Commit ea068fb0 authored by Lubos Slovak's avatar Lubos Slovak

Checking TSIG at the end of AXFR transfer.

refs #1362 @20m
parent ad80050c
......@@ -858,8 +858,9 @@ int knot_packet_parse_next_rr_answer(knot_packet_t *packet,
if (packet->an_rrsets == packet->header.ancount) {
assert(packet->parsed < packet->size);
dbg_packet("Trailing garbage, ignoring...\n");
/*! \todo Do not ignore. */
//dbg_packet("Trailing garbage, ignoring...\n");
// there may be other data in the packet
// (authority or additional).
return KNOT_EOK;
}
......
......@@ -592,6 +592,9 @@ dbg_xfrin_exec(
* TSIG
*/
if (xfr->tsig_key) {
dbg_xfrin("Adding packet wire to TSIG data (size till now: %zu,"
" adding: %zu).\n", xfr->tsig_data_size,
xfr->wire_size);
assert(KNOT_NS_TSIG_DATA_MAX_SIZE - xfr->tsig_data_size
>= xfr->wire_size);
memcpy(xfr->tsig_data + xfr->tsig_data_size, xfr->wire,
......@@ -632,8 +635,20 @@ dbg_xfrin_exec(
assert(knot_node_rrset(knot_zone_contents_apex((zone)),
KNOT_RRTYPE_SOA) != NULL);
dbg_xfrin("Found last SOA, transfer finished.\n");
knot_rrset_deep_free(&rr, 1, 1, 1);
dbg_xfrin("Verifying TSIG...\n");
/*! \note [TSIG] Now check if there is not a TSIG record
* at the end of the packet.
*/
ret = xfrin_check_tsig(packet, xfr, 1);
knot_packet_free(&packet);
knot_rrset_deep_free(&rr, 1, 1, 1);
if (ret != KNOT_EOK) {
/*! \todo [TSIG] Handle TSIG errors. */
return ret;
}
// we must now find place for all orphan RRSIGs
ret = xfrin_process_orphan_rrsigs(zone,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment