From: Vladimír Čunát Date: Wed, 29 Mar 2017 14:24:01 +0000 (+0200) Subject: WIP: drafting rank refactoring X-Git-Tag: v1.3.0~23^2~43 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=783c85f62c931d22e6742ca66fa8d4b48ffdcb3e;p=thirdparty%2Fknot-resolver.git WIP: drafting rank refactoring --- diff --git a/lib/cache.h b/lib/cache.h index b9f8f84b7..10fb4f3d6 100644 --- a/lib/cache.h +++ b/lib/cache.h @@ -29,25 +29,6 @@ enum kr_cache_tag { KR_CACHE_USER = 0x80 }; -/** - * Cache entry rank. - * @note Be careful about chosen cache rank nominal values. - * - AUTH must be > than NONAUTH - * - AUTH INSECURE must be > than AUTH (because it attempted validation) - * - NONAUTH SECURE must be > than AUTH (because it's valid) - * - * Ref: https://tools.ietf.org/html/rfc2181#section-5.4.1 - */ -enum kr_cache_rank { - KR_RANK_BAD = 0, /* BAD cache, do not use. */ - KR_RANK_INSECURE = 1, /* Entry is DNSSEC insecure (e.g. RRSIG not exists). */ - KR_RANK_EXTRA = 4, /* Entry from additional section. */ - KR_RANK_NONAUTH = 8, /* Entry from authority section (i.e. parent-side). */ - KR_RANK_AUTH = 16, /* Entry from answer (authoritative data). */ - KR_RANK_SECURE = 32, /* Entry is DNSSEC valid (e.g. RRSIG exists). */ - /* @note Rank must not exceed 6 bits */ -}; - /** Cache entry flags */ enum kr_cache_flag { KR_CACHE_FLAG_NONE = 0, diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c index 04b524682..d32552794 100644 --- a/lib/layer/iterate.c +++ b/lib/layer/iterate.c @@ -14,6 +14,19 @@ along with this program. If not, see . */ +/** @file iterate.c + * + * This builtin module is mainly active in the consume phase. + * Primary responsibilities: + * - Classify the packet as auth/nonauth and change its AA flag accordingly. + * - Pick interesting RRs to kr_request::answ_selected and ::auth_selected, + * NEW: and classify their rank, except for validation status. + * - Update kr_query::zone_cut (in case of referral). + * - Interpret CNAMEs. + * - Prepare the followup query - either inline or as another kr_query + * (CNAME jumps create a new "sibling" query). + */ + #include #include #include diff --git a/lib/resolve.h b/lib/resolve.h index b31f35098..f1e5af6d6 100644 --- a/lib/resolve.h +++ b/lib/resolve.h @@ -72,16 +72,38 @@ * @endcode */ -/** Validation rank */ -typedef enum kr_validation_rank { - KR_VLDRANK_INITIAL = 0, /* No validated yet or no information about it. */ - KR_VLDRANK_INSECURE = 1, /* Entry is DNSSEC insecure (e.g. RRSIG not exists). */ - KR_VLDRANK_BAD = 2, /* Matching RRSIG found, but validation fails. Unused?! */ - KR_VLDRANK_MISMATCH = 3, /* RRSIG signer name is */ - KR_VLDRANK_UNKNOWN = 4, /* Unknown */ - KR_VLDRANK_SECURE = 5 /* Entry is DNSSEC valid (e.g. RRSIG exists). - * Note: it's also used for RRSIGs currently. */ -} kr_validation_rank_t; + +/** + * Cache entry rank. + * + * @note Be careful about chosen cache rank nominal values. + * - AUTH must be > than NONAUTH + * - AUTH INSECURE must be > than AUTH (because it attempted validation) + * - NONAUTH SECURE must be > than AUTH (because it's valid) + * + * See also: + * https://tools.ietf.org/html/rfc2181#section-5.4.1 + * https://tools.ietf.org/html/rfc4035#section-4.3 + */ +enum kr_rank { + KR_RANK_INITIAL = 0, + + KR_RANK_BAD = 7, /**< For simple manipulation with the four below. */ + KR_RANK_OMIT = 1, /**< Do not validate. */ + KR_RANK_INDET, /**< Unable to determine whether it should be secure. */ + KR_RANK_BOGUS, /**< Ought to be secure but isn't. */ + KR_RANK_MISMATCH, + + KR_RANK_INSECURE = 8, /**< Proven to be insecure. */ + + /** Authoritative data flag; the chain of authority was "verified". + * Even if not set, only in-bailiwick stuff is acceptable, + * i.e. almost authoritative (example: mandatory glue and its NS RR). */ + KR_RANK_AUTH = 16, + + KR_RANK_SECURE = 32, /**< Verified whole chain of trust from the closest TA. */ + /* @note Rank must not exceed 6 bits */ +}; /** @cond internal Array of modules. */ typedef array_t(struct kr_module *) module_array_t; diff --git a/modules/hints/hints.c b/modules/hints/hints.c index cbac5effb..c9b387cd8 100644 --- a/modules/hints/hints.c +++ b/modules/hints/hints.c @@ -15,7 +15,7 @@ */ /** - * @file hints.h + * @file hints.c * @brief Constructed zone cut from the hosts-like file, see @zonecut.h * * The module provides an override for queried address records.