]> git.ipfire.org Git - thirdparty/knot-resolver.git/commitdiff
lib/validate: fixed revalidation of cached answers
authorMarek Vavruša <marek.vavrusa@nic.cz>
Sat, 19 Sep 2015 19:30:20 +0000 (21:30 +0200)
committerMarek Vavruša <marek.vavrusa@nic.cz>
Sat, 19 Sep 2015 19:30:20 +0000 (21:30 +0200)
also answers for which minimisation failed or truncated
are fixed, for such answers iterator sets state to ‘consume’
to indicate the answer wasn’t processed

lib/layer/iterate.c
lib/layer/validate.c

index b5c9cea24b4507381571243ea39340dc0a1b18ef..5e9b1afabe5d7385e8ec791fa51301a59a5042b5 100644 (file)
@@ -314,7 +314,7 @@ static int process_answer(knot_pkt_t *pkt, struct kr_request *req)
            (pkt_class & (PKT_NOERROR|PKT_NXDOMAIN|PKT_REFUSED|PKT_NODATA))) {
                DEBUG_MSG("<= found cut, retrying with non-minimized name\n");
                query->flags |= QUERY_NO_MINIMIZE;
-               return KNOT_STATE_DONE;
+               return KNOT_STATE_CONSUME;
        }
 
        /* This answer didn't improve resolution chain, therefore must be authoritative (relaxed to negative). */
@@ -471,7 +471,7 @@ static int resolve(knot_layer_t *ctx, knot_pkt_t *pkt)
                        }
                        query->flags |= QUERY_TCP;
                }
-               return KNOT_STATE_DONE;
+               return KNOT_STATE_CONSUME;
        }
 
 #ifndef NDEBUG
index 314d901e1aa7983484d8167eeae1cb8bc9bcc8c3..5d182617135d85f99fe219ed88feadc6dd4484cf 100644 (file)
@@ -332,20 +332,18 @@ fail:
 
 static int validate(knot_layer_t *ctx, knot_pkt_t *pkt)
 {
-       int ret;
+       int ret = 0;
        struct kr_request *req = ctx->data;
        struct kr_query *qry = kr_rplan_current(&req->rplan);
-       if (ctx->state & KNOT_STATE_FAIL) {
-               return ctx->state;
-       }
-
-       /* Pass-through if user doesn't want secure answer. */
-       if (!(req->options & QUERY_DNSSEC_WANT)) {
+       /* Ignore faulty or unprocessed responses. */
+       if (ctx->state & (KNOT_STATE_FAIL|KNOT_STATE_CONSUME)) {
                return ctx->state;
        }
 
-       /* Ignore truncated messages. */
-       if (knot_wire_get_tc(pkt->wire)) {
+       /* Pass-through if user doesn't want secure answer, or cached.
+        * Since we let the data into cache, we're going to trust it.
+        */
+       if (!(qry->flags & QUERY_DNSSEC_WANT) || (qry->flags & QUERY_CACHED)) {
                return ctx->state;
        }