Reveal the existance of the ldns_dnssec_mark_glue() function (that was alleady in the ldns_symbols.def list) in the header file.
Export ldns_dnssec_name_is_glue() with the library.
static int
is_glue(ldns_dnssec_rrsets *cur_rrsets, ldns_dnssec_rrsets *orig_rrsets)
{
- /* only glue if a or aaaa if there are no ns, unless there is soa */
+ /* only glue if a or aaaa with names that have an NS rrset and are not the
+ apex (do not have a soa rrset) */
return (cur_rrsets->type == LDNS_RR_TYPE_A ||
cur_rrsets->type == LDNS_RR_TYPE_AAAA) &&
(ldns_dnssec_rrsets_contains_type(orig_rrsets,
return 1;
}
+/*
+ * Regardless of its name, this function does not mark the glue rrsets as glue,
+ * but only names that have ONLY glue rrsets.
+ *
+ * TODO
+ * Names with glue on the delegation are NOT marked! They are handled seperatly
+ * and specially within the is_glue() function in dnssec.c to exclude them
+ * from the NSEC and NSEC3 bitmaps; and in ldns_dnssec_zone_create_rrsigs_flg()
+ * in dnssec_sign.c to make sure those rrsets are not signed.
+ *
+ * Also, names that have other obscured rrsets besides A and AAAA types will NOT
+ * be marked. This is probably a mistake.
+ */
ldns_status
ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone)
{
cur_name = (ldns_dnssec_name *) cur_node->data;
cur_node = ldns_rbtree_next(cur_node);
if (ldns_dnssec_name_has_only_a(cur_name)) {
- /* assume glue XXX check for zone cur */
+ /* assume glue XXX check for zone cut */
cur_owner = ldns_rdf_clone(ldns_rr_owner(
cur_name->rrsets->rrs->rr));
while (ldns_dname_label_count(cur_owner) >
ldns_rdf *ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key);
#endif /* HAVE_SSL */
+/**
+ * Marks the names in the zone that contain only glue, by setting the
+ * is_glue attribute of the ldns_dnssec_name structure to true.
+ * Names with glue on the delegation point and occluded names with other
+ * rrsets than only A and AAAA are not marked!
+ *
+ * \param[in] zone the zone in which to mark the names
+ * \return LDNS_STATUS_OK on succesful completion
+ */
+ldns_status
+ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone)
+{
+}
+
/**
* Finds the first dnssec_name node in the rbtree that has not been marked
* as glue, starting at the given node
*/
ldns_dnssec_rrs *nsec_signatures;
/**
- * Set to true if this name is glue
- * (as marked by ldns_dnssec_zone_mark_glue())
+ * Set to true if this name contains only glue rrsets.
+ * Names that contain other obscured rrsets and records with glue on the
+ * delegation point will NOT have this bool set to true.
+ * ldns_dnssec_zone_mark_glue() should have been called before using this
+ * field.
+ * This field should not be read directly, but only via the
+ * ldns_dnssec_name_is_glue() function.
+ *
*/
bool is_glue;
/**
ldns_rdf *dname);
/**
* Returns if dnssec_name structure is marked as glue.
- * Note that the ldns_dnssec_zone_mark_glue function has to be called
- * on a zone before using this function.
+ * The ldns_dnssec_zone_mark_glue() function has to be called on a zone before
+ * using this function.
+ * Only names that have only glue rrsets will be marked.
+ * Names that have other obscured rrsets and names containing glue on the
+ * delegation point will NOT be marked!
*
* \param[in] name the dnssec name to get the domain name from
* \return true if the structure is marked as glue, false otherwise.
ldns_dnssec_name_deep_free
ldns_dnssec_name_find_rrset
ldns_dnssec_name_free
+ldns_dnssec_name_is_glue
ldns_dnssec_name_name
ldns_dnssec_name_new
ldns_dnssec_name_new_frm_rr
projects / thirdparty / ldns.git / commitdiff
