return kr_ok();
}
-int kr_make_query2(struct kr_query *query, knot_pkt_t *pkt, uint16_t qtype_minimized)
-{
- /* Minimize QNAME (if possible). */
- uint16_t qtype = qtype_minimized;
- const knot_dname_t *qname = minimized_qname(query, &qtype);
-
- /* Form a query for the authoritative. */
- knot_pkt_clear(pkt);
- int ret = knot_pkt_put_question(pkt, qname, query->sclass, qtype);
- if (ret != KNOT_EOK) {
- return ret;
- }
-
- /* Query built, expect answer. */
- query->id = kr_rand_uint(UINT16_MAX);
- knot_wire_set_id(pkt->wire, query->id);
- pkt->parsed = pkt->size;
- WITH_VERBOSE {
- char name_str[KNOT_DNAME_MAXLEN], type_str[16];
- knot_dname_to_str(name_str, query->sname, sizeof(name_str));
- knot_rrtype_to_string(query->stype, type_str, sizeof(type_str));
- QVERBOSE_MSG(query, "'%s' type '%s' id was assigned, parent id %hu\n",
- name_str, type_str, query->parent ? query->parent->id : 0);
- }
- return kr_ok();
-}
-
static int prepare_query(kr_layer_t *ctx, knot_pkt_t *pkt)
{
assert(pkt && ctx);
/** Make next iterative query. */
int kr_make_query(struct kr_query *query, knot_pkt_t *pkt);
-
-/** Make next iterative query. If qname is minimized,
- * qtype is set to qtype_minimized */
-int kr_make_query2(struct kr_query *query, knot_pkt_t *pkt, uint16_t qtype_minimized);
struct kr_query *qry = req->current_query;
const uint16_t qtype = knot_pkt_qtype(pkt);
- printf("unsigned forward\n");
-
-/*
- if (qtype != KNOT_RRTYPE_DS) {
- struct kr_rplan *rplan = &req->rplan;
- struct kr_query *next = kr_rplan_push(rplan, qry, qry->sname, qry->sclass, KNOT_RRTYPE_DS);
- int state = kr_nsrep_copy_set(&next->ns, &qry->ns);
- if (state != kr_ok()) {
- return;
- }
- kr_zonecut_set(&next->zone_cut, qry->zone_cut.name);
- kr_zonecut_copy_trust(&next->zone_cut, &qry->zone_cut);
- next->flags |= QUERY_DNSSEC_WANT;
- return;
- }
- return;
-*/
-// if (qtype == KNOT_RRTYPE_NS) {
- printf("KNOT_RRTYPE_NS\n");
- bool nods = false;
- bool ds_req = false;
- for (int i = 0; i < req->rplan.resolved.len; ++i) {
- struct kr_query *q = req->rplan.resolved.at[i];
- kr_dname_print(q->sname, "q: ", " ");
- kr_dname_print(qry->sname, "qry: ", " ");
- kr_rrtype_print(q->stype, "type: ", "\n");
- if (/* q->parent == qry && */
- q->sclass == qry->sclass &&
- q->stype == KNOT_RRTYPE_DS &&
- knot_dname_is_equal(q->sname, qry->sname)) {
- ds_req = true;
- printf("DSREQ\n");
- if (q->flags & QUERY_DNSSEC_NODS) {
- printf("NODS\n");
- nods = true;
- }
- }
+ bool nods = false;
+ for (int i = 0; i < req->rplan.resolved.len; ++i) {
+ struct kr_query *q = req->rplan.resolved.at[i];
+ if (q->sclass == qry->sclass &&
+ q->stype == KNOT_RRTYPE_DS &&
+ knot_dname_is_equal(q->sname, qry->sname)) {
+ nods = true;
}
+ }
- if (nods) {
- printf("NODS return\n");
- qry->flags &= ~QUERY_DNSSEC_WANT;
- qry->flags |= QUERY_DNSSEC_INSECURE;
- if (qry->parent) {
- qry->parent->flags &= ~QUERY_DNSSEC_WANT;
- qry->parent->flags |= QUERY_DNSSEC_INSECURE;
- }
- return KR_STATE_DONE;
+ if (nods) {
+ qry->flags &= ~QUERY_DNSSEC_WANT;
+ qry->flags |= QUERY_DNSSEC_INSECURE;
+ if (qry->parent) {
+ qry->parent->flags &= ~QUERY_DNSSEC_WANT;
+ qry->parent->flags |= QUERY_DNSSEC_INSECURE;
}
-// }
+ return KR_STATE_DONE;
+ }
if (qtype != KNOT_RRTYPE_DS) {
struct kr_rplan *rplan = &req->rplan;
kr_zonecut_copy_trust(&next->zone_cut, &qry->zone_cut);
next->flags |= QUERY_DNSSEC_WANT;
}
+
return KR_STATE_YIELD;
}
* It means that trust chain is OK and
* transition to INSECURE hasn't occured.
* Let the validation logic ask about RRSIG. */
- printf("already yielded\n");
return KR_STATE_DONE;
}
/* Ask parent for DS
qry->zone_cut.name = knot_dname_copy(qname, &req->pool);
}
} else if (knot_dname_is_sub(signer, qry->zone_cut.name)) {
- /* Key signer is below current cut, advance and refetch keys. */
if (!(qry->flags & QUERY_FORWARD)) {
+ /* Key signer is below current cut, advance and refetch keys. */
qry->zone_cut.name = knot_dname_copy(signer, &req->pool);
} else {
- for (int i = 0; i < req->rplan.resolved.len; ++i) {
- struct kr_query *q = req->rplan.resolved.at[i];
- if (/* q->parent == qry && */
- q->sclass == qry->sclass &&
- q->stype == KNOT_RRTYPE_DS &&
- knot_dname_is_equal(q->sname, signer)) {
- printf("DSREQQQQ\n");
- if (q->flags & QUERY_DNSSEC_NODS) {
- qry->flags &= ~QUERY_DNSSEC_WANT;
- qry->flags |= QUERY_DNSSEC_INSECURE;
- if (qry->parent) {
- qry->parent->flags &= ~QUERY_DNSSEC_WANT;
- qry->parent->flags |= QUERY_DNSSEC_INSECURE;
- }
- }
+ /* Check if DS does not exist. */
+ struct kr_query *q = kr_rplan_find_resolved(&req->rplan, NULL,
+ signer, qry->sclass, KNOT_RRTYPE_DS);
+ if (q && q->flags & QUERY_DNSSEC_NODS) {
+ qry->flags &= ~QUERY_DNSSEC_WANT;
+ qry->flags |= QUERY_DNSSEC_INSECURE;
+ if (qry->parent) {
+ qry->parent->flags &= ~QUERY_DNSSEC_WANT;
+ qry->parent->flags |= QUERY_DNSSEC_INSECURE;
}
}
}
} /* else zone cut matches, but DS/DNSKEY doesn't => refetch. */
if (qry->stype != KNOT_RRTYPE_DS) {
/* zone cut matches, but DS/DNSKEY doesn't => refetch. */
- printf("sheck_signer\n");
VERBOSE_MSG(qry, ">< cut changed, needs revalidation\n");
return KR_STATE_YIELD;
}
if (knot_wire_get_aa(pkt->wire) && qtype == KNOT_RRTYPE_DNSKEY) {
ret = validate_keyset(req, pkt, has_nsec3);
if (ret == kr_error(EAGAIN)) {
- printf("validate\n");
VERBOSE_MSG(qry, ">< cut changed, needs revalidation\n");
return KR_STATE_YIELD;
} else if (ret != 0) {
}
}
+
if (qry->flags & QUERY_FORWARD) {
+ if (qry->parent &&
+ qtype == KNOT_RRTYPE_NS) {
+ printf("NS NODATA\n");
+ }
if (qry->parent &&
qtype == KNOT_RRTYPE_NS &&
!no_data &&
return next;
}
-static int forward_trust_chain_check(struct kr_request *request, struct kr_query *qry, bool resume, knot_pkt_t *packet)
+static int forward_trust_chain_check(struct kr_request *request, struct kr_query *qry, bool resume)
{
struct kr_rplan *rplan = &request->rplan;
map_t *trust_anchors = &request->ctx->trust_anchors;
return KR_STATE_PRODUCE;
}
-// if (qry->parent != NULL) {
-// return KR_STATE_PRODUCE;
-// }
-
bool nods = false;
bool ds_req = false;
bool ns_req = false;
bool minimized = false;
-// const knot_dname_t* wanted_name = qry->zone_cut.name;
const knot_dname_t* wanted_name = NULL;
int name_offset = 1;
- while (1) {
- wanted_name = qry->sname;
- nods = false;
- ds_req = false;
- ns_req = false;
- minimized = false;
- kr_dname_print(qry->zone_cut.name, "cut_name: ", " ");
- kr_dname_print(qry->sname, "sname: ", " ");
- kr_rrtype_print(qry->stype, "type: ", "\n");
- if (qry->parent == NULL /* && !resume */) {
-// wanted_name = qry->sname;
- int cut_labels = knot_dname_labels(qry->zone_cut.name, NULL);
- int wanted_name_labels = knot_dname_labels(wanted_name, NULL);
- while(wanted_name[0] && wanted_name_labels > cut_labels + name_offset) {
- wanted_name = knot_wire_next_label(wanted_name, NULL);
- wanted_name_labels -= 1;
- }
- minimized = (wanted_name != qry->sname);
- }
+ do {
+ wanted_name = qry->sname;
+ nods = false;
+ ds_req = false;
+ ns_req = false;
+ minimized = false;
+
+ if (qry->parent == NULL) {
+ int cut_labels = knot_dname_labels(qry->zone_cut.name, NULL);
+ int wanted_name_labels = knot_dname_labels(wanted_name, NULL);
+ while (wanted_name[0] && wanted_name_labels > cut_labels + name_offset) {
+ wanted_name = knot_wire_next_label(wanted_name, NULL);
+ wanted_name_labels -= 1;
+ }
+ minimized = (wanted_name != qry->sname);
+ }
for (int i = 0; i < request->rplan.resolved.len; ++i) {
struct kr_query *q = request->rplan.resolved.at[i];
}
}
- if (qry->parent == NULL /* && !resume */) {
- printf("initial request ds_req %i ns_req %i\n", ds_req, ns_req);
-
- if (ds_req && !ns_req && minimized) {
- struct kr_query *next = kr_rplan_push(rplan, qry, wanted_name, qry->sclass, KNOT_RRTYPE_NS);
+ if (qry->parent == NULL &&
+ ds_req && !ns_req && minimized) {
+ struct kr_query *next = kr_rplan_push(rplan, qry, wanted_name,
+ qry->sclass, KNOT_RRTYPE_NS);
if (!next) {
return KR_STATE_FAIL;
}
next->flags |= QUERY_DNSSEC_WANT;
return KR_STATE_DONE;
}
- }
- kr_dname_print(wanted_name, "wanted_name: ", " ");
- printf("resume? %i\n", resume);
- if ((qry->stype == KNOT_RRTYPE_DS) &&
- knot_dname_is_equal(wanted_name, qry->sname)) {
- printf("if1\n");
- nods = true;
- } else if (resume && !ds_req) {
- printf("if2\n");
- nods = false;
- } else if (!minimized) {
- printf("if3\n");
- nods = true;
- } else {
- printf("if4\n");
- nods = ds_req;
- }
- if (ds_req && ns_req) {
- name_offset += 1;
+ if ((qry->stype == KNOT_RRTYPE_DS) &&
+ knot_dname_is_equal(wanted_name, qry->sname)) {
+ nods = true;
+ } else if (resume && !ds_req) {
+ nods = false;
+ } else if (!minimized) {
+ nods = true;
} else {
- break;
+ nods = ds_req;
}
- }
- printf("ds_req %i ns_req %i nods? %i\n", ds_req, ns_req, nods);
+ name_offset += 1;
+ } while (ds_req && ns_req);
/* Disable DNSSEC if it enters NTA. */
if (kr_ta_get(negative_anchors, wanted_name)){
* Since forwarding targets already are in qry->ns -
* cut fetching is not needed. */
if (qry->flags & QUERY_FORWARD) {
- return forward_trust_chain_check(request, qry, false, packet);
+ return forward_trust_chain_check(request, qry, false);
}
if (!(qry->flags & QUERY_AWAIT_CUT)) {
/* The query was resolved from cache.
if (qry->deferred != NULL) {
/* @todo: Refactoring validator, check trust chain before resuming. */
int state = (qry->flags & QUERY_FORWARD) ?
- forward_trust_chain_check(request, qry, true, packet) :
+ forward_trust_chain_check(request, qry, true) :
trust_chain_check(request, qry);
switch(state) {
case KR_STATE_FAIL: return KR_STATE_FAIL;
return array_tail(rplan->resolved);
}
+struct kr_query *kr_rplan_find_resolved(struct kr_rplan *rplan, struct kr_query *parent,
+ const knot_dname_t *name, uint16_t cls, uint16_t type)
+{
+ struct kr_query *ret = NULL;
+ for (int i = 0; i < rplan->resolved.len; ++i) {
+ struct kr_query *q = rplan->resolved.at[i];
+ if (q->stype == type && q->sclass == cls &&
+ (parent == NULL || q->parent == parent) &&
+ knot_dname_is_equal(q->sname, name)) {
+ ret = q;
+ break;
+ }
+ }
+ return ret;
+}
+
#undef VERBOSE_MSG
KR_EXPORT KR_PURE
struct kr_query *kr_rplan_resolved(struct kr_rplan *rplan);
+/** Return query predecessor. */
+KR_EXPORT KR_PURE
+struct kr_query *kr_rplan_next(struct kr_query *qry);
+
+/**
+ * Check if a given query already resolved.
+ * @param rplan plan instance
+ * @param parent query parent (or NULL)
+ * @param name resolved name
+ * @param cls resolved class
+ * @param type resolved type
+ * @return query instance or NULL
+ */
+KR_EXPORT KR_PURE
+struct kr_query *kr_rplan_find_resolved(struct kr_rplan *rplan, struct kr_query *parent,
+ const knot_dname_t *name, uint16_t cls, uint16_t type);
projects / thirdparty / knot-resolver.git / commitdiff
