diff options
author | Simon Kelley <simon@thekelleys.org.uk> | 2013-12-13 15:36:55 +0000 |
---|---|---|
committer | Simon Kelley <simon@thekelleys.org.uk> | 2013-12-13 15:36:55 +0000 |
commit | 9d633048fe8045d3240029c0cb6180834b80c9a3 (patch) | |
tree | 0ca82343c1ca3eca31d5043cd02335cba235e18a | |
parent | a9b55837dc7e8585bffec2fe6e30697f922cbcd9 (diff) | |
download | dnsmasq-9d633048fe8045d3240029c0cb6180834b80c9a3.tar.gz |
Saving progress
-rw-r--r-- | src/dns-protocol.h | 2 | ||||
-rw-r--r-- | src/dnsmasq.h | 5 | ||||
-rw-r--r-- | src/forward.c | 60 |
3 files changed, 40 insertions, 27 deletions
diff --git a/src/dns-protocol.h b/src/dns-protocol.h index 023be5f..07cc768 100644 --- a/src/dns-protocol.h +++ b/src/dns-protocol.h @@ -82,6 +82,8 @@ struct dns_header { #define HB4_RCODE 0x0f #define OPCODE(x) (((x)->hb3 & HB3_OPCODE) >> 3) +#define SET_OPCODE(x, code) (x)->hb3 = ((x)->hb3 & ~HB3_OPCODE) | code + #define RCODE(x) ((x)->hb4 & HB4_RCODE) #define SET_RCODE(x, code) (x)->hb4 = ((x)->hb4 & ~HB4_RCODE) | code diff --git a/src/dnsmasq.h b/src/dnsmasq.h index 7991dd0..bde72e2 100644 --- a/src/dnsmasq.h +++ b/src/dnsmasq.h @@ -511,9 +511,8 @@ struct hostsfile { #define FREC_NOREBIND 1 #define FREC_CHECKING_DISABLED 2 #define FREC_HAS_SUBNET 4 -#define FREC_DNSSEC_QUERY 8 -#define FREC_DNSKEY_QUERY 16 -#define FREC_DS_QUERY 32 +#define FREC_DNSKEY_QUERY 8 +#define FREC_DS_QUERY 16 struct frec { union mysockaddr source; diff --git a/src/forward.c b/src/forward.c index ca4c118..97f8800 100644 --- a/src/forward.c +++ b/src/forward.c @@ -677,7 +677,16 @@ void reply_query(int fd, int family, time_t now) #ifdef HAVE_DNSSEC if (option_bool(OPT_DNSSEC_VALID) && !(forward->flags & FREC_CHECKING_DISABLED)) { - int status = dnssec_validate(forward->flags, header, n); + int status; + char rrbitmap[256/8]; + int class; + + if (forward->flags && FREC_DNSSKEY_QUERY) + status = dnssec_validate_by_ds(header, n, daemon->namebuff, &class); + else if (forward->flags && FREC_DS_QUERY) + status = dnssec_validate_dnskey(header, n, daemon->namebuff, &class); + else + status = dnssec_validate_reply(&rrbitmap, header, n, daemon->namebuff, &class); /* Can't validate, as we're missing key data. Put this answer aside, whilst we get that. */ @@ -687,26 +696,29 @@ void reply_query(int fd, int family, time_t now) if ((forward->stash = blockdata_alloc((char *)header, n))) { forward->stash_len = n; - - /* Now formulate a query for the missing data. */ - nn = dnssec_generate_query(header, status); - new = get_new_frec(now, NULL, 1); - - if (new) + + if ((new = get_new_frec(now, NULL, 1))) { int fd; - + new = forward; /* copy everything, then overwrite */ new->dependent = forward; /* to find query awaiting new one. */ forward->blocking_query = new; /* for garbage cleaning */ - new->flags |= FREC_DNSSEC_QUERY; + /* validate routines leave name of required record in daemon->namebuff */ if (status == STAT_NEED_KEY) - new->flags |= FREC_DNSKEY_QUERY; /* So we verify differently */ + { + new->flags |= FREC_DNSKEY_QUERY; + nn = dnssec_generate_query(header, daemon->namebuff, class, T_DNSKEY); + } else if (status == STAT_NEED_DS) - new->flags |= FREC_DS_QUERY; + { + new->flags |= FREC_DS_QUERY; + nn = dnssec_generate_query(header, daemon->namebuff, class, T_DS); + } new->crc = questions_crc(header, nn, daemon->namebuff); new->new_id = get_id(new->crc); - + header->id = htons(new->id); + /* Don't resend this. */ daemon->srv_save = NULL; @@ -714,19 +726,19 @@ void reply_query(int fd, int family, time_t now) fd = server->sfd->fd; else #ifdef HAVE_IPV6 - /* Note that we use the same random port for the DNSSEC stuff */ - if (server->addr.sa.sa_family == AF_INET6) - { - fd = new->rfd6->fd; - new->rfd6->refcount++; - } - else + /* Note that we use the same random port for the DNSSEC stuff */ + if (server->addr.sa.sa_family == AF_INET6) + { + fd = new->rfd6->fd; + new->rfd6->refcount++; + } + else #endif - { - fd = new->rfd4->fd; - new->rfd4->refcount++; - } - + { + fd = new->rfd4->fd; + new->rfd4->refcount++; + } + /* Send DNSSEC query to same server as original query */ while (sendto(fd, (char *)header, nn, 0, &server->addr.sa, sa_len(&server->addr)) == -1 && retry_send()); } |