Commit d5e5070d authored by Libor Peltan's avatar Libor Peltan

ddns+forward+tsig: not changing msgID in general packet wire

instead of hard-changing msgID in packet wire, which breaks msgID for the response, we just
set the original msgID when computing the tsig hash to check against
parent 7d924855
......@@ -700,7 +700,6 @@ static int check_rr_constraints(knot_pkt_t *pkt, knot_rrset_t *rr, size_t rr_siz
pkt->size -= rr_size;
pkt->tsig_wire.pos = pkt->wire + pkt->parsed;
pkt->tsig_wire.len = rr_size;
knot_wire_set_id(pkt->wire, knot_tsig_rdata_orig_id(rr));
knot_wire_set_arcount(pkt->wire, knot_wire_get_arcount(pkt->wire) - 1);
......@@ -546,6 +546,9 @@ static int check_digest(const knot_rrset_t *tsig_rr,
memset(wire_to_sign, 0, size);
memcpy(wire_to_sign, wire, size);
// restore message ID to which the signature had been created with
knot_wire_set_id(wire_to_sign, knot_tsig_rdata_orig_id(tsig_rr));
uint8_t digest_tmp[KNOT_TSIG_MAX_DIGEST_SIZE];
size_t digest_tmp_len = 0;
assert(tsig_rr->rrs.rr_count > 0);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment