* and implement in here instead of the hardcoded EDE */
if (worker->env.cfg->ede) {
EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out,
- worker->scratchpad, LDNS_EDE_DNSSEC_BOGUS, "");
+ worker->scratchpad, msg->rep->reason_bogus, "");
}
error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
&msg->qinfo, id, flags, edns);
* and implement in here instead of the hardcoded EDE */
if (worker->env.cfg->ede) {
EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out,
- worker->scratchpad, LDNS_EDE_DNSSEC_BOGUS, "");
+ worker->scratchpad, rep->reason_bogus, "");
}
error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
qinfo, id, flags, edns);
cp = construct_reply_info_base(super->region, rep->flags, rep->qdcount,
rep->ttl, rep->prefetch_ttl, rep->serve_expired_ttl,
rep->an_numrrsets, rep->ns_numrrsets, rep->ar_numrrsets,
- rep->rrset_count, rep->security);
+ rep->rrset_count, rep->security, LDNS_EDE_NONE);
if(!cp)
return;
/* ttl must be relative ;i.e. 0..86400 not time(0)+86400.
* the env->now is added to message and RRsets in this routine. */
/* the leeway is used to invalidate other rrsets earlier */
-
if(is_referral) {
/* store rrsets */
struct rrset_ref ref;
0, /* ns */
0, /* ar */
0, /* total */
- sec_status_insecure);
+ sec_status_insecure,
+ LDNS_EDE_NONE);
if(msg->rep)
msg->rep->authoritative = 1;
if(!rpz_add_soa(msg->rep, ms, az))
0, /* ns */
0, /* ar */
0, /* total */
- sec_status_insecure);
+ sec_status_insecure,
+ LDNS_EDE_NONE);
if(msg->rep)
msg->rep->authoritative = 1;
if(!rpz_add_soa(msg->rep, ms, az))
0, /* ns */
0, /* ar */
1, /* total */
- sec_status_insecure);
+ sec_status_insecure,
+ LDNS_EDE_NONE);
if(new_reply_info == NULL) {
log_err("out of memory");
return NULL;
struct reply_info*
construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd,
time_t ttl, time_t prettl, time_t expttl, size_t an, size_t ns,
- size_t ar, size_t total, enum sec_status sec)
+ size_t ar, size_t total, enum sec_status sec, sldns_ede_code reason_bogus)
{
struct reply_info* rep;
/* rrset_count-1 because the first ref is part of the struct. */
rep->ar_numrrsets = ar;
rep->rrset_count = total;
rep->security = sec;
- rep->reason_bogus = LDNS_EDE_NONE;
+ /* veryify that we set the EDE to none by setting it explicitly */
+ if (reason_bogus != LDNS_EDE_NONE) {
+ rep->reason_bogus = reason_bogus;
+ } else {
+ rep->reason_bogus = LDNS_EDE_NONE;
+ }
rep->authoritative = 0;
/* array starts after the refs */
if(region)
{
*rep = construct_reply_info_base(region, msg->flags, msg->qdcount, 0,
0, 0, msg->an_rrsets, msg->ns_rrsets, msg->ar_rrsets,
- msg->rrset_count, sec_status_unchecked);
+ msg->rrset_count, sec_status_unchecked, LDNS_EDE_NONE);
if(!*rep)
return 0;
return 1;
new_rep = construct_reply_info_base(region, rep->flags,
rep->qdcount, rep->ttl, rep->prefetch_ttl,
rep->serve_expired_ttl, an_numrrsets, 0, 0, an_numrrsets,
- sec_status_insecure);
+ sec_status_insecure, LDNS_EDE_NONE);
if(!new_rep)
return NULL;
if(!reply_info_alloc_rrset_keys(new_rep, NULL, region))
cp = construct_reply_info_base(region, rep->flags, rep->qdcount,
rep->ttl, rep->prefetch_ttl, rep->serve_expired_ttl,
rep->an_numrrsets, rep->ns_numrrsets, rep->ar_numrrsets,
- rep->rrset_count, rep->security);
+ rep->rrset_count, rep->security, rep->reason_bogus);
if(!cp)
return NULL;
/* allocate ub_key structures special or not */
* @param ar: ar count
* @param total: total rrset count (presumably an+ns+ar).
* @param sec: security status of the reply info.
+ * @param: reason_bogus: the Extended DNS Error for DNSSEC bogus status
* @return the reply_info base struct with the array for putting the rrsets
* in. The array has been zeroed. Returns NULL on malloc failure.
*/
struct reply_info*
construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd,
time_t ttl, time_t prettl, time_t expttl, size_t an, size_t ns,
- size_t ar, size_t total, enum sec_status sec);
+ size_t ar, size_t total, enum sec_status sec,
+ sldns_ede_code reason_bogus);
/**
* Parse wire query into a queryinfo structure, return 0 on parse error.
projects / thirdparty / unbound.git / commitdiff
