From: Willem Toorop Date: Fri, 1 Jun 2012 14:41:38 +0000 (+0000) Subject: New -0 option for ldns-read-zone to replace inception, expiration and signature rdata... X-Git-Tag: release-1.6.14rc1~64 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0d5fda55706e26badf78c67178207a9684b67c4e;p=thirdparty%2Fldns.git New -0 option for ldns-read-zone to replace inception, expiration and signature rdata fields with (null). Thanks Paul Wouters. New -p option for ldns-read-zone to prepend-pad SOA serial to take up ten characters. --- diff --git a/Changelog b/Changelog index 300a5f66..399cb49a 100644 --- a/Changelog +++ b/Changelog @@ -8,6 +8,10 @@ answering nameserver to the answer packet in ldns_send_buffer, so the original value may be deep freed with the ldns_resolver struct. Thanks Michael Meisel. + * New -0 option for ldns-read-zone to replace inception, expiration + and signature rdata fields with (null). Thanks Paul Wouters. + * New -p option for ldns-read-zone to prepend-pad SOA serial to take + up ten characters. 1.6.13 2012-05-21 * New -S option for ldns-verify-zone to chase signatures online. diff --git a/examples/ldns-read-zone.1 b/examples/ldns-read-zone.1 index 81f238d6..7d4fd7d9 100644 --- a/examples/ldns-read-zone.1 +++ b/examples/ldns-read-zone.1 @@ -21,6 +21,12 @@ Only print DNSSEC data from the zone. This option skips every record that is not of type NSEC, NSEC3, RRSIG or DNSKEY. DS records are not printed. +.TP +\fB-0\fR +Print a (null) for the RRSIG inception, expiry and key data. This option +can be used when comparing different signing systems that use the same +DNSKEYs for signing but would have a slightly different timings/jitter. + .TP \fB-h\fR Show usage and exit @@ -29,6 +35,11 @@ Show usage and exit \fB-n\fR Do not print the SOA record +.TP +\fB-p\fR +Pad the SOA serial number with spaces so the number and the spaces together +take ten characters. This is useful for in file serial number increments. + .TP \fB-s\fR Strip DNSSEC data from the zone. This option skips every record diff --git a/examples/ldns-read-zone.c b/examples/ldns-read-zone.c index ac32bac7..1a0a0bf5 100644 --- a/examples/ldns-read-zone.c +++ b/examples/ldns-read-zone.c @@ -33,14 +33,21 @@ main(int argc, char **argv) ldns_rr_list *stripped_list; ldns_rr *cur_rr; ldns_rr_type cur_rr_type; - const ldns_output_format *fmt = NULL; + ldns_output_format fmt = { + ldns_output_format_default->flags, + ldns_output_format_default->data + }; ldns_soa_serial_increment_func_t soa_serial_increment_func = NULL; int soa_serial_increment_func_data = 0; - while ((c = getopt(argc, argv, "bcdhnsvzS:")) != -1) { + while ((c = getopt(argc, argv, "0bcdhnpsvzS:")) != -1) { switch(c) { case 'b': - fmt = ldns_output_format_bubblebabble; + fmt.flags |= + ( LDNS_COMMENT_BUBBLEBABBLE | + LDNS_COMMENT_FLAGS ); + case '0': + fmt.flags |= LDNS_FMT_ZEROIZE_RRSIGS; case 'c': canonicalize = true; break; @@ -55,10 +62,13 @@ main(int argc, char **argv) printf("\tReads the zonefile and prints it.\n"); printf("\tThe RR count of the zone is printed to stderr.\n"); printf("\t-b include bubblebabble of DS's.\n"); + printf("\t-0 zeroize timestamps and signature in RRSIG records.\n"); printf("\t-c canonicalize all rrs in the zone.\n"); printf("\t-d only show DNSSEC data from the zone\n"); printf("\t-h show this text\n"); printf("\t-n do not print the SOA record\n"); + printf("\t-p prepend SOA serial with spaces so" + " it takes exactly ten characters.\n"); printf("\t-s strip DNSSEC data from the zone\n"); printf("\t-S [[+|-] | YYYYMMDDxx | " " unixtime ]\n" @@ -80,6 +90,8 @@ main(int argc, char **argv) case 'n': print_soa = false; break; + case 'p': + fmt.flags |= LDNS_FMT_PAD_SOA_SERIAL; case 's': strip = true; if (only_dnssec) { @@ -195,9 +207,9 @@ main(int argc, char **argv) , soa_serial_increment_func_data ); } - ldns_rr_print_fmt(stdout, fmt, ldns_zone_soa(z)); + ldns_rr_print_fmt(stdout, &fmt, ldns_zone_soa(z)); } - ldns_rr_list_print_fmt(stdout, fmt, ldns_zone_rrs(z)); + ldns_rr_list_print_fmt(stdout, &fmt, ldns_zone_rrs(z)); ldns_zone_deep_free(z); } else { diff --git a/host2str.c b/host2str.c index 636d80d6..2ec8ae19 100644 --- a/host2str.c +++ b/host2str.c @@ -123,6 +123,7 @@ const ldns_output_format *ldns_output_format_onlykeyids = &ldns_output_format_onlykeyids_record; const ldns_output_format *ldns_output_format_default = &ldns_output_format_onlykeyids_record; + const ldns_output_format ldns_output_format_bubblebabble_record = { LDNS_COMMENT_KEY | LDNS_COMMENT_BUBBLEBABBLE | LDNS_COMMENT_FLAGS, NULL }; @@ -1231,7 +1232,33 @@ ldns_rr2buffer_str_fmt(ldns_buffer *output, for (i = 0; i < ldns_rr_rd_count(rr); i++) { /* ldns_rdf2buffer_str handles NULL input fine! */ - status = ldns_rdf2buffer_str(output, ldns_rr_rdf(rr, i)); + if ((fmt->flags & LDNS_FMT_ZEROIZE_RRSIGS) && + (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) && + ((/* inception */ i == 4 && + ldns_rdf_get_type(ldns_rr_rdf(rr, 4)) == + LDNS_RDF_TYPE_TIME) || + (/* expiration */ i == 5 && + ldns_rdf_get_type(ldns_rr_rdf(rr, 5)) == + LDNS_RDF_TYPE_TIME) || + (/* signature */ i == 8 && + ldns_rdf_get_type(ldns_rr_rdf(rr, 8)) == + LDNS_RDF_TYPE_B64))) { + + ldns_buffer_printf(output, "(null)"); + status = ldns_buffer_status(output); + } else if ((fmt->flags & LDNS_FMT_PAD_SOA_SERIAL) && + (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) && + /* serial */ i == 2 && + ldns_rdf_get_type(ldns_rr_rdf(rr, 2)) == + LDNS_RDF_TYPE_INT32) { + ldns_buffer_printf(output, "%10lu", + (unsigned long) ldns_read_uint32( + ldns_rdf_data(ldns_rr_rdf(rr, 2)))); + status = ldns_buffer_status(output); + } else { + status = ldns_rdf2buffer_str(output, + ldns_rr_rdf(rr, i)); + } if(status != LDNS_STATUS_OK) return status; if (i < ldns_rr_rd_count(rr) - 1) { diff --git a/ldns/host2str.h b/ldns/host2str.h index f0a14a43..32cdd605 100644 --- a/ldns/host2str.h +++ b/ldns/host2str.h @@ -64,6 +64,8 @@ extern "C" { #define LDNS_COMMENT_LAYOUT 0x0080 /** Also comment KEY_ID with RRSIGS **/ #define LDNS_COMMENT_RRSIGS 0x0100 +#define LDNS_FMT_ZEROIZE_RRSIGS 0x0200 +#define LDNS_FMT_PAD_SOA_SERIAL 0x0400 /** * Output format specifier