From: Grigorii Demidov <grigorii.demidov@nic.cz>
Date: Fri, 12 Feb 2016 12:29:33 +0000 (+0100)
Subject: dnssec/nsec3: some clarifications were made in comments
X-Git-Tag: v1.0.0~59^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5dbb04ba42c574faa61a2ab60e7a1943e72549d9;p=thirdparty%2Fknot-resolver.git

dnssec/nsec3: some clarifications were made in comments
---

diff --git a/lib/dnssec/nsec3.c b/lib/dnssec/nsec3.c
index 9327c275e..a46716246 100644
--- a/lib/dnssec/nsec3.c
+++ b/lib/dnssec/nsec3.c
@@ -223,7 +223,12 @@ static int covers_name(int *flags, const knot_rrset_t *nsec3, const knot_dname_t
 	knot_nsec3_next_hashed(&nsec3->rrs, 0, &next_hash, &next_size);
 
 	if ((owner_hash.size != next_size) || (name_hash.size != next_size)) {
-		/* All hash lengths must be same. */
+		/*
+		 * All hash lengths must be same.
+		 * NSEC3 rr span doesn't cover name which has to be checked.
+		 * Exit with no-error return code,
+		 * FLG_NAME_COVERED will not be set.
+		 */
 		goto fail;
 	}
 
@@ -239,6 +244,11 @@ static int covers_name(int *flags, const knot_rrset_t *nsec3, const knot_dname_t
 		 */
 		if ((memcmp(ownrd, name_hash.data, next_size) >= 0) ||
 		    (memcmp(name_hash.data, nextd, next_size) >= 0)) {
+			/*
+			 * NSEC3 rr span doesn't cover name has to be checked.
+			 * Exit with no-error return code,
+			 * FLG_NAME_COVERED will not be set.
+			 */
 			goto fail;
 		}
 	} else {
@@ -251,6 +261,11 @@ static int covers_name(int *flags, const knot_rrset_t *nsec3, const knot_dname_t
 		 */
 		if ((memcmp(ownrd, name_hash.data, next_size) >= 0) &&
 		    (memcmp(name_hash.data, nextd, next_size) >= 0)) {
+			/*
+			 * NSEC3 rr span doesn't cover name has to be checked.
+			 * Exit with no-error return code,
+			 * FLG_NAME_COVERED will not be set.
+			 */
 			goto fail;
 		}
 	}
@@ -331,6 +346,11 @@ static int matches_name(int *flags, const knot_rrset_t *nsec3, const knot_dname_
 
 	if ((owner_hash.size != name_hash.size) ||
 	    (memcmp(owner_hash.data, name_hash.data, owner_hash.size) != 0)) {
+		/*
+		 * NSEC3 owner does not match name has to be checked.
+		 * Exit with no-error return code,
+		 * FLG_NAME_MATCHED will not be set.
+		 */
 		goto fail;
 	}