Commit af9f4da1 authored by Daniel Salzman's avatar Daniel Salzman

Merge branch 'kdig_nocrypto' into 'master'

kdig: added [no]crypto option omitting binary dump of keys

See merge request !682
parents 18f37a08 6e14699f
......@@ -132,6 +132,9 @@ Show record data only.
Use the generic representation format when printing resource record types
and data.
.TP
\fB+\fP[\fBno\fP]\fBcrypto\fP
Display the DNSSEC keys and signatures values in hexdump, instead of omitting them.
.TP
\fB+\fP[\fBno\fP]\fBaaflag\fP
Set the AA flag.
.TP
......
......@@ -109,6 +109,9 @@ Options
Use the generic representation format when printing resource record types
and data.
**+**\ [\ **no**\ ]\ **crypto**
Display the DNSSEC keys and signatures values in hexdump, instead of omitting them.
**+**\ [\ **no**\ ]\ **aaflag**
Set the AA flag.
......
......@@ -74,6 +74,7 @@ const knot_dump_style_t KNOT_DUMP_STYLE_DEFAULT = {
.empty_ttl = false,
.human_ttl = false,
.human_tmstamp = true,
.hide_crypto = false,
.ascii_to_idn = NULL
};
......@@ -487,6 +488,53 @@ static void wire_len_data_encode_to_str(rrset_dump_params_t *p,
}
}
static void wire_data_omit(rrset_dump_params_t *p)
{
CHECK_PRET
const char *omit_message = "[omitted]";
const size_t omlen = strlen(omit_message);
if (p->out_max < omlen) {
p->ret = -1;
return;
}
memcpy(p->out, omit_message, omlen);
p->out += omlen;
p->out_max -= omlen;
p->total += omlen;
STRING_TERMINATION
p->in += p->in_max;
p->in_max = 0;
}
static void wire_dnskey_to_tag(rrset_dump_params_t *p)
{
CHECK_PRET
int key_pos = -4; // we expect that key flags, 3 and algorithm
// have been already dumped
uint16_t key_tag = 0;
const dnssec_binary_t rdata_bin = {
.data = (uint8_t *)(p->in + key_pos),
.size = p->in_max - key_pos
};
dnssec_keytag(&rdata_bin, &key_tag);
int ret = snprintf(p->out, p->out_max, "[id = %hu]", key_tag);
CHECK_RET_OUTMAX_SNPRINTF
p->in += p->in_max;
p->in_max = 0;
p->out += ret;
p->out_max -= ret;
p->total += ret;
}
static void wire_unknown_to_str(rrset_dump_params_t *p)
{
CHECK_PRET
......@@ -1265,6 +1313,8 @@ static void dnskey_info(const uint8_t *rdata,
2, true, ""); CHECK_RET(p);
#define DUMP_TSIG_DATA wire_len_data_encode_to_str(p, &num48_encode, \
2, true, ""); CHECK_RET(p);
#define DUMP_OMIT wire_data_omit(p); CHECK_RET(p);
#define DUMP_KEY_OMIT wire_dnskey_to_tag(p); CHECK_RET(p);
#define DUMP_TEXT wire_text_to_str(p, true, true); CHECK_RET(p);
#define DUMP_LONG_TEXT wire_text_to_str(p, true, false); CHECK_RET(p);
#define DUMP_UNQUOTED wire_text_to_str(p, false, true); CHECK_RET(p);
......@@ -1359,14 +1409,25 @@ static int dump_dnskey(DUMP_PARAMS)
DUMP_NUM16; DUMP_SPACE;
DUMP_NUM8; DUMP_SPACE;
DUMP_NUM8; DUMP_SPACE; WRAP_INIT;
DUMP_BASE64;
WRAP_END; COMMENT(info);
DUMP_NUM8; DUMP_SPACE;
if (p->style->hide_crypto) {
DUMP_OMIT;
WRAP_LINE;
} else {
WRAP_INIT;
DUMP_BASE64;
WRAP_END;
}
COMMENT(info);
} else {
DUMP_NUM16; DUMP_SPACE;
DUMP_NUM8; DUMP_SPACE;
DUMP_NUM8; DUMP_SPACE;
DUMP_BASE64;
if (p->style->hide_crypto) {
DUMP_KEY_OMIT;
} else {
DUMP_BASE64;
}
}
DUMP_END;
......@@ -1489,29 +1550,28 @@ static int dump_ipseckey(DUMP_PARAMS)
static int dump_rrsig(DUMP_PARAMS)
{
DUMP_TYPE; DUMP_SPACE;
DUMP_NUM8; DUMP_SPACE;
DUMP_NUM8; DUMP_SPACE;
DUMP_NUM32; DUMP_SPACE;
DUMP_TIMESTAMP; DUMP_SPACE;
if (p->style->wrap) {
DUMP_TYPE; DUMP_SPACE;
DUMP_NUM8; DUMP_SPACE;
DUMP_NUM8; DUMP_SPACE;
DUMP_NUM32; DUMP_SPACE;
DUMP_TIMESTAMP; DUMP_SPACE; WRAP_INIT;
DUMP_TIMESTAMP; DUMP_SPACE;
DUMP_NUM16; DUMP_SPACE;
DUMP_DNAME; WRAP_LINE;
DUMP_BASE64;
WRAP_END;
WRAP_INIT;
}
DUMP_TIMESTAMP; DUMP_SPACE;
DUMP_NUM16; DUMP_SPACE;
DUMP_DNAME; DUMP_SPACE;
if (p->style->wrap) {
WRAP_LINE;
}
if (p->style->hide_crypto) {
DUMP_OMIT;
} else {
DUMP_TYPE; DUMP_SPACE;
DUMP_NUM8; DUMP_SPACE;
DUMP_NUM8; DUMP_SPACE;
DUMP_NUM32; DUMP_SPACE;
DUMP_TIMESTAMP; DUMP_SPACE;
DUMP_TIMESTAMP; DUMP_SPACE;
DUMP_NUM16; DUMP_SPACE;
DUMP_DNAME; DUMP_SPACE;
DUMP_BASE64;
}
if (p->style->wrap) {
WRAP_END;
}
DUMP_END;
}
......
......@@ -46,6 +46,8 @@ typedef struct {
bool human_tmstamp;
/*!< Force generic data representation. */
bool generic;
/*!< Hide binary parts of RRSIGs and DNSKEYs. */
bool hide_crypto;
/*!< ASCII string to IDN string transformation callback. */
void (*ascii_to_idn)(char **name);
} knot_dump_style_t;
......
......@@ -530,6 +530,24 @@ static int opt_noignore(const char *arg, void *query)
return KNOT_EOK;
}
static int opt_crypto(const char *arg, void *query)
{
query_t *q = query;
q->style.style.hide_crypto = false;
return KNOT_EOK;
}
static int opt_nocrypto(const char *arg, void *query)
{
query_t *q = query;
q->style.style.hide_crypto = true;
return KNOT_EOK;
}
static int opt_tcp(const char *arg, void *query)
{
query_t *q = query;
......@@ -991,6 +1009,9 @@ static const param_t kdig_opts2[] = {
{ "ttl", ARG_NONE, opt_ttl },
{ "nottl", ARG_NONE, opt_nottl },
{ "crypto", ARG_NONE, opt_crypto },
{ "nocrypto", ARG_NONE, opt_nocrypto },
{ "tcp", ARG_NONE, opt_tcp },
{ "notcp", ARG_NONE, opt_notcp },
......@@ -1606,6 +1627,7 @@ static void print_help(void)
" +[no]stats Show trailing packet statistics.\n"
" +[no]class Show DNS class.\n"
" +[no]ttl Show TTL value.\n"
" +[no]crypto Show binary parts of RRSIGs and DNSKEYs.\n"
" +[no]tcp Use TCP protocol.\n"
" +[no]ignore Don't use TCP automatically if truncated.\n"
" +[no]tls Use TLS with Opportunistic privacy profile.\n"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment