[ipfire-2.x.git] / src / patches / dnsmasq / 0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch

From 554b580e970275d5a869cb4fbfb2716f92b2f664 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 17 Apr 2015 22:50:20 +0100
Subject: [PATCH 078/113] Log domain when reporting DNSSEC validation failure.

---
 src/forward.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/forward.c b/src/forward.c
index 3f6b9a23b6ab..1c7da3f5655c 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -1014,7 +1014,7 @@ void reply_query(int fd, int family, time_t now)
 	    header->hb3 |= HB3_TC;
 	  else
 	    {
-	      char *result;
+	      char *result, *domain = "result";
 	      
 	      if (forward->work_counter == 0)
 		{
@@ -1024,7 +1024,10 @@ void reply_query(int fd, int family, time_t now)
 	      else
 		result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS"));
 	      
-	      log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result);
+	      if (status == STAT_BOGUS && extract_request(header, n, daemon->namebuff, NULL))
+		domain = daemon->namebuff;
+
+	      log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
 	    }
 	  
 	  if (status == STAT_SECURE)
@@ -1975,7 +1978,7 @@ unsigned char *tcp_request(int confd, time_t now,
 			{
 			  int keycount = DNSSEC_WORK; /* Limit to number of DNSSEC questions, to catch loops and avoid filling cache. */
 			  int status = tcp_key_recurse(now, STAT_TRUNCATED, header, m, 0, daemon->namebuff, daemon->keyname, last_server, &keycount);
-			  char *result;
+			  char *result, *domain = "result";
 
 			  if (status == STAT_INSECURE_DS)
 			    {
@@ -1993,8 +1996,10 @@ unsigned char *tcp_request(int confd, time_t now,
 			    }
 			  else
 			    result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS"));
-			  
-			  log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result);
+			   if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL))
+			     domain = daemon->namebuff;
+
+			  log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
 			  
 			  if (status == STAT_BOGUS)
 			    {
-- 
2.1.0
Commit	Line	Data
d54a2ce4 MT	1	From 554b580e970275d5a869cb4fbfb2716f92b2f664 Mon Sep 17 00:00:00 2001
	2	From: Simon Kelley <simon@thekelleys.org.uk>
	3	Date: Fri, 17 Apr 2015 22:50:20 +0100
697b4f04	4	Subject: [PATCH 078/113] Log domain when reporting DNSSEC validation failure.
d54a2ce4 MT	5
	6	---
	7	src/forward.c \| 15 ++++++++++-----
	8	1 file changed, 10 insertions(+), 5 deletions(-)
	9
	10	diff --git a/src/forward.c b/src/forward.c
	11	index 3f6b9a23b6ab..1c7da3f5655c 100644
	12	--- a/src/forward.c
	13	+++ b/src/forward.c
	14	@@ -1014,7 +1014,7 @@ void reply_query(int fd, int family, time_t now)
	15	header->hb3 \|= HB3_TC;
	16	else
	17	{
	18	- char *result;
	19	+ char result, domain = "result";
	20
	21	if (forward->work_counter == 0)
	22	{
	23	@@ -1024,7 +1024,10 @@ void reply_query(int fd, int family, time_t now)
	24	else
	25	result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS"));
	26
	27	- log_query(F_KEYTAG \| F_SECSTAT, "result", NULL, result);
	28	+ if (status == STAT_BOGUS && extract_request(header, n, daemon->namebuff, NULL))
	29	+ domain = daemon->namebuff;
	30	+
	31	+ log_query(F_KEYTAG \| F_SECSTAT, domain, NULL, result);
	32	}
	33
	34	if (status == STAT_SECURE)
	35	@@ -1975,7 +1978,7 @@ unsigned char *tcp_request(int confd, time_t now,
	36	{
	37	int keycount = DNSSEC_WORK; /* Limit to number of DNSSEC questions, to catch loops and avoid filling cache. */
	38	int status = tcp_key_recurse(now, STAT_TRUNCATED, header, m, 0, daemon->namebuff, daemon->keyname, last_server, &keycount);
	39	- char *result;
	40	+ char result, domain = "result";
	41
	42	if (status == STAT_INSECURE_DS)
	43	{
	44	@@ -1993,8 +1996,10 @@ unsigned char *tcp_request(int confd, time_t now,
	45	}
	46	else
	47	result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS"));
	48	-
	49	- log_query(F_KEYTAG \| F_SECSTAT, "result", NULL, result);
	50	+ if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL))
	51	+ domain = daemon->namebuff;
	52	+
	53	+ log_query(F_KEYTAG \| F_SECSTAT, domain, NULL, result);
	54
	55	if (status == STAT_BOGUS)
	56	{
	57	--
	58	2.1.0
	59