From: Karel Slany Date: Mon, 17 Aug 2015 09:11:42 +0000 (+0200) Subject: Merge branch 'master' into cache-rrsig-wip X-Git-Tag: v1.0.0-beta1~53^2~102 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2baf3dbd9a37612147c439649aaee9dd5ed9486f;p=thirdparty%2Fknot-resolver.git Merge branch 'master' into cache-rrsig-wip --- 2baf3dbd9a37612147c439649aaee9dd5ed9486f diff --cc Makefile index 78d10e828,35f78d361..b93e1a1ce --- a/Makefile +++ b/Makefile @@@ -25,10 -25,10 +25,11 @@@ $(eval $(call find_lib,cmocka) $(eval $(call find_bin,doxygen)) $(eval $(call find_bin,sphinx-build)) $(eval $(call find_bin,gccgo)) - $(eval $(call find_python)) + $(eval $(call find_bin,python)) $(eval $(call find_lib,libmemcached,1.0)) $(eval $(call find_lib,hiredis)) + $(eval $(call find_lib,socket_wrapper)) +$(eval $(call find_lib,libdnssec)) # Work around luajit on OS X ifeq ($(PLATFORM), Darwin) diff --cc lib/resolve.h index c6a1ebf18,67aca7461..724e8b8a3 --- a/lib/resolve.h +++ b/lib/resolve.h @@@ -37,18 -37,13 +37,13 @@@ * @code{.c} * * struct kr_context ctx = { - * .pool = NULL, // for persistent data * .cache = ..., // open cache instance (or NULL) - * .layers = {} // loaded layers + * .layers = &modules, * }; * - * // Push basic layers - * array_push(ctx.layers, iterate_layer); - * array_push(ctx.layers, rrcache_layer); - * * // Resolve "IN A cz." * knot_pkt_t *answer = knot_pkt_new(NULL, 65535, ctx.pool); - * int ret = kr_resolve(&ctx, answer, (uint8_t*)"\x02cz", 1, 1); + * int ret = kr_resolve(&ctx, answer, (uint8_t*)"\x02cz", 1, 1, 0); * printf("rcode: %d, ancount: %u\n", * knot_wire_get_rcode(answer->wire), * knot_wire_get_ancount(answer->wire)); diff --cc lib/rplan.h index 305c9c14b,ab4febf41..289685478 --- a/lib/rplan.h +++ b/lib/rplan.h @@@ -38,9 -38,7 +38,10 @@@ X(CACHED , 1 << 8) /**< Query response is cached. */ \ X(EXPIRING , 1 << 9) /**< Query response is cached, but expiring. */ \ X(NO_EXPIRING, 1 << 10) /**< Do not use expiring cached records. */ \ - X(DNSSEC_WANT , 1 << 11) /**< Want DNSSEC secured answer. */ \ - X(DNSSEC_BOGUS , 1 << 12) /**< Query response is DNSSEC bogus. */ \ - X(AWAIT_DS , 1 << 13) /**< Query is waiting for DS lookup. */ - X(ALLOW_LOCAL, 1 << 11) /**< Allow queries to local or private address ranges. */ ++ X(ALLOW_LOCAL, 1 << 11) /**< Allow queries to local or private address ranges. */ \ ++ X(DNSSEC_WANT , 1 << 12) /**< Want DNSSEC secured answer. */ \ ++ X(DNSSEC_BOGUS , 1 << 13) /**< Query response is DNSSEC bogus. */ \ ++ X(AWAIT_DS , 1 << 14) /**< Query is waiting for DS lookup. */ /** Query flags */ enum kr_query_flag { diff --cc lib/zonecut.c index f1427cce6,73b49e0b5..5265936c1 --- a/lib/zonecut.c +++ b/lib/zonecut.c @@@ -162,54 -143,8 +162,34 @@@ int kr_zonecut_copy(struct kr_zonecut * return map_walk((map_t *)&src->nsset, copy_addr_set, dst); } +int kr_zonecut_copy_trust(struct kr_zonecut *dst, const struct kr_zonecut *src) +{ + knot_rrset_t *key_copy = NULL; + knot_rrset_t *ta_copy = NULL; + if (src->key) { + key_copy = knot_rrset_copy(src->key, dst->pool); + if (!key_copy) { + return kr_error(ENOMEM); + } + } + + if (src->trust_anchor) { + ta_copy = knot_rrset_copy(src->trust_anchor, dst->pool); + if (!ta_copy) { + knot_rrset_free(&key_copy, dst->pool); + return kr_error(ENOMEM); + } + } + + knot_rrset_free(&dst->key, dst->pool); + dst->key = key_copy; + knot_rrset_free(&dst->trust_anchor, dst->pool); + dst->trust_anchor = ta_copy; + + return kr_ok(); +} - /** @internal Filter ANY or loopback addresses. */ - static bool is_valid_addr(uint8_t *addr, size_t len) - { - if (len == sizeof(struct in_addr)) { - /* Filter ANY and 127.0.0.0/8 */ - uint32_t ip_host = ntohl(*(uint32_t *)(addr)); - if (ip_host == 0 || (ip_host & 0xff000000) == 0x7f000000) { - return false; - } - } else if (len == sizeof(struct in6_addr)) { - struct in6_addr ip6_mask; - memset(&ip6_mask, 0, sizeof(ip6_mask)); - /* All except last byte are zeroed, last byte defines ANY/::1 */ - if (memcmp(addr, ip6_mask.s6_addr, sizeof(ip6_mask.s6_addr) - 1) == 0) { - return (addr[len - 1] > 1); - } - } - return true; - } - int kr_zonecut_add(struct kr_zonecut *cut, const knot_dname_t *ns, const knot_rdata_t *rdata) { if (!cut || !ns) { diff --cc tests/test_zonecut.c index 939ccc83a,715878842..e090b6c44 --- a/tests/test_zonecut.c +++ b/tests/test_zonecut.c @@@ -32,43 -32,9 +32,9 @@@ static void test_zonecut_params(void ** assert_null((void *)kr_zonecut_find(NULL, NULL)); assert_null((void *)kr_zonecut_find(&cut, NULL)); assert_int_not_equal(kr_zonecut_set_sbelt(NULL, NULL), 0); - assert_int_not_equal(kr_zonecut_find_cached(NULL, NULL, NULL, NULL, 0), 0); + assert_int_not_equal(kr_zonecut_find_cached(NULL, NULL, NULL, NULL, 0, 0), 0); } - #define TEST_IP(cut, ip, expect) { \ - knot_rdata_t rdata[knot_rdata_array_size(sizeof(ip))]; \ - knot_rdata_init(rdata, sizeof(ip), (uint8_t *)&ip, 0); \ - assert_int_equal(kr_zonecut_add(&(cut), (const uint8_t *)"\x02cz", rdata), (expect)); \ - } while (0) - - static void test_zonecut_filter(void **state) - { - struct kr_zonecut cut; - kr_zonecut_init(&cut, (const uint8_t *)"", NULL); - - /* IPv4 */ - uint32_t ip4 = 0; /* 0.0.0.0 */ - TEST_IP(cut, ip4, kr_error(EILSEQ)); - ip4 = htonl(0x7f000002); /* 127.0.0.2 */ - TEST_IP(cut, ip4, kr_error(EILSEQ)); - ip4 = htonl(0x7fffffff); /* 127.255.255.255 */ - TEST_IP(cut, ip4, kr_error(EILSEQ)); - ip4 = htonl(0xff000001); /* 255.0.0.1 */ - TEST_IP(cut, ip4, 0); - /* IPv6 */ - struct in6_addr ip6; - memset(&ip6, 0, sizeof(ip6)); /* :: */ - TEST_IP(cut, ip6.s6_addr, kr_error(EILSEQ)); - ip6.s6_addr[15] = 0x01; /* ::1 */ - TEST_IP(cut, ip6.s6_addr, kr_error(EILSEQ)); - ip6.s6_addr[15] = 0x02; /* ::2 */ - TEST_IP(cut, ip6.s6_addr, 0); - - kr_zonecut_deinit(&cut); - } - - #undef TEST_IP - static void test_zonecut_copy(void **state) { const knot_dname_t *root = (const uint8_t *)"";