Skip to content

D
Dnsmasq
Commit 15379ea1 authored by Simon Kelley's avatar Simon Kelley
Browse files
Options

Log signature algo with DNSKEY and DS, also digest with DS.

parent efef497b
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 9 deletions
src/cache.c
View file @ 15379ea1
...@@ -1580,7 +1580,7 @@ void log_query(unsigned int flags, char *name, struct all_addr *addr, char *arg) ...@@ -1580,7 +1580,7 @@ void log_query(unsigned int flags, char *name, struct all_addr *addr, char *arg)
if (addr) if (addr)
{ {
if (flags & F_KEYTAG) if (flags & F_KEYTAG)
sprintf(daemon->addrbuff, arg, addr->addr.keytag); sprintf(daemon->addrbuff, arg, addr->addr.log.keytag, addr->addr.log.algo, addr->addr.log.digest);
else else
{ {
#ifdef HAVE_IPV6 #ifdef HAVE_IPV6
......
src/dnsmasq.h
View file @ 15379ea1
...@@ -256,8 +256,10 @@ struct all_addr { ...@@ -256,8 +256,10 @@ struct all_addr {
struct in6_addr addr6; struct in6_addr addr6;
#endif #endif
/* for log_query */ /* for log_query */
unsigned int keytag; struct {
/* for cache_insert if RRSIG, DNSKEY, DS */ unsigned short keytag, algo, digest;
} log;
/* for cache_insert of DNSKEY, DS */
struct { struct {
unsigned short class, type; unsigned short class, type;
} dnssec; } dnssec;
......
src/dnssec.c
View file @ 15379ea1
...@@ -1115,11 +1115,12 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch ...@@ -1115,11 +1115,12 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
} }
else else
{ {
a.addr.keytag = keytag; a.addr.log.keytag = keytag;
a.addr.log.algo = algo;
if (verify_func(algo)) if (verify_func(algo))
log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u"); log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu");
else else
log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u (not supported)"); log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu (not supported)");
recp1->addr.key.keylen = rdlen - 4; recp1->addr.key.keylen = rdlen - 4;
recp1->addr.key.keydata = key; recp1->addr.key.keydata = key;
...@@ -1241,11 +1242,13 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char ...@@ -1241,11 +1242,13 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
} }
else else
{ {
a.addr.keytag = keytag; a.addr.log.keytag = keytag;
a.addr.log.algo = algo;
a.addr.log.digest = digest;
if (hash_find(ds_digest_name(digest)) && verify_func(algo)) if (hash_find(ds_digest_name(digest)) && verify_func(algo))
log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u"); log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu");
else else
log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u (not supported)"); log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu (not supported)");
crecp->addr.ds.digest = digest; crecp->addr.ds.digest = digest;
crecp->addr.ds.keydata = key; crecp->addr.ds.keydata = key;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment