From 3533d4fc832b83c012b80ec503bd857329752371 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Wed, 4 Jul 2018 15:28:21 +0200 Subject: [PATCH] DNSSEC_OUT_OF_RANGE -> KNOT_ERANGE This error code has been unused in knot since 2.3, and now it got removed. --- lib/dnssec.c | 2 +- lib/dnssec/nsec3.c | 14 +++++++------- lib/dnssec/nsec3.h | 6 +++--- lib/layer/validate.c | 6 +++--- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/lib/dnssec.c b/lib/dnssec.c index 14e37f681..a268e1d20 100644 --- a/lib/dnssec.c +++ b/lib/dnssec.c @@ -235,7 +235,7 @@ static int kr_rrset_validate_with_key(kr_rrset_validation_ctx_t *vctx, ret = kr_nsec_wildcard_answer_response_check(pkt, KNOT_AUTHORITY, covered->owner); } else { ret = kr_nsec3_wildcard_answer_response_check(pkt, KNOT_AUTHORITY, covered->owner, trim_labels - 1); - if (ret == kr_error(DNSSEC_OUT_OF_RANGE)) { + if (ret == kr_error(KNOT_ERANGE)) { ret = 0; vctx->flags |= KR_DNSSEC_VFLG_OPTOUT; } diff --git a/lib/dnssec/nsec3.c b/lib/dnssec/nsec3.c index 19bc74efa..6ed02068a 100644 --- a/lib/dnssec/nsec3.c +++ b/lib/dnssec/nsec3.c @@ -461,7 +461,7 @@ static int closest_encloser_proof(const knot_pkt_t *pkt, * @param section_id Packet section to be processed. * @param encloser Closest (provable) encloser domain name. * @return 0 or error code: - * DNSSEC_OUT_OF_RANGE - NSEC3 RR (that covers a wildcard) + * KNOT_ERANGE - NSEC3 RR (that covers a wildcard) * has been found, but has opt-out flag set; * otherwise - error. */ @@ -494,7 +494,7 @@ static int covers_closest_encloser_wildcard(const knot_pkt_t *pkt, knot_section_ } if (flags & FLG_NAME_COVERED) { return has_optout(rrset) ? - kr_error(DNSSEC_OUT_OF_RANGE) : kr_ok(); + kr_error(KNOT_ERANGE) : kr_ok(); } } @@ -521,7 +521,7 @@ int kr_nsec3_name_error_response_check(const knot_pkt_t *pkt, knot_section_t sec * NSEC3 for wildcard has been found and optout flag is not set. * Now check if NSEC3 that covers next closer name has opt-out. */ return has_optout(covering_next_nsec3) ? - kr_error(DNSSEC_OUT_OF_RANGE) : kr_ok(); + kr_error(KNOT_ERANGE) : kr_ok(); } /** @@ -613,7 +613,7 @@ int kr_nsec3_wildcard_answer_response_check(const knot_pkt_t *pkt, knot_section_ } if (flags & FLG_NAME_COVERED) { return has_optout(rrset) ? - kr_error(DNSSEC_OUT_OF_RANGE) : kr_ok(); + kr_error(KNOT_ERANGE) : kr_ok(); } } @@ -651,7 +651,7 @@ int kr_nsec3_no_data(const knot_pkt_t *pkt, knot_section_t section_id, * in the packet can be properly signed, * AD bit must not be set due to rfc5155 9.2. * Return appropriate code to the caller */ - ret = kr_error(DNSSEC_OUT_OF_RANGE); + ret = kr_error(KNOT_ERANGE); } return ret; } @@ -668,7 +668,7 @@ int kr_nsec3_no_data(const knot_pkt_t *pkt, knot_section_t section_id, * Denial of existence can not be proven. * Set error code to proceed unsecure. */ - ret = kr_error(DNSSEC_OUT_OF_RANGE); + ret = kr_error(KNOT_ERANGE); } return ret; @@ -745,7 +745,7 @@ int kr_nsec3_ref_to_unsigned(const knot_pkt_t *pkt) } if (has_optout(covering_next_nsec3)) { - return kr_error(DNSSEC_OUT_OF_RANGE); + return kr_error(KNOT_ERANGE); } else { return kr_error(EINVAL); } diff --git a/lib/dnssec/nsec3.h b/lib/dnssec/nsec3.h index 33a396a46..527ccce80 100644 --- a/lib/dnssec/nsec3.h +++ b/lib/dnssec/nsec3.h @@ -36,7 +36,7 @@ int kr_nsec3_name_error_response_check(const knot_pkt_t *pkt, knot_section_t sec * @param sname Name to be checked. * @param trim_to_next Number of labels to remove to obtain next closer name. * @return 0 or error code: - * DNSSEC_OUT_OF_RANGE - NSEC3 RR that covers a wildcard + * KNOT_ERANGE - NSEC3 RR that covers a wildcard * has been found, but has opt-out flag set; * otherwise - error. */ @@ -53,7 +53,7 @@ int kr_nsec3_wildcard_answer_response_check(const knot_pkt_t *pkt, knot_section_ * @return 0 or error code: * DNSSEC_NOT_FOUND - neither ds nor nsec records * were not found. - * DNSSEC_OUT_OF_RANGE - denial of existence can't be proven + * KNOT_ERANGE - denial of existence can't be proven * due to opt-out, otherwise - bogus. */ int kr_nsec3_no_data(const knot_pkt_t *pkt, knot_section_t section_id, @@ -64,7 +64,7 @@ int kr_nsec3_no_data(const knot_pkt_t *pkt, knot_section_t section_id, * @note No RRSIGs are validated. * @param pkt Packet structure to be processed. * @return 0 or error code: - * DNSSEC_OUT_OF_RANGE - denial of existence can't be proven + * KNOT_ERANGE - denial of existence can't be proven * due to opt-out. * EEXIST - ds record was found. * EINVAL - bogus. diff --git a/lib/layer/validate.c b/lib/layer/validate.c index 4c3f55817..583c5f4ef 100644 --- a/lib/layer/validate.c +++ b/lib/layer/validate.c @@ -395,7 +395,7 @@ static int update_delegation(struct kr_request *req, struct kr_query *qry, knot_ /* No-data answer, QTYPE is DS, rfc5155 8.6 */ ret = kr_nsec3_no_data(answer, KNOT_AUTHORITY, proved_name, KNOT_RRTYPE_DS); } - if (ret == kr_error(DNSSEC_OUT_OF_RANGE)) { + if (ret == kr_error(KNOT_ERANGE)) { /* Not bogus, going insecure due to optout */ ret = 0; } @@ -982,7 +982,7 @@ static int validate(kr_layer_t *ctx, knot_pkt_t *pkt) } else { ret = kr_nsec3_name_error_response_check(pkt, KNOT_AUTHORITY, qry->sname); } - if (has_nsec3 && (ret == kr_error(DNSSEC_OUT_OF_RANGE))) { + if (has_nsec3 && (ret == kr_error(KNOT_ERANGE))) { /* NXDOMAIN proof is OK, * but NSEC3 that covers next closer name * (or wildcard at next closer name) has opt-out flag. @@ -1013,7 +1013,7 @@ static int validate(kr_layer_t *ctx, knot_pkt_t *pkt) ret = kr_nsec3_no_data(pkt, KNOT_AUTHORITY, knot_pkt_qname(pkt), knot_pkt_qtype(pkt)); } if (ret != 0) { - if (has_nsec3 && (ret == kr_error(DNSSEC_OUT_OF_RANGE))) { + if (has_nsec3 && (ret == kr_error(KNOT_ERANGE))) { VERBOSE_MSG(qry, "<= can't prove NODATA due to optout, going insecure\n"); qry->flags.DNSSEC_OPTOUT = true; /* Could not return from here, -- 2.47.3