From: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon, 21 Dec 2015 18:31:55 +0000 (+0000)
Subject: Log signature algo with DNSKEY and DS, also digest with DS.
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=15379ea1f252d1f53c5d93ae970b22dedb233642;p=people%2Fms%2Fdnsmasq.git

Log signature algo with DNSKEY and DS, also digest with DS.
---

diff --git a/src/cache.c b/src/cache.c
index 51ba7cc..4da380a 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -1580,7 +1580,7 @@ void log_query(unsigned int flags, char *name, struct all_addr *addr, char *arg)
   if (addr)
     {
       if (flags & F_KEYTAG)
-	sprintf(daemon->addrbuff, arg, addr->addr.keytag);
+	sprintf(daemon->addrbuff, arg, addr->addr.log.keytag, addr->addr.log.algo, addr->addr.log.digest);
       else
 	{
 #ifdef HAVE_IPV6
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 1286807..4503a2d 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -256,8 +256,10 @@ struct all_addr {
     struct in6_addr addr6;
 #endif
     /* for log_query */
-    unsigned int keytag;
-    /* for cache_insert if RRSIG, DNSKEY, DS */
+    struct {
+      unsigned short keytag, algo, digest;
+    } log; 
+    /* for cache_insert of DNSKEY, DS */
     struct {
       unsigned short class, type;
     } dnssec;      
diff --git a/src/dnssec.c b/src/dnssec.c
index e0b7f39..ed2d3fe 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1115,11 +1115,12 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
 			}
 		      else
 			{
-			  a.addr.keytag = keytag;
+			  a.addr.log.keytag = keytag;
+			  a.addr.log.algo = algo;
 			  if (verify_func(algo))
-			    log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u");
+			    log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu");
 			  else
-			    log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u (not supported)");
+			    log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu (not supported)");
 			  
 			  recp1->addr.key.keylen = rdlen - 4;
 			  recp1->addr.key.keydata = key;
@@ -1241,11 +1242,13 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
 		    }
 		  else
 		    {
-		      a.addr.keytag = keytag;
+		      a.addr.log.keytag = keytag;
+		      a.addr.log.algo = algo;
+		      a.addr.log.digest = digest;
 		      if (hash_find(ds_digest_name(digest)) && verify_func(algo))
-			log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u");
+			log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu");
 		      else
-			log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u (not supported)");
+			log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu (not supported)");
 		      
 		      crecp->addr.ds.digest = digest;
 		      crecp->addr.ds.keydata = key;