Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add EDE return when no matching key found.

Browse Source
This commit is contained in:
Dominik DL6ER
2021-07-09 22:12:42 +01:00
committed by Simon Kelley
parent 719f79a8fd
commit e7ccd95c04
5 changed files with 15 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/cache.c
View File

@@ -1923,10 +1923,10 @@ void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg)
else
sprintf(daemon->addrbuff, "%u", rcode);
if (addr->log.ede != -1)
if (addr->log.ede != EDE_UNSET)
{
extra = daemon->addrbuff;
sprintf(extra, " (EDE:%s)", edestr(addr->log.ede));
sprintf(extra, " (EDE: %s)", edestr(addr->log.ede));
}
}
else
@@ -1974,10 +1974,10 @@ void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg)
source = "reply";
else if (flags & F_SECSTAT)
{
if (addr && addr->log.ede != -1)
if (addr && addr->log.ede != EDE_UNSET)
{
extra = daemon->addrbuff;
sprintf(extra, " (EDE:%s)", edestr(addr->log.ede));
sprintf(extra, " (EDE: %s)", edestr(addr->log.ede));
}
source = "validation";
dest = arg;

3
src/dns-protocol.h
View File

@@ -85,7 +85,8 @@
#define EDNS0_OPTION_NOMCPEID 65074 /* Nominum temporary assignment */
#define EDNS0_OPTION_UMBRELLA 20292 /* Cisco Umbrella temporary assignment */
/* RFC-8914 extended errors */
/* RFC-8914 extended errors, negative values are our definitions */
#define EDE_UNSET -1 /* No extended DNS error available */
#define EDE_OTHER 0 /* Other */
#define EDE_USUPDNSKEY 1 /* Unsupported DNSKEY algo */
#define EDE_USUPDS 2 /* Unsupported DS Digest */

5
src/dnssec.c
View File

@@ -744,7 +744,8 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
}
}
return STAT_BOGUS | failflags;
/* If we reach this point, no verifying key was found */
return STAT_BOGUS | failflags | DNSSEC_FAIL_NOKEY;
}
@@ -2193,6 +2194,6 @@ int errflags_to_ede(int status)
else if (status & DNSSEC_FAIL_NOSIG)
return EDE_NO_RRSIG;
else
return -1;
return EDE_UNSET;
}
#endif /* HAVE_DNSSEC */

12
src/forward.c
View File

@@ -177,7 +177,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
int subnet, cacheable, forwarded = 0;
size_t edns0_len;
unsigned char *pheader;
int ede = -1;
int ede = EDE_UNSET;
(void)do_bit;
if (header->hb4 & HB4_CD)
@@ -537,7 +537,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
{
u16 swap = htons((u16)ede);
if (ede != -1)
if (ede != -EDE_UNSET)
plen = add_pseudoheader(header, plen, (unsigned char *)limit, daemon->edns_pktsz, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 0);
else
plen = add_pseudoheader(header, plen, (unsigned char *)limit, daemon->edns_pktsz, 0, NULL, 0, do_bit, 0);
@@ -749,7 +749,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
if it was removed. */
n = resize_packet(header, n, pheader, plen);
if (pheader && ede != -1)
if (pheader && ede != EDE_UNSET)
{
u16 swap = htons((u16)ede);
n = add_pseudoheader(header, n, limit, daemon->edns_pktsz, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 1);
@@ -1094,7 +1094,7 @@ static void return_reply(time_t now, struct frec *forward, struct dns_header *he
{
int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
size_t nn;
int ede = -1;
int ede = EDE_UNSET;
(void)status;
@@ -1918,7 +1918,7 @@ unsigned char *tcp_request(int confd, time_t now,
while (1)
{
int ede = -1;
int ede = EDE_UNSET;
if (query_count == TCP_MAX_QUERIES ||
!packet ||
@@ -2149,7 +2149,7 @@ unsigned char *tcp_request(int confd, time_t now,
{
u16 swap = htons((u16)ede);
if (ede != -1)
if (ede != EDE_UNSET)
m = add_pseudoheader(header, m, ((unsigned char *) header) + 65536, daemon->edns_pktsz, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 0);
else
m = add_pseudoheader(header, m, ((unsigned char *) header) + 65536, daemon->edns_pktsz, 0, NULL, 0, do_bit, 0);

1
src/helper.c
View File

@@ -235,7 +235,6 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
}
else
continue;
/* stringify MAC into dhcp_buff */
p = daemon->dhcp_buff;