From: Marek Vavruša Date: Sat, 19 Sep 2015 19:30:20 +0000 (+0200) Subject: lib/validate: fixed revalidation of cached answers X-Git-Tag: v1.0.0-beta1~53^2~57 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8bfce49658dcbf02bc802f57ca87f29407891993;p=thirdparty%2Fknot-resolver.git lib/validate: fixed revalidation of cached answers also answers for which minimisation failed or truncated are fixed, for such answers iterator sets state to ‘consume’ to indicate the answer wasn’t processed --- diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c index b5c9cea24..5e9b1afab 100644 --- a/lib/layer/iterate.c +++ b/lib/layer/iterate.c @@ -314,7 +314,7 @@ static int process_answer(knot_pkt_t *pkt, struct kr_request *req) (pkt_class & (PKT_NOERROR|PKT_NXDOMAIN|PKT_REFUSED|PKT_NODATA))) { DEBUG_MSG("<= found cut, retrying with non-minimized name\n"); query->flags |= QUERY_NO_MINIMIZE; - return KNOT_STATE_DONE; + return KNOT_STATE_CONSUME; } /* This answer didn't improve resolution chain, therefore must be authoritative (relaxed to negative). */ @@ -471,7 +471,7 @@ static int resolve(knot_layer_t *ctx, knot_pkt_t *pkt) } query->flags |= QUERY_TCP; } - return KNOT_STATE_DONE; + return KNOT_STATE_CONSUME; } #ifndef NDEBUG diff --git a/lib/layer/validate.c b/lib/layer/validate.c index 314d901e1..5d1826171 100644 --- a/lib/layer/validate.c +++ b/lib/layer/validate.c @@ -332,20 +332,18 @@ fail: static int validate(knot_layer_t *ctx, knot_pkt_t *pkt) { - int ret; + int ret = 0; struct kr_request *req = ctx->data; struct kr_query *qry = kr_rplan_current(&req->rplan); - if (ctx->state & KNOT_STATE_FAIL) { - return ctx->state; - } - - /* Pass-through if user doesn't want secure answer. */ - if (!(req->options & QUERY_DNSSEC_WANT)) { + /* Ignore faulty or unprocessed responses. */ + if (ctx->state & (KNOT_STATE_FAIL|KNOT_STATE_CONSUME)) { return ctx->state; } - /* Ignore truncated messages. */ - if (knot_wire_get_tc(pkt->wire)) { + /* Pass-through if user doesn't want secure answer, or cached. + * Since we let the data into cache, we're going to trust it. + */ + if (!(qry->flags & QUERY_DNSSEC_WANT) || (qry->flags & QUERY_CACHED)) { return ctx->state; }