Saving progress

9d633048 · Simon Kelley · a9b55837 · 9d633048 · 9d633048 · 9d633048
Commit 9d633048 authored Dec 13, 2013 by Simon Kelley
Show whitespace changes
Inline Side-by-side

Showing with 40 additions and 27 deletions

src/dns-protocol.h src/dns-protocol.h +2 -0

src/dnsmasq.h src/dnsmasq.h +2 -3

src/forward.c src/forward.c +36 -24

No files found.
--- a/src/dns-protocol.h
+++ b/src/dns-protocol.h
@@ -82,6 +82,8 @@ struct dns_header {
 #define HB4_RCODE    0x0f
 #define OPCODE(x)          (((x)->hb3 & HB3_OPCODE) >> 3)
+#define SET_OPCODE(x, code) (x)->hb3 = ((x)->hb3 & ~HB3_OPCODE) | code
 #define RCODE(x)           ((x)->hb4 & HB4_RCODE)
 #define SET_RCODE(x, code) (x)->hb4 = ((x)->hb4 & ~HB4_RCODE) | code

--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -511,9 +511,8 @@ struct hostsfile {
 #define FREC_NOREBIND           1
 #define FREC_CHECKING_DISABLED  2
 #define FREC_HAS_SUBNET         4
-#define FREC_DNSSEC_QUERY       8
+#define FREC_DNSKEY_QUERY       8
-#define FREC_DNSKEY_QUERY      16
+#define FREC_DS_QUERY          16
-#define FREC_DS_QUERY          32
 struct frec {
  union mysockaddr source;

--- a/src/forward.c
+++ b/src/forward.c
@@ -677,7 +677,16 @@ void reply_query(int fd, int family, time_t now)
 #ifdef HAVE_DNSSEC
      if (option_bool(OPT_DNSSEC_VALID) && !(forward->flags & FREC_CHECKING_DISABLED))
 	{
-	  int status = dnssec_validate(forward->flags, header, n);
+	  int status;
+	  char rrbitmap[256/8];
+	  int class; 
+	  if (forward->flags && FREC_DNSSKEY_QUERY)
+	    status = dnssec_validate_by_ds(header, n, daemon->namebuff, &class);
+	  else if (forward->flags && FREC_DS_QUERY)
+	    status = dnssec_validate_dnskey(header, n, daemon->namebuff, &class);
+	  else
+	    status = dnssec_validate_reply(&rrbitmap, header, n, daemon->namebuff, &class);
 	  /* Can't validate, as we're missing key data. Put this
 	     answer aside, whilst we get that. */     
@@ -688,24 +697,27 @@ void reply_query(int fd, int family, time_t now)
 		{
 		  forward->stash_len = n;
-		  /* Now formulate a query for the missing data. */
+		  if ((new = get_new_frec(now, NULL, 1)))
-		  nn = dnssec_generate_query(header, status);
-		  new = get_new_frec(now, NULL, 1);
-		  if (new)
 		    {
 		      int fd;
 		      new = forward; /* copy everything, then overwrite */
 		      new->dependent = forward; /* to find query awaiting new one. */
 		      forward->blocking_query = new; /* for garbage cleaning */
-		      new->flags |= FREC_DNSSEC_QUERY;
+		      /* validate routines leave name of required record in daemon->namebuff */
 		      if (status == STAT_NEED_KEY)
-			new->flags |= FREC_DNSKEY_QUERY; /* So we verify differently */
+			{
+			  new->flags |= FREC_DNSKEY_QUERY; 
+			  nn = dnssec_generate_query(header, daemon->namebuff, class, T_DNSKEY);
+			}
 		      else if (status == STAT_NEED_DS)
+			{
 			  new->flags |= FREC_DS_QUERY;
+			  nn = dnssec_generate_query(header, daemon->namebuff, class, T_DS);
+			}
 		      new->crc = questions_crc(header, nn, daemon->namebuff);
 		      new->new_id = get_id(new->crc);
+		      header->id = htons(new->id);
 		      /* Don't resend this. */
 		      daemon->srv_save = NULL;