Log signature algo with DNSKEY and DS, also digest with DS.

diff --git a/src/cache.c b/src/cache.c
index 51ba7cc49889cb84cdcc6ca7ecc69681c7721152..4da380ae8d0d37201dd569432603727c9bcc8bf5 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -1580,7 +1580,7 @@ void log_query(unsigned int flags, char *name, struct all_addr *addr, char *arg)
   if (addr)
     {
       if (flags & F_KEYTAG)
-       sprintf(daemon->addrbuff, arg, addr->addr.keytag);
+       sprintf(daemon->addrbuff, arg, addr->addr.log.keytag, addr->addr.log.algo, addr->addr.log.digest);
       else
        {
 #ifdef HAVE_IPV6

diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 12868072c36e11ab369086b5c1874615f73953db..4503a2d5739aedce0eb4712c3b72687ae7ab6f65 100644 (file)
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -256,8 +256,10 @@ struct all_addr {
     struct in6_addr addr6;
 #endif
     /* for log_query */
-    unsigned int keytag;
-    /* for cache_insert if RRSIG, DNSKEY, DS */
+    struct {
+      unsigned short keytag, algo, digest;
+    } log; 
+    /* for cache_insert of DNSKEY, DS */
     struct {
       unsigned short class, type;
     } dnssec;      

diff --git a/src/dnssec.c b/src/dnssec.c
index e0b7f39ded6c91859b253182263d4884ee2a7323..ed2d3fed1bf818cd1d0a8812a06b07c3bde15314 100644 (file)
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1115,11 +1115,12 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
                        }
                      else
                        {
-                         a.addr.keytag = keytag;
+                         a.addr.log.keytag = keytag;
+                         a.addr.log.algo = algo;
                          if (verify_func(algo))
-                           log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u");
+                           log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu");
                          else
-                           log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u (not supported)");
+                           log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu (not supported)");
                          
                          recp1->addr.key.keylen = rdlen - 4;
                          recp1->addr.key.keydata = key;
@@ -1241,11 +1242,13 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
                    }
                  else
                    {
-                     a.addr.keytag = keytag;
+                     a.addr.log.keytag = keytag;
+                     a.addr.log.algo = algo;
+                     a.addr.log.digest = digest;
                      if (hash_find(ds_digest_name(digest)) && verify_func(algo))
-                       log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u");
+                       log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu");
                      else
-                       log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u (not supported)");
+                       log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu (not supported)");
                      
                      crecp->addr.ds.digest = digest;
                      crecp->addr.ds.keydata = key;