diff --git a/Knot.files b/Knot.files
index 1cd5fb5d7ef96d4e74242ff18eac1442f1ead900..fc27243455f3a8895fbf19db0213c26104b3dbd5 100644
--- a/Knot.files
+++ b/Knot.files
@@ -135,6 +135,7 @@ src/knot/zone/zone-load.h
src/libknot/binary.c
src/libknot/binary.h
src/libknot/common.h
+src/libknot/consts.c
src/libknot/consts.h
src/libknot/dname.c
src/libknot/dname.h
diff --git a/src/Makefile.am b/src/Makefile.am
index ffd8d256712108115446e33f3dba13e96383f183..36c79493ed7f243259a9b8a039f2c2d7febdc30b 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -136,6 +136,8 @@ unittests_xfr_SOURCES = \
tests/xfr_tests.h
libknot_la_SOURCES = \
+ libknot/consts.h \
+ libknot/consts.c \
libknot/util/utils.c \
libknot/util/debug.c \
libknot/util/debug.h \
diff --git a/src/common/descriptor.c b/src/common/descriptor.c
index 2b5e0076f0e6dc554ce2af11a5f542f77bb39ef8..ec0daf33d34e30a94234bc9aa1e0ac57b3c90cdb 100644
--- a/src/common/descriptor.c
+++ b/src/common/descriptor.c
@@ -36,17 +36,6 @@ static knot_lookup_table_t dns_classes[] = {
{ 0, NULL }
};
-/*!
- * \brief DS digest lengths.
- */
-enum knot_ds_algorithm_len
-{
- KNOT_DS_DIGEST_LEN_SHA1 = 20, /* 20B - RFC 3658 */
- KNOT_DS_DIGEST_LEN_SHA256 = 32, /* 32B - RFC 4509 */
- KNOT_DS_DIGEST_LEN_GOST = 32, /* 32B - RFC 5933 */
- KNOT_DS_DIGEST_LEN_SHA384 = 48, /* 48B - RFC 6605 */
-};
-
/*!
* \brief RR type descriptors.
*/
@@ -294,19 +283,3 @@ int knot_rrtype_is_metatype(const uint16_t type)
type == KNOT_RRTYPE_AXFR ||
type == KNOT_RRTYPE_ANY;
}
-
-size_t knot_ds_digest_length(const uint8_t algorithm)
-{
- switch (algorithm) {
- case KNOT_DS_ALG_SHA1:
- return KNOT_DS_DIGEST_LEN_SHA1;
- case KNOT_DS_ALG_SHA256:
- return KNOT_DS_DIGEST_LEN_SHA256;
- case KNOT_DS_ALG_GOST:
- return KNOT_DS_DIGEST_LEN_GOST;
- case KNOT_DS_ALG_SHA384:
- return KNOT_DS_DIGEST_LEN_SHA384;
- default:
- return 0;
- }
-}
diff --git a/src/common/descriptor.h b/src/common/descriptor.h
index 078fe5ae147a9fdd0de4dc9152f1ff6e99ef7b02..0a6a8884a078ed6592bcbfa2c0e56bf7229cecec 100644
--- a/src/common/descriptor.h
+++ b/src/common/descriptor.h
@@ -37,11 +37,16 @@ enum knot_rr_class {
KNOT_CLASS_IN = 1,
KNOT_CLASS_CH = 2,
KNOT_CLASS_NONE = 254,
- KNOT_CLASS_ANY = 255,
+ KNOT_CLASS_ANY = 255
};
/*!
* \brief Resource record type constants.
+ *
+ * http://www.iana.org/assignments/dns-parameters/dns-parameters.xml
+ *
+ * METATYPE: Contains DNS data that can't be in a zone file.
+ * QTYPE: Specifies DNS query type; can't be in a zone file.
*/
enum knot_rr_type {
KNOT_RRTYPE_A = 1, /*!< An IPv4 host address. */
@@ -97,7 +102,7 @@ enum knot_rr_type {
KNOT_RRTYPE_IXFR = 251, /*!< QTYPE. Incremental zone transfer. */
KNOT_RRTYPE_AXFR = 252, /*!< QTYPE. Authoritative zone transfer. */
- KNOT_RRTYPE_ANY = 255, /*!< QTYPE. Any record. */
+ KNOT_RRTYPE_ANY = 255 /*!< QTYPE. Any record. */
};
/*!
@@ -115,42 +120,7 @@ enum knot_rdata_wireformat {
/*!< Uninteresting final part of a record. */
KNOT_RDATA_WF_REMAINDER,
/*!< The last descriptor in array. */
- KNOT_RDATA_WF_END = 0,
-};
-
-/*!
- * \brief DNSSEC Algorithm Numbers
- *
- * http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml
- */
-typedef enum {
- KNOT_DNSSEC_ALG_RSAMD5 = 1,
- KNOT_DNSSEC_ALG_DH = 2,
- KNOT_DNSSEC_ALG_DSA = 3,
-
- KNOT_DNSSEC_ALG_RSASHA1 = 5,
- KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1 = 6,
- KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1 = 7,
- KNOT_DNSSEC_ALG_RSASHA256 = 8,
-
- KNOT_DNSSEC_ALG_RSASHA512 = 10,
-
- KNOT_DNSSEC_ALG_ECC_GOST = 12,
- KNOT_DNSSEC_ALG_ECDSAP256SHA256 = 13,
- KNOT_DNSSEC_ALG_ECDSAP384SHA384 = 14,
-} knot_dnssec_algorithm_t;
-
-/*!
- * \brief Constants for DNSSEC algorithm types.
- *
- * Source: http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xml
- */
-enum knot_ds_algorithm
-{
- KNOT_DS_ALG_SHA1 = 1,
- KNOT_DS_ALG_SHA256 = 2,
- KNOT_DS_ALG_GOST = 3,
- KNOT_DS_ALG_SHA384 = 4,
+ KNOT_RDATA_WF_END = 0
};
/*!
@@ -273,15 +243,6 @@ int descriptor_item_is_remainder(const int item);
*/
int knot_rrtype_is_metatype(const uint16_t type);
-/*!
- * \brief Returns length of DS digest for given algorithm.
- *
- * \param algorithm Algorithm code to be used.
- *
- * \retval Digest length for given algorithm.
- */
-size_t knot_ds_digest_length(const uint8_t algorithm);
-
#endif // _KNOT_DESCRIPTOR_H_
/*! @} */
diff --git a/src/knot/conf/cf-parse.y b/src/knot/conf/cf-parse.y
index 0b1a6d1b83231fdf0ea801ed902f7049e456585f..151fc456ffef338f1969099b718c3a78e877e17e 100644
--- a/src/knot/conf/cf-parse.y
+++ b/src/knot/conf/cf-parse.y
@@ -372,7 +372,7 @@ static int conf_mask(void* scanner, int nval, int prefixlen) {
char *t;
long i;
size_t l;
- tsig_algorithm_t alg;
+ knot_tsig_algorithm_t alg;
} tok;
}
@@ -560,7 +560,7 @@ keys:
KEYS '{'
| keys TEXT TSIG_ALGO_NAME TEXT ';' {
/* Check algorithm length. */
- if (tsig_alg_digest_length($3.alg) == 0) {
+ if (knot_tsig_digest_length($3.alg) == 0) {
cf_error(scanner, "unsupported digest algorithm");
}
diff --git a/src/knot/ctl/knotc_main.c b/src/knot/ctl/knotc_main.c
index 5a588adade1bc439f2bcae93426173594ed020c9..933ecae571c40ca77fce14719f36ea8f0b7e985e 100644
--- a/src/knot/ctl/knotc_main.c
+++ b/src/knot/ctl/knotc_main.c
@@ -283,7 +283,7 @@ static int tsig_parse_str(knot_tsig_key_t *key, const char *str)
if (s) {
*s++ = '\0'; /* Last part separator */
knot_lookup_table_t *alg = NULL;
- alg = knot_lookup_by_name(tsig_alg_table, h);
+ alg = knot_lookup_by_name(knot_tsig_alg_domain_names, h);
if (alg) {
algorithm = alg->id;
} else {
@@ -332,7 +332,9 @@ static int tsig_parse_line(knot_tsig_key_t *k, char *l)
}
/* Lookup algorithm. */
- knot_lookup_table_t *alg = knot_lookup_by_name(tsig_alg_table, a);
+ knot_lookup_table_t *alg;
+ alg = knot_lookup_by_name(knot_tsig_alg_domain_names, a);
+
if (!alg) {
return KNOT_EMALF;
}
diff --git a/src/knot/ctl/remote.c b/src/knot/ctl/remote.c
index 75f34d1925c20fa74f27608b8c8438c5f7e870a4..578c9baf2656b61b81c4a46c4b3d05186609f837 100644
--- a/src/knot/ctl/remote.c
+++ b/src/knot/ctl/remote.c
@@ -711,7 +711,7 @@ int remote_query_sign(uint8_t *wire, size_t *size, size_t maxlen,
return KNOT_EINVAL;
}
- size_t dlen = tsig_alg_digest_length(key->algorithm);
+ size_t dlen = knot_tsig_digest_length(key->algorithm);
uint8_t *digest = malloc(dlen);
if (!digest) {
return KNOT_ENOMEM;
diff --git a/src/knot/server/xfr-handler.c b/src/knot/server/xfr-handler.c
index a107d82f91433e42f50f24e61c55631c8a2d698e..5d09d1d29368eca4cf301b4fc4353f17c20eb224 100644
--- a/src/knot/server/xfr-handler.c
+++ b/src/knot/server/xfr-handler.c
@@ -213,7 +213,7 @@ static int xfr_task_setsig(knot_ns_xfr_t *rq, knot_tsig_key_t *key)
int ret = KNOT_EOK;
rq->tsig_key = key;
rq->tsig_size = tsig_wire_maxsize(key);
- rq->digest_max_size = tsig_alg_digest_length(key->algorithm);
+ rq->digest_max_size = knot_tsig_digest_length(key->algorithm);
rq->digest = malloc(rq->digest_max_size);
if (rq->digest == NULL) {
rq->tsig_key = NULL;
@@ -840,8 +840,8 @@ static int xfr_check_tsig(knot_ns_xfr_t *xfr, knot_rcode_t *rcode, char **tag)
return KNOT_EDENIED;
}
if (tsig_rr) {
- tsig_algorithm_t alg = tsig_rdata_alg(tsig_rr);
- if (tsig_alg_digest_length(alg) == 0) {
+ knot_tsig_algorithm_t alg = tsig_rdata_alg(tsig_rr);
+ if (knot_tsig_digest_length(alg) == 0) {
*rcode = KNOT_RCODE_NOTAUTH;
xfr->tsig_key = NULL;
xfr->tsig_rcode = KNOT_RCODE_BADKEY;
diff --git a/src/knot/server/zones.c b/src/knot/server/zones.c
index c95c7a79d9fa1edaefbff50c72e720aa7bf27e62..ca0189f6ce0e716d26f0b21d280b0bd4d3a85b9b 100644
--- a/src/knot/server/zones.c
+++ b/src/knot/server/zones.c
@@ -2183,7 +2183,7 @@ int zones_normal_query_answer(knot_nameserver_t *nameserver,
knot_packet_tsig(knot_packet_query(resp));
size_t digest_max_size =
- tsig_alg_digest_length(
+ knot_tsig_digest_length(
tsig_key_zone->algorithm);
uint8_t *digest = (uint8_t *)malloc(
digest_max_size);
@@ -2254,7 +2254,7 @@ int zones_normal_query_answer(knot_nameserver_t *nameserver,
knot_packet_query(resp));
size_t digest_max_size =
- tsig_alg_digest_length(
+ knot_tsig_digest_length(
tsig_key_zone->algorithm);
uint8_t *digest = (uint8_t *)malloc(
digest_max_size);
@@ -2428,7 +2428,7 @@ int zones_process_update(knot_nameserver_t *nameserver,
dbg_zones_verb("Adding TSIG = %s\n", knot_strerror(ret));
} else if (tsig_key_zone) {
dbg_zones_verb("Signing message with TSIG.\n");
- size_t digest_len = tsig_alg_digest_length(tsig_key_zone->algorithm);
+ size_t digest_len = knot_tsig_digest_length(tsig_key_zone->algorithm);
uint8_t *digest = (uint8_t *)malloc(digest_len);
if (digest == NULL) {
knot_packet_free(&resp);
@@ -3300,8 +3300,8 @@ int zones_verify_tsig_query(const knot_packet_t *query,
/*
* 1) Check if we support the requested algorithm.
*/
- tsig_algorithm_t alg = tsig_rdata_alg(tsig_rr);
- if (tsig_alg_digest_length(alg) == 0) {
+ knot_tsig_algorithm_t alg = tsig_rdata_alg(tsig_rr);
+ if (knot_tsig_digest_length(alg) == 0) {
log_answer_info("Unsupported digest algorithm "
"requested, treating as bad key\n");
/*! \todo [TSIG] It is unclear from RFC if I
@@ -3335,7 +3335,7 @@ int zones_verify_tsig_query(const knot_packet_t *query,
/* Prepare variables for TSIG */
/*! \todo These need to be saved to the response somehow. */
//size_t tsig_size = tsig_wire_maxsize(key);
- size_t digest_max_size = tsig_alg_digest_length(key->algorithm);
+ size_t digest_max_size = knot_tsig_digest_length(key->algorithm);
//size_t digest_size = 0;
//uint64_t tsig_prev_time_signed = 0;
//uint8_t *digest = (uint8_t *)malloc(digest_max_size);
diff --git a/src/libknot/consts.c b/src/libknot/consts.c
new file mode 100644
index 0000000000000000000000000000000000000000..4b5aa3aa927d2ca3915dc3a1f7b914882928fec7
--- /dev/null
+++ b/src/libknot/consts.c
@@ -0,0 +1,107 @@
+/* Copyright (C) 2011 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <libknot/consts.h>
+
+knot_lookup_table_t knot_opcode_names[] = {
+ { KNOT_OPCODE_QUERY, "QUERY" },
+ { KNOT_OPCODE_IQUERY, "IQUERY" },
+ { KNOT_OPCODE_STATUS, "STATUS" },
+ { KNOT_OPCODE_NOTIFY, "NOTIFY" },
+ { KNOT_OPCODE_UPDATE, "UPDATE" },
+ { 0, NULL }
+};
+
+knot_lookup_table_t knot_rcode_names[] = {
+ { KNOT_RCODE_NOERROR, "NOERROR" },
+ { KNOT_RCODE_FORMERR, "FORMERR" },
+ { KNOT_RCODE_SERVFAIL, "SERVFAIL" },
+ { KNOT_RCODE_NXDOMAIN, "NXDOMAIN" },
+ { KNOT_RCODE_NOTIMPL, "NOTIMPL" },
+ { KNOT_RCODE_REFUSED, "REFUSED" },
+ { KNOT_RCODE_YXDOMAIN, "YXDOMAIN" },
+ { KNOT_RCODE_YXRRSET, "YXRRSET" },
+ { KNOT_RCODE_NXRRSET, "NXRRSET" },
+ { KNOT_RCODE_NOTAUTH, "NOTAUTH" },
+ { KNOT_RCODE_NOTZONE, "NOTZONE" },
+ { KNOT_RCODE_BADSIG, "BADSIG" },
+ { KNOT_RCODE_BADKEY, "BADKEY" },
+ { KNOT_RCODE_BADTIME, "BADTIME" },
+ { KNOT_RCODE_BADMODE, "BADMODE" },
+ { KNOT_RCODE_BADNAME, "BADNAME" },
+ { KNOT_RCODE_BADALG, "BADALG" },
+ { KNOT_RCODE_BADTRUNC, "BADTRUNC" },
+ { 0, NULL }
+};
+
+knot_lookup_table_t knot_tsig_alg_names[] = {
+ { KNOT_TSIG_ALG_HMAC_MD5, "hmac-md5" },
+ { KNOT_TSIG_ALG_HMAC_SHA1, "hmac-sha1" },
+ { KNOT_TSIG_ALG_HMAC_SHA224, "hmac-sha224" },
+ { KNOT_TSIG_ALG_HMAC_SHA256, "hmac-sha256" },
+ { KNOT_TSIG_ALG_HMAC_SHA384, "hmac-sha384" },
+ { KNOT_TSIG_ALG_HMAC_SHA512, "hmac-sha512" },
+ { KNOT_TSIG_ALG_NULL, NULL }
+};
+
+knot_lookup_table_t knot_tsig_alg_domain_names[] = {
+ { KNOT_TSIG_ALG_GSS_TSIG, "gss-tsig." },
+ { KNOT_TSIG_ALG_HMAC_MD5, "hmac-md5.sig-alg.reg.int." },
+ { KNOT_TSIG_ALG_HMAC_SHA1, "hmac-sha1." },
+ { KNOT_TSIG_ALG_HMAC_SHA224, "hmac-sha224." },
+ { KNOT_TSIG_ALG_HMAC_SHA256, "hmac-sha256." },
+ { KNOT_TSIG_ALG_HMAC_SHA384, "hmac-sha384." },
+ { KNOT_TSIG_ALG_HMAC_SHA512, "hmac-sha512." },
+ { KNOT_TSIG_ALG_NULL, NULL }
+};
+
+size_t knot_tsig_digest_length(const uint8_t algorithm)
+{
+ switch (algorithm) {
+ case KNOT_TSIG_ALG_GSS_TSIG:
+ return KNOT_TSIG_ALG_DIG_LENGTH_GSS_TSIG;
+ case KNOT_TSIG_ALG_HMAC_MD5:
+ return KNOT_TSIG_ALG_DIG_LENGTH_HMAC_MD5;
+ case KNOT_TSIG_ALG_HMAC_SHA1:
+ return KNOT_TSIG_ALG_DIG_LENGTH_SHA1;
+ case KNOT_TSIG_ALG_HMAC_SHA224:
+ return KNOT_TSIG_ALG_DIG_LENGTH_SHA224;
+ case KNOT_TSIG_ALG_HMAC_SHA256:
+ return KNOT_TSIG_ALG_DIG_LENGTH_SHA256;
+ case KNOT_TSIG_ALG_HMAC_SHA384:
+ return KNOT_TSIG_ALG_DIG_LENGTH_SHA384;
+ case KNOT_TSIG_ALG_HMAC_SHA512:
+ return KNOT_TSIG_ALG_DIG_LENGTH_SHA512;
+ default:
+ return 0;
+ }
+}
+
+size_t knot_ds_digest_length(const uint8_t algorithm)
+{
+ switch (algorithm) {
+ case KNOT_DS_ALG_SHA1:
+ return KNOT_DS_DIGEST_LEN_SHA1;
+ case KNOT_DS_ALG_SHA256:
+ return KNOT_DS_DIGEST_LEN_SHA256;
+ case KNOT_DS_ALG_GOST:
+ return KNOT_DS_DIGEST_LEN_GOST;
+ case KNOT_DS_ALG_SHA384:
+ return KNOT_DS_DIGEST_LEN_SHA384;
+ default:
+ return 0;
+ }
+}
diff --git a/src/libknot/consts.h b/src/libknot/consts.h
index 63a6b0648b93de3573c60659f72e1771aefcb61d..49c4124b5d2d1e11cf8dfa2b6da1fe228aa933ea 100644
--- a/src/libknot/consts.h
+++ b/src/libknot/consts.h
@@ -29,6 +29,8 @@
#include <stdint.h>
+#include "libknot/util/utils.h"
+
/*!
* \brief Basic limits for domain names (RFC 1035).
*/
@@ -96,6 +98,118 @@ typedef enum {
KNOT_RESPONSE_UPDATE /*!< Dynamic update response. */
} knot_packet_type_t;
+/*!
+ * \brief TSIG algorithm numbers.
+ *
+ * These constants were taken from the Bind file key format (dnssec-keygen).
+ */
+typedef enum {
+ KNOT_TSIG_ALG_NULL = 0,
+ KNOT_TSIG_ALG_GSS_TSIG = 128,
+ KNOT_TSIG_ALG_HMAC_MD5 = 157,
+ KNOT_TSIG_ALG_HMAC_SHA1 = 161,
+ KNOT_TSIG_ALG_HMAC_SHA224 = 162,
+ KNOT_TSIG_ALG_HMAC_SHA256 = 163,
+ KNOT_TSIG_ALG_HMAC_SHA384 = 164,
+ KNOT_TSIG_ALG_HMAC_SHA512 = 165
+} knot_tsig_algorithm_t;
+
+/*!
+ * \brief Lengths of TSIG algorithm digests.
+ */
+typedef enum {
+ KNOT_TSIG_ALG_DIG_LENGTH_GSS_TSIG = 0,
+ KNOT_TSIG_ALG_DIG_LENGTH_HMAC_MD5 = 16,
+ KNOT_TSIG_ALG_DIG_LENGTH_SHA1 = 20,
+ KNOT_TSIG_ALG_DIG_LENGTH_SHA224 = 28,
+ KNOT_TSIG_ALG_DIG_LENGTH_SHA256 = 32,
+ KNOT_TSIG_ALG_DIG_LENGTH_SHA384 = 48,
+ KNOT_TSIG_ALG_DIG_LENGTH_SHA512 = 64
+} knot_tsig_algorithm_digest_length_t;
+
+/*!
+ * \brief DNSSEC algorithm numbers.
+ *
+ * http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml
+ */
+typedef enum {
+ KNOT_DNSSEC_ALG_RSAMD5 = 1,
+ KNOT_DNSSEC_ALG_DH = 2,
+ KNOT_DNSSEC_ALG_DSA = 3,
+
+ KNOT_DNSSEC_ALG_RSASHA1 = 5,
+ KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1 = 6,
+ KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1 = 7,
+ KNOT_DNSSEC_ALG_RSASHA256 = 8,
+
+ KNOT_DNSSEC_ALG_RSASHA512 = 10,
+
+ KNOT_DNSSEC_ALG_ECC_GOST = 12,
+ KNOT_DNSSEC_ALG_ECDSAP256SHA256 = 13,
+ KNOT_DNSSEC_ALG_ECDSAP384SHA384 = 14
+} knot_dnssec_algorithm_t;
+
+/*!
+ * \brief DS digest lengths.
+ */
+enum knot_ds_algorithm_len
+{
+ KNOT_DS_DIGEST_LEN_SHA1 = 20, /*!< RFC 3658 */
+ KNOT_DS_DIGEST_LEN_SHA256 = 32, /*!< RFC 4509 */
+ KNOT_DS_DIGEST_LEN_GOST = 32, /*!< RFC 5933 */
+ KNOT_DS_DIGEST_LEN_SHA384 = 48 /*!< RFC 6605 */
+};
+
+/*!
+ * \brief Constants for DNSSEC algorithm types.
+ *
+ * Source: http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xml
+ */
+typedef enum {
+ KNOT_DS_ALG_SHA1 = 1,
+ KNOT_DS_ALG_SHA256 = 2,
+ KNOT_DS_ALG_GOST = 3,
+ KNOT_DS_ALG_SHA384 = 4
+} knot_ds_algorithm_t;
+
+/*!
+ * \brief DNS operation code names.
+ */
+extern knot_lookup_table_t knot_opcode_names[];
+
+/*!
+ * \brief DNS reply code names.
+ */
+extern knot_lookup_table_t knot_rcode_names[];
+
+/*!
+ * \brief TSIG key algorithm names.
+ */
+extern knot_lookup_table_t knot_tsig_alg_names[];
+
+/*!
+ * \brief TSIG key algorithm names in a domain form.
+ */
+extern knot_lookup_table_t knot_tsig_alg_domain_names[];
+
+/*!
+ * \brief Returns length of TSIG digest for given algorithm.
+ *
+ * \param algorithm Algorithm code to be used.
+ *
+ * \retval Digest length for given algorithm.
+ */
+size_t knot_tsig_digest_length(const uint8_t algorithm);
+
+/*!
+ * \brief Returns length of DS digest for given algorithm.
+ *
+ * \param algorithm Algorithm code to be used.
+ *
+ * \retval Digest length for given algorithm.
+ */
+size_t knot_ds_digest_length(const uint8_t algorithm);
+
#endif /* _KNOT_CONSTS_H_ */
/*! @} */
diff --git a/src/libknot/rrset.c b/src/libknot/rrset.c
index 9b7e3a23b563c50cdaef4554d199f097fbb5c97d..7fe433a4623b8c4552300c3e26bc596dfd4e4aa1 100644
--- a/src/libknot/rrset.c
+++ b/src/libknot/rrset.c
@@ -21,6 +21,7 @@
#include <stdio.h>
#include <inttypes.h>
+#include "consts.h"
#include "common.h"
#include "common/mempattern.h"
#include "rrset.h"
diff --git a/src/libknot/tsig-op.c b/src/libknot/tsig-op.c
index 8592e88e4ea7bc383316de6d9a1405a4270713a7..728b2023b86b448b12faa61c865586ad5b9558f4 100644
--- a/src/libknot/tsig-op.c
+++ b/src/libknot/tsig-op.c
@@ -44,7 +44,7 @@ static int knot_tsig_check_algorithm(const knot_rrset_t *tsig_rr)
return KNOT_EMALF;
}
- tsig_algorithm_t alg = tsig_alg_from_name(alg_name);
+ knot_tsig_algorithm_t alg = tsig_alg_from_name(alg_name);
if (alg == 0) {
/*!< \todo is this error OK? */
dbg_tsig("TSIG: unknown algorithm.\n");
@@ -96,7 +96,7 @@ static int knot_tsig_compute_digest(const uint8_t *wire, size_t wire_len,
return KNOT_EMALF;
}
- tsig_algorithm_t tsig_alg = key->algorithm;
+ knot_tsig_algorithm_t tsig_alg = key->algorithm;
if (tsig_alg == 0) {
dbg_tsig("TSIG: digest: unknown algorithm\n");
return KNOT_TSIG_EBADSIG;
@@ -119,10 +119,22 @@ static int knot_tsig_compute_digest(const uint8_t *wire, size_t wire_len,
HMAC_Init(&ctx, key->secret.data,
key->secret.size, EVP_sha1());
break;
+ case KNOT_TSIG_ALG_HMAC_SHA224:
+ HMAC_Init(&ctx, key->secret.data,
+ key->secret.size, EVP_sha224());
+ break;
case KNOT_TSIG_ALG_HMAC_SHA256:
HMAC_Init(&ctx, key->secret.data,
key->secret.size, EVP_sha256());
break;
+ case KNOT_TSIG_ALG_HMAC_SHA384:
+ HMAC_Init(&ctx, key->secret.data,
+ key->secret.size, EVP_sha384());
+ break;
+ case KNOT_TSIG_ALG_HMAC_SHA512:
+ HMAC_Init(&ctx, key->secret.data,
+ key->secret.size, EVP_sha512());
+ break;
default:
return KNOT_ENOTSUP;
} /* switch */
@@ -469,7 +481,7 @@ int knot_tsig_sign(uint8_t *msg, size_t *msg_len,
}
/* Create rdata for TSIG RR. */
- tsig_create_rdata(tmp_tsig, tsig_alg_digest_length(key->algorithm),
+ tsig_create_rdata(tmp_tsig, knot_tsig_digest_length(key->algorithm),
(tsig_rcode == KNOT_RCODE_BADTIME)
? tsig_rcode
: 0);
@@ -574,7 +586,7 @@ int knot_tsig_sign_next(uint8_t *msg, size_t *msg_len, size_t msg_max_len,
}
/* Create rdata for TSIG RR. */
- tsig_create_rdata(tmp_tsig, tsig_alg_digest_length(key->algorithm), 0);
+ tsig_create_rdata(tmp_tsig, knot_tsig_digest_length(key->algorithm), 0);
tsig_rdata_set_alg(tmp_tsig, key->algorithm);
tsig_rdata_store_current_time(tmp_tsig);
tsig_rdata_set_fudge(tmp_tsig, KNOT_TSIG_FUDGE_DEFAULT);
@@ -756,13 +768,13 @@ static int knot_tsig_check_digest(const knot_rrset_t *tsig_rr,
/*!< \todo move to function. */
const knot_dname_t *alg_name = tsig_rdata_alg_name(tsig_rr);
- tsig_algorithm_t alg = tsig_alg_from_name(alg_name);
+ knot_tsig_algorithm_t alg = tsig_alg_from_name(alg_name);
/*! \todo [TSIG] TRUNCATION */
uint16_t mac_length = tsig_rdata_mac_length(tsig_rr);
const uint8_t *tsig_mac = tsig_rdata_mac(tsig_rr);
- if (mac_length != tsig_alg_digest_length(alg)) {
+ if (mac_length != knot_tsig_digest_length(alg)) {
dbg_tsig("TSIG: calculated digest length and given length do "
"not match!\n");
return KNOT_TSIG_EBADSIG;
@@ -855,7 +867,7 @@ int knot_tsig_add(uint8_t *msg, size_t *msg_len, size_t msg_max_len,
/* Create rdata for TSIG RR. */
- tsig_algorithm_t alg = tsig_alg_from_name(alg_name);
+ knot_tsig_algorithm_t alg = tsig_alg_from_name(alg_name);
if (alg == KNOT_TSIG_ALG_NULL) {
dbg_tsig("TSIG: refusing to use NULL algorithm\n");
knot_rrset_deep_free(&tmp_tsig, 1, 1);
diff --git a/src/libknot/tsig.c b/src/libknot/tsig.c
index 1f6c33b31dd2f6a6f867e7adf3ec56ad7316b294..8e5b0ef32d0af2b0b42134bd71c42e019047d77b 100644
--- a/src/libknot/tsig.c
+++ b/src/libknot/tsig.c
@@ -29,18 +29,6 @@
#include "dname.h"
#include "consts.h"
-/*! \brief TSIG algorithms table. */
-knot_lookup_table_t tsig_alg_table[TSIG_ALG_TABLE_SIZE] = {
- { KNOT_TSIG_ALG_NULL, "gss-tsig." },
- { KNOT_TSIG_ALG_HMAC_MD5, "hmac-md5.sig-alg.reg.int." },
- { KNOT_TSIG_ALG_HMAC_SHA1, "hmac-sha1." },
- { KNOT_TSIG_ALG_HMAC_SHA224, "hmac-sha224." },
- { KNOT_TSIG_ALG_HMAC_SHA256, "hmac-sha256." },
- { KNOT_TSIG_ALG_HMAC_SHA384, "hmac-sha384." },
- { KNOT_TSIG_ALG_HMAC_SHA512, "hmac-sha512." },
- { KNOT_TSIG_ALG_NULL, NULL }
-};
-
/*! \brief TSIG field offsets. */
typedef enum tsig_off_t {
TSIG_ALGNAME_O = 0,
@@ -168,7 +156,7 @@ int tsig_rdata_set_alg_name(knot_rrset_t *tsig, knot_dname_t *alg_name)
return KNOT_EOK;
}
-int tsig_rdata_set_alg(knot_rrset_t *tsig, tsig_algorithm_t alg)
+int tsig_rdata_set_alg(knot_rrset_t *tsig, knot_tsig_algorithm_t alg)
{
const char *s = tsig_alg_to_str(alg);
knot_dname_t *alg_name = knot_dname_new_from_str(s, strlen(s), NULL);
@@ -255,7 +243,7 @@ const knot_dname_t *tsig_rdata_alg_name(const knot_rrset_t *tsig)
return *((knot_dname_t**)rd);
}
-tsig_algorithm_t tsig_rdata_alg(const knot_rrset_t *tsig)
+knot_tsig_algorithm_t tsig_rdata_alg(const knot_rrset_t *tsig)
{
/* Get the algorithm name. */
const knot_dname_t *alg_name = tsig_rdata_alg_name(tsig);
@@ -271,7 +259,8 @@ tsig_algorithm_t tsig_rdata_alg(const knot_rrset_t *tsig)
return KNOT_TSIG_ALG_NULL;
}
- knot_lookup_table_t *item = knot_lookup_by_name(tsig_alg_table, name);
+ knot_lookup_table_t *item = knot_lookup_by_name(
+ knot_tsig_alg_domain_names, name);
free(name);
if (!item) {
dbg_tsig("TSIG: rdata: unknown algorithm.\n");
@@ -365,7 +354,7 @@ int tsig_alg_from_name(const knot_dname_t *alg_name)
}
knot_lookup_table_t *found =
- knot_lookup_by_name(tsig_alg_table, name);
+ knot_lookup_by_name(knot_tsig_alg_domain_names, name);
if (!found) {
dbg_tsig("Unknown algorithm: %s \n", name);
@@ -378,28 +367,6 @@ int tsig_alg_from_name(const knot_dname_t *alg_name)
return found->id;
}
-uint16_t tsig_alg_digest_length(tsig_algorithm_t alg)
-{
- switch (alg) {
- case KNOT_TSIG_ALG_GSS_TSIG:
- return KNOT_TSIG_ALG_DIG_LENGTH_GSS_TSIG;
- case KNOT_TSIG_ALG_HMAC_MD5:
- return KNOT_TSIG_ALG_DIG_LENGTH_HMAC_MD5;
- case KNOT_TSIG_ALG_HMAC_SHA1:
- return KNOT_TSIG_ALG_DIG_LENGTH_SHA1;
- case KNOT_TSIG_ALG_HMAC_SHA224:
- return KNOT_TSIG_ALG_DIG_LENGTH_SHA224;
- case KNOT_TSIG_ALG_HMAC_SHA256:
- return KNOT_TSIG_ALG_DIG_LENGTH_SHA256;
- case KNOT_TSIG_ALG_HMAC_SHA384:
- return KNOT_TSIG_ALG_DIG_LENGTH_SHA384;
- case KNOT_TSIG_ALG_HMAC_SHA512:
- return KNOT_TSIG_ALG_DIG_LENGTH_SHA512;
- default:
- return 0;
- } /* switch(alg) */
-}
-
size_t tsig_rdata_tsig_variables_length(const knot_rrset_t *tsig)
{
if (tsig == NULL) {
@@ -440,16 +407,17 @@ int tsig_rdata_store_current_time(knot_rrset_t *tsig)
return KNOT_EOK;
}
-const char* tsig_alg_to_str(tsig_algorithm_t alg)
+const char* tsig_alg_to_str(knot_tsig_algorithm_t alg)
{
- for (unsigned i = 0; i < TSIG_ALG_TABLE_SIZE; ++i) {
- if (tsig_alg_table[i].id == alg) {
- return tsig_alg_table[i].name;
- }
- }
+ knot_lookup_table_t *item;
- /*! \todo Why not NULL? */
- return "";
+ item = knot_lookup_by_id(knot_tsig_alg_domain_names, alg);
+
+ if (item != NULL) {
+ return item->name;
+ } else {
+ return "";
+ }
}
size_t tsig_wire_maxsize(const knot_tsig_key_t *key)
@@ -466,7 +434,7 @@ size_t tsig_wire_maxsize(const knot_tsig_key_t *key)
6 * sizeof(uint8_t) + /* Time signed */
sizeof(uint16_t) + /* Fudge */
sizeof(uint16_t) + /* MAC size */
- tsig_alg_digest_length(key->algorithm) + /* MAC */
+ knot_tsig_digest_length(key->algorithm) + /* MAC */
sizeof(uint16_t) + /* Original ID */
sizeof(uint16_t) + /* Error */
sizeof(uint16_t) + /* Other len */
@@ -505,6 +473,3 @@ int tsig_rdata_is_ok(const knot_rrset_t *tsig)
&& tsig_rdata_alg_name(tsig) != NULL
&& tsig_rdata_time_signed(tsig) != 0);
}
-
-
-
diff --git a/src/libknot/tsig.h b/src/libknot/tsig.h
index daeb2e95803acee938c12a3637880f8d0810b417..258513ef93566459818be3d082a00a4f3012277e 100644
--- a/src/libknot/tsig.h
+++ b/src/libknot/tsig.h
@@ -32,40 +32,16 @@
#include "rrset.h"
#include "binary.h"
#include "util/utils.h"
-
-/* The assigned numbers should not begin with 0 - reserved for error. */
-enum tsig_algorithm {
- KNOT_TSIG_ALG_NULL = 0,
- KNOT_TSIG_ALG_GSS_TSIG = 128, /*!< \brief gss-tsig. */
- KNOT_TSIG_ALG_HMAC_MD5 = 157, /*!< \brief HMAC-MD5.SIG-ALG.REG.INT. */
- KNOT_TSIG_ALG_HMAC_SHA1, /*!< \brief hmac-sha1. */
- KNOT_TSIG_ALG_HMAC_SHA224, /*!< \brief hmac-sha224. */
- KNOT_TSIG_ALG_HMAC_SHA256, /*!< \brief hmac-sha256. */
- KNOT_TSIG_ALG_HMAC_SHA384, /*!< \brief hmac-sha384. */
- KNOT_TSIG_ALG_HMAC_SHA512 /*!< \brief hmac-sha512. */
-};
-
-typedef enum tsig_algorithm tsig_algorithm_t;
+#include "libknot/consts.h"
struct knot_tsig_key {
knot_dname_t *name;
- tsig_algorithm_t algorithm;
+ knot_tsig_algorithm_t algorithm;
knot_binary_t secret;
};
typedef struct knot_tsig_key knot_tsig_key_t;
-/*!< \todo FIND ALG LENGTHS */
-enum tsig_algorithm_digest_length {
- KNOT_TSIG_ALG_DIG_LENGTH_GSS_TSIG = 0,
- KNOT_TSIG_ALG_DIG_LENGTH_HMAC_MD5 = 16,
- KNOT_TSIG_ALG_DIG_LENGTH_SHA1 = 20,
- KNOT_TSIG_ALG_DIG_LENGTH_SHA224 = 0,
- KNOT_TSIG_ALG_DIG_LENGTH_SHA256 = 32,
- KNOT_TSIG_ALG_DIG_LENGTH_SHA384 = 0,
- KNOT_TSIG_ALG_DIG_LENGTH_SHA512 = 0
-};
-
enum tsig_consts {
KNOT_TSIG_ITEM_COUNT = 7,
KNOT_TSIG_VARIABLES_LENGTH = sizeof(uint16_t) // class
@@ -78,25 +54,12 @@ enum tsig_consts {
+ 6 // time signed
};
-/*! TSIG algorithm/string table. */
-#define TSIG_ALG_TABLE_SIZE 8
-extern knot_lookup_table_t tsig_alg_table[TSIG_ALG_TABLE_SIZE];
-
-/*! TSIG errors are defined in common/errcode.h
- * and present negative value of the TSIG error to
- * comply with other parts of the library.
- *
- * KNOT_TSIG_EBADSIG = -16
- * KNOT_TSIG_EBADKEY = -17
- * KNOT_TSIG_EBADTIME = -18
- */
-
/*!
* \note Uses the given domain name, do not deallocate it!
*/
int tsig_create_rdata(knot_rrset_t *rr, uint16_t maclen, uint16_t tsig_err);
int tsig_rdata_set_alg_name(knot_rrset_t *tsig, knot_dname_t *alg_name);
-int tsig_rdata_set_alg(knot_rrset_t *tsig, tsig_algorithm_t alg);
+int tsig_rdata_set_alg(knot_rrset_t *tsig, knot_tsig_algorithm_t alg);
int tsig_rdata_set_time_signed(knot_rrset_t *tsig, uint64_t time);
int tsig_rdata_store_current_time(knot_rrset_t *tsig);
int tsig_rdata_set_fudge(knot_rrset_t *tsig, uint16_t fudge);
@@ -108,7 +71,7 @@ int tsig_rdata_set_other_data(knot_rrset_t *tsig, uint16_t length,
const uint8_t *other_data);
const knot_dname_t *tsig_rdata_alg_name(const knot_rrset_t *tsig);
-tsig_algorithm_t tsig_rdata_alg(const knot_rrset_t *tsig);
+knot_tsig_algorithm_t tsig_rdata_alg(const knot_rrset_t *tsig);
uint64_t tsig_rdata_time_signed(const knot_rrset_t *tsig);
uint16_t tsig_rdata_fudge(const knot_rrset_t *tsig);
const uint8_t *tsig_rdata_mac(const knot_rrset_t *tsig);
@@ -131,9 +94,7 @@ int tsig_alg_from_name(const knot_dname_t *name);
* \retval TSIG algorithm string name.
* \retval Empty string if undefined.
*/
-const char* tsig_alg_to_str(tsig_algorithm_t alg);
-
-uint16_t tsig_alg_digest_length(tsig_algorithm_t alg);
+const char* tsig_alg_to_str(knot_tsig_algorithm_t alg);
/*!
* \brief Return TSIG RRSET maximum wire size for given algorithm.
diff --git a/src/utils/common/exec.c b/src/utils/common/exec.c
index 445d407d56513ee29861bef216f871dc7af90bbc..d22c38fb76d0c8451b969a4d43a4c02de92a6010 100644
--- a/src/utils/common/exec.c
+++ b/src/utils/common/exec.c
@@ -27,38 +27,7 @@
#include "utils/common/params.h" // params_t
#include "utils/common/netio.h" // send_msg
-knot_lookup_table_t opcodes[] = {
- { KNOT_OPCODE_QUERY, "QUERY" },
- { KNOT_OPCODE_IQUERY, "IQUERY" },
- { KNOT_OPCODE_STATUS, "STATUS" },
- { KNOT_OPCODE_NOTIFY, "NOTIFY" },
- { KNOT_OPCODE_UPDATE, "UPDATE" },
- { 0, NULL }
-};
-
-knot_lookup_table_t rcodes[] = {
- { KNOT_RCODE_NOERROR, "NOERROR" },
- { KNOT_RCODE_FORMERR, "FORMERR" },
- { KNOT_RCODE_SERVFAIL, "SERVFAIL" },
- { KNOT_RCODE_NXDOMAIN, "NXDOMAIN" },
- { KNOT_RCODE_NOTIMPL, "NOTIMPL" },
- { KNOT_RCODE_REFUSED, "REFUSED" },
- { KNOT_RCODE_YXDOMAIN, "YXDOMAIN" },
- { KNOT_RCODE_YXRRSET, "YXRRSET" },
- { KNOT_RCODE_NXRRSET, "NXRRSET" },
- { KNOT_RCODE_NOTAUTH, "NOTAUTH" },
- { KNOT_RCODE_NOTZONE, "NOTZONE" },
- { KNOT_RCODE_BADSIG, "BADSIG" },
- { KNOT_RCODE_BADKEY, "BADKEY" },
- { KNOT_RCODE_BADTIME, "BADTIME" },
- { KNOT_RCODE_BADMODE, "BADMODE" },
- { KNOT_RCODE_BADNAME, "BADNAME" },
- { KNOT_RCODE_BADALG, "BADALG" },
- { KNOT_RCODE_BADTRUNC, "BADTRUNC" },
- { 0, NULL }
-};
-
-knot_lookup_table_t rtypes[] = {
+static knot_lookup_table_t rtypes[] = {
{ KNOT_RRTYPE_A, "has IPv4 address" },
{ KNOT_RRTYPE_NS, "nameserver is" },
{ KNOT_RRTYPE_CNAME, "is an alias for" },
@@ -86,8 +55,8 @@ static void print_header(const knot_packet_t *packet, const style_t *style)
rcode_id = knot_wire_get_rcode(packet->wireformat);
opcode_id = knot_wire_get_opcode(packet->wireformat);
- rcode = knot_lookup_by_id(rcodes, rcode_id);
- opcode = knot_lookup_by_id(opcodes, opcode_id);
+ rcode = knot_lookup_by_id(knot_rcode_names, rcode_id);
+ opcode = knot_lookup_by_id(knot_opcode_names, opcode_id);
// Get flags.
if (knot_wire_get_qr(packet->wireformat) != 0) {
@@ -329,7 +298,7 @@ static void print_error_host(const uint8_t code,
knot_lookup_table_t *rcode;
owner = knot_dname_to_str(question->qname);
- rcode = knot_lookup_by_id(rcodes, code);
+ rcode = knot_lookup_by_id(knot_rcode_names, code);
knot_rrtype_to_string(question->qtype, type, sizeof(type));
if (code == KNOT_RCODE_NOERROR) {
@@ -593,7 +562,7 @@ int sign_packet(knot_packet_t *pkt,
knot_tsig_key_t *key = &sign_ctx->tsig_key;
- sign_ctx->digest_size = tsig_alg_digest_length(key->algorithm);
+ sign_ctx->digest_size = knot_tsig_digest_length(key->algorithm);
sign_ctx->digest = malloc(sign_ctx->digest_size);
size_t tsig_size = tsig_wire_maxsize(key);
diff --git a/src/utils/common/exec.h b/src/utils/common/exec.h
index 33ba57943cb0e404a34c99e4ccb780bb05b6c766..85a2f7dc95c1d7804e33e2a657f8634a63fec3d5 100644
--- a/src/utils/common/exec.h
+++ b/src/utils/common/exec.h
@@ -31,15 +31,6 @@
#include "utils/common/params.h" // style_t
#include "libknot/libknot.h"
-/*! \brief Operation codes. */
-extern knot_lookup_table_t opcodes[];
-
-/*! \brief Response codes. */
-extern knot_lookup_table_t rcodes[];
-
-/*! \brief Messages for host-like output. */
-extern knot_lookup_table_t rtypes[];
-
/*! \brief Holds data required between signing and signature verification. */
typedef struct {
knot_tsig_key_t tsig_key;
@@ -114,7 +105,6 @@ void print_packet(const knot_packet_t *packet,
const bool incoming,
const style_t *style);
-
/*!
* \brief Cleans up sign context.
*
diff --git a/src/utils/common/params.c b/src/utils/common/params.c
index 0c75f97224318fd0f6ef1da8e0969e0d768d3d53..2a4150b42756724f7508b541efe6980d7aec0e88 100644
--- a/src/utils/common/params.c
+++ b/src/utils/common/params.c
@@ -26,7 +26,6 @@
#include "common/errcode.h" // KNOT_EOK
#include "common/mempattern.h" // strcdup
#include "common/descriptor.h" // KNOT_RRTYPE_
-#include "libknot/sign/key.h" // knot_key_params_t
#include "utils/common/msg.h" // WARN
#include "utils/common/resolv.h" // parse_nameserver
#include "utils/common/token.h" // token
@@ -34,20 +33,6 @@
#define IPV4_REVERSE_DOMAIN "in-addr.arpa."
#define IPV6_REVERSE_DOMAIN "ip6.arpa."
-/*!
- * \brief TSIG key algorithms table.
- * \see params_parse_tsig
- */
-knot_lookup_table_t key_alg_table[] = {
- { KNOT_TSIG_ALG_HMAC_MD5, "hmac-md5" },
- { KNOT_TSIG_ALG_HMAC_SHA1, "hmac-sha1" },
- { KNOT_TSIG_ALG_HMAC_SHA224, "hmac-sha224" },
- { KNOT_TSIG_ALG_HMAC_SHA256, "hmac-sha256" },
- { KNOT_TSIG_ALG_HMAC_SHA384, "hmac-sha384" },
- { KNOT_TSIG_ALG_HMAC_SHA512, "hmac-sha512" },
- { KNOT_TSIG_ALG_NULL, NULL }
-};
-
char* get_reverse_name(const char *name)
{
struct in_addr addr4;
@@ -337,7 +322,7 @@ int params_parse_tsig(const char *value, knot_key_params_t *key_params)
if (s) {
*s++ = '\0'; /* Last part separator */
knot_lookup_table_t *alg = NULL;
- alg = knot_lookup_by_name(key_alg_table, h);
+ alg = knot_lookup_by_name(knot_tsig_alg_names, h);
if (alg) {
DBG("%s: parsed algorithm '%s'\n", __func__, h);
key_params->algorithm = alg->id;
diff --git a/src/utils/common/params.h b/src/utils/common/params.h
index 62db9fbd21e54dc03935bc6b4487de6cc01235f2..574e7a416b51d486547d736d443790c26d33b3aa 100644
--- a/src/utils/common/params.h
+++ b/src/utils/common/params.h
@@ -65,7 +65,7 @@ typedef enum {
/*!< Brief host output. */
FORMAT_HOST,
/*!< Brief nsupdate output. */
- FORMAT_NSUPDATE,
+ FORMAT_NSUPDATE
} format_t;
/*! \brief Text output settings. */
diff --git a/src/utils/nsupdate/nsupdate_exec.c b/src/utils/nsupdate/nsupdate_exec.c
index 7f69a9da66f24f886be021fbe3e07823b820c846..f07197d22506985be74e35ff5605be2d6d58792b 100644
--- a/src/utils/nsupdate/nsupdate_exec.c
+++ b/src/utils/nsupdate/nsupdate_exec.c
@@ -748,7 +748,7 @@ int cmd_send(const char* lp, nsupdate_params_t *params)
knot_lookup_table_t *rcode;
int rc = knot_packet_rcode(params->resp);
DBG("%s: received rcode=%d\n", __func__, rc);
- rcode = knot_lookup_by_id(rcodes, rc);
+ rcode = knot_lookup_by_id(knot_rcode_names, rc);
if (rcode && rcode->id > KNOT_RCODE_NOERROR) {
ERR("update failed: %s\n", rcode->name);
}