str)-1] = 0; /* remove newline */
fprintf(out, "%s ;;state=%d [%s] ;;count=%d "
";;lastchange=%u ;;%s", str, (int)ta->s,
trustanchor_state2str(ta->s), (int)ta->pending_count,
fclose(out);
}
-/** verify if dnskey works for trust point
+/**
+ * Verify if dnskey works for trust point
* @param env: environment (with time) for verification
* @param ve: validator environment (with options) for verification.
* @param tp: trust point to verify with
/* verify with keys */
enum sec_status sec = val_verify_rrset(env, ve, rrset,
tp->dnskey_rrset);
- verbose(VERB_ALGO, "autotrust: DNSKEY is %s",
+ verbose(VERB_ALGO, "autotrust: validate DNSKEY with keys: %s",
sec_status_to_string(sec));
if(sec == sec_status_secure) {
return 1;
continue;
t = ldns_rdf2native_int32(ldns_rr_rrsig_expiration(rr));
if(t > *env->now) {
- t = t - *env->now;
+ t -= *env->now;
if(t < r)
r = t;
}
projects / thirdparty / unbound.git / commitdiff
