Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Log signature algo with DNSKEY and DS, also digest with DS.

Browse Source
This commit is contained in:
Simon Kelley
2015-12-21 18:31:55 +00:00
parent efef497b89
commit 15379ea1f2
3 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/cache.c
View File

@@ -1580,7 +1580,7 @@ void log_query(unsigned int flags, char *name, struct all_addr *addr, char *arg)
if (addr) if (addr)
{ {
if (flags & F_KEYTAG) if (flags & F_KEYTAG)
sprintf(daemon->addrbuff, arg, addr->addr.keytag); sprintf(daemon->addrbuff, arg, addr->addr.log.keytag, addr->addr.log.algo, addr->addr.log.digest);
else else
{ {
#ifdef HAVE_IPV6 #ifdef HAVE_IPV6

6
src/dnsmasq.h
View File

@@ -256,8 +256,10 @@ struct all_addr {
struct in6_addr addr6; struct in6_addr addr6;
#endif #endif
/* for log_query */ /* for log_query */
unsigned int keytag; struct {
/* for cache_insert if RRSIG, DNSKEY, DS */ unsigned short keytag, algo, digest;
} log;
/* for cache_insert of DNSKEY, DS */
struct { struct {
unsigned short class, type; unsigned short class, type;
} dnssec; } dnssec;

15
src/dnssec.c
View File

@@ -1115,11 +1115,12 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
} }
else else
{ {
a.addr.keytag = keytag; a.addr.log.keytag = keytag;
a.addr.log.algo = algo;
if (verify_func(algo)) if (verify_func(algo))
log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u"); log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu");
else else
log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u (not supported)"); log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu (not supported)");
recp1->addr.key.keylen = rdlen - 4; recp1->addr.key.keylen = rdlen - 4;
recp1->addr.key.keydata = key; recp1->addr.key.keydata = key;
@@ -1241,11 +1242,13 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
} }
else else
{ {
a.addr.keytag = keytag; a.addr.log.keytag = keytag;
a.addr.log.algo = algo;
a.addr.log.digest = digest;
if (hash_find(ds_digest_name(digest)) && verify_func(algo)) if (hash_find(ds_digest_name(digest)) && verify_func(algo))
log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u"); log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu");
else else
log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u (not supported)"); log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu (not supported)");
crecp->addr.ds.digest = digest; crecp->addr.ds.digest = digest;
crecp->addr.ds.keydata = key; crecp->addr.ds.keydata = key;