validate: add kr_rrset_validation_ctx_t::log_qry

... so we can use it for more precise logging.  Some calls get simpler.
In particular, without the associated request, we can't produce anything
into trace-logs, which could be confusing.  Normal logs will benefit, too.
(more precise replacement of WITH_VERBOSE will come in a subsequent commit)

diff --git a/lib/dnssec.c b/lib/dnssec.c
index e11e1b0d3be0202b012cdac9ca0ac53956d97921..65e932085b91a2665fe001078e4afbb2af4e6f9d 100644 (file)
--- a/lib/dnssec.c
+++ b/lib/dnssec.c
@@ -255,7 +255,7 @@ static int kr_rrset_validate_with_key(kr_rrset_validation_ctx_t *vctx,
                                        auto_free char
                                                *name_str = kr_dname_text(covered->owner),
                                                *type_str = kr_rrtype_text(covered->type);
-                                       QRVERBOSE(NULL, VALIDATOR,
+                                       QRVERBOSE(vctx->log_qry, VALIDATOR,
                                                "trimming TTL of %s %s: %d -> %d\n",
                                                name_str, type_str,
                                                (int)covered->ttl, (int)ttl_max);

diff --git a/lib/dnssec.h b/lib/dnssec.h
index d9601eaa998ebb9b0fbafcf1a9030ddfc21941c9..6e71f62a6feb2da78ac2b232d7c0eee5be4d97ab 100644 (file)
--- a/lib/dnssec.h
+++ b/lib/dnssec.h
@@ -47,6 +47,7 @@ struct kr_rrset_validation_ctx {
        uint32_t err_cnt;               /*!< Output - Number of validation failures. */
        uint32_t cname_norrsig_cnt;     /*!< Output - Number of CNAMEs missing RRSIGs. */
        int result;                     /*!< Output - 0 or error code. */
+       const struct kr_query *log_qry; /*!< The query; just for logging purposes. */
        struct {
                unsigned int matching_name_type;        /*!< Name + type matches */
                unsigned int expired;

diff --git a/lib/layer/validate.c b/lib/layer/validate.c
index 5c22d5b9aa8af7bdc3419c9ad059f40d520fc049..5e3050eb15520d2fec150eb0131b3c1e906ab4da 100644 (file)
--- a/lib/layer/validate.c
+++ b/lib/layer/validate.c
@@ -66,12 +66,12 @@ static bool pkt_has_type(const knot_pkt_t *pkt, uint16_t type)
        return section_has_type(knot_pkt_section(pkt, KNOT_ADDITIONAL), type);
 }
 
-static void log_bogus_rrsig(kr_rrset_validation_ctx_t *vctx, const struct kr_query *qry,
+static void log_bogus_rrsig(kr_rrset_validation_ctx_t *vctx,
                            const knot_rrset_t *rr, const char *msg) {
-       WITH_VERBOSE(qry) {
+       WITH_VERBOSE(vctx->log_qry) {
                auto_free char *name_text = kr_dname_text(rr->owner);
                auto_free char *type_text = kr_rrtype_text(rr->type);
-               VERBOSE_MSG(qry, ">< %s: %s %s "
+               VERBOSE_MSG(vctx->log_qry, ">< %s: %s %s "
                            "(%u matching RRSIGs, %u expired, %u not yet valid, "
                            "%u invalid signer, %u invalid label count, %u invalid key, "
                            "%u invalid crypto, %u invalid NSEC)\n",
@@ -222,7 +222,7 @@ static int validate_section(kr_rrset_validation_ctx_t *vctx, struct kr_query *qr
                         * NS RRsets that appear at delegation points (...)
                         * MUST NOT be signed */
                        if (vctx->rrs_counters.matching_name_type > 0)
-                               log_bogus_rrsig(vctx, qry, rr,
+                               log_bogus_rrsig(vctx, rr,
                                        "found unexpected signatures for non-authoritative data which failed to validate, continuing");
                        vctx->result = kr_ok();
                        kr_rank_set(&entry->rank, KR_RANK_TRY);
@@ -235,11 +235,11 @@ static int validate_section(kr_rrset_validation_ctx_t *vctx, struct kr_query *qr
                        /* no RRSIGs found */
                        kr_rank_set(&entry->rank, KR_RANK_MISSING);
                        vctx->err_cnt += 1;
-                       log_bogus_rrsig(vctx, qry, rr, "no valid RRSIGs found");
+                       log_bogus_rrsig(vctx, rr, "no valid RRSIGs found");
                } else {
                        kr_rank_set(&entry->rank, KR_RANK_BOGUS);
                        vctx->err_cnt += 1;
-                       log_bogus_rrsig(vctx, qry, rr, "bogus signatures");
+                       log_bogus_rrsig(vctx, rr, "bogus signatures");
                }
        }
        return kr_ok();
@@ -265,7 +265,8 @@ static int validate_records(struct kr_request *req, knot_pkt_t *answer, knot_mm_
                .flags          = 0,
                .err_cnt        = 0,
                .cname_norrsig_cnt = 0,
-               .result         = 0
+               .result         = 0,
+               .log_qry        = qry,
        };
 
        int ret = validate_section(&vctx, qry, pool);
@@ -350,13 +351,14 @@ static int validate_keyset(struct kr_request *req, knot_pkt_t *answer, bool has_
                        .qry_uid        = qry->uid,
                        .has_nsec3      = has_nsec3,
                        .flags          = 0,
-                       .result         = 0
+                       .result         = 0,
+                       .log_qry        = qry,
                };
                int ret = kr_dnskeys_trusted(&vctx, qry->zone_cut.trust_anchor);
                if (ret != 0) {
                        if (ret != kr_error(DNSSEC_INVALID_DS_ALGORITHM) &&
                            ret != kr_error(EAGAIN)) {
-                               log_bogus_rrsig(&vctx, qry, qry->zone_cut.key, "bogus key");
+                               log_bogus_rrsig(&vctx, qry->zone_cut.key, "bogus key");
                        }
                        knot_rrset_free(qry->zone_cut.key, qry->zone_cut.pool);
                        qry->zone_cut.key = NULL;