diff options
author | Dominik DL6ER <dl6er@dl6er.de> | 2021-07-09 22:12:42 +0100 |
---|---|---|
committer | Simon Kelley <simon@thekelleys.org.uk> | 2021-07-09 22:12:42 +0100 |
commit | e7ccd95c04f5108db23d97f409caf7e739a1c51e (patch) | |
tree | 80b52f2b3ba3823105d6ab5df20f584838c680a6 | |
parent | 719f79a8fdb7cc72a061b2492ea98f7486b6f90e (diff) | |
download | dnsmasq-2.86test5.tar.gz |
Add EDE return when no matching key found.v2.86test5
-rw-r--r-- | src/cache.c | 8 | ||||
-rw-r--r-- | src/dns-protocol.h | 3 | ||||
-rw-r--r-- | src/dnssec.c | 5 | ||||
-rw-r--r-- | src/forward.c | 12 | ||||
-rw-r--r-- | src/helper.c | 1 |
5 files changed, 15 insertions, 14 deletions
diff --git a/src/cache.c b/src/cache.c index 4a62560..00a7df7 100644 --- a/src/cache.c +++ b/src/cache.c @@ -1923,10 +1923,10 @@ void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg) else sprintf(daemon->addrbuff, "%u", rcode); - if (addr->log.ede != -1) + if (addr->log.ede != EDE_UNSET) { extra = daemon->addrbuff; - sprintf(extra, " (EDE:%s)", edestr(addr->log.ede)); + sprintf(extra, " (EDE: %s)", edestr(addr->log.ede)); } } else @@ -1974,10 +1974,10 @@ void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg) source = "reply"; else if (flags & F_SECSTAT) { - if (addr && addr->log.ede != -1) + if (addr && addr->log.ede != EDE_UNSET) { extra = daemon->addrbuff; - sprintf(extra, " (EDE:%s)", edestr(addr->log.ede)); + sprintf(extra, " (EDE: %s)", edestr(addr->log.ede)); } source = "validation"; dest = arg; diff --git a/src/dns-protocol.h b/src/dns-protocol.h index 01d5f8f..496a4bb 100644 --- a/src/dns-protocol.h +++ b/src/dns-protocol.h @@ -85,7 +85,8 @@ #define EDNS0_OPTION_NOMCPEID 65074 /* Nominum temporary assignment */ #define EDNS0_OPTION_UMBRELLA 20292 /* Cisco Umbrella temporary assignment */ -/* RFC-8914 extended errors */ +/* RFC-8914 extended errors, negative values are our definitions */ +#define EDE_UNSET -1 /* No extended DNS error available */ #define EDE_OTHER 0 /* Other */ #define EDE_USUPDNSKEY 1 /* Unsupported DNSKEY algo */ #define EDE_USUPDS 2 /* Unsupported DS Digest */ diff --git a/src/dnssec.c b/src/dnssec.c index 3152d83..94ebb6f 100644 --- a/src/dnssec.c +++ b/src/dnssec.c @@ -744,7 +744,8 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in } } - return STAT_BOGUS | failflags; + /* If we reach this point, no verifying key was found */ + return STAT_BOGUS | failflags | DNSSEC_FAIL_NOKEY; } @@ -2193,6 +2194,6 @@ int errflags_to_ede(int status) else if (status & DNSSEC_FAIL_NOSIG) return EDE_NO_RRSIG; else - return -1; + return EDE_UNSET; } #endif /* HAVE_DNSSEC */ diff --git a/src/forward.c b/src/forward.c index 7545abc..f5bd19e 100644 --- a/src/forward.c +++ b/src/forward.c @@ -177,7 +177,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, int subnet, cacheable, forwarded = 0; size_t edns0_len; unsigned char *pheader; - int ede = -1; + int ede = EDE_UNSET; (void)do_bit; if (header->hb4 & HB4_CD) @@ -537,7 +537,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, { u16 swap = htons((u16)ede); - if (ede != -1) + if (ede != -EDE_UNSET) plen = add_pseudoheader(header, plen, (unsigned char *)limit, daemon->edns_pktsz, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 0); else plen = add_pseudoheader(header, plen, (unsigned char *)limit, daemon->edns_pktsz, 0, NULL, 0, do_bit, 0); @@ -749,7 +749,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server if it was removed. */ n = resize_packet(header, n, pheader, plen); - if (pheader && ede != -1) + if (pheader && ede != EDE_UNSET) { u16 swap = htons((u16)ede); n = add_pseudoheader(header, n, limit, daemon->edns_pktsz, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 1); @@ -1094,7 +1094,7 @@ static void return_reply(time_t now, struct frec *forward, struct dns_header *he { int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0; size_t nn; - int ede = -1; + int ede = EDE_UNSET; (void)status; @@ -1918,7 +1918,7 @@ unsigned char *tcp_request(int confd, time_t now, while (1) { - int ede = -1; + int ede = EDE_UNSET; if (query_count == TCP_MAX_QUERIES || !packet || @@ -2149,7 +2149,7 @@ unsigned char *tcp_request(int confd, time_t now, { u16 swap = htons((u16)ede); - if (ede != -1) + if (ede != EDE_UNSET) m = add_pseudoheader(header, m, ((unsigned char *) header) + 65536, daemon->edns_pktsz, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 0); else m = add_pseudoheader(header, m, ((unsigned char *) header) + 65536, daemon->edns_pktsz, 0, NULL, 0, do_bit, 0); diff --git a/src/helper.c b/src/helper.c index be3ae52..d81de96 100644 --- a/src/helper.c +++ b/src/helper.c @@ -235,7 +235,6 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd) } else continue; - /* stringify MAC into dhcp_buff */ p = daemon->dhcp_buff; |