ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

add functions to match rdataset types

Browse Source 
- dns_rdataset_issigtype() returns true if the rdataset is
  of type RRSIG and covers a specified type
- dns_rdataset_matchestype() returns true if the rdataset
  is of the specified type *or* the RRSIG covering it.
This commit is contained in:
Evan Hunt
2025-02-27 17:10:21 -08:00
parent ea33257ad0
commit fdb9a24d18
2 changed files with 43 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
lib/dns/include/dns/rdataset.h
View File

@@ -689,3 +689,30 @@ dns_rdataset_equals(const dns_rdataset_t *rdataset1,
* \li 'rdataset1' is a valid rdataset.
* \li 'rdataset2' is a valid rdataset.
*/
/*%
* Returns true if the rdataset is of type 'type', or type RRSIG
* and covers 'type'.
*/
static inline bool
dns_rdataset_matchestype(const dns_rdataset_t *rdataset,
const dns_rdatatype_t type) {
REQUIRE(DNS_RDATASET_VALID(rdataset));
return rdataset->type == type ||
(rdataset->type == dns_rdatatype_rrsig &&
rdataset->covers == type);
}
/*%
* Returns true if the rdataset is of type 'type', or type RRSIG
* and covers 'type'.
*/
static inline bool
dns_rdataset_issigtype(const dns_rdataset_t *rdataset,
const dns_rdatatype_t type) {
REQUIRE(DNS_RDATASET_VALID(rdataset));
return rdataset->type == dns_rdatatype_rrsig &&
rdataset->covers == type;
}

42
lib/dns/resolver.c
View File

@@ -5597,13 +5597,13 @@ answer_response:
sigrdataset != NULL;
sigrdataset = ISC_LIST_NEXT(sigrdataset, link))
{
if (sigrdataset->type != dns_rdatatype_rrsig ||
sigrdataset->covers != rdataset->type)
if (dns_rdataset_issigtype(sigrdataset,
rdataset->type))
{
continue;
break;
}
break;
}
if (sigrdataset == NULL ||
sigrdataset->trust != dns_trust_secure)
{
@@ -5802,9 +5802,7 @@ findnoqname(fetchctx_t *fctx, dns_message_t *message, dns_name_t *name,
for (sigrdataset = ISC_LIST_HEAD(name->list); sigrdataset != NULL;
sigrdataset = ISC_LIST_NEXT(sigrdataset, link))
{
if (sigrdataset->type == dns_rdatatype_rrsig &&
sigrdataset->covers == type)
{
if (dns_rdataset_issigtype(sigrdataset, type)) {
break;
}
}
@@ -5897,9 +5895,7 @@ findnoqname(fetchctx_t *fctx, dns_message_t *message, dns_name_t *name,
sigrdataset != NULL;
sigrdataset = ISC_LIST_NEXT(sigrdataset, link))
{
if (sigrdataset->type == dns_rdatatype_rrsig &&
sigrdataset->covers == found)
{
if (dns_rdataset_issigtype(sigrdataset, found)) {
break;
}
}
@@ -6047,8 +6043,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_message_t *message,
sigrdataset != NULL;
sigrdataset = ISC_LIST_NEXT(sigrdataset, link))
{
if (sigrdataset->type == dns_rdatatype_rrsig &&
sigrdataset->covers == rdataset->type)
if (dns_rdataset_issigtype(sigrdataset, rdataset->type))
{
break;
}
@@ -6077,14 +6072,13 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_message_t *message,
continue;
}
/*
* Ignore unrelated non-answer rdatasets that are
* missing signatures.
*/
if (sigrdataset == NULL && need_validation &&
!ANSWER(rdataset))
{
/*
* Ignore unrelated non-answer
* rdatasets that are missing
* signatures.
*/
continue;
}
@@ -6275,9 +6269,8 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_message_t *message,
}
}
if (rdataset->trust == dns_trust_glue &&
(rdataset->type == dns_rdatatype_ns ||
(rdataset->type == dns_rdatatype_rrsig &&
rdataset->covers == dns_rdatatype_ns)))
dns_rdataset_matchestype(rdataset,
dns_rdatatype_ns))
{
/*
* If the trust level is
@@ -8669,9 +8662,7 @@ rctx_answer_match(respctx_t *rctx) {
return ISC_R_COMPLETE;
}
if (sigrdataset->type != dns_rdatatype_rrsig ||
sigrdataset->covers != rctx->type)
{
if (!dns_rdataset_issigtype(sigrdataset, rctx->type)) {
continue;
}
@@ -8838,9 +8829,8 @@ rctx_authority_positive(respctx_t *rctx) {
rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link))
{
if (rdataset->type == dns_rdatatype_ns ||
(rdataset->type == dns_rdatatype_rrsig &&
rdataset->covers == dns_rdatatype_ns))
if (dns_rdataset_matchestype(rdataset,
dns_rdatatype_ns))
{
name->attributes.cache = true;
rdataset->attributes |=