Commit a5b14c25 authored by Grigorii Demidov's avatar Grigorii Demidov Committed by Vladimír Čunát

lib/resolve: cleanup

parent 2c588703
......@@ -821,33 +821,6 @@ int kr_make_query(struct kr_query *query, knot_pkt_t *pkt)
return kr_ok();
}
int kr_make_query2(struct kr_query *query, knot_pkt_t *pkt, uint16_t qtype_minimized)
{
/* Minimize QNAME (if possible). */
uint16_t qtype = qtype_minimized;
const knot_dname_t *qname = minimized_qname(query, &qtype);
/* Form a query for the authoritative. */
knot_pkt_clear(pkt);
int ret = knot_pkt_put_question(pkt, qname, query->sclass, qtype);
if (ret != KNOT_EOK) {
return ret;
}
/* Query built, expect answer. */
query->id = kr_rand_uint(UINT16_MAX);
knot_wire_set_id(pkt->wire, query->id);
pkt->parsed = pkt->size;
WITH_VERBOSE {
char name_str[KNOT_DNAME_MAXLEN], type_str[16];
knot_dname_to_str(name_str, query->sname, sizeof(name_str));
knot_rrtype_to_string(query->stype, type_str, sizeof(type_str));
QVERBOSE_MSG(query, "'%s' type '%s' id was assigned, parent id %hu\n",
name_str, type_str, query->parent ? query->parent->id : 0);
}
return kr_ok();
}
static int prepare_query(kr_layer_t *ctx, knot_pkt_t *pkt)
{
assert(pkt && ctx);
......
......@@ -33,7 +33,3 @@ int kr_response_classify(knot_pkt_t *pkt);
/** Make next iterative query. */
int kr_make_query(struct kr_query *query, knot_pkt_t *pkt);
/** Make next iterative query. If qname is minimized,
* qtype is set to qtype_minimized */
int kr_make_query2(struct kr_query *query, knot_pkt_t *pkt, uint16_t qtype_minimized);
......@@ -556,56 +556,25 @@ static int unsigned_forward(kr_layer_t *ctx, knot_pkt_t *pkt)
struct kr_query *qry = req->current_query;
const uint16_t qtype = knot_pkt_qtype(pkt);
printf("unsigned forward\n");
/*
if (qtype != KNOT_RRTYPE_DS) {
struct kr_rplan *rplan = &req->rplan;
struct kr_query *next = kr_rplan_push(rplan, qry, qry->sname, qry->sclass, KNOT_RRTYPE_DS);
int state = kr_nsrep_copy_set(&next->ns, &qry->ns);
if (state != kr_ok()) {
return;
}
kr_zonecut_set(&next->zone_cut, qry->zone_cut.name);
kr_zonecut_copy_trust(&next->zone_cut, &qry->zone_cut);
next->flags |= QUERY_DNSSEC_WANT;
return;
}
return;
*/
// if (qtype == KNOT_RRTYPE_NS) {
printf("KNOT_RRTYPE_NS\n");
bool nods = false;
bool ds_req = false;
for (int i = 0; i < req->rplan.resolved.len; ++i) {
struct kr_query *q = req->rplan.resolved.at[i];
kr_dname_print(q->sname, "q: ", " ");
kr_dname_print(qry->sname, "qry: ", " ");
kr_rrtype_print(q->stype, "type: ", "\n");
if (/* q->parent == qry && */
q->sclass == qry->sclass &&
q->stype == KNOT_RRTYPE_DS &&
knot_dname_is_equal(q->sname, qry->sname)) {
ds_req = true;
printf("DSREQ\n");
if (q->flags & QUERY_DNSSEC_NODS) {
printf("NODS\n");
nods = true;
}
}
bool nods = false;
for (int i = 0; i < req->rplan.resolved.len; ++i) {
struct kr_query *q = req->rplan.resolved.at[i];
if (q->sclass == qry->sclass &&
q->stype == KNOT_RRTYPE_DS &&
knot_dname_is_equal(q->sname, qry->sname)) {
nods = true;
}
}
if (nods) {
printf("NODS return\n");
qry->flags &= ~QUERY_DNSSEC_WANT;
qry->flags |= QUERY_DNSSEC_INSECURE;
if (qry->parent) {
qry->parent->flags &= ~QUERY_DNSSEC_WANT;
qry->parent->flags |= QUERY_DNSSEC_INSECURE;
}
return KR_STATE_DONE;
if (nods) {
qry->flags &= ~QUERY_DNSSEC_WANT;
qry->flags |= QUERY_DNSSEC_INSECURE;
if (qry->parent) {
qry->parent->flags &= ~QUERY_DNSSEC_WANT;
qry->parent->flags |= QUERY_DNSSEC_INSECURE;
}
// }
return KR_STATE_DONE;
}
if (qtype != KNOT_RRTYPE_DS) {
struct kr_rplan *rplan = &req->rplan;
......@@ -618,6 +587,7 @@ static int unsigned_forward(kr_layer_t *ctx, knot_pkt_t *pkt)
kr_zonecut_copy_trust(&next->zone_cut, &qry->zone_cut);
next->flags |= QUERY_DNSSEC_WANT;
}
return KR_STATE_YIELD;
}
......@@ -639,7 +609,6 @@ static int check_signer(kr_layer_t *ctx, knot_pkt_t *pkt)
* It means that trust chain is OK and
* transition to INSECURE hasn't occured.
* Let the validation logic ask about RRSIG. */
printf("already yielded\n");
return KR_STATE_DONE;
}
/* Ask parent for DS
......@@ -654,25 +623,19 @@ static int check_signer(kr_layer_t *ctx, knot_pkt_t *pkt)
qry->zone_cut.name = knot_dname_copy(qname, &req->pool);
}
} else if (knot_dname_is_sub(signer, qry->zone_cut.name)) {
/* Key signer is below current cut, advance and refetch keys. */
if (!(qry->flags & QUERY_FORWARD)) {
/* Key signer is below current cut, advance and refetch keys. */
qry->zone_cut.name = knot_dname_copy(signer, &req->pool);
} else {
for (int i = 0; i < req->rplan.resolved.len; ++i) {
struct kr_query *q = req->rplan.resolved.at[i];
if (/* q->parent == qry && */
q->sclass == qry->sclass &&
q->stype == KNOT_RRTYPE_DS &&
knot_dname_is_equal(q->sname, signer)) {
printf("DSREQQQQ\n");
if (q->flags & QUERY_DNSSEC_NODS) {
qry->flags &= ~QUERY_DNSSEC_WANT;
qry->flags |= QUERY_DNSSEC_INSECURE;
if (qry->parent) {
qry->parent->flags &= ~QUERY_DNSSEC_WANT;
qry->parent->flags |= QUERY_DNSSEC_INSECURE;
}
}
/* Check if DS does not exist. */
struct kr_query *q = kr_rplan_find_resolved(&req->rplan, NULL,
signer, qry->sclass, KNOT_RRTYPE_DS);
if (q && q->flags & QUERY_DNSSEC_NODS) {
qry->flags &= ~QUERY_DNSSEC_WANT;
qry->flags |= QUERY_DNSSEC_INSECURE;
if (qry->parent) {
qry->parent->flags &= ~QUERY_DNSSEC_WANT;
qry->parent->flags |= QUERY_DNSSEC_INSECURE;
}
}
}
......@@ -689,7 +652,6 @@ static int check_signer(kr_layer_t *ctx, knot_pkt_t *pkt)
} /* else zone cut matches, but DS/DNSKEY doesn't => refetch. */
if (qry->stype != KNOT_RRTYPE_DS) {
/* zone cut matches, but DS/DNSKEY doesn't => refetch. */
printf("sheck_signer\n");
VERBOSE_MSG(qry, ">< cut changed, needs revalidation\n");
return KR_STATE_YIELD;
}
......@@ -802,7 +764,6 @@ static int validate(kr_layer_t *ctx, knot_pkt_t *pkt)
if (knot_wire_get_aa(pkt->wire) && qtype == KNOT_RRTYPE_DNSKEY) {
ret = validate_keyset(req, pkt, has_nsec3);
if (ret == kr_error(EAGAIN)) {
printf("validate\n");
VERBOSE_MSG(qry, ">< cut changed, needs revalidation\n");
return KR_STATE_YIELD;
} else if (ret != 0) {
......@@ -925,7 +886,12 @@ static int validate(kr_layer_t *ctx, knot_pkt_t *pkt)
}
}
if (qry->flags & QUERY_FORWARD) {
if (qry->parent &&
qtype == KNOT_RRTYPE_NS) {
printf("NS NODATA\n");
}
if (qry->parent &&
qtype == KNOT_RRTYPE_NS &&
!no_data &&
......
......@@ -922,7 +922,7 @@ static struct kr_query *zone_cut_subreq(struct kr_rplan *rplan, struct kr_query
return next;
}
static int forward_trust_chain_check(struct kr_request *request, struct kr_query *qry, bool resume, knot_pkt_t *packet)
static int forward_trust_chain_check(struct kr_request *request, struct kr_query *qry, bool resume)
{
struct kr_rplan *rplan = &request->rplan;
map_t *trust_anchors = &request->ctx->trust_anchors;
......@@ -934,36 +934,28 @@ static int forward_trust_chain_check(struct kr_request *request, struct kr_query
return KR_STATE_PRODUCE;
}
// if (qry->parent != NULL) {
// return KR_STATE_PRODUCE;
// }
bool nods = false;
bool ds_req = false;
bool ns_req = false;
bool minimized = false;
// const knot_dname_t* wanted_name = qry->zone_cut.name;
const knot_dname_t* wanted_name = NULL;
int name_offset = 1;
while (1) {
wanted_name = qry->sname;
nods = false;
ds_req = false;
ns_req = false;
minimized = false;
kr_dname_print(qry->zone_cut.name, "cut_name: ", " ");
kr_dname_print(qry->sname, "sname: ", " ");
kr_rrtype_print(qry->stype, "type: ", "\n");
if (qry->parent == NULL /* && !resume */) {
// wanted_name = qry->sname;
int cut_labels = knot_dname_labels(qry->zone_cut.name, NULL);
int wanted_name_labels = knot_dname_labels(wanted_name, NULL);
while(wanted_name[0] && wanted_name_labels > cut_labels + name_offset) {
wanted_name = knot_wire_next_label(wanted_name, NULL);
wanted_name_labels -= 1;
}
minimized = (wanted_name != qry->sname);
}
do {
wanted_name = qry->sname;
nods = false;
ds_req = false;
ns_req = false;
minimized = false;
if (qry->parent == NULL) {
int cut_labels = knot_dname_labels(qry->zone_cut.name, NULL);
int wanted_name_labels = knot_dname_labels(wanted_name, NULL);
while (wanted_name[0] && wanted_name_labels > cut_labels + name_offset) {
wanted_name = knot_wire_next_label(wanted_name, NULL);
wanted_name_labels -= 1;
}
minimized = (wanted_name != qry->sname);
}
for (int i = 0; i < request->rplan.resolved.len; ++i) {
struct kr_query *q = request->rplan.resolved.at[i];
......@@ -982,11 +974,10 @@ static int forward_trust_chain_check(struct kr_request *request, struct kr_query
}
}
if (qry->parent == NULL /* && !resume */) {
printf("initial request ds_req %i ns_req %i\n", ds_req, ns_req);
if (ds_req && !ns_req && minimized) {
struct kr_query *next = kr_rplan_push(rplan, qry, wanted_name, qry->sclass, KNOT_RRTYPE_NS);
if (qry->parent == NULL &&
ds_req && !ns_req && minimized) {
struct kr_query *next = kr_rplan_push(rplan, qry, wanted_name,
qry->sclass, KNOT_RRTYPE_NS);
if (!next) {
return KR_STATE_FAIL;
}
......@@ -999,31 +990,19 @@ static int forward_trust_chain_check(struct kr_request *request, struct kr_query
next->flags |= QUERY_DNSSEC_WANT;
return KR_STATE_DONE;
}
}
kr_dname_print(wanted_name, "wanted_name: ", " ");
printf("resume? %i\n", resume);
if ((qry->stype == KNOT_RRTYPE_DS) &&
knot_dname_is_equal(wanted_name, qry->sname)) {
printf("if1\n");
nods = true;
} else if (resume && !ds_req) {
printf("if2\n");
nods = false;
} else if (!minimized) {
printf("if3\n");
nods = true;
} else {
printf("if4\n");
nods = ds_req;
}
if (ds_req && ns_req) {
name_offset += 1;
if ((qry->stype == KNOT_RRTYPE_DS) &&
knot_dname_is_equal(wanted_name, qry->sname)) {
nods = true;
} else if (resume && !ds_req) {
nods = false;
} else if (!minimized) {
nods = true;
} else {
break;
nods = ds_req;
}
}
printf("ds_req %i ns_req %i nods? %i\n", ds_req, ns_req, nods);
name_offset += 1;
} while (ds_req && ns_req);
/* Disable DNSSEC if it enters NTA. */
if (kr_ta_get(negative_anchors, wanted_name)){
......@@ -1181,7 +1160,7 @@ static int zone_cut_check(struct kr_request *request, struct kr_query *qry, knot
* Since forwarding targets already are in qry->ns -
* cut fetching is not needed. */
if (qry->flags & QUERY_FORWARD) {
return forward_trust_chain_check(request, qry, false, packet);
return forward_trust_chain_check(request, qry, false);
}
if (!(qry->flags & QUERY_AWAIT_CUT)) {
/* The query was resolved from cache.
......@@ -1252,7 +1231,7 @@ int kr_resolve_produce(struct kr_request *request, struct sockaddr **dst, int *t
if (qry->deferred != NULL) {
/* @todo: Refactoring validator, check trust chain before resuming. */
int state = (qry->flags & QUERY_FORWARD) ?
forward_trust_chain_check(request, qry, true, packet) :
forward_trust_chain_check(request, qry, true) :
trust_chain_check(request, qry);
switch(state) {
case KR_STATE_FAIL: return KR_STATE_FAIL;
......
......@@ -226,4 +226,20 @@ struct kr_query *kr_rplan_resolved(struct kr_rplan *rplan)
return array_tail(rplan->resolved);
}
struct kr_query *kr_rplan_find_resolved(struct kr_rplan *rplan, struct kr_query *parent,
const knot_dname_t *name, uint16_t cls, uint16_t type)
{
struct kr_query *ret = NULL;
for (int i = 0; i < rplan->resolved.len; ++i) {
struct kr_query *q = rplan->resolved.at[i];
if (q->stype == type && q->sclass == cls &&
(parent == NULL || q->parent == parent) &&
knot_dname_is_equal(q->sname, name)) {
ret = q;
break;
}
}
return ret;
}
#undef VERBOSE_MSG
......@@ -179,3 +179,19 @@ bool kr_rplan_satisfies(struct kr_query *closure, const knot_dname_t *name, uint
KR_EXPORT KR_PURE
struct kr_query *kr_rplan_resolved(struct kr_rplan *rplan);
/** Return query predecessor. */
KR_EXPORT KR_PURE
struct kr_query *kr_rplan_next(struct kr_query *qry);
/**
* Check if a given query already resolved.
* @param rplan plan instance
* @param parent query parent (or NULL)
* @param name resolved name
* @param cls resolved class
* @param type resolved type
* @return query instance or NULL
*/
KR_EXPORT KR_PURE
struct kr_query *kr_rplan_find_resolved(struct kr_rplan *rplan, struct kr_query *parent,
const knot_dname_t *name, uint16_t cls, uint16_t type);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment