#include "drill.h"
#include <ldns/dns.h>
+
+void
+resolver_print_nameservers(ldns_resolver *r)
+{
+ uint8_t i;
+ ldns_rdf **n;
+ n = ldns_resolver_nameservers(r);
+
+ for (i = 0; i < ldns_resolver_nameserver_count(r); i++) {
+ printf(" | @"); ldns_rdf_print(stdout, n[i]);
+ }
+}
+
+/*
+ * print the key in abbr. form
+ * owner_name TYPE ; { id = id (ksk), size = b}
+ */
+void
+print_dnskey(ldns_rr_list *key_list)
+{
+ uint16_t key_size;
+ uint16_t key_id;
+ uint16_t ksk;
+ ldns_rr *dnskey;
+ size_t i;
+
+ for (i = 0; i < ldns_rr_list_rr_count(key_list); i++) {
+ dnskey = ldns_rr_list_rr(key_list, i);
+
+ printf(" | ");
+ ldns_rdf_print(stdout, ldns_rr_owner(dnskey));
+ printf(" DNSKEY ");
+ key_size = ldns_rr_dnskey_key_size(dnskey);
+ key_id = ldns_calc_keytag(dnskey);
+ ksk = ldns_rdf2native_int16(ldns_rr_rdf(dnskey, 0));
+
+ switch (ksk) {
+ case 257:
+ printf("; { id = %d (ksk), size = %db }\n",
+ (int)key_id, (int)key_size);
+ break;
+ case 256:
+ printf("; { id = %d (zsk), size = %db }\n",
+ (int)key_id, (int)key_size);
+ break;
+ default:
+ printf("; { id = %d, size = %db }\n",
+ (int)key_id, (int)key_size);
+ break;
+ }
+ }
+}
+
+void
+print_ds(ldns_rr_list *ds_list)
+{
+ ldns_rr *ds;
+ uint16_t key_id;
+ size_t i;
+
+ for (i = 0; i < ldns_rr_list_rr_count(ds_list); i++) {
+ ds = ldns_rr_list_rr(ds_list, i);
+
+ printf(" | ");
+ ldns_rdf_print(stdout, ldns_rr_owner(ds));
+ printf(" DS ");
+ key_id = ldns_rdf2native_int16(ldns_rr_rdf(ds, 0));
+
+ printf("; { id = %d }\n", (int)key_id);
+ }
+}
ldns_rr_list *rrsig_cache = NULL;
ldns_rr_list *ds_cache = NULL;
- /* put RRset in here that are validated */
- ldns_rr_list *validated_cache = NULL;
-
ldns_rdf *chopped_dname[11]; /* alloc 10 subparts for a dname */
ldns_rr_list *ds;
int8_t i, dname_labels;
break;
}
}
- printf("\nFirst dname with keys and sigs here */\n");
- ldns_rdf_print(stdout, chopped_dname[i]);
lab_cnt = i;
+ /* Print whay we have found until now */
+ printf(" (");
+ ldns_rdf_print(stdout, chopped_dname[i]);
+ puts(")\n |");
+ resolver_print_nameservers(res);
+ puts("");
+ print_dnskey(dnskey_cache);
+ puts("");
+
+
/* chopped_dname[i] is the zone which is configured at the
* nameserver pointed to by res. This is our starting point
* for the secure trace. Hopefully the trusted keys we got
* match the keys we see here
*/
-printf("\nkeys\n");
- ldns_rr_list_print(stdout, dnskey_cache);
-printf("\nsigs\n");
if (!rrsig_cache) {
/* huh!? the sigs must be sent along with the keys...
* probably are using some lame forwarder... exit as
}
}
- printf("key cache \n");
- ldns_rr_list_print(stdout, dnskey_cache);
- printf("ds_cache \n");
- ldns_rr_list_print(stdout, ds_cache);
- printf("sig cache \n");
- ldns_rr_list_print(stdout, rrsig_cache);
+ print_dnskey(dnskey_cache);
+ print_ds(ds_cache);
validated_ds = check_ds_key_equiv_rr_list(dnskey_cache, ds_cache);
if (validated_ds) {
- ldns_rr_list_print(stdout, validated_ds);
+ print_ds(validated_ds);
}
- printf("\n");
-
return LDNS_STATUS_OK;
}
switch (ldns_rr_get_type(rr)) {
case LDNS_RR_TYPE_DNSKEY:
if (ldns_rdf2native_int16(ldns_rr_rdf(rr, 0)) == 256) {
- ldns_buffer_printf(output, " ; {id = %d (zsk), size = %db}",
+ ldns_buffer_printf(output, " ;{id = %d (zsk), size = %db}",
ldns_calc_keytag(rr),
ldns_rr_dnskey_key_size(rr));
break;
}
if (ldns_rdf2native_int16(ldns_rr_rdf(rr, 0)) == 257) {
- ldns_buffer_printf(output, " ; {id = %d (ksk), size = %db}",
+ ldns_buffer_printf(output, " ;{id = %d (ksk), size = %db}",
ldns_calc_keytag(rr),
ldns_rr_dnskey_key_size(rr));
break;
}
- ldns_buffer_printf(output, " ; {id = %d, size = %db}",
+ ldns_buffer_printf(output, " ;{id = %d, size = %db}",
ldns_calc_keytag(rr),
ldns_rr_dnskey_key_size(rr));
break;
case LDNS_RR_TYPE_RRSIG:
- ldns_buffer_printf(output, " ; {id = %d}",
+ ldns_buffer_printf(output, " ;{id = %d}",
ldns_rdf2native_int16(ldns_rr_rdf(rr, 6)));
break;
default:
projects / thirdparty / ldns.git / commitdiff
