ctags -f $(srcdir)/tags $(srcdir)/*.[ch] $(srcdir)/*/*.[ch]
doc:
-ifdef doxygen
- $(doxygen) $(srcdir)/doc/unbound.doxygen
-endif
+ if test -n "$(doxygen)"; then \
+ $(doxygen) $(srcdir)/doc/unbound.doxygen; fi
strip:
strip unbound
node->control = control;
if(!rbtree_insert(acl->tree, &node->node)) {
if(complain_duplicates)
- verbose(VERB_DETAIL, "duplicate acl address ignored.");
+ verbose(VERB_QUERY, "duplicate acl address ignored.");
}
return 1;
}
fatal_exit("Could not chdir to %s: %s",
cfg->directory, strerror(errno));
}
- verbose(VERB_DETAIL, "chdir to %s", cfg->directory);
+ verbose(VERB_QUERY, "chdir to %s", cfg->directory);
}
if(cfg->username && cfg->username[0]) {
struct passwd *pwd;
if(chroot(cfg->chrootdir))
fatal_exit("unable to chroot to %s: %s",
cfg->chrootdir, strerror(errno));
- verbose(VERB_DETAIL, "chroot to %s", cfg->chrootdir);
+ verbose(VERB_QUERY, "chroot to %s", cfg->chrootdir);
}
if(cfg->username && cfg->username[0]) {
if(setgid(gid) != 0)
if(setuid(uid) != 0)
fatal_exit("unable to set user id of %s: %s",
cfg->username, strerror(errno));
- verbose(VERB_DETAIL, "drop user privileges, run as %s",
+ verbose(VERB_QUERY, "drop user privileges, run as %s",
cfg->username);
}
/* check old pid file before forking */
#else /* no UNBOUND_ALLOC_STATS */
size_t val = 0;
int i;
- if(verbosity < VERB_DETAIL)
+ if(verbosity < VERB_QUERY)
return;
for(i=0; i<worker->env.mesh->mods.num; i++) {
log_assert(fptr_whitelist_mod_get_mem(worker->env.mesh->
val += (*worker->env.mesh->mods.mod[i]->get_mem)
(&worker->env, i);
}
- verbose(VERB_DETAIL, "cache memory msg=%u rrset=%u infra=%u val=%u",
+ verbose(VERB_QUERY, "cache memory msg=%u rrset=%u infra=%u val=%u",
slabhash_get_mem(worker->env.msg_cache),
slabhash_get_mem(&worker->env.rrset_cache->table),
infra_get_mem(worker->env.infra_cache),
worker_check_request(ldns_buffer* pkt, struct worker* worker)
{
if(ldns_buffer_limit(pkt) < LDNS_HEADER_SIZE) {
- verbose(VERB_DETAIL, "request too short, discarded");
+ verbose(VERB_QUERY, "request too short, discarded");
return -1;
}
if(ldns_buffer_limit(pkt) > NORMAL_UDP_SIZE &&
worker->daemon->cfg->harden_large_queries) {
- verbose(VERB_DETAIL, "request too large, discarded");
+ verbose(VERB_QUERY, "request too large, discarded");
return -1;
}
if(LDNS_QR_WIRE(ldns_buffer_begin(pkt))) {
- verbose(VERB_DETAIL, "request has QR bit on, discarded");
+ verbose(VERB_QUERY, "request has QR bit on, discarded");
return -1;
}
if(LDNS_TC_WIRE(ldns_buffer_begin(pkt))) {
LDNS_TC_CLR(ldns_buffer_begin(pkt));
- verbose(VERB_DETAIL, "request bad, has TC bit on");
+ verbose(VERB_QUERY, "request bad, has TC bit on");
return LDNS_RCODE_FORMERR;
}
if(LDNS_OPCODE_WIRE(ldns_buffer_begin(pkt)) != LDNS_PACKET_QUERY) {
- verbose(VERB_DETAIL, "request unknown opcode %d",
+ verbose(VERB_QUERY, "request unknown opcode %d",
LDNS_OPCODE_WIRE(ldns_buffer_begin(pkt)));
return LDNS_RCODE_NOTIMPL;
}
if(LDNS_QDCOUNT(ldns_buffer_begin(pkt)) != 1) {
- verbose(VERB_DETAIL, "request wrong nr qd=%d",
+ verbose(VERB_QUERY, "request wrong nr qd=%d",
LDNS_QDCOUNT(ldns_buffer_begin(pkt)));
return LDNS_RCODE_FORMERR;
}
if(LDNS_ANCOUNT(ldns_buffer_begin(pkt)) != 0) {
- verbose(VERB_DETAIL, "request wrong nr an=%d",
+ verbose(VERB_QUERY, "request wrong nr an=%d",
LDNS_ANCOUNT(ldns_buffer_begin(pkt)));
return LDNS_RCODE_FORMERR;
}
if(LDNS_NSCOUNT(ldns_buffer_begin(pkt)) != 0) {
- verbose(VERB_DETAIL, "request wrong nr ns=%d",
+ verbose(VERB_QUERY, "request wrong nr ns=%d",
LDNS_NSCOUNT(ldns_buffer_begin(pkt)));
return LDNS_RCODE_FORMERR;
}
if(LDNS_ARCOUNT(ldns_buffer_begin(pkt)) > 1) {
- verbose(VERB_DETAIL, "request wrong nr ar=%d",
+ verbose(VERB_QUERY, "request wrong nr ar=%d",
LDNS_ARCOUNT(ldns_buffer_begin(pkt)));
return LDNS_RCODE_FORMERR;
}
}
if(edns.edns_present && edns.udp_size < NORMAL_UDP_SIZE &&
worker->daemon->cfg->harden_short_bufsize) {
- verbose(VERB_DETAIL, "worker request: EDNS bufsize %d ignored",
+ verbose(VERB_QUERY, "worker request: EDNS bufsize %d ignored",
(int)edns.udp_size);
edns.udp_size = NORMAL_UDP_SIZE;
}
struct worker* worker = (struct worker*)arg;
switch(sig) {
case SIGHUP:
- verbose(VERB_DETAIL, "caught signal SIGHUP");
+ verbose(VERB_QUERY, "caught signal SIGHUP");
comm_base_exit(worker->base);
break;
case SIGINT:
- verbose(VERB_DETAIL, "caught signal SIGINT");
+ verbose(VERB_QUERY, "caught signal SIGINT");
worker->need_to_exit = 1;
comm_base_exit(worker->base);
break;
case SIGQUIT:
- verbose(VERB_DETAIL, "caught signal SIGQUIT");
+ verbose(VERB_QUERY, "caught signal SIGQUIT");
worker->need_to_exit = 1;
comm_base_exit(worker->base);
break;
case SIGTERM:
- verbose(VERB_DETAIL, "caught signal SIGTERM");
+ verbose(VERB_QUERY, "caught signal SIGTERM");
worker->need_to_exit = 1;
comm_base_exit(worker->base);
break;
+7 February 2008: Wouter
+ - moved up all current level 2 to be level 3. And 3 to 4.
+ to make room for new debug level 2 for detailed information
+ for operators.
+
6 February 2008: Wouter
- clearer explanation of threading configure options.
- fixup asynclook test for nothreading (it creates only one process
.TP
.B verbosity: \fI<number>
The verbosity number, level 0 means no verbosity, only errors. Level 1
-gives operational information. Level 2 gives query level information,
-output per query. Level 3 gives algorithm level information.
+gives operational information. Level 2 gives detailed operational
+information. Level 3 gives query level information, output per query.
+Level 4 gives algorithm level information.
Default is level 1. The verbosity can also be increased from the commandline,
see
\fIunbound\fR(8).
node->net = net;
node->parent = NULL;
if(!rbtree_insert(dq->tree, &node->node)) {
- verbose(VERB_DETAIL, "duplicate donotquery address ignored.");
+ verbose(VERB_QUERY, "duplicate donotquery address ignored.");
}
return 1;
}
return 0;
if(!forwards_insert(fwd, LDNS_RR_CLASS_IN, dp))
return 0;
- verbose(VERB_DETAIL, "Forward zone server list:");
- delegpt_log(VERB_DETAIL, dp);
+ verbose(VERB_QUERY, "Forward zone server list:");
+ delegpt_log(VERB_QUERY, dp);
}
return 1;
}
return 0;
if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp))
return 0;
- delegpt_log(VERB_DETAIL, dp);
+ delegpt_log(VERB_QUERY, dp);
}
return 1;
}
fclose(f);
return 0;
}
- verbose(VERB_DETAIL, "Reading root hints from %s", fname);
+ verbose(VERB_QUERY, "Reading root hints from %s", fname);
while(!feof(f)) {
status = ldns_rr_new_frm_fp_l(&rr, f,
&default_ttl, &origin, &prev_rr, &lineno);
if(!hints_insert(hints, c, dp)) {
return 0;
}
- delegpt_log(VERB_DETAIL, dp);
+ delegpt_log(VERB_QUERY, dp);
return 1;
}
remove_rrset(const char* str, ldns_buffer* pkt, struct msg_parse* msg,
struct rrset_parse* prev, struct rrset_parse** rrset)
{
- if(verbosity >= VERB_DETAIL
+ if(verbosity >= VERB_QUERY
&& (*rrset)->dname_len <= LDNS_MAX_DOMAINLEN) {
uint8_t buf[LDNS_MAX_DOMAINLEN+1];
dname_pkt_copy(pkt, buf, (*rrset)->dname);
- log_nametypeclass(VERB_DETAIL, str, buf,
+ log_nametypeclass(VERB_QUERY, str, buf,
(*rrset)->type, ntohs((*rrset)->rrset_class));
}
if(prev)
if(!read_fetch_policy(iter_env, cfg->target_fetch_policy))
return 0;
for(i=0; i<iter_env->max_dependency_depth+1; i++)
- verbose(VERB_DETAIL, "target fetch policy for level %d is %d",
+ verbose(VERB_QUERY, "target fetch policy for level %d is %d",
i, iter_env->target_fetch_policy[i]);
if(!iter_env->hints)
LDNS_RR_TYPE_AAAA, qstate->qinfo.qclass) ||
causes_cycle(qstate, ns->name, ns->namelen,
LDNS_RR_TYPE_A, qstate->qinfo.qclass)) {
- log_nametypeclass(VERB_DETAIL, "skipping target due "
+ log_nametypeclass(VERB_QUERY, "skipping target due "
"to dependency cycle (harden-glue: no may "
"fix some of the cycles)",
ns->name, LDNS_RR_TYPE_A,
static int
error_response(struct module_qstate* qstate, int id, int rcode)
{
- verbose(VERB_DETAIL, "return error response %s",
+ verbose(VERB_QUERY, "return error response %s",
ldns_lookup_by_id(ldns_rcodes, rcode)?
ldns_lookup_by_id(ldns_rcodes, rcode)->name:"??");
qstate->return_rcode = rcode;
return 0;
/* Otherwise, we need to (re)prime the stub. */
- log_nametypeclass(VERB_DETAIL, "priming stub", stub_dp->name,
+ log_nametypeclass(VERB_QUERY, "priming stub", stub_dp->name,
LDNS_RR_TYPE_NS, qclass);
/* Stub priming events start at the QUERYTARGETS state to avoid the
size_t delnamelen;
struct dns_msg* msg;
- log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo);
+ log_query_info(VERB_QUERY, "resolving", &qstate->qinfo);
/* check effort */
/* We enforce a maximum number of query restarts. This is primarily a
* cheap way to prevent CNAME loops. */
if(iq->query_restart_count > MAX_RESTART_COUNT) {
- verbose(VERB_DETAIL, "request has exceeded the maximum number"
+ verbose(VERB_QUERY, "request has exceeded the maximum number"
" of query restarts with %d", iq->query_restart_count);
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
}
* of work required to answer a given query. */
verbose(VERB_ALGO, "request has dependency depth of %d", iq->depth);
if(iq->depth > ie->max_dependency_depth) {
- verbose(VERB_DETAIL, "request has exceeded the maximum "
+ verbose(VERB_QUERY, "request has exceeded the maximum "
"dependency depth with depth of %d", iq->depth);
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
}
if(iter_dp_is_useless(qstate, iq->dp)) {
if(dname_is_root(iq->dp->name)) {
/* use safety belt */
- verbose(VERB_DETAIL, "Cache has root NS but "
+ verbose(VERB_QUERY, "Cache has root NS but "
"no addresses. Fallback to the safety belt.");
iq->dp = hints_lookup_root(ie->hints,
iq->qchase.qclass);
processInitRequest2(struct module_qstate* qstate, struct iter_qstate* iq,
struct iter_env* ie, int id)
{
- log_query_info(VERB_DETAIL, "resolving (init part 2): ",
+ log_query_info(VERB_QUERY, "resolving (init part 2): ",
&qstate->qinfo);
/* Check to see if we need to prime a stub zone. */
static int
processInitRequest3(struct module_qstate* qstate, struct iter_qstate* iq)
{
- log_query_info(VERB_DETAIL, "resolving (init part 3): ",
+ log_query_info(VERB_QUERY, "resolving (init part 3): ",
&qstate->qinfo);
/* If the RD flag wasn't set, then we just finish with the
* cached referral as the response. */
subiq->dp = delegpt_copy(iq->dp, subq->region);
}
}
- log_nametypeclass(VERB_DETAIL, "new target", name, qtype, qclass);
+ log_nametypeclass(VERB_QUERY, "new target", name, qtype, qclass);
return 1;
}
* needs to send a query to. That is, at least one per referral,
* more if some targets timeout or return throwaway answers. */
- log_query_info(VERB_DETAIL, "processQueryTargets:", &qstate->qinfo);
+ log_query_info(VERB_QUERY, "processQueryTargets:", &qstate->qinfo);
verbose(VERB_ALGO, "processQueryTargets: targetqueries %d, "
"currentqueries %d", iq->num_target_queries,
iq->num_current_queries);
/* Make sure that we haven't run away */
/* FIXME: is this check even necessary? */
if(iq->referral_count > MAX_REFERRAL_COUNT) {
- verbose(VERB_DETAIL, "request has exceeded the maximum "
+ verbose(VERB_QUERY, "request has exceeded the maximum "
"number of referrrals with %d", iq->referral_count);
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
}
/* Make sure we have a delegation point, otherwise priming failed
* or another failure occurred */
if(!iq->dp) {
- verbose(VERB_DETAIL, "Failed to get a delegation, giving up");
+ verbose(VERB_QUERY, "Failed to get a delegation, giving up");
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
}
delegpt_log(VERB_ALGO, iq->dp);
/* Since a target query might have been made, we
* need to check again. */
if(iq->num_target_queries == 0) {
- verbose(VERB_DETAIL, "out of query targets -- "
+ verbose(VERB_QUERY, "out of query targets -- "
"returning SERVFAIL");
/* fail -- no more targets, no more hope
* of targets, no hope of a response. */
}
/* We have a valid target. */
- log_query_info(VERB_DETAIL, "sending query:", &iq->qchase);
- log_name_addr(VERB_DETAIL, "sending to target:", iq->dp->name,
+ log_query_info(VERB_QUERY, "sending query:", &iq->qchase);
+ log_name_addr(VERB_QUERY, "sending to target:", iq->dp->name,
&target->addr, target->addrlen);
log_assert(fptr_whitelist_modenv_send_query(qstate->env->send_query));
outq = (*qstate->env->send_query)(
if(type == RESPONSE_TYPE_ANSWER) {
/* ANSWER type responses terminate the query algorithm,
* so they sent on their */
- verbose(VERB_DETAIL, "query response was ANSWER");
+ verbose(VERB_QUERY, "query response was ANSWER");
if(!iter_dns_store(qstate->env, &iq->response->qinfo,
iq->response->rep, 0))
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
} else if(type == RESPONSE_TYPE_REFERRAL) {
/* REFERRAL type responses get a reset of the
* delegation point, and back to the QUERYTARGETS_STATE. */
- verbose(VERB_DETAIL, "query response was REFERRAL");
+ verbose(VERB_QUERY, "query response was REFERRAL");
/* Store the referral under the current query */
if(!iter_dns_store(qstate->env, &iq->response->qinfo,
/* CNAME type responses get a query restart (i.e., get a
* reset of the query state and go back to INIT_REQUEST_STATE).
*/
- verbose(VERB_DETAIL, "query response was CNAME");
+ verbose(VERB_QUERY, "query response was CNAME");
if(verbosity >= VERB_ALGO)
log_dns_msg("cname msg", &iq->response->qinfo,
iq->response->rep);
return next_state(iq, INIT_REQUEST_STATE);
} else if(type == RESPONSE_TYPE_LAME) {
/* Cache the LAMEness. */
- verbose(VERB_DETAIL, "query response was %sLAME",
+ verbose(VERB_QUERY, "query response was %sLAME",
dnsseclame?"DNSSEC ":"");
if(qstate->reply) {
/* need addr for lameness cache, but we may have
* In this case, the event is just sent directly back to
* the QUERYTARGETS_STATE without resetting anything,
* because, clearly, the next target must be tried. */
- verbose(VERB_DETAIL, "query response was THROWAWAY");
+ verbose(VERB_QUERY, "query response was THROWAWAY");
} else {
log_warn("A query response came back with an unknown type: %d",
(int)type);
return;
}
- log_query_info(VERB_DETAIL, "priming successful for", &qstate->qinfo);
+ log_query_info(VERB_QUERY, "priming successful for", &qstate->qinfo);
delegpt_log(VERB_ALGO, dp);
foriq->dp = dp;
foriq->deleg_msg = dns_copy_msg(qstate->return_msg, forq->region);
processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
int id)
{
- log_query_info(VERB_DETAIL, "finishing processing for",
+ log_query_info(VERB_QUERY, "finishing processing for",
&qstate->qinfo);
if(!iq->response) {
iq->response = dns_alloc_msg(pkt, prs, qstate->region);
if(!iq->response)
goto handle_it;
- log_name_addr(VERB_DETAIL, "incoming packet from target:", iq->dp->name,
+ log_name_addr(VERB_QUERY, "incoming packet from target:", iq->dp->name,
&qstate->reply->addr, qstate->reply->addrlen);
if(verbosity >= VERB_ALGO)
log_dns_msg("incoming scrubbed packet:", &iq->response->qinfo,
{
struct iter_env* ie = (struct iter_env*)qstate->env->modinfo[id];
struct iter_qstate* iq = (struct iter_qstate*)qstate->minfo[id];
- verbose(VERB_DETAIL, "iterator[module %d] operate: extstate:%s event:%s",
+ verbose(VERB_QUERY, "iterator[module %d] operate: extstate:%s event:%s",
id, strextstate(qstate->ext_state[id]), strmodulevent(event));
- if(iq) log_query_info(VERB_DETAIL, "iterator operate: query",
+ if(iq) log_query_info(VERB_QUERY, "iterator operate: query",
&qstate->qinfo);
if(iq && qstate->qinfo.qname != iq->qchase.qname)
- log_query_info(VERB_DETAIL, "iterator operate: chased to",
+ log_query_info(VERB_QUERY, "iterator operate: chased to",
&iq->qchase);
/* perform iterator state machine */
if(mstate->num_activated > MESH_MAX_ACTIVATION) {
/* module is looping. Stop it. */
log_err("internal error: looping module stopped");
- log_query_info(VERB_DETAIL, "pass error for qstate",
+ log_query_info(VERB_QUERY, "pass error for qstate",
&mstate->s.qinfo);
s = module_error;
}
mstate->s.curmod++;
if(mesh->mods.num == mstate->s.curmod) {
log_err("Cannot pass to next module; at last module");
- log_query_info(VERB_DETAIL, "pass error for qstate",
+ log_query_info(VERB_QUERY, "pass error for qstate",
&mstate->s.qinfo);
mstate->s.curmod--;
return mesh_continue(mesh, mstate, module_error, ev);
modstack_config(struct module_stack* stack, const char* module_conf)
{
int i;
- verbose(VERB_DETAIL, "module config: \"%s\"", module_conf);
+ verbose(VERB_QUERY, "module config: \"%s\"", module_conf);
stack->num = count_modules(module_conf);
if(stack->num == 0) {
log_err("error: no modules specified");
struct outside_network* outnet = pend->query->outnet;
verbose(VERB_ALGO, "outnettcp cb");
if(error != NETEVENT_NOERROR) {
- verbose(VERB_DETAIL, "outnettcp got tcp error %d", error);
+ verbose(VERB_QUERY, "outnettcp got tcp error %d", error);
/* pass error below and exit */
} else {
/* check ID */
if(ldns_buffer_limit(c->buffer) < sizeof(uint16_t) ||
LDNS_ID_WIRE(ldns_buffer_begin(c->buffer))!=pend->id) {
- log_addr(VERB_DETAIL,
+ log_addr(VERB_QUERY,
"outnettcp: bad ID in reply, from:",
&pend->query->addr, pend->query->addrlen);
error = NETEVENT_CLOSED;
verbose(VERB_ALGO, "answer cb");
if(error != NETEVENT_NOERROR) {
- verbose(VERB_DETAIL, "outnetudp got udp error %d", error);
+ verbose(VERB_QUERY, "outnetudp got udp error %d", error);
return 0;
}
if(ldns_buffer_limit(c->buffer) < LDNS_HEADER_SIZE) {
- verbose(VERB_DETAIL, "outnetudp udp too short");
+ verbose(VERB_QUERY, "outnetudp udp too short");
return 0;
}
log_assert(reply_info);
verbose(VERB_ALGO, "lookup size is %d entries", (int)outnet->pending->count);
p = (struct pending*)rbtree_search(outnet->pending, &key);
if(!p) {
- verbose(VERB_DETAIL, "received unwanted or unsolicited udp reply dropped.");
+ verbose(VERB_QUERY, "received unwanted or unsolicited udp reply dropped.");
log_buf(VERB_ALGO, "dropped message", c->buffer);
return 0;
}
verbose(VERB_ALGO, "received udp reply.");
log_buf(VERB_ALGO, "udp message", c->buffer);
if(p->c != c) {
- verbose(VERB_DETAIL, "received reply id,addr on wrong port. "
+ verbose(VERB_QUERY, "received reply id,addr on wrong port. "
"dropped.");
return 0;
}
struct comm_reply r2;
sq->pending = NULL; /* removed after this callback */
if(error != NETEVENT_NOERROR)
- log_addr(VERB_DETAIL, "tcp error for address",
+ log_addr(VERB_QUERY, "tcp error for address",
&sq->addr, sq->addrlen);
if(error==NETEVENT_NOERROR)
infra_update_tcp_works(sq->outnet->infra, &sq->addr,
{
enum sec_status sec;
if(vsig) {
- log_nametypeclass(VERB_DETAIL, "verify of rrset",
+ log_nametypeclass(VERB_QUERY, "verify of rrset",
rrset->rk.dname, ntohs(rrset->rk.type),
ntohs(rrset->rk.rrset_class));
}
printf("result(no)= %s\n", ret?"yes":"no");
}
unit_assert(!ret);
- verbose(VERB_DETAIL, "DS fail: OK; matched unit test");
+ verbose(VERB_QUERY, "DS fail: OK; matched unit test");
} else {
fatal_exit("Bad qname in DS unit test, yes or no");
}
ve.date_override = cfg_convert_timeval(at_date);
unit_assert(region && buf);
dnskey = extract_keys(list, &alloc, region, buf);
- if(vsig) log_nametypeclass(VERB_DETAIL, "test dnskey",
+ if(vsig) log_nametypeclass(VERB_QUERY, "test dnskey",
dnskey->rk.dname, ntohs(dnskey->rk.type),
ntohs(dnskey->rk.rrset_class));
/* ready to go! */
* also the last part is more likely to be incomplete.
* RFC 2181: must put RRset only once in response. */
/*
- verbose(VERB_DETAIL, "Packet contains rrset data in "
+ verbose(VERB_QUERY, "Packet contains rrset data in "
"multiple sections, dropped last part.");
- log_buf(VERB_DETAIL, "packet was", pkt);
+ log_buf(VERB_QUERY, "packet was", pkt);
*/
/* forwards */
if(!skip_ttl_rdata(pkt))
|| log_to_syslog
#endif
)
- verbose(VERB_DETAIL, "switching log to %s",
+ verbose(VERB_QUERY, "switching log to %s",
use_syslog?"syslog":(filename&&filename[0]?filename:"stderr"));
if(logfile && logfile != stderr)
fclose(logfile);
NO_VERBOSE = 0,
/** 1 - operational information */
VERB_OPS,
- /** 2 - query level information */
+ /** 2 - detailed information */
VERB_DETAIL,
- /** 3 - algorithm level information */
+ /** 3 - query level information */
+ VERB_QUERY,
+ /** 4 - algorithm level information */
VERB_ALGO
};
port = ntohs(((struct sockaddr_in*)addr)->sin_port);
dname_str(zone, namebuf);
if(af != AF_INET && af != AF_INET6)
- verbose(VERB_DETAIL, "%s <%s> %s%s#%d (addrlen %d)",
+ verbose(VERB_QUERY, "%s <%s> %s%s#%d (addrlen %d)",
str, namebuf, family, dest, (int)port, (int)addrlen);
- else verbose(VERB_DETAIL, "%s <%s> %s%s#%d",
+ else verbose(VERB_QUERY, "%s <%s> %s%s#%d",
str, namebuf, family, dest, (int)port);
}
return 1;
if(ldns_buffer_read_u16_at(c->buffer, 0) >
ldns_buffer_capacity(c->buffer)) {
- verbose(VERB_DETAIL, "tcp: dropped larger than buffer");
+ verbose(VERB_QUERY, "tcp: dropped larger than buffer");
return 0;
}
ldns_buffer_set_limit(c->buffer,
ldns_buffer_read_u16_at(c->buffer, 0));
if(!short_ok &&
ldns_buffer_limit(c->buffer) < LDNS_HEADER_SIZE) {
- verbose(VERB_DETAIL, "tcp: dropped bogus too short.");
+ verbose(VERB_QUERY, "tcp: dropped bogus too short.");
return 0;
}
verbose(VERB_ALGO, "Reading tcp query of length %d",
return;
}
if(event&EV_TIMEOUT) {
- verbose(VERB_DETAIL, "tcp took too long, dropped");
+ verbose(VERB_QUERY, "tcp took too long, dropped");
reclaim_tcp_handler(c);
if(!c->tcp_do_close) {
log_assert(fptr_whitelist_comm_point(c->callback));
ldns_buffer_begin(buffer), ldns_buffer_limit(buffer))) {
return 0;
}
- log_nametypeclass(VERB_DETAIL, "adding trusted key",
+ log_nametypeclass(VERB_QUERY, "adding trusted key",
ldns_rdf_data(owner),
ldns_rr_get_type(rr), ldns_rr_get_class(rr));
return 1;
log_err("error opening file %s: %s", fname, strerror(errno));
return 0;
}
- verbose(VERB_DETAIL, "reading in bind-compat-mode: '%s'", fname);
+ verbose(VERB_QUERY, "reading in bind-compat-mode: '%s'", fname);
/* scan for trusted-keys keyword, ignore everything else */
ldns_buffer_clear(buffer);
while((rdlen=readkeyword_bindfile(in, buffer, &line_nr, 1)) != 0) {
return 1;
#endif
default:
- verbose(VERB_DETAIL, "unknown DS digest algorithm %d",
+ verbose(VERB_QUERY, "unknown DS digest algorithm %d",
(int) ds_get_digest_algo(ds_rrset, ds_idx));
break;
}
size_t digestlen = ds_digest_size_algo(ds_rrset, ds_idx);
if(digestlen == 0) {
- verbose(VERB_DETAIL, "DS fail: not supported, or DS RR "
+ verbose(VERB_QUERY, "DS fail: not supported, or DS RR "
"format error");
return 0; /* not supported, or DS RR format error */
}
/* check digest length in DS with length from hash function */
ds_get_sigdata(ds_rrset, ds_idx, &ds, &dslen);
if(!ds || dslen != digestlen) {
- verbose(VERB_DETAIL, "DS fail: DS RR algo and digest do not "
+ verbose(VERB_QUERY, "DS fail: DS RR algo and digest do not "
"match each other");
return 0; /* DS algorithm and digest do not match */
}
digest = regional_alloc(env->scratch, digestlen);
if(!digest) {
- verbose(VERB_DETAIL, "DS fail: out of memory");
+ verbose(VERB_QUERY, "DS fail: out of memory");
return 0; /* mem error */
}
if(!ds_create_dnskey_digest(env, dnskey_rrset, dnskey_idx, ds_rrset,
ds_idx, digest)) {
- verbose(VERB_DETAIL, "DS fail: could not calc key digest");
+ verbose(VERB_QUERY, "DS fail: could not calc key digest");
return 0; /* digest algo failed */
}
if(memcmp(digest, ds, dslen) != 0) {
- verbose(VERB_DETAIL, "DS fail: digest is different");
+ verbose(VERB_QUERY, "DS fail: digest is different");
return 0; /* digest different */
}
return 1;
rbtree_t* sortree = NULL;
num = rrset_get_sigcount(rrset);
if(num == 0) {
- verbose(VERB_DETAIL, "rrset failed to verify due to a lack of "
+ verbose(VERB_QUERY, "rrset failed to verify due to a lack of "
"signatures");
return sec_status_bogus;
}
num = rrset_get_sigcount(rrset);
if(num == 0) {
- verbose(VERB_DETAIL, "rrset failed to verify due to a lack of "
+ verbose(VERB_QUERY, "rrset failed to verify due to a lack of "
"signatures");
return sec_status_bogus;
}
return sec;
}
if(numchecked == 0) {
- verbose(VERB_DETAIL, "verify: could not find appropriate key");
+ verbose(VERB_QUERY, "verify: could not find appropriate key");
return sec_status_bogus;
}
return sec_status_bogus;
char now_buf[16];
time_t te, ti, tn;
- if(verbosity < VERB_DETAIL)
+ if(verbosity < VERB_QUERY)
return;
te = (time_t)expi;
ti = (time_t)incep;
* Use the smallest of these.
*/
if(d->ttl > (uint32_t)origttl) {
- verbose(VERB_DETAIL, "rrset TTL larger than original TTL,"
+ verbose(VERB_QUERY, "rrset TTL larger than original TTL,"
" adjusting TTL downwards");
d->ttl = origttl;
}
break;
default:
- verbose(VERB_DETAIL, "verify: unknown algorithm %d",
+ verbose(VERB_QUERY, "verify: unknown algorithm %d",
algo);
return 0;
}
}
if(!setup_key_digest(algo, evp_key, &digest_type, key, keylen)) {
- verbose(VERB_DETAIL, "verify: failed to setup key");
+ verbose(VERB_QUERY, "verify: failed to setup key");
EVP_PKEY_free(evp_key);
return sec_status_bogus;
}
rrset_get_rdata(rrset, rrnum + sig_idx, &sig, &siglen);
/* min length of rdatalen, fixed rrsig, root signer, 1 byte sig */
if(siglen < 2+20) {
- verbose(VERB_DETAIL, "verify: signature too short");
+ verbose(VERB_QUERY, "verify: signature too short");
return sec_status_bogus;
}
if(!(dnskey_get_flags(dnskey, dnskey_idx) & DNSKEY_BIT_ZSK)) {
- verbose(VERB_DETAIL, "verify: dnskey without ZSK flag");
+ verbose(VERB_QUERY, "verify: dnskey without ZSK flag");
return sec_status_bogus;
}
if(dnskey_get_protocol(dnskey, dnskey_idx) != LDNS_DNSSEC_KEYPROTO) {
/* RFC 4034 says DNSKEY PROTOCOL MUST be 3 */
- verbose(VERB_DETAIL, "verify: dnskey has wrong key protocol");
+ verbose(VERB_QUERY, "verify: dnskey has wrong key protocol");
return sec_status_bogus;
}
signer = sig+2+18;
signer_len = dname_valid(signer, siglen-2-18);
if(!signer_len) {
- verbose(VERB_DETAIL, "verify: malformed signer name");
+ verbose(VERB_QUERY, "verify: malformed signer name");
return sec_status_bogus; /* signer name invalid */
}
if(!dname_subdomain_c(rrset->rk.dname, signer)) {
- verbose(VERB_DETAIL, "verify: signer name is off-tree");
+ verbose(VERB_QUERY, "verify: signer name is off-tree");
return sec_status_bogus; /* signer name offtree */
}
sigblock = (unsigned char*)signer+signer_len;
if(siglen < 2+18+signer_len+1) {
- verbose(VERB_DETAIL, "verify: too short, no signature data");
+ verbose(VERB_QUERY, "verify: too short, no signature data");
return sec_status_bogus; /* sig rdf is < 1 byte */
}
sigblock_len = (unsigned int)(siglen - 2 - 18 - signer_len);
/* verify key dname == sig signer name */
if(query_dname_compare(signer, dnskey->rk.dname) != 0) {
- verbose(VERB_DETAIL, "verify: wrong key for rrsig");
+ verbose(VERB_QUERY, "verify: wrong key for rrsig");
return sec_status_bogus;
}
/* verify covered type */
/* memcmp works because type is in network format for rrset */
if(memcmp(sig+2, &rrset->rk.type, 2) != 0) {
- verbose(VERB_DETAIL, "verify: wrong type covered");
+ verbose(VERB_QUERY, "verify: wrong type covered");
return sec_status_bogus;
}
/* verify keytag and sig algo (possibly again) */
if((int)sig[2+2] != dnskey_get_algo(dnskey, dnskey_idx)) {
- verbose(VERB_DETAIL, "verify: wrong algorithm");
+ verbose(VERB_QUERY, "verify: wrong algorithm");
return sec_status_bogus;
}
ktag = htons(dnskey_calc_keytag(dnskey, dnskey_idx));
if(memcmp(sig+2+16, &ktag, 2) != 0) {
- verbose(VERB_DETAIL, "verify: wrong keytag");
+ verbose(VERB_QUERY, "verify: wrong keytag");
return sec_status_bogus;
}
/* verify labels is in a valid range */
if((int)sig[2+3] > dname_signame_label_count(rrset->rk.dname)) {
- verbose(VERB_DETAIL, "verify: labelcount out of range");
+ verbose(VERB_QUERY, "verify: labelcount out of range");
return sec_status_bogus;
}
/* check that dnskey is available */
dnskey_get_pubkey(dnskey, dnskey_idx, &key, &keylen);
if(!key) {
- verbose(VERB_DETAIL, "verify: short DNSKEY RR");
+ verbose(VERB_QUERY, "verify: short DNSKEY RR");
return sec_status_unchecked;
}
*signer_name = NULL;
*signer_len = 0;
} else {
- verbose(VERB_DETAIL, "find_signer: could not find signer name"
+ verbose(VERB_QUERY, "find_signer: could not find signer name"
" for unknown type response");
*signer_name = NULL;
*signer_len = 0;
if(dnskey_rrset->rk.dname_len != ds_rrset->rk.dname_len ||
query_dname_compare(dnskey_rrset->rk.dname, ds_rrset->rk.dname)
!= 0) {
- verbose(VERB_DETAIL, "DNSKEY RRset did not match DS RRset "
+ verbose(VERB_QUERY, "DNSKEY RRset did not match DS RRset "
"by name");
return key_entry_create_bad(region, ds_rrset->rk.dname,
ds_rrset->rk.dname_len,
rrset_get_ttl(ds_rrset));
}
/* If any were understandable, then it is bad. */
- verbose(VERB_DETAIL, "Failed to match any usable DS to a DNSKEY.");
+ verbose(VERB_QUERY, "Failed to match any usable DS to a DNSKEY.");
return key_entry_create_bad(region, ds_rrset->rk.dname,
ds_rrset->rk.dname_len, ntohs(ds_rrset->rk.rrset_class));
}
* But this rrset did not verify.
* Therefore the message is bogus.
*/
- log_nametypeclass(VERB_DETAIL, "message is bogus, "
+ log_nametypeclass(VERB_QUERY, "message is bogus, "
"non secure rrset",
rep->rrsets[i]->rk.dname,
ntohs(rep->rrsets[i]->rk.type),
/* If the (answer) rrset failed to validate, then this
* message is BAD. */
if(sec != sec_status_secure) {
- log_nametypeclass(VERB_DETAIL, "validator: response "
+ log_nametypeclass(VERB_QUERY, "validator: response "
"has failed ANSWER rrset:", s->rk.dname,
ntohs(s->rk.type), ntohs(s->rk.rrset_class));
chase_reply->security = sec_status_bogus;
/* If anything in the authority section fails to be secure,
* we have a bad message. */
if(sec != sec_status_secure) {
- log_nametypeclass(VERB_DETAIL, "validator: response "
+ log_nametypeclass(VERB_QUERY, "validator: response "
"has failed AUTHORITY rrset:", s->rk.dname,
ntohs(s->rk.type), ntohs(s->rk.rrset_class));
chase_reply->security = sec_status_bogus;
* expansion. If so, an additional check will need to be
* made in the authority section. */
if(!val_rrset_wildcard(s, &wc)) {
- log_nametypeclass(VERB_DETAIL, "Positive response has "
+ log_nametypeclass(VERB_QUERY, "Positive response has "
"inconsistent wildcard sigs:", s->rk.dname,
ntohs(s->rk.type), ntohs(s->rk.rrset_class));
chase_reply->security = sec_status_bogus;
/* If after all this, we still haven't proven the positive wildcard
* response, fail. */
if(wc != NULL && !wc_NSEC_ok) {
- verbose(VERB_DETAIL, "positive response was wildcard "
+ verbose(VERB_QUERY, "positive response was wildcard "
"expansion and did not prove original data "
"did not exist");
chase_reply->security = sec_status_bogus;
}
if(!has_valid_nsec) {
- verbose(VERB_DETAIL, "NODATA response failed to prove NODATA "
+ verbose(VERB_QUERY, "NODATA response failed to prove NODATA "
"status with NSEC/NSEC3");
if(verbosity >= VERB_ALGO)
log_dns_msg("Failed NODATA", qchase, chase_reply);
chase_reply->rrsets, chase_reply->an_numrrsets+
chase_reply->ns_numrrsets, qchase, kkey);
if(chase_reply->security != sec_status_secure) {
- verbose(VERB_DETAIL, "NameError response failed nsec, "
+ verbose(VERB_QUERY, "NameError response failed nsec, "
"nsec3 proof was %s", sec_status_to_string(
chase_reply->security));
return;
/* If the message fails to prove either condition, it is bogus. */
if(!has_valid_nsec) {
- verbose(VERB_DETAIL, "NameError response has failed to prove: "
+ verbose(VERB_QUERY, "NameError response has failed to prove: "
"qname does not exist");
chase_reply->security = sec_status_bogus;
return;
}
if(!has_valid_wnsec) {
- verbose(VERB_DETAIL, "NameError response has failed to prove: "
+ verbose(VERB_QUERY, "NameError response has failed to prove: "
"covering wildcard does not exist");
chase_reply->security = sec_status_bogus;
return;
* expansion. If so, an additional check will need to be
* made in the authority section. */
if(!val_rrset_wildcard(s, &wc)) {
- log_nametypeclass(VERB_DETAIL, "Positive ANY response"
+ log_nametypeclass(VERB_QUERY, "Positive ANY response"
" has inconsistent wildcard sigs:",
s->rk.dname, ntohs(s->rk.type),
ntohs(s->rk.rrset_class));
/* If after all this, we still haven't proven the positive wildcard
* response, fail. */
if(wc != NULL && !wc_NSEC_ok) {
- verbose(VERB_DETAIL, "positive ANY response was wildcard "
+ verbose(VERB_QUERY, "positive ANY response was wildcard "
"expansion and did not prove original data "
"did not exist");
chase_reply->security = sec_status_bogus;
* expansion. If so, an additional check will need to be
* made in the authority section. */
if(!val_rrset_wildcard(s, &wc)) {
- log_nametypeclass(VERB_DETAIL, "Cname response has "
+ log_nametypeclass(VERB_QUERY, "Cname response has "
"inconsistent wildcard sigs:", s->rk.dname,
ntohs(s->rk.type), ntohs(s->rk.rrset_class));
chase_reply->security = sec_status_bogus;
* its synthesized CNAME expansion is underdefined */
if(qchase->qtype != LDNS_RR_TYPE_DNAME &&
ntohs(s->rk.type) == LDNS_RR_TYPE_DNAME && wc) {
- log_nametypeclass(VERB_DETAIL, "cannot validate a "
+ log_nametypeclass(VERB_QUERY, "cannot validate a "
"wildcarded DNAME:", s->rk.dname,
ntohs(s->rk.type), ntohs(s->rk.rrset_class));
chase_reply->security = sec_status_bogus;
/* If after all this, we still haven't proven the positive wildcard
* response, fail. */
if(wc != NULL && !wc_NSEC_ok) {
- verbose(VERB_DETAIL, "CNAME response was wildcard "
+ verbose(VERB_QUERY, "CNAME response was wildcard "
"expansion and did not prove original data "
"did not exist");
chase_reply->security = sec_status_bogus;
}
if(nodata_valid_nsec && nxdomain_valid_nsec) {
- verbose(VERB_DETAIL, "CNAMEchain to noanswer proves that name "
+ verbose(VERB_QUERY, "CNAMEchain to noanswer proves that name "
"exists and not exists, bogus");
chase_reply->security = sec_status_bogus;
return;
}
if(!nodata_valid_nsec && !nxdomain_valid_nsec) {
- verbose(VERB_DETAIL, "CNAMEchain to noanswer response failed "
+ verbose(VERB_QUERY, "CNAMEchain to noanswer response failed "
"to prove status with NSEC/NSEC3");
if(verbosity >= VERB_ALGO)
log_dns_msg("Failed CNAMEnoanswer", qchase, chase_reply);
vq->trust_anchor = vq->trust_anchor->parent;
}
if(!vq->trust_anchor) { /* unsigned parent denies anchor*/
- verbose(VERB_DETAIL, "unsigned parent zone denies"
+ verbose(VERB_QUERY, "unsigned parent zone denies"
" trust anchor, indeterminate");
vq->chase_reply->security = sec_status_indeterminate;
vq->state = VAL_FINISHED_STATE;
if(vq->signer_name == NULL) {
log_query_info(VERB_ALGO, "processValidate: state has no "
"signer name", &vq->qchase);
- verbose(VERB_DETAIL, "Could not establish validation of "
+ verbose(VERB_QUERY, "Could not establish validation of "
"INSECURE status of unsigned response.");
vq->chase_reply->security = sec_status_bogus;
return 1;
}
if(key_entry_isbad(vq->key_entry)) {
- log_nametypeclass(VERB_DETAIL, "Could not establish a chain "
+ log_nametypeclass(VERB_QUERY, "Could not establish a chain "
"of trust to keys for", vq->key_entry->name,
LDNS_RR_TYPE_DNSKEY, vq->key_entry->key_class);
vq->chase_reply->security = sec_status_bogus;
* answer and authority must be valid, additional is only checked. */
if(!validate_msg_signatures(qstate->env, ve, &vq->qchase,
vq->chase_reply, vq->key_entry)) {
- verbose(VERB_DETAIL, "Validate: message contains bad rrsets");
+ verbose(VERB_QUERY, "Validate: message contains bad rrsets");
return 1;
}
{
struct val_env* ve = (struct val_env*)qstate->env->modinfo[id];
struct val_qstate* vq = (struct val_qstate*)qstate->minfo[id];
- verbose(VERB_DETAIL, "validator[module %d] operate: extstate:%s "
+ verbose(VERB_QUERY, "validator[module %d] operate: extstate:%s "
"event:%s", id, strextstate(qstate->ext_state[id]),
strmodulevent(event));
- log_query_info(VERB_DETAIL, "validator operate: query",
+ log_query_info(VERB_QUERY, "validator operate: query",
&qstate->qinfo);
if(vq && qstate->qinfo.qname != vq->qchase.qname)
- log_query_info(VERB_DETAIL, "validator operate: chased to",
+ log_query_info(VERB_QUERY, "validator operate: chased to",
&vq->qchase);
(void)outbound;
if(event == module_event_new ||
enum val_classification subtype;
if(rcode != LDNS_RCODE_NOERROR) {
/* errors here pretty much break validation */
- verbose(VERB_DETAIL, "DS response was error, thus bogus");
+ verbose(VERB_QUERY, "DS response was error, thus bogus");
goto return_bogus;
}
sec = val_verify_rrset_entry(qstate->env, ve, ds,
vq->key_entry);
if(sec != sec_status_secure) {
- verbose(VERB_DETAIL, "DS rrset in DS response did "
+ verbose(VERB_QUERY, "DS rrset in DS response did "
"not verify");
goto return_bogus;
}
*ke = NULL;
return 1;
case sec_status_bogus:
- verbose(VERB_DETAIL, "NSEC RRset for the "
+ verbose(VERB_QUERY, "NSEC RRset for the "
"referral did not prove no DS.");
goto return_bogus;
case sec_status_unchecked:
*ke = NULL;
return 1;
case sec_status_bogus:
- verbose(VERB_DETAIL, "NSEC3s for the "
+ verbose(VERB_QUERY, "NSEC3s for the "
"referral did not prove no DS.");
goto return_bogus;
case sec_status_insecure:
/* Apparently, no available NSEC/NSEC3 proved NODATA, so
* this is BOGUS. */
- verbose(VERB_DETAIL, "DS %s ran out of options, so return "
+ verbose(VERB_QUERY, "DS %s ran out of options, so return "
"bogus", val_classification_to_string(subtype));
goto return_bogus;
} else {
- verbose(VERB_DETAIL, "Encountered an unhandled type of "
+ verbose(VERB_QUERY, "Encountered an unhandled type of "
"DS response, thus bogus.");
return_bogus:
*ke = key_entry_create_bad(qstate->region, qinfo->qname,
if(dnskey == NULL) {
/* bad response */
- verbose(VERB_DETAIL, "Missing DNSKEY RRset in response to "
+ verbose(VERB_QUERY, "Missing DNSKEY RRset in response to "
"DNSKEY query.");
vq->key_entry = key_entry_create_bad(qstate->region,
qinfo->qname, qinfo->qname_len, qinfo->qclass);
* state. */
if(!key_entry_isgood(vq->key_entry)) {
if(key_entry_isbad(vq->key_entry))
- verbose(VERB_DETAIL, "Did not match a DS to a DNSKEY, "
+ verbose(VERB_QUERY, "Did not match a DS to a DNSKEY, "
"thus bogus.");
vq->state = VAL_VALIDATE_STATE;
return;