Skip to content
Snippets Groups Projects
Verified Commit 273fe41a authored by Vladimír Čunát's avatar Vladimír Čunát
Browse files

lib/resolve answer_finalize: fix AD flag handling 

Resolves a FIXME, and this way of doing AD should be better/safer.
(Lower likelihood of accidentally leaving it on in some situation.)

GC test: the record is inserted manually with _SECURE rank but without
signatures.  I think it's better to return AD flag in that edge case.
parent 99e014ac
Branches
Tags
1 merge request!985change API for reply packet buffers
Hide whitespace changes
Inline Side-by-side
lib/resolve.c
+ 6
6
View file @ 273fe41a
......@@ -567,6 +567,7 @@ static void answer_finalize(struct kr_request *request)
{
struct kr_rplan *rplan = &request->rplan;
knot_pkt_t *answer = request->answer;
const uint8_t *q_wire = request->qsource.packet->wire;
if (answer->rrset_count != 0) {
/* Non-standard: we assume the answer had been constructed.
......@@ -605,7 +606,7 @@ static void answer_finalize(struct kr_request *request)
/* TODO: clean this up in !660 or followup, and it isn't foolproof anyway. */
if (last->flags.DNSSEC_BOGUS
|| (rplan->pending.len > 0 && array_tail(rplan->pending)->flags.DNSSEC_BOGUS)) {
if (!knot_wire_get_cd(request->qsource.packet->wire)) {
if (!knot_wire_get_cd(q_wire)) {
answer_fail(request);
return;
}
......@@ -670,9 +671,10 @@ static void answer_finalize(struct kr_request *request)
VERBOSE_MSG(last, "AD: request%s classified as SECURE\n", secure ? "" : " NOT");
request->rank = secure ? KR_RANK_SECURE : KR_RANK_INITIAL;
/* Clear AD if not secure. ATM answer has AD=1 if requested secured answer. */
if (!secure) {
knot_wire_clear_ad(answer->wire);
/* Set AD if secure and AD bit "was requested". */
if (secure && !knot_wire_get_cd(q_wire)
&& (knot_pkt_has_dnssec(answer) || knot_wire_get_ad(q_wire))) {
knot_wire_set_ad(answer->wire);
}
}
......@@ -811,8 +813,6 @@ knot_pkt_t * kr_request_ensure_answer(struct kr_request *request)
knot_wire_set_rcode(wire, KNOT_RCODE_NOERROR);
if (knot_wire_get_cd(qs_pkt->wire)) {
knot_wire_set_cd(wire);
} else if (request->current_query && request->current_query->flags.DNSSEC_WANT) { // FIXME: ugly
knot_wire_set_ad(wire);
}
// Prepare EDNS if required.
......
utils/cache_gc/test.integr/val_rrsig.rpl
+ 43
43
View file @ 273fe41a
......@@ -13,7 +13,7 @@ ENTRY_END
STEP 2 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -30,7 +30,7 @@ ENTRY_END
STEP 4 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -47,7 +47,7 @@ ENTRY_END
STEP 6 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -64,7 +64,7 @@ ENTRY_END
STEP 8 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -81,7 +81,7 @@ ENTRY_END
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -98,7 +98,7 @@ ENTRY_END
STEP 12 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -115,7 +115,7 @@ ENTRY_END
STEP 14 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -132,7 +132,7 @@ ENTRY_END
STEP 16 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -149,7 +149,7 @@ ENTRY_END
STEP 18 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -166,7 +166,7 @@ ENTRY_END
STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -183,7 +183,7 @@ ENTRY_END
STEP 22 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -200,7 +200,7 @@ ENTRY_END
STEP 24 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -217,7 +217,7 @@ ENTRY_END
STEP 26 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -234,7 +234,7 @@ ENTRY_END
STEP 28 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -251,7 +251,7 @@ ENTRY_END
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -268,7 +268,7 @@ ENTRY_END
STEP 32 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -285,7 +285,7 @@ ENTRY_END
STEP 34 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -302,7 +302,7 @@ ENTRY_END
STEP 36 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -319,7 +319,7 @@ ENTRY_END
STEP 38 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -336,7 +336,7 @@ ENTRY_END
STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -353,7 +353,7 @@ ENTRY_END
STEP 42 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -370,7 +370,7 @@ ENTRY_END
STEP 44 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -387,7 +387,7 @@ ENTRY_END
STEP 46 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -404,7 +404,7 @@ ENTRY_END
STEP 48 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -421,7 +421,7 @@ ENTRY_END
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -438,7 +438,7 @@ ENTRY_END
STEP 52 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -455,7 +455,7 @@ ENTRY_END
STEP 54 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -472,7 +472,7 @@ ENTRY_END
STEP 56 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -489,7 +489,7 @@ ENTRY_END
STEP 58 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -506,7 +506,7 @@ ENTRY_END
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -523,7 +523,7 @@ ENTRY_END
STEP 62 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -540,7 +540,7 @@ ENTRY_END
STEP 64 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -557,7 +557,7 @@ ENTRY_END
STEP 66 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -574,7 +574,7 @@ ENTRY_END
STEP 68 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -591,7 +591,7 @@ ENTRY_END
STEP 70 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -608,7 +608,7 @@ ENTRY_END
STEP 72 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -625,7 +625,7 @@ ENTRY_END
STEP 74 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -642,7 +642,7 @@ ENTRY_END
STEP 76 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -659,7 +659,7 @@ ENTRY_END
STEP 78 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -676,7 +676,7 @@ ENTRY_END
STEP 80 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -693,7 +693,7 @@ ENTRY_END
STEP 82 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -710,7 +710,7 @@ ENTRY_END
STEP 84 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......@@ -727,7 +727,7 @@ ENTRY_END
STEP 86 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode rcode flags question answer
REPLY QR RD RA DO NOERROR
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment