From: Willem Toorop Date: Tue, 4 Mar 2014 22:07:22 +0000 (+0100) Subject: -e & -E to filter out RR types with ldns-read-zone X-Git-Tag: release-1.7.0-rc1~161^2~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2e8243111ea351ff9e764e4ede0a7295b95b3c9a;p=thirdparty%2Fldns.git -e & -E to filter out RR types with ldns-read-zone --- diff --git a/Changelog b/Changelog index 0fb09b25..a3d7f0d0 100644 --- a/Changelog +++ b/Changelog @@ -6,6 +6,7 @@ TBD some of the headings of the file, to match the opensource.org BSD license. * -e option makes ldns-compare-zones exit with status code 2 on difference + * Filter out specified RR types with ldns-read-zone -e and -E options 1.6.17 2014-01-10 * Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a diff --git a/examples/ldns-read-zone.1 b/examples/ldns-read-zone.1 index 8652fe9a..172097d0 100644 --- a/examples/ldns-read-zone.1 +++ b/examples/ldns-read-zone.1 @@ -11,6 +11,16 @@ ldns-read-zone \- read a zonefile and print it resource record per line, and no pretty-printing makeup. .SH OPTIONS +.TP +\fB-0\fR +Print a (null) for the RRSIG inception, expiry and key data. This option +can be used when comparing different signing systems that use the same +DNSKEYs for signing but would have a slightly different timings/jitter. + +.TP +\fB-b\fR +Include Bubble Babble encoding of DS's. + .TP \fB-c\fR Canonicalize all resource records in the zone before printing @@ -18,18 +28,20 @@ Canonicalize all resource records in the zone before printing .TP \fB-d\fR Only print DNSSEC data from the zone. This option skips every record -that is not of type NSEC, NSEC3, RRSIG or DNSKEY. DS records are not +that is not of type NSEC, NSEC3 or RRSIG. DNSKEY and DS records are not printed. .TP -\fB-b\fR -Include Bubble Babble encoding of DS's. +\fB-e\fR \fIRR type\fR +Do not print RRs of the given \fIrr type\fR. +This option may be given multiple times. +\fB-e\fR is not meant to be used together with \fB-E\fR. .TP -\fB-0\fR -Print a (null) for the RRSIG inception, expiry and key data. This option -can be used when comparing different signing systems that use the same -DNSKEYs for signing but would have a slightly different timings/jitter. +\fB-E\fR \fIRR type\fR +Print only RRs of the given \fIrr type\fR. +This option may be given multiple times. +\fB-E\fR is not meant to be used together with \fB-e\fR. .TP \fB-h\fR @@ -47,7 +59,7 @@ take ten characters. This is useful for in file serial number increments. .TP \fB-s\fR Strip DNSSEC data from the zone. This option skips every record -that is of type NSEC, NSEC3, RRSIG or DNSKEY. DS records are still +that is of type NSEC, NSEC3 or RRSIG. DNSKEY and DS records are still printed. .TP diff --git a/examples/ldns-read-zone.c b/examples/ldns-read-zone.c index 512621d3..2198568f 100644 --- a/examples/ldns-read-zone.c +++ b/examples/ldns-read-zone.c @@ -20,10 +20,18 @@ void print_usage(const char* progname) printf("Usage: %s [OPTIONS] \n", progname); printf("\tReads the zonefile and prints it.\n"); printf("\tThe RR count of the zone is printed to stderr.\n"); - printf("\t-b include Bubble Babble encoding of DS's.\n"); printf("\t-0 zeroize timestamps and signature in RRSIG records.\n"); + printf("\t-b include Bubble Babble encoding of DS's.\n"); printf("\t-c canonicalize all rrs in the zone.\n"); printf("\t-d only show DNSSEC data from the zone\n"); + printf("\t-e \n"); + printf("\t\tDo not print RRs of the given .\n"); + printf("\t\tThis option may be given multiple times.\n"); + printf("\t\t-e is not meant to be used together with -E.\n"); + printf("\t-E \n"); + printf("\t\tPrint only RRs of the given .\n"); + printf("\t\tThis option may be given multiple times.\n"); + printf("\t\t-E is not meant to be used together with -e.\n"); printf("\t-h show this text\n"); printf("\t-n do not print the SOA record\n"); printf("\t-p prepend SOA serial with spaces so" @@ -61,6 +69,46 @@ void print_usage(const char* progname) exit(EXIT_SUCCESS); } +void exclude_type(ldns_rdf **types2show, ldns_rr_type t) +{ + ldns_status s; + + assert(types2show); + + if (! *types2show && LDNS_STATUS_OK != + (s = ldns_rdf_bitmap_known_rr_types(types2show))) + goto fail; + + s = ldns_nsec_bitmap_clear_type(*types2show, t); + if (s == LDNS_STATUS_OK) + return; +fail: + fprintf(stderr, "Cannot exclude rr type %s: %s\n" + , ldns_rr_descript(t)->_name + , ldns_get_errorstr_by_id(s)); + exit(EXIT_FAILURE); +} + +void include_type(ldns_rdf **types2show, ldns_rr_type t) +{ + ldns_status s; + + assert(types2show); + + if (! *types2show && LDNS_STATUS_OK != + (s = ldns_rdf_bitmap_known_rr_types_space(types2show))) + goto fail; + + s = ldns_nsec_bitmap_set_type(*types2show, t); + if (s == LDNS_STATUS_OK) + return; +fail: + fprintf(stderr, "Cannot exclude all rr types except %s: %s\n" + , ldns_rr_descript(t)->_name + , ldns_get_errorstr_by_id(s)); + exit(EXIT_FAILURE); +} + int main(int argc, char **argv) { @@ -71,38 +119,43 @@ main(int argc, char **argv) int c; bool canonicalize = false; bool sort = false; - bool strip = false; - bool only_dnssec = false; bool print_soa = true; ldns_status s; size_t i; ldns_rr_list *stripped_list; ldns_rr *cur_rr; - ldns_rr_type cur_rr_type; ldns_output_format_storage fmt_storage; ldns_output_format* fmt = ldns_output_format_init(&fmt_storage); + ldns_rdf *types2show = NULL; ldns_soa_serial_increment_func_t soa_serial_increment_func = NULL; int soa_serial_increment_func_data = 0; - while ((c = getopt(argc, argv, "0bcdhnpsu:U:vzS:")) != -1) { + while ((c = getopt(argc, argv, "0bcde:E:hnpsS:u:U:vz")) != -1) { switch(c) { + case '0': + fmt->flags |= LDNS_FMT_ZEROIZE_RRSIGS; + break; case 'b': fmt->flags |= ( LDNS_COMMENT_BUBBLEBABBLE | LDNS_COMMENT_FLAGS ); break; - case '0': - fmt->flags |= LDNS_FMT_ZEROIZE_RRSIGS; - break; case 'c': canonicalize = true; break; case 'd': - only_dnssec = true; - if (strip) { - fprintf(stderr, "Warning: stripping both DNSSEC and non-DNSSEC records. Output will be sparse.\n"); - } + include_type(&types2show, LDNS_RR_TYPE_RRSIG); + include_type(&types2show, LDNS_RR_TYPE_NSEC); + include_type(&types2show, LDNS_RR_TYPE_NSEC3); + break; + case 'e': + exclude_type(&types2show, + ldns_get_rr_type_by_name(optarg)); + break; + case 'E': + include_type(&types2show, + ldns_get_rr_type_by_name(optarg)); break; case 'h': print_usage("ldns-read-zone"); @@ -113,12 +166,37 @@ main(int argc, char **argv) case 'p': fmt->flags |= LDNS_FMT_PAD_SOA_SERIAL; break; - case 's': - strip = true; - if (only_dnssec) { - fprintf(stderr, "Warning: stripping both DNSSEC and non-DNSSEC records. Output will be sparse.\n"); + case 's': + case 'S': + exclude_type(&types2show, LDNS_RR_TYPE_RRSIG); + exclude_type(&types2show, LDNS_RR_TYPE_NSEC); + exclude_type(&types2show, LDNS_RR_TYPE_NSEC3); + if (c == 's') break; + if (*optarg == '+' || *optarg == '-') { + soa_serial_increment_func_data = + atoi(optarg); + soa_serial_increment_func = + ldns_soa_serial_increment_by; + } else if (! strtok(optarg, "0123456789")) { + soa_serial_increment_func_data = + atoi(optarg); + soa_serial_increment_func = + ldns_soa_serial_identity; + } else if (!strcasecmp(optarg, "YYYYMMDDxx")){ + soa_serial_increment_func = + ldns_soa_serial_datecounter; + } else if (!strcasecmp(optarg, "unixtime")){ + soa_serial_increment_func = + ldns_soa_serial_unixtime; + } else { + fprintf(stderr, "-S expects a number " + "optionally preceded by a " + "+ or - sign to indicate an " + "offset, or the text YYYYMM" + "DDxx or unixtime\n"); + exit(EXIT_FAILURE); } - break; + break; case 'u': s = ldns_output_format_set_type(fmt, ldns_get_rr_type_by_name(optarg)); @@ -159,36 +237,8 @@ main(int argc, char **argv) canonicalize = true; sort = true; break; - case 'S': - strip = true; - if (*optarg == '+' || *optarg == '-') { - soa_serial_increment_func_data = - atoi(optarg); - soa_serial_increment_func = - ldns_soa_serial_increment_by; - } else if (! strtok(optarg, "0123456789")) { - soa_serial_increment_func_data = - atoi(optarg); - soa_serial_increment_func = - ldns_soa_serial_identity; - } else if (!strcasecmp(optarg, "YYYYMMDDxx")){ - soa_serial_increment_func = - ldns_soa_serial_datecounter; - } else if (!strcasecmp(optarg, "unixtime")){ - soa_serial_increment_func = - ldns_soa_serial_unixtime; - } else { - fprintf(stderr, "-S expects a number " - "optionally preceded by a " - "+ or - sign to indicate an " - "offset, or the text YYYYMM" - "DDxx or unixtime\n"); - exit(EXIT_FAILURE); - } - break; } } - argc -= optind; argv += optind; @@ -214,38 +264,17 @@ main(int argc, char **argv) exit(EXIT_FAILURE); } - - if (strip) { + if (types2show) { + if (print_soa) + print_soa = ldns_nsec_bitmap_covers_type(types2show, + LDNS_RR_TYPE_SOA); stripped_list = ldns_rr_list_new(); - while ((cur_rr = ldns_rr_list_pop_rr(ldns_zone_rrs(z)))) { - cur_rr_type = ldns_rr_get_type(cur_rr); - if (cur_rr_type == LDNS_RR_TYPE_RRSIG || - cur_rr_type == LDNS_RR_TYPE_NSEC || - cur_rr_type == LDNS_RR_TYPE_NSEC3 || - cur_rr_type == LDNS_RR_TYPE_NSEC3PARAM - ) { - ldns_rr_free(cur_rr); - } else { + while ((cur_rr = ldns_rr_list_pop_rr(ldns_zone_rrs(z)))) + if (ldns_nsec_bitmap_covers_type(types2show, + ldns_rr_get_type(cur_rr))) ldns_rr_list_push_rr(stripped_list, cur_rr); - } - } - ldns_rr_list_free(ldns_zone_rrs(z)); - ldns_zone_set_rrs(z, stripped_list); - } - if (only_dnssec) { - stripped_list = ldns_rr_list_new(); - while ((cur_rr = ldns_rr_list_pop_rr(ldns_zone_rrs(z)))) { - cur_rr_type = ldns_rr_get_type(cur_rr); - if (cur_rr_type == LDNS_RR_TYPE_RRSIG || - cur_rr_type == LDNS_RR_TYPE_NSEC || - cur_rr_type == LDNS_RR_TYPE_NSEC3 || - cur_rr_type == LDNS_RR_TYPE_NSEC3PARAM - ) { - ldns_rr_list_push_rr(stripped_list, cur_rr); - } else { + else ldns_rr_free(cur_rr); - } - } ldns_rr_list_free(ldns_zone_rrs(z)); ldns_zone_set_rrs(z, stripped_list); }