Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make RR work when returning A/AAAA records and an RRSIG.

Browse Source
This commit is contained in:
Simon Kelley
2014-02-04 22:03:06 +00:00
parent fd372273bd
commit 12fae49fff
3 changed files with 31 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/cache.c
View File

@@ -592,10 +592,13 @@ void cache_end_insert(void)
new_chain = NULL; new_chain = NULL;
} }
struct crec *cache_find_by_name(struct crec *crecp, char *name, time_t now, unsigned short prot) struct crec *cache_find_by_name(struct crec *crecp, char *name, time_t now, unsigned int prot)
{ {
struct crec *ans; struct crec *ans;
int no_rr = prot & F_NO_RR;
prot &= ~F_NO_RR;
if (crecp) /* iterating */ if (crecp) /* iterating */
ans = crecp->next; ans = crecp->next;
else else
@@ -643,7 +646,7 @@ struct crec *cache_find_by_name(struct crec *crecp, char *name, time_t now, unsi
} }
else else
{ {
if (!insert) if (!insert && !no_rr)
{ {
insert = up; insert = up;
ins_flags = crecp->flags & (F_REVERSE | F_IMMORTAL); ins_flags = crecp->flags & (F_REVERSE | F_IMMORTAL);
@@ -683,7 +686,7 @@ struct crec *cache_find_by_name(struct crec *crecp, char *name, time_t now, unsi
} }
struct crec *cache_find_by_addr(struct crec *crecp, struct all_addr *addr, struct crec *cache_find_by_addr(struct crec *crecp, struct all_addr *addr,
time_t now, unsigned short prot) time_t now, unsigned int prot)
{ {
struct crec *ans; struct crec *ans;
#ifdef HAVE_IPV6 #ifdef HAVE_IPV6

5
src/dnsmasq.h
View File

@@ -423,6 +423,7 @@ struct crec {
#define F_DNSSEC (1u<<22) #define F_DNSSEC (1u<<22)
#define F_KEYTAG (1u<<23) #define F_KEYTAG (1u<<23)
#define F_SECSTAT (1u<<24) #define F_SECSTAT (1u<<24)
#define F_NO_RR (1u<<25)
/* struct sockaddr is not large enough to hold any address, /* struct sockaddr is not large enough to hold any address,
@@ -993,9 +994,9 @@ char *record_source(int index);
void querystr(char *desc, char *str, unsigned short type); void querystr(char *desc, char *str, unsigned short type);
struct crec *cache_find_by_addr(struct crec *crecp, struct crec *cache_find_by_addr(struct crec *crecp,
struct all_addr *addr, time_t now, struct all_addr *addr, time_t now,
unsigned short prot); unsigned int prot);
struct crec *cache_find_by_name(struct crec *crecp, struct crec *cache_find_by_name(struct crec *crecp,
char *name, time_t now, unsigned short prot); char *name, time_t now, unsigned int prot);
void cache_end_insert(void); void cache_end_insert(void);
void cache_start_insert(void); void cache_start_insert(void);
struct crec *cache_insert(char *name, struct all_addr *addr, struct crec *cache_insert(char *name, struct all_addr *addr,

43
src/rfc1035.c
View File

@@ -1242,7 +1242,7 @@ int check_for_local_domain(char *name, time_t now)
struct ptr_record *ptr; struct ptr_record *ptr;
struct naptr *naptr; struct naptr *naptr;
if ((crecp = cache_find_by_name(NULL, name, now, F_IPV4 | F_IPV6 | F_CNAME)) && if ((crecp = cache_find_by_name(NULL, name, now, F_IPV4 | F_IPV6 | F_CNAME | F_NO_RR)) &&
(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG))) (crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)))
return 1; return 1;
@@ -1742,24 +1742,25 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
else if (crecp->flags & F_DNSSECOK) else if (crecp->flags & F_DNSSECOK)
{ {
int gotsig = 0; int gotsig = 0;
struct crec *rr_crec = NULL;
crecp = NULL;
while ((crecp = cache_find_by_name(crecp, name, now, F_DS | F_DNSKEY))) while ((rr_crec = cache_find_by_name(rr_crec, name, now, F_DS | F_DNSKEY)))
{ {
if (crecp->addr.sig.type_covered == T_PTR && crecp->uid == C_IN) if (rr_crec->addr.sig.type_covered == T_PTR && rr_crec->uid == C_IN)
{ {
char *sigdata = blockdata_retrieve(crecp->addr.sig.keydata, crecp->addr.sig.keylen, NULL); char *sigdata = blockdata_retrieve(rr_crec->addr.sig.keydata, rr_crec->addr.sig.keylen, NULL);
gotsig = 1; gotsig = 1;
if (!dryrun && if (!dryrun &&
add_resource_record(header, limit, &trunc, nameoffset, &ansp, add_resource_record(header, limit, &trunc, nameoffset, &ansp,
crecp->ttd - now, &nameoffset, rr_crec->ttd - now, &nameoffset,
T_RRSIG, C_IN, "t", crecp->addr.sig.keylen, sigdata)) T_RRSIG, C_IN, "t", crecp->addr.sig.keylen, sigdata))
anscount++; anscount++;
} }
} }
/* Need to re-run original cache search */
crecp = gotsig ? cache_find_by_addr(NULL, &addr, now, is_arpa) : NULL; if (!gotsig)
crecp = NULL;
} }
#endif #endif
} }
@@ -1923,7 +1924,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
} }
cname_restart: cname_restart:
if ((crecp = cache_find_by_name(NULL, name, now, flag | F_CNAME))) if ((crecp = cache_find_by_name(NULL, name, now, flag | F_CNAME | (dryrun ? F_NO_RR : 0))))
{ {
int localise = 0; int localise = 0;
@@ -1954,7 +1955,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
else if (crecp->flags & F_DNSSECOK) else if (crecp->flags & F_DNSSECOK)
{ {
/* We're returning validated data, need to return the RRSIG too. */ /* We're returning validated data, need to return the RRSIG too. */
struct crec *rr_crec = NULL;
int sigtype = type; int sigtype = type;
/* The signature may have expired even though the data is still in cache, /* The signature may have expired even though the data is still in cache,
forward instead of answering from cache if so. */ forward instead of answering from cache if so. */
@@ -1963,23 +1964,23 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
if (crecp->flags & F_CNAME) if (crecp->flags & F_CNAME)
sigtype = T_CNAME; sigtype = T_CNAME;
crecp = NULL; while ((rr_crec = cache_find_by_name(rr_crec, name, now, F_DS | F_DNSKEY)))
while ((crecp = cache_find_by_name(crecp, name, now, F_DS | F_DNSKEY)))
{ {
if (crecp->addr.sig.type_covered == sigtype && crecp->uid == C_IN) if (rr_crec->addr.sig.type_covered == sigtype && rr_crec->uid == C_IN)
{ {
char *sigdata = blockdata_retrieve(crecp->addr.sig.keydata, crecp->addr.sig.keylen, NULL); char *sigdata = blockdata_retrieve(rr_crec->addr.sig.keydata, rr_crec->addr.sig.keylen, NULL);
gotsig = 1; gotsig = 1;
if (!dryrun && if (!dryrun &&
add_resource_record(header, limit, &trunc, nameoffset, &ansp, add_resource_record(header, limit, &trunc, nameoffset, &ansp,
crecp->ttd - now, &nameoffset, rr_crec->ttd - now, &nameoffset,
T_RRSIG, C_IN, "t", crecp->addr.sig.keylen, sigdata)) T_RRSIG, C_IN, "t", rr_crec->addr.sig.keylen, sigdata))
anscount++; anscount++;
} }
} }
/* Need to re-run original cache search */
crecp = gotsig ? cache_find_by_name(NULL, name, now, flag | F_CNAME) : NULL; if (!gotsig)
crecp = NULL;
} }
#endif #endif
} }
@@ -2072,7 +2073,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
if (qtype == T_CNAME || qtype == T_ANY) if (qtype == T_CNAME || qtype == T_ANY)
{ {
if ((crecp = cache_find_by_name(NULL, name, now, F_CNAME)) && if ((crecp = cache_find_by_name(NULL, name, now, F_CNAME)) &&
(qtype == T_CNAME || (crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)))) (qtype == T_CNAME || (crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG | (dryrun ? F_NO_RR : 0)))))
{ {
if (!(crecp->flags & F_DNSSECOK)) if (!(crecp->flags & F_DNSSECOK))
sec_data = 0; sec_data = 0;
@@ -2111,7 +2112,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
} }
if (!found && (option_bool(OPT_SELFMX) || option_bool(OPT_LOCALMX)) && if (!found && (option_bool(OPT_SELFMX) || option_bool(OPT_LOCALMX)) &&
cache_find_by_name(NULL, name, now, F_HOSTS | F_DHCP)) cache_find_by_name(NULL, name, now, F_HOSTS | F_DHCP | F_NO_RR))
{ {
ans = 1; ans = 1;
if (!dryrun) if (!dryrun)