Commit c8cedd16 authored by Marek Vavrusa's avatar Marek Vavrusa

Packet processing cleanup.

parent a9c9dca5
......@@ -147,7 +147,7 @@ int internet_notify(knot_pkt_t *pkt, knot_nameserver_t *ns, struct query_data *q
/* SOA RR in answer may be included, recover serial. */
unsigned serial = 0;
const knot_pktsection_t *answer = knot_pkt_section(qdata->pkt, KNOT_ANSWER);
const knot_pktsection_t *answer = knot_pkt_section(qdata->query, KNOT_ANSWER);
if (answer->count > 0) {
const knot_rrset_t *soa = answer->rr[0];
if (knot_rrset_type(soa) == KNOT_RRTYPE_SOA) {
......@@ -168,7 +168,7 @@ int internet_notify(knot_pkt_t *pkt, knot_nameserver_t *ns, struct query_data *q
next_state = NS_PROC_NOOP; /* RFC1996: Ignore. */
log_server_warning(NOTIFY_MSG "%s\n", qname_str, addr_str, knot_strerror(ret));
} else {
next_state = NS_PROC_FINISH;
next_state = NS_PROC_DONE;
log_server_info(NOTIFY_MSG NOTIFY_XMSG "\n", qname_str, addr_str, serial);
}
free(qname_str);
......
......@@ -54,7 +54,7 @@ struct query_data;
* \retval KNOT_ERROR
*/
int notify_create_request(const knot_zone_contents_t *zone, uint8_t *buffer,
size_t *size) __attribute__ ((deprecated));
size_t *size);
/*!
* \brief Processes NOTIFY response packet.
......@@ -66,7 +66,7 @@ int notify_create_request(const knot_zone_contents_t *zone, uint8_t *buffer,
* \retval KNOT_EINVAL on invalid parameters or packet.
* \retval KNOT_ERROR on message ID mismatch
*/
int notify_process_response(knot_pkt_t *notify, int msgid) __attribute__ ((deprecated));
int notify_process_response(knot_pkt_t *notify, int msgid);
/*!
* \brief Answer IN class zone NOTIFY message (RFC1996).
......
......@@ -140,7 +140,7 @@ static int tcp_handle(ns_proc_context_t *query_ctx, int fd,
state = ns_proc_out(tx->iov_base, &tx_len, query_ctx);
/* If it has response, send it. */
if (state == NS_PROC_FINISH || state == NS_PROC_FULL) {
if (state == NS_PROC_DONE || state == NS_PROC_FULL) {
if (tcp_send(fd, tx->iov_base, tx_len) != tx_len) {
ret = KNOT_ECONN;
break;
......
......@@ -146,7 +146,7 @@ int udp_handle(ns_proc_context_t *query_ctx, int fd, sockaddr_t *addr,
}
/* Send response only if finished successfuly. */
if (state == NS_PROC_FINISH) {
if (state == NS_PROC_DONE) {
tx->iov_len = tx_len;
} else {
tx->iov_len = 0;
......
......@@ -34,7 +34,6 @@
#include "libknot/consts.h"
#define KNOT_DNAME_MAX_LENGTH 255
typedef uint8_t knot_dname_t;
/*!
......
......@@ -875,7 +875,7 @@ knot_dname_t *knot_nsec3_hash_to_dname(const uint8_t *hash, size_t hash_size,
// encode raw hash to first label
uint8_t label[KNOT_DNAME_MAX_LENGTH];
uint8_t label[KNOT_DNAME_MAXLEN];
int32_t label_size;
label_size = base32hex_encode(hash, hash_size, label, sizeof(label));
if (label_size <= 0) {
......
......@@ -182,7 +182,7 @@ int axfr_answer(knot_pkt_t *pkt, knot_nameserver_t *ns, struct query_data *qdata
case KNOT_EOK: /* Last response. */
dbg_ns("%s: finished AXFR, %u pkts, ~%.01fkB\n", __func__,
xfer->npkts, xfer->nbytes/1024.0);
ret = NS_PROC_FINISH;
ret = NS_PROC_DONE;
break;
default: /* Generic error. */
dbg_ns("%s: answered with ret = %s\n", __func__, knot_strerror(ret));
......
......@@ -40,7 +40,7 @@ struct xfr_proc {
unsigned nbytes; /* Bytes processed. */
};
/*! \brief Generic transfer processing.
/*! \brief Generic transfer processing (reused for IXFR).
*/
typedef int (*xfr_put_cb)(knot_pkt_t *pkt, const void *item, struct xfr_proc *xfer);
......@@ -52,9 +52,9 @@ int xfr_process_list(knot_pkt_t *pkt, xfr_put_cb put, struct query_data *qdata);
/*!
* \brief AXFR query processing module.
*
* \retval NS_PROC_FULL if it has an answer, but not yet finished.
* \retval NS_PROC_FAIL if it encountered an error.
* \retval NS_PROC_EOK if finished.
* \retval FULL if it has an answer, but not yet finished.
* \retval FAIL if it encountered an error.
* \retval DONE if finished.
*/
int axfr_answer(knot_pkt_t *pkt, knot_nameserver_t *ns, struct query_data *qdata);
......
......@@ -58,8 +58,8 @@ static knot_rrset_t *create_txt_rrset(const knot_dname_t *owner,
{
// truncate response to one TXT label
size_t response_len = strlen(response);
if (response_len > 255)
response_len = 255;
if (response_len > KNOT_DNAME_MAXLEN)
response_len = KNOT_DNAME_MAXLEN;
knot_dname_t *rowner = knot_dname_copy(owner);
if (!rowner)
......
......@@ -106,7 +106,7 @@ static bool dname_cname_can_synth(const knot_rrset_t *rrset, const knot_dname_t
/*! \brief DNSSEC both requested & available. */
static bool have_dnssec(struct query_data *qdata)
{
return knot_pkt_have_dnssec(qdata->pkt) &&
return knot_pkt_have_dnssec(qdata->query) &&
knot_zone_contents_is_signed(qdata->zone->contents);
}
......@@ -487,6 +487,10 @@ static int solve_answer_section(int state, knot_pkt_t *pkt, struct query_data *q
static int solve_answer_dnssec(int state, knot_pkt_t *pkt, struct query_data *qdata)
{
if (!have_dnssec(qdata)) {
return state; /* DNSSEC not supported. */
}
/* RFC4035, section 3.1 RRSIGs for RRs in ANSWER are mandatory. */
int ret = nsec_append_rrsigs(pkt, false);
switch(ret) {
......@@ -548,6 +552,10 @@ static int solve_authority(int state, knot_pkt_t *pkt, struct query_data *qdata)
static int solve_authority_dnssec(int state, knot_pkt_t *pkt, struct query_data *qdata)
{
if (!have_dnssec(qdata)) {
return state; /* DNSSEC not supported. */
}
int ret = KNOT_ERROR;
switch (state) {
......@@ -580,7 +588,7 @@ static int solve_additional(int state, knot_pkt_t *pkt, struct query_data *qdata
/* Put OPT RR. */
int ret = knot_pkt_put_opt(pkt);
/* Scan all RRs in AN+NS. */
/* Scan all RRs in ANSWER/AUTHORITY. */
for (uint16_t i = 0; i < pkt->rrset_count; ++i) {
/* Skip types for which it doesn't apply. */
if (!rrset_additional_needed(pkt->rr[i]->type)) {
......@@ -598,6 +606,10 @@ static int solve_additional(int state, knot_pkt_t *pkt, struct query_data *qdata
static int solve_additional_dnssec(int state, knot_pkt_t *pkt, struct query_data *qdata)
{
if (!have_dnssec(qdata)) {
return state; /* DNSSEC not supported. */
}
/* RFC4035, section 3.1 RRSIGs for RRs in ADDITIONAL are optional. */
int ret = nsec_append_rrsigs(pkt, true);
switch(ret) {
......@@ -607,6 +619,15 @@ static int solve_additional_dnssec(int state, knot_pkt_t *pkt, struct query_data
}
}
/*! \brief Helper for internet_answer repetitive code. */
#define SOLVE_STEP(solver, state) \
state = solver(state, response, qdata); \
if (state == TRUNC) { \
return NS_PROC_DONE; \
} else if (state == ERROR) { \
return NS_PROC_FAIL; \
}
int internet_answer(knot_pkt_t *response, struct query_data *qdata)
{
dbg_ns("%s(%p, %p)\n", __func__, response, qdata);
......@@ -617,73 +638,39 @@ int internet_answer(knot_pkt_t *response, struct query_data *qdata)
NS_NEED_VALID_ZONE(qdata, KNOT_RCODE_REFUSED);
/* No applicable ACL, refuse transaction security. */
if (knot_pkt_have_tsig(qdata->pkt)) {
if (knot_pkt_have_tsig(qdata->query)) {
/* We have been challenged... */
zonedata_t *zone_data = (zonedata_t *)knot_zone_data(qdata->zone);
NS_NEED_AUTH(zone_data->xfr_out, qdata);
}
/* Write answer RRs for QNAME. */
/* Get answer to QNAME. */
dbg_ns("%s: writing %p ANSWER\n", __func__, response);
knot_pkt_begin(response, KNOT_ANSWER);
/* Get answer to QNAME. */
qdata->name = knot_pkt_qname(qdata->pkt);
int state = solve_answer_section(BEGIN, response, qdata);
/* Resolve DNSSEC for ANSWER. */
if (have_dnssec(qdata)) {
state = solve_answer_dnssec(state, response, qdata);
if (state == TRUNC) {
return NS_PROC_FINISH;
} else if (state == ERROR) {
return NS_PROC_FAIL;
}
}
qdata->name = knot_pkt_qname(qdata->query);
/* Begin processing. */
int state = BEGIN;
SOLVE_STEP(solve_answer_section, state);
SOLVE_STEP(solve_answer_dnssec, state);
/* Resolve AUTHORITY. */
dbg_ns("%s: writing %p AUTHORITY\n", __func__, response);
knot_pkt_begin(response, KNOT_AUTHORITY);
state = solve_authority(state, response, qdata);
if (state == TRUNC) {
return NS_PROC_FINISH;
} else if (state == ERROR) {
return NS_PROC_FAIL;
}
/* Resolve DNSSEC for AUTHORITY. */
if (have_dnssec(qdata)) {
state = solve_authority_dnssec(state, response, qdata);
if (state == TRUNC) {
return NS_PROC_FINISH;
} else if (state == ERROR) {
return NS_PROC_FAIL;
}
}
SOLVE_STEP(solve_authority, state);
SOLVE_STEP(solve_authority_dnssec, state);
/* Resolve ADDITIONAL. */
dbg_ns("%s: writing %p ADDITIONAL\n", __func__, response);
knot_pkt_begin(response, KNOT_ADDITIONAL);
state = solve_additional(state, response, qdata);
if (state == TRUNC) {
return NS_PROC_FINISH;
} else if (state == ERROR) {
return NS_PROC_FAIL;
}
/* Resolve DNSSEC for ADDITIONAL. */
if (have_dnssec(qdata)) {
state = solve_additional_dnssec(state, response, qdata);
if (state == TRUNC) {
return NS_PROC_FINISH;
} else if (state == ERROR) {
return NS_PROC_FAIL;
}
}
SOLVE_STEP(solve_additional, state);
SOLVE_STEP(solve_additional_dnssec, state);
/* Write RCODE. */
/* Write resulting RCODE. */
knot_wire_set_rcode(response->wire, qdata->rcode);
/* Complete response. */
return NS_PROC_FINISH;
return NS_PROC_DONE;
}
#undef SOLVE_STEP
......@@ -41,14 +41,14 @@ int internet_answer(knot_pkt_t *resp, struct query_data *qdata);
/*! \brief Require given QUERY TYPE or return error code. */
#define NS_NEED_QTYPE(qdata, qtype_want, error_rcode) \
if (knot_pkt_qtype((qdata)->pkt) != (qtype_want)) { \
if (knot_pkt_qtype((qdata)->query) != (qtype_want)) { \
qdata->rcode = (error_rcode); \
return NS_PROC_FAIL; \
}
/*! \brief Require given QUERY NAME or return error code. */
#define NS_NEED_QNAME(qdata, qname_want, error_rcode) \
if (!knot_dname_is_equal(knot_pkt_qname((qdata)->pkt), (qname_want))) { \
if (!knot_dname_is_equal(knot_pkt_qname((qdata)->query), (qname_want))) { \
qdata->rcode = (error_rcode); \
return NS_PROC_FAIL; \
}
......@@ -61,7 +61,7 @@ int internet_answer(knot_pkt_t *resp, struct query_data *qdata);
case KNOT_ENOENT: \
qdata->rcode = (error_rcode); \
return NS_PROC_FAIL; \
default: \
default: /* SERVFAIL */ \
return NS_PROC_FAIL; \
}
......
......@@ -150,7 +150,7 @@ static int ixfr_query_check(struct query_data *qdata)
/* Need IXFR query type. */
NS_NEED_QTYPE(qdata, KNOT_RRTYPE_IXFR, KNOT_RCODE_FORMERR);
/* Need SOA authority record. */
const knot_pktsection_t *authority = knot_pkt_section(qdata->pkt, KNOT_AUTHORITY);
const knot_pktsection_t *authority = knot_pkt_section(qdata->query, KNOT_AUTHORITY);
const knot_rrset_t *their_soa = authority->rr[0];
if (authority->count < 1 || knot_rrset_type(their_soa) != KNOT_RRTYPE_SOA) {
qdata->rcode = KNOT_RCODE_FORMERR;
......@@ -163,7 +163,7 @@ static int ixfr_query_check(struct query_data *qdata)
zonedata_t *zone_data = (zonedata_t *)knot_zone_data(qdata->zone);
NS_NEED_AUTH(zone_data->xfr_out, qdata);
return NS_PROC_FINISH;
return NS_PROC_DONE;
}
static int ixfr_answer_init(struct query_data *qdata)
......@@ -174,7 +174,7 @@ static int ixfr_answer_init(struct query_data *qdata)
return KNOT_EMALF; /* Malformed query. */
}
/* Compare serials. */
const knot_rrset_t *their_soa = knot_pkt_section(qdata->pkt, KNOT_AUTHORITY)->rr[0];
const knot_rrset_t *their_soa = knot_pkt_section(qdata->query, KNOT_AUTHORITY)->rr[0];
knot_changesets_t *chgsets = NULL;
int ret = ixfr_load_chsets(&chgsets, qdata->zone, their_soa);
if (ret != KNOT_EOK) {
......@@ -229,7 +229,7 @@ int ixfr_answer_soa(knot_pkt_t *pkt, knot_nameserver_t *ns, struct query_data *q
return NS_PROC_FAIL;
}
return NS_PROC_FINISH;
return NS_PROC_DONE;
}
int ixfr_answer(knot_pkt_t *pkt, knot_nameserver_t *ns, struct query_data *qdata)
......@@ -274,7 +274,7 @@ int ixfr_answer(knot_pkt_t *pkt, knot_nameserver_t *ns, struct query_data *qdata
case KNOT_EOK: /* Last response. */
dbg_ns("%s: finished IXFR, %u pkts, %.01fkB\n", __func__,
ixfr->proc.npkts, ixfr->proc.nbytes/1024.0);
ret = NS_PROC_FINISH;
ret = NS_PROC_DONE;
break;
default: /* Generic error. */
dbg_ns("%s: answered with ret = %s\n", __func__, knot_strerror(ret));
......
......@@ -33,8 +33,21 @@
struct query_data;
/*!
* \brief IXFR query processing module.
*
* \retval FULL if it has an answer, but not yet finished.
* \retval FAIL if it encountered an error.
* \retval DONE if finished.
*/
int ixfr_answer(knot_pkt_t *pkt, knot_nameserver_t *ns, struct query_data *qdata);
/*!
* \brief Respond to IXFR with SOA only.
*
* \retval FAIL if it encountered an error.
* \retval DONE if finished.
*/
int ixfr_answer_soa(knot_pkt_t *pkt, knot_nameserver_t *ns, struct query_data *qdata);
#endif /* _KNOT_IXFR_H_ */
......
......@@ -39,62 +39,9 @@
#include "libknot/dnssec/random.h"
#include "libknot/dnssec/zone-nsec.h"
/*----------------------------------------------------------------------------*/
/*! \brief Maximum UDP payload with EDNS disabled. */
static const uint16_t MAX_UDP_PAYLOAD = 512;
/*! \brief TTL of a CNAME synthetized from a DNAME. */
static const uint32_t SYNTH_CNAME_TTL = 0;
/*! \brief Determines whether DNSSEC is enabled. */
static const int DNSSEC_ENABLED = 1;
/*! \brief Internal error code to propagate need for SERVFAIL response. */
static const int NS_ERR_SERVFAIL = -999;
/*----------------------------------------------------------------------------*/
/* Private functions */
/*----------------------------------------------------------------------------*/
/*!
* \brief Finds zone where to search for the QNAME.
*
* \note As QTYPE DS requires special handling, this function finds a zone for
* a direct predecessor of QNAME in such case.
*
* \param zdb Zone database where to search for the proper zone.
* \param qname QNAME.
* \param qtype QTYPE.
*
* \return Zone to which QNAME belongs (according to QTYPE), or NULL if no such
* zone was found.
*/
const knot_zone_t *ns_get_zone_for_qname(knot_zonedb_t *zdb,
const knot_dname_t *qname,
uint16_t qtype)
{
const knot_zone_t *zone;
/*
* Find a zone in which to search.
*
* In case of DS query, we strip the leftmost label when searching for
* the zone (but use whole qname in search for the record), as the DS
* records are only present in a parent zone.
*/
if (qtype == KNOT_RRTYPE_DS) {
const knot_dname_t *parent = knot_wire_next_label(qname, NULL);
zone = knot_zonedb_find_suffix(zdb, parent);
/* If zone does not exist, search for its parent zone,
this will later result to NODATA answer. */
if (zone == NULL) {
zone = knot_zonedb_find_suffix(zdb, qname);
}
} else {
zone = knot_zonedb_find_suffix(zdb, qname);
}
return zone;
}
/*----------------------------------------------------------------------------*/
......@@ -537,15 +484,15 @@ void knot_ns_destroy(knot_nameserver_t **nameserver)
*nameserver = NULL;
}
/* #10 <<< Next-gen API. */
/* State -> string translation table. */
#define NS_STATE_STR(x) _state_table[x]
static const char* _state_table[] = {
[NS_PROC_NOOP] = "N/A",
[NS_PROC_NOOP] = "NOOP",
[NS_PROC_MORE] = "MORE",
[NS_PROC_FULL] = "FULL",
[NS_PROC_FINISH] = "FINISHED",
[NS_PROC_DONE] = "DONE",
[NS_PROC_FAIL] = "FAIL"
};
#define NS_STATE_STR(x) _state_table[x]
int ns_proc_begin(ns_proc_context_t *ctx, void *module_param, const ns_proc_module_t *module)
{
......@@ -573,9 +520,7 @@ int ns_proc_begin(ns_proc_context_t *ctx, void *module_param, const ns_proc_modu
int ns_proc_reset(ns_proc_context_t *ctx)
{
/* #10 implement */
ctx->state = ctx->module->reset(ctx);
dbg_ns("%s -> %s\n", __func__, NS_STATE_STR(ctx->state));
return ctx->state;
}
......@@ -587,9 +532,7 @@ int ns_proc_finish(ns_proc_context_t *ctx)
return NS_PROC_NOOP;
}
/* #10 implement */
ctx->state = ctx->module->finish(ctx);
dbg_ns("%s -> %s\n", __func__, NS_STATE_STR(ctx->state));
return ctx->state;
}
......@@ -605,7 +548,6 @@ int ns_proc_in(const uint8_t *wire, uint16_t wire_len, ns_proc_context_t *ctx)
knot_pkt_parse(pkt, 0);
ctx->state = ctx->module->in(pkt, ctx);
dbg_ns("%s -> %s\n", __func__, NS_STATE_STR(ctx->state));
return ctx->state;
}
......
......@@ -57,6 +57,7 @@ struct server_t;
* supported DNS functions.
*
* Currently only holds pointer to the zone database for answering queries.
* \todo Merge this with server_t
*/
typedef struct knot_nameserver {
/*!
......@@ -296,47 +297,50 @@ int knot_ns_tsig_required(int packet_nr);
*/
void knot_ns_destroy(knot_nameserver_t **nameserver);
/* ^^^
* NG processing API below, everything upwards should be slowly moved to appropriate
* files or removed.
*/
/* #10 <<< Exposed API. */
const knot_zone_t *ns_get_zone_for_qname(knot_zonedb_t *zdb,
const knot_dname_t *qname,
uint16_t qtype);
/* #10 >>> Exposed API. */
/* #10 <<< Next-gen API. */
/*! \brief Main packet processing states.
* Each state describes the current machine processing step
* and determines readiness for next action.
*/
enum ns_proc_state {
NS_PROC_NOOP = 0,
NS_PROC_MORE = 1 << 0,
NS_PROC_FULL = 1 << 1,
NS_PROC_FINISH = 1 << 2,
NS_PROC_FAIL = 1 << 3,
NS_PROC_NOOP = 0, /* N/A */
NS_PROC_MORE = 1 << 0, /* More input data. */
NS_PROC_FULL = 1 << 1, /* Has output data. */
NS_PROC_DONE = 1 << 2, /* Finished. */
NS_PROC_FAIL = 1 << 3 /* Error. */
};
/*! \brief Packet processing flags. */
enum ns_proc_flag {
/* Common flags. */
NS_PKTSIZE_NOLIMIT = 1 << 0, /* Don't limit packet size (for TCP). */
/* Module-specific flags. */
NS_PROCFLAG = 1 << 8
};
/* Forward declarations. */
struct ns_proc_module;
struct ns_sign_context;
/*! \brief Packte processing context. */
typedef struct ns_proc_context
{
int state;
mm_ctx_t mm;
uint16_t type;
uint16_t flags;
void *data;
int state;
knot_nameserver_t *ns;
void *data;
/* Module implementation. */
const struct ns_proc_module *module;
} ns_proc_context_t;
/*! \brief Packet processing module API. */
typedef struct ns_proc_module {
int (*begin)(ns_proc_context_t *ctx, void *module_param);
int (*reset)(ns_proc_context_t *ctx);
......@@ -346,6 +350,8 @@ typedef struct ns_proc_module {
int (*err)(knot_pkt_t *pkt, ns_proc_context_t *ctx);
} ns_proc_module_t;
/*! \brief Packet signing context.
* \todo This should be later moved to TSIG files when refactoring. */
typedef struct ns_sign_context {
knot_tsig_key_t *tsig_key;
uint8_t *tsig_buf;
......@@ -357,13 +363,59 @@ typedef struct ns_sign_context {
size_t pkt_count;
} ns_sign_context_t;
/*!
* \brief Initialize packet processing context.
*
* Allowed from states: NOOP
*
* \param ctx Context.
* \param module_param Parameters for given module.
* \param module Module API.
* \return (module specific state)
*/
int ns_proc_begin(ns_proc_context_t *ctx, void *module_param, const ns_proc_module_t *module);
/*!
* \brief Reset current packet processing context.
* \param ctx Context.
* \return (module specific state)
*/
int ns_proc_reset(ns_proc_context_t *ctx);
/*!
* \brief Finish and close packet processing context.
*
* Allowed from states: MORE, FULL, DONE, FAIL
*
* \param ctx Context.
* \return (module specific state)
*/
int ns_proc_finish(ns_proc_context_t *ctx);
/*!
* \brief Input more data into packet processing.
*
* Allowed from states: MORE
*
* \param wire Source data.
* \param wire_len Source data length.
* \param ctx Context.
* \return (module specific state)
*/
int ns_proc_in(const uint8_t *wire, uint16_t wire_len, ns_proc_context_t *ctx);
/*!
* \brief Write out output from packet processing.
*
* Allowed from states: FULL, FAIL
*
* \param wire Destination.
* \param wire_len Destination length.
* \param ctx Context.
* \return (module specific state)
*/
int ns_proc_out(uint8_t *wire, uint16_t *wire_len, ns_proc_context_t *ctx);
/* #10 >>> Next-gen API. */
#endif /* _KNOTNAME_SERVER_H_ */
/*! @} */
......@@ -38,6 +38,7 @@ const ns_proc_module_t _ns_proc_query = {
&ns_proc_query_err
};
/*! \brief Accessor to query-specific data. */
#define QUERY_DATA(ctx) ((struct query_data *)(ctx)->data)
int ns_proc_query_begin(ns_proc_context_t *ctx, void *module_param)
......@@ -64,7 +65,7 @@ int ns_proc_query_reset(ns_proc_context_t *ctx)
/* Clear */
assert(ctx);
struct query_data *qdata = QUERY_DATA(ctx);
knot_pkt_free(&qdata->pkt);
knot_pkt_free(&qdata->query);
qdata->rcode = KNOT_RCODE_NOERROR;
qdata->rcode_tsig = 0;
qdata->node = qdata->encloser = qdata->previous = NULL;
......@@ -107,7 +108,7 @@ int ns_proc_query_in(knot_pkt_t *pkt, ns_proc_context_t *ctx)
}
/* Store for processing. */
qdata->pkt = pkt;
qdata->query = pkt;
/* Declare having response. */
return NS_PROC_FULL;
......@@ -121,8 +122,8 @@ int ns_proc_query_out(knot_pkt_t *pkt, ns_proc_context_t *ctx)
rcu_read_lock();
/* Check parse state. */
knot_pkt_t *query = qdata->pkt;
int next_state = NS_PROC_FINISH;
knot_pkt_t *query = qdata->query;
int next_state = NS_PROC_DONE;
if (query->parsed < query->size) {
dbg_ns("%s: query is FORMERR\n", __func__);
qdata->rcode = KNOT_RCODE_FORMERR;
......@@ -130,7 +131,10 @@ int ns_proc_query_out(knot_pkt_t *pkt, ns_proc_context_t *ctx)
goto finish;
}
/* Prepare answer. */
/*
* Preprocessing
*/
int ret = prepare_answer(query, pkt, ctx);
if (ret != KNOT_EOK) {
qdata->rcode = KNOT_RCODE_SERVFAIL;
......@@ -154,6 +158,10 @@ int ns_proc_query_out(knot_pkt_t *pkt, ns_proc_context_t *ctx)
next_state = NS_PROC_FAIL;
break;
}
/*
* Postprocessing.
*/
/* Default RCODE is SERVFAIL if not specified otherwise. */
if (next_state == NS_PROC_FAIL && qdata->rcode == KNOT_RCODE_NOERROR) {
......@@ -161,7 +169,7 @@ int ns_proc_query_out(knot_pkt_t *pkt, ns_proc_context_t *ctx)
}
/* Transaction security for positive answer. */
if (next_state == NS_PROC_FINISH || next_state == NS_PROC_FULL) {
if (next_state == NS_PROC_DONE || next_state == NS_PROC_FULL) {
if (ns_proc_query_sign_response(pkt, qdata) != KNOT_EOK) {
next_state = NS_PROC_FAIL;
}
......@@ -185,7 +193,7 @@ int ns_proc_query_err(knot_pkt_t *pkt, ns_proc_context_t *ctx)
/* Initialize response from query packet. */
knot_pkt_clear(pkt);
knot_pkt_t *query = qdata->pkt;
knot_pkt_t *query = qdata->query;
pkt->size = knot_pkt_question_size(query);
/* If original QNAME is empty, Query is either unparsed or for root domain.
......@@ -212,12 +220,12 @@ int ns_proc_query_err(knot_pkt_t *pkt, ns_proc_context_t *ctx)
return NS_PROC_FAIL;
}
return NS_PROC_FINISH;
return NS_PROC_DONE;
}
bool ns_proc_query_acl_check(acl_t *acl, struct query_data *qdata)
{
knot_pkt_t *query = qdata->pkt;
knot_pkt_t *query = qdata->query;
const sockaddr_t *query_source = &qdata->param->query_source;
const knot_dname_t *key_name = NULL;
knot_tsig_algorithm_t key_alg = KNOT_TSIG_ALG_NULL;
......@@ -245,7 +253,7 @@ bool ns_proc_query_acl_check(acl_t *acl, struct query_data *qdata)
int ns_proc_query_verify(struct query_data *qdata)
{
knot_pkt_t *query = qdata->pkt;
knot_pkt_t *query = qdata->query;
ns_sign_context_t *ctx = &qdata->sign;
/* NOKEY => no verification. */
......@@ -294,7 +302,7 @@ int ns_proc_query_verify(struct query_data *qdata)
int ns_proc_query_sign_response(knot_pkt_t *pkt, struct query_data *qdata)
{
int ret = KNOT_EOK;
knot_pkt_t *query = qdata->pkt;
knot_pkt_t *query = qdata->query;
ns_sign_context_t *ctx = &qdata->sign;
......@@ -351,7 +359,7 @@ static int query_internet(knot_pkt_t *pkt, ns_proc_context_t *ctx)
{
struct query_data *data = QUERY_DATA(ctx);
int next_state = NS_PROC_FAIL;
uint16_t query_type = knot_pkt_type(data->pkt);
uint16_t query_type = knot_pkt_type(data->query);
switch(query_type) {
case KNOT_QUERY_NORMAL:
......@@ -402,7 +410,7 @@ static int ratelimit_apply(int state, knot_pkt_t *pkt, ns_proc_context_t *ctx)