From: Miek Gieben Date: Tue, 14 Feb 2006 11:11:21 +0000 (+0000) Subject: tried to debug some network code X-Git-Tag: release-1.1.0~348 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cea31ba31f03d63127ce95ad00eb61d6080b4e60;p=thirdparty%2Fldns.git tried to debug some network code Some further drill modifications to allow secure trace to work --- diff --git a/dnssec.c b/dnssec.c index 0f98b004..09ca33f4 100644 --- a/dnssec.c +++ b/dnssec.c @@ -87,6 +87,10 @@ ldns_verify(ldns_rr_list *rrset, ldns_rr_list *rrsig, ldns_rr_list *keys, ldns_r valid = false; + if (ldns_rr_list_rr_count(rrset) < 1) { + return LDNS_STATUS_ERR; + } + if (ldns_rr_list_rr_count(rrsig) < 1) { return LDNS_STATUS_CRYPTO_NO_RRSIG; } diff --git a/drill/drill_util.c b/drill/drill_util.c index 8cff7bec..fc8ef402 100644 --- a/drill/drill_util.c +++ b/drill/drill_util.c @@ -86,28 +86,59 @@ print_ds_of_keys(ldns_pkt *p) } } -/* print some of the elements of a signature */ -void -print_rrsig_abbr(FILE *fp, ldns_rr *sig) { +static void +print_class_type(FILE *fp, ldns_rr *r) +{ ldns_lookup_table *lt; - if (!sig) { + lt = ldns_lookup_by_id(ldns_rr_classes, ldns_rr_get_class(r)); + if (lt) { + fprintf(fp, " %s", lt->name); + } else { + fprintf(fp, " CLASS%d", ldns_rr_get_class(r)); + } + /* okay not THE way - but the quickest */ + switch (ldns_rr_get_type(r)) { + case LDNS_RR_TYPE_RRSIG: + fprintf(fp, " RRSIG "); + break; + case LDNS_RR_TYPE_DNSKEY: + fprintf(fp, " DNSKEY "); + break; + case LDNS_RR_TYPE_DS: + fprintf(fp, " DS "); + break; + default: + break; + } +} + + +void +print_ds_abbr(FILE *fp, ldns_rr *ds) +{ + if (!ds || (ldns_rr_get_type(ds) != LDNS_RR_TYPE_DS)) { return; } - if (ldns_rr_get_type(sig) != LDNS_RR_TYPE_RRSIG) { + ldns_rdf_print(fp, ldns_rr_owner(ds)); + fprintf(fp, " %d", (int)ldns_rr_ttl(ds)); + print_class_type(fp, ds); + ldns_rdf_print(fp, ldns_rr_rdf(ds, 0)); fprintf(fp, " "); + ldns_rdf_print(fp, ldns_rr_rdf(ds, 1)); fprintf(fp, " "); + ldns_rdf_print(fp, ldns_rr_rdf(ds, 2)); fprintf(fp, " "); + ldns_rdf_print(fp, ldns_rr_rdf(ds, 3)); fprintf(fp, " "); +} + +/* print some of the elements of a signature */ +void +print_rrsig_abbr(FILE *fp, ldns_rr *sig) { + if (!sig || (ldns_rr_get_type(sig) != LDNS_RR_TYPE_RRSIG)) { return; } ldns_rdf_print(fp, ldns_rr_owner(sig)); fprintf(fp, " %d", (int)ldns_rr_ttl(sig)); - - lt = ldns_lookup_by_id(ldns_rr_classes, ldns_rr_get_class(sig)); - if (lt) { - fprintf(fp, " %s", lt->name); - } else { - fprintf(fp, " CLASS%d", ldns_rr_get_class(sig)); - } - fprintf(fp, " RRSIG "); + print_class_type(fp, sig); /* print a number of rdf's */ /* typecovered */ @@ -126,39 +157,16 @@ print_rrsig_abbr(FILE *fp, ldns_rr *sig) { ldns_rdf_print(fp, ldns_rr_rdf(sig, 7)); } -void -print_rrsig_list_abbr(FILE *fp, ldns_rr_list *sig) -{ - size_t i; - - for(i = 0; i < ldns_rr_list_rr_count(sig); i++) { - print_rrsig_abbr(fp, ldns_rr_list_rr(sig, i)); - fputs("\n", fp); - } -} - void print_dnskey_abbr(FILE *fp, ldns_rr *key) { - ldns_lookup_table *lt; - if (!key) { - return; - } - - if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY) { + if (!key || (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY)) { return; } ldns_rdf_print(fp, ldns_rr_owner(key)); fprintf(fp, " %d", (int)ldns_rr_ttl(key)); - - lt = ldns_lookup_by_id(ldns_rr_classes, ldns_rr_get_class(key)); - if (lt) { - fprintf(fp, " %s", lt->name); - } else { - fprintf(fp, " CLASS%d", ldns_rr_get_class(key)); - } - fprintf(fp, " DNSKEY "); + print_class_type(fp, key); /* print a number of rdf's */ /* flags */ @@ -182,13 +190,46 @@ print_dnskey_abbr(FILE *fp, ldns_rr *key) (int)ldns_rr_dnskey_key_size(key)); } + +void +print_rrsig_list_abbr(FILE *fp, ldns_rr_list *sig, char *usr) +{ + size_t i; + + for(i = 0; i < ldns_rr_list_rr_count(sig); i++) { + print_rrsig_abbr(fp, ldns_rr_list_rr(sig, i)); + if (usr) { + fprintf(fp, "%s", usr); + } + fputs("\n", fp); + } +} + void -print_dnskey_list_abbr(FILE *fp, ldns_rr_list *key) +print_dnskey_list_abbr(FILE *fp, ldns_rr_list *key, char *usr) { size_t i; for(i = 0; i < ldns_rr_list_rr_count(key); i++) { print_dnskey_abbr(fp, ldns_rr_list_rr(key, i)); + if (usr) { + fprintf(fp, "%s", usr); + } + fputs("\n", fp); + } +} + +/* need extra arg to put something after the RR's */ +void +print_ds_list_abbr(FILE *fp, ldns_rr_list *ds, char *usr) +{ + size_t i; + + for(i = 0; i < ldns_rr_list_rr_count(ds); i++) { + print_ds_abbr(fp, ldns_rr_list_rr(ds, i)); + if (usr) { + fprintf(fp, "%s", usr); + } fputs("\n", fp); } } diff --git a/drill/drill_util.h b/drill/drill_util.h index 2e5e72a8..c4c8f4f4 100644 --- a/drill/drill_util.h +++ b/drill/drill_util.h @@ -27,21 +27,27 @@ void print_ds_of_keys(ldns_pkt *p); * print some rdfs of a signature */ void print_rrsig_abbr(FILE *fp, ldns_rr *sig); - /** - * print some rdfs of a signature list + * print some rdfs of a dnskey */ -void print_rrsig_list_abbr(FILE *fp, ldns_rr_list *sig); - +void print_dnskey_abbr(FILE *fp, ldns_rr *key); /** - * print some rdfs of a dnskey + * print some rdfs of a ds */ -void print_dnskey_abbr(FILE *fp, ldns_rr *sig); +void print_ds_abbr(FILE *fp, ldns_rr *ds); /** * print some rdfs of a dnskey list */ -void print_dnskey_list_abbr(FILE *fp, ldns_rr_list *sig); +void print_dnskey_list_abbr(FILE *fp, ldns_rr_list *sig, char *usr); +/** + * print some rdfs of a signature list + */ +void print_rrsig_list_abbr(FILE *fp, ldns_rr_list *sig, char *usr); +/** + * print some rdfs of a ds list + */ +void print_ds_list_abbr(FILE *fp, ldns_rr_list *sig, char *usr); /** * Alloc some memory, with error checking diff --git a/drill/securetrace.c b/drill/securetrace.c index d46e64af..98c00ab3 100644 --- a/drill/securetrace.c +++ b/drill/securetrace.c @@ -80,9 +80,9 @@ check_ds_key_equiv_rr_list(ldns_rr_list *key, ldns_rr_list *ds) static ldns_rr_list * get_dnssec_rr(ldns_resolver *r, ldns_rdf *name, ldns_rr_type t, ldns_rr_list **sig) { - ldns_pkt *p; - ldns_rr_list *rr; - ldns_rr_list *sigs; + ldns_pkt *p = NULL; + ldns_rr_list *rr = NULL; + ldns_rr_list *sigs = NULL; /* ldns_resolver_set_dnssec(r, true); */ @@ -90,9 +90,10 @@ get_dnssec_rr(ldns_resolver *r, ldns_rdf *name, ldns_rr_type t, ldns_rr_list **s if (!p) { return NULL; } + /* ldns_pkt_print(stdout, p); */ rr = ldns_pkt_rr_list_by_name_and_type(p, name, t, LDNS_SECTION_ANSWER); - /* there must be a sig there too... */ + /* there SHOULD be a sig there too... */ sigs = ldns_pkt_rr_list_by_name_and_type(p, name, LDNS_RR_TYPE_RRSIG, LDNS_SECTION_ANSWER); @@ -147,8 +148,7 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, ldns_rr_list *sig_list; ldns_rr_list *ds_list; - ldns_rr_list *validated_key; /* keys that are cryptographic 'good' */ - ldns_rr_list *validated_ds; /* ds that are cryptographic 'good' */ + ldns_rr_list *validated; /* stuff (DNSKEY/DS) that are cryptographic 'good' */ secure = true; authname = NULL; @@ -162,11 +162,9 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, res = ldns_resolver_new(); sig_list = ldns_rr_list_new(); - validated_key = ldns_rr_list_new(); - validated_ds = ldns_rr_list_new(); - + validated = ldns_rr_list_new(); - if (!p || !res || !sig_list) { + if (!p || !res || !sig_list || !validated) { error("Memory allocation failed"); return NULL; } @@ -288,26 +286,31 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, key_list = get_key(res, authname, &sig_list); if (key_list) { - if (ldns_verify(key_list, sig_list, key_list, NULL) == LDNS_STATUS_OK) { - ldns_rr_list_push_rr_list(key_list, validated_key); - printf(";; DNSSEC RRs\n"); - print_dnskey_list_abbr(stdout, key_list); - print_rrsig_list_abbr(stdout, sig_list); - } else { - printf(";; DNSSEC RRs\n"); - print_dnskey_list_abbr(stdout, key_list); - /* - printf(";; RRSIG RRs\n"); - print_rrsig_list_abbr(stdout, sig_list); - */ + + + printf(";; DNSSEC RRs\n"); + print_dnskey_list_abbr(stdout, key_list, NULL); + print_rrsig_list_abbr(stdout, sig_list, NULL); + print_rrsig_list_abbr(stdout, validated, NULL); +#if 0 + if (sig_list) { + if (ldns_verify(key_list, sig_list, key_list, validated) == + LDNS_STATUS_OK) { + print_dnskey_list_abbr(stdout, validated, "[Validated]"); + } } +#endif - ds_list = get_ds(res, authname, &sig_list); } else { printf(";; No DNSSEC RRs found, not attemping validation\n"); } + ds_list = get_ds(res, authname, &sig_list); + if (ds_list) { + print_ds_list_abbr(stdout, ds_list, NULL); + } + /* /DNSSEC */ @@ -367,38 +370,30 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, labels[i] = ldns_dname_left_chop(labels[i - 1]); } + /* DNSSEC */ /* recurse on the name at this server */ for(i = (ssize_t)labels_count_current - 1; i >= 0; i--) { - /* DNSSEC */ key_list = get_key(res, labels[i], &sig_list); + ds_list = get_ds(res, labels[i], &sig_list); if (key_list) { - if (ldns_verify(key_list, sig_list, key_list, NULL) == LDNS_STATUS_OK) { - ldns_rr_list_push_rr_list(key_list, validated_key); - printf(";; DNSSEC RRs\n"); - print_dnskey_list_abbr(stdout, key_list); - print_rrsig_list_abbr(stdout, sig_list); - - } else { - printf(";; DNSSEC RRs\n"); - print_dnskey_list_abbr(stdout, key_list); - /* - printf(";; RRSIG RRs\n"); - print_rrsig_list_abbr(stdout, sig_list); puts(""); - */ - } - - ds_list = get_ds(res, labels[i], &sig_list); + printf(";; DNSSEC RRs\n"); + print_dnskey_list_abbr(stdout, key_list, NULL); + print_rrsig_list_abbr(stdout, sig_list, NULL); } else { printf(";; No DNSSEC RRs found, not attemping validation\n"); } + if (ds_list) { + print_ds_list_abbr(stdout, ds_list, NULL); + + } - /* /DNSSEC */ ldns_rr_list_deep_free(sig_list); sig_list = ldns_rr_list_new(); puts(""); } + /* /DNSSEC */ #if 0 diff --git a/net.c b/net.c index 89d6fb7c..c2d28a4a 100644 --- a/net.c +++ b/net.c @@ -347,8 +347,7 @@ ldns_udp_read_wire(int sockfd, size_t *size, struct sockaddr_storage *from, if (fromlen) { *fromlen = flen; } - dprintf("from len %d\n", (int)flen); - } + } /* recvfrom can also return 0 */ if (wire_size == -1 || wire_size == 0) { @@ -497,8 +496,6 @@ ldns_rdf2native_sockaddr_storage(const ldns_rdf *rd, uint16_t port, size_t *size } } -/* code from rdata.c */ -/* the other way around - for lua-ldns */ ldns_rdf * ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port) {