Commit 96686395 authored by Jan Včelák's avatar Jan Včelák 🚀

packet review: just whitespace fixes in libknot/nameserver

parent 855d96c0
......@@ -67,7 +67,6 @@ static int ixfr_put_rrlist(knot_pkt_t *pkt, struct ixfr_proc *ixfr, list_t *list
return ret;
}
/*!
* \brief Process single changeset.
* \note Keep in mind that this function must be able to resume processing,
......@@ -114,7 +113,7 @@ static int ixfr_process_item(knot_pkt_t *pkt, const void *item, struct xfr_proc
dbg_ns("%s: put 'ADD' RRs\n", __func__);
ixfr->state = SOA_REMOVE;
}
/* Finished change set. */
struct query_data *qdata = ixfr->qdata; /*< Required for IXFR_LOG() */
IXFR_LOG(LOG_INFO, "Serial %u -> %u.", chgset->serial_from, chgset->serial_to);
......@@ -169,7 +168,7 @@ static int ixfr_query_check(struct query_data *qdata)
}
/* SOA needs to match QNAME. */
NS_NEED_QNAME(qdata, their_soa->owner, KNOT_RCODE_FORMERR);
/* Need valid transaction security. */
zonedata_t *zone_data = (zonedata_t *)knot_zone_data(qdata->zone);
NS_NEED_AUTH(zone_data->xfr_out, qdata);
......@@ -227,7 +226,7 @@ static int ixfr_answer_init(struct query_data *qdata)
ptrlist_add(&xfer->proc.nodes, chs, mm);
dbg_ns("%s: preparing %u -> %u\n", __func__, chs->serial_from, chs->serial_to);
}
/* Keep first and last serial. */
chs = HEAD(chgsets->sets);
xfer->soa_from = chs->soa_from;
......@@ -253,9 +252,9 @@ int ixfr_answer_soa(knot_pkt_t *pkt, knot_nameserver_t *ns, struct query_data *q
if (state == NS_PROC_FAIL) {
return state; /* Malformed query. */
}
/* Reserve space for TSIG. */
knot_pkt_tsig_set(pkt, qdata->sign.tsig_key);
knot_pkt_tsig_set(pkt, qdata->sign.tsig_key);
/* Guaranteed to have zone contents. */
const knot_node_t *apex = qdata->zone->contents->apex;
......@@ -307,7 +306,7 @@ int ixfr_answer(knot_pkt_t *pkt, knot_nameserver_t *ns, struct query_data *qdata
return NS_PROC_FAIL;
}
}
/* Reserve space for TSIG. */
knot_pkt_tsig_set(pkt, qdata->sign.tsig_key);
......
......@@ -573,7 +573,7 @@ int ns_proc_out(uint8_t *wire, uint16_t *wire_len, ns_proc_context_t *ctx)
} else {
*wire_len = 0;
}
knot_pkt_free(&pkt);
dbg_ns("%s -> %s\n", __func__, NS_STATE_STR(ctx->state));
......
......@@ -147,7 +147,6 @@ typedef struct knot_ns_xfr {
hattrie_t *lookup_tree;
} knot_ns_xfr_t;
static const int KNOT_NS_TSIG_FREQ = 100;
static const size_t KNOT_NS_TSIG_DATA_MAX_SIZE = 100 * 64 * 1024;
......@@ -326,7 +325,7 @@ typedef struct ns_proc_context
knot_nameserver_t *ns;
void *data;
/* Module implementation. */
const struct ns_proc_module *module;
} ns_proc_context_t;
......@@ -344,7 +343,7 @@ typedef struct ns_proc_module {
/*! \brief Packet signing context.
* \todo This should be later moved to TSIG files when refactoring. */
typedef struct ns_sign_context {
knot_tsig_key_t *tsig_key;
knot_tsig_key_t *tsig_key;
uint8_t *tsig_buf;
uint8_t *tsig_digest;
size_t tsig_buflen;
......
......@@ -102,7 +102,7 @@ int ns_proc_query_in(knot_pkt_t *pkt, ns_proc_context_t *ctx)
knot_pkt_free(&pkt);
return NS_PROC_NOOP; /* Ignore. */
}
/* Accept only queries with QD=1. */
if (knot_wire_get_qr(pkt->wire) || knot_wire_get_qdcount(pkt->wire) != 1) {
knot_pkt_free(&pkt);
......@@ -123,7 +123,7 @@ int ns_proc_query_out(knot_pkt_t *pkt, ns_proc_context_t *ctx)
struct query_data *qdata = QUERY_DATA(ctx);
rcu_read_lock();
/* Check parse state. */
knot_pkt_t *query = qdata->query;
int next_state = NS_PROC_DONE;
......@@ -161,7 +161,7 @@ int ns_proc_query_out(knot_pkt_t *pkt, ns_proc_context_t *ctx)
next_state = NS_PROC_FAIL;
break;
}
/*
* Postprocessing.
*/
......@@ -170,7 +170,7 @@ int ns_proc_query_out(knot_pkt_t *pkt, ns_proc_context_t *ctx)
if (next_state == NS_PROC_FAIL && qdata->rcode == KNOT_RCODE_NOERROR) {
qdata->rcode = KNOT_RCODE_SERVFAIL;
}
/* Transaction security for positive answer. */
if (next_state == NS_PROC_DONE || next_state == NS_PROC_FULL) {
if (ns_proc_query_sign_response(pkt, qdata) != KNOT_EOK) {
......@@ -207,7 +207,7 @@ int ns_proc_query_err(knot_pkt_t *pkt, ns_proc_context_t *ctx)
/* Set RCODE. */
knot_wire_set_rcode(pkt->wire, qdata->rcode);
/* Transaction security (if applicable). */
if (ns_proc_query_sign_response(pkt, qdata) != KNOT_EOK) {
return NS_PROC_FAIL;
......@@ -230,7 +230,7 @@ bool ns_proc_query_acl_check(acl_t *acl, struct query_data *qdata)
key_alg = tsig_rdata_alg(query->tsig_rr);
}
acl_match_t *match = acl_find(acl, query_source, key_name);
/* Did not authenticate, no fitting rule found. */
if (match == NULL || (match->key && match->key->algorithm != key_alg)) {
dbg_ns("%s: no ACL match => NOTAUTH\n", __func__);
......@@ -249,21 +249,21 @@ int ns_proc_query_verify(struct query_data *qdata)
{
knot_pkt_t *query = qdata->query;
ns_sign_context_t *ctx = &qdata->sign;
/* NOKEY => no verification. */
if (query->tsig_rr == NULL) {
return KNOT_EOK;
}
/* Keep digest for signing response. */
/*! \note This memory will be rewritten for multi-pkt answers. */
ctx->tsig_digest = (uint8_t *)tsig_rdata_mac(query->tsig_rr);
ctx->tsig_digestlen = tsig_rdata_mac_length(query->tsig_rr);
/* Checking query. */
int ret = knot_tsig_server_check(query->tsig_rr, query->wire,
query->size, ctx->tsig_key);
dbg_ns("%s: QUERY TSIG check result = %s\n", __func__, knot_strerror(ret));
/* Evaluate TSIG check results. */
......@@ -300,11 +300,10 @@ int ns_proc_query_sign_response(knot_pkt_t *pkt, struct query_data *qdata)
int ret = KNOT_EOK;
knot_pkt_t *query = qdata->query;
ns_sign_context_t *ctx = &qdata->sign;
/* KEY provided and verified TSIG or BADTIME allows signing. */
if (ctx->tsig_key != NULL && knot_tsig_can_sign(qdata->rcode_tsig)) {
/* Sign query response. */
dbg_ns("%s: signing response using key %p\n", __func__, ctx->tsig_key);
size_t new_digest_len = knot_tsig_digest_length(ctx->tsig_key->algorithm);
......@@ -337,7 +336,7 @@ int ns_proc_query_sign_response(knot_pkt_t *pkt, struct query_data *qdata)
}
}
}
return ret;
/* Server failure in signing. */
......@@ -394,7 +393,7 @@ static int ratelimit_apply(int state, knot_pkt_t *pkt, ns_proc_context_t *ctx)
if (server->rrl == NULL) {
return state;
}
rrl_req_t rrl_rq = {0};
rrl_rq.w = pkt->wire;
rrl_rq.query = qdata->query;
......@@ -406,7 +405,7 @@ static int ratelimit_apply(int state, knot_pkt_t *pkt, ns_proc_context_t *ctx)
/* Rate limiting not applied. */
return state;
}
/* Now it is slip or drop. */
if (rrl_slip_roll(conf()->rrl_slip)) {
/* Answer slips. */
......@@ -418,7 +417,7 @@ static int ratelimit_apply(int state, knot_pkt_t *pkt, ns_proc_context_t *ctx)
/* Drop answer. */
pkt->size = 0;
}
return NS_PROC_DONE;
}
......@@ -429,7 +428,7 @@ static int query_chaos(knot_pkt_t *pkt, ns_proc_context_t *ctx)
{
dbg_ns("%s(%p, %p)\n", __func__, pkt, ctx);
struct query_data *data = QUERY_DATA(ctx);
/* Nothing except normal queries is supported. */
if (data->packet_type != KNOT_QUERY_NORMAL) {
data->rcode = KNOT_RCODE_NOTIMPL;
......@@ -475,7 +474,7 @@ static const knot_zone_t *answer_zone_find(const knot_pkt_t *pkt, knot_zonedb_t
if (zone == NULL) {
zone = knot_zonedb_find_suffix(zonedb, qname);
}
return zone;
}
......@@ -487,7 +486,7 @@ static int prepare_answer(const knot_pkt_t *query, knot_pkt_t *resp, ns_proc_con
dbg_ns("%s: can't init response pkt (%d)\n", __func__, ret);
return ret;
}
/* Convert query QNAME to lowercase, but keep original QNAME case.
* Already checked for absence of compression and length.
*/
......
......@@ -78,14 +78,14 @@ struct query_data {
knot_pkt_t *query; /*!< Query to be solved. */
const knot_zone_t *zone; /*!< Zone from which is answered. */
list_t wildcards; /*!< Visited wildcards. */
/* Current processed name and nodes. */
const knot_node_t *node, *encloser, *previous;
const knot_dname_t *name;
/* Original QNAME case. */
uint8_t orig_qname[KNOT_DNAME_MAXLEN];
/* Bookkeeping below. */
ns_sign_context_t sign; /*!< Signing context. */
struct ns_proc_query_param *param; /*!< Module parameters. */
......@@ -132,7 +132,7 @@ int ns_proc_query_finish(ns_proc_context_t *ctx);
* \param pkt
* \param ctx
* \retval NOOP (unsupported query)
* \retval FULL (ready to write answer)
* \retval FULL (ready to write answer)
*/
int ns_proc_query_in(knot_pkt_t *pkt, ns_proc_context_t *ctx);
......
......@@ -16,7 +16,6 @@
* with hints to the RFC, as it's not so complicated as it looks here.
*/
/*----------------------------------------------------------------------------*/
/*!
* \brief Creates a 'next closer name' to the given domain name.
......@@ -123,7 +122,6 @@ dbg_ns_exec_verb(
return ns_put_nsec3_from_node(prev, resp);
}
/*----------------------------------------------------------------------------*/
/*!
* \brief Adds NSEC3s comprising the 'closest encloser proof' for the given
......@@ -318,7 +316,6 @@ static int ns_put_nsec_wildcard(const knot_zone_contents_t *zone,
return ret;
}
/*----------------------------------------------------------------------------*/
/*!
* \brief Puts NSECs or NSEC3s for wildcard NODATA answer into the response.
......@@ -451,7 +448,6 @@ dbg_ns_exec_verb(
);
int ret = ns_put_covering_nsec3(zone, next_closer, resp);
/* Duplicate from ns_next_close(), safe to discard. */
knot_dname_free(&next_closer);
......@@ -500,7 +496,6 @@ static int ns_put_nsec_nsec3_wildcard_answer(const knot_node_t *node,
return ret;
}
/*----------------------------------------------------------------------------*/
/*!
* \brief Puts NSECs for NXDOMAIN error to the response.
......@@ -814,13 +809,13 @@ int nsec_prove_dp_security(knot_pkt_t *pkt, struct query_data *qdata)
int nsec_append_rrsigs(knot_pkt_t *pkt, bool optional)
{
dbg_ns("%s(%p, optional=%d)\n", __func__, pkt, optional);
int ret = KNOT_EOK;
uint32_t flags = (optional) ? KNOT_PF_NOTRUNC : KNOT_PF_NULL;
uint32_t flags = (optional) ? KNOT_PF_NOTRUNC : KNOT_PF_NULL;
uint16_t compr_hint = COMPR_HINT_NONE;
const knot_rrset_t *rr = NULL;
const knot_pktsection_t *section = knot_pkt_section(pkt, pkt->current);
/* Append RRSIG for each RR in given section. */
for (uint16_t i = 0; i < section->count; ++i) {
rr = section->rr[i];
......
......@@ -10,7 +10,6 @@
#include "common/descriptor.h"
#include "knot/server/zones.h"
static int update_forward(struct query_data *qdata)
{
/*! \todo This will be implemented when RESPONSE and REQUEST processors
......@@ -63,7 +62,6 @@ static int update_forward(struct query_data *qdata)
return NS_PROC_FAIL;
}
static int update_process(knot_pkt_t *resp, struct query_data *qdata)
{
/*! \todo Reusing the API for compatibility reasons. */
......@@ -107,13 +105,13 @@ int update_answer(knot_pkt_t *pkt, knot_nameserver_t *ns, struct query_data *qda
/*! \note NOTIFY/RFC1996 isn't clear on error RCODEs.
* Most servers use NOTAUTH from RFC2136. */
NS_NEED_VALID_ZONE(qdata, KNOT_RCODE_NOTAUTH);
/* Allow pass-through of an unknown TSIG in DDNS forwarding (must have zone). */
zonedata_t *zone_data = (zonedata_t *)knot_zone_data(qdata->zone);
if (zone_data->xfr_in.has_master) {
return update_forward(qdata);
}
/*
* Check if UPDATE not running already.
*/
......@@ -124,26 +122,25 @@ int update_answer(knot_pkt_t *pkt, knot_nameserver_t *ns, struct query_data *qda
zone_data->conf->name);
return NS_PROC_FAIL;
}
/* Need valid transaction security. */
NS_NEED_AUTH(zone_data->update_in, qdata);
/* Reserve space for TSIG. */
knot_pkt_tsig_set(pkt, qdata->sign.tsig_key);
/* Check prerequisites. */
if (update_prereq_check(qdata) != KNOT_EOK) {
pthread_mutex_unlock(&zone_data->ddns_lock);
return NS_PROC_FAIL;
}
/* Process UPDATE. */
if (update_process(pkt, qdata) != KNOT_EOK) {
pthread_mutex_unlock(&zone_data->ddns_lock);
return NS_PROC_FAIL;
}
pthread_mutex_unlock(&zone_data->ddns_lock);
return NS_PROC_DONE;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment