mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-09-04 08:35:31 +00:00
4688. [protocol] Check and display EDNS KEY TAG options (RFC 8145) in
messages. [RT #44804]
This commit is contained in:
Mark Andrews
3
CHANGES
3
CHANGES
@@ -1,3 +1,6 @@
|
|||||||
|
4688. [protocol] Check and display EDNS KEY TAG options (RFC 8145) in
|
||||||
|
messages. [RT #44804]
|
||||||
|
|
||||||
4687. [func] Refactor tracklines code. [RT #45126]
|
4687. [func] Refactor tracklines code. [RT #45126]
|
||||||
|
|
||||||
4686. [bug] dnssec-settime -p could print a bogus warning about
|
4686. [bug] dnssec-settime -p could print a bogus warning about
|
||||||
|
|||||||
@@ -1436,6 +1436,7 @@ dig_ednsoptname_t optnames[] = {
|
|||||||
{ 12, "PADDING" }, /* RFC 7830 */
|
{ 12, "PADDING" }, /* RFC 7830 */
|
||||||
{ 12, "PAD" }, /* shorthand */
|
{ 12, "PAD" }, /* shorthand */
|
||||||
{ 13, "CHAIN" }, /* RFC 7901 */
|
{ 13, "CHAIN" }, /* RFC 7901 */
|
||||||
|
{ 14, "KEY-TAG" }, /* RFC 8145 */
|
||||||
{ 26946, "DEVICEID" }, /* Brian Hartvigsen */
|
{ 26946, "DEVICEID" }, /* Brian Hartvigsen */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -425,6 +425,7 @@ if [ -x ${DIG} ] ; then
|
|||||||
echo "I:skipping 'dig +idnout' as IDN support is not enabled ($n)"
|
echo "I:skipping 'dig +idnout' as IDN support is not enabled ($n)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
n=`expr $n + 1`
|
||||||
echo "I:checking that dig warns about .local queries ($n)"
|
echo "I:checking that dig warns about .local queries ($n)"
|
||||||
ret=0
|
ret=0
|
||||||
$DIG $DIGOPTS @10.53.0.3 local soa > dig.out.test$n 2>&1 || ret=1
|
$DIG $DIGOPTS @10.53.0.3 local soa > dig.out.test$n 2>&1 || ret=1
|
||||||
@@ -432,6 +433,31 @@ if [ -x ${DIG} ] ; then
|
|||||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||||
status=`expr $status + $ret`
|
status=`expr $status + $ret`
|
||||||
|
|
||||||
|
n=`expr $n + 1`
|
||||||
|
echo "I:check that dig processes +ednsopt=key-tag and FORMERR is returned ($n)"
|
||||||
|
$DIG $DIGOPTS @10.53.0.3 +ednsopt=key-tag a.example +qr > dig.out.test$n 2>&1 || ret=1
|
||||||
|
grep "; KEY-TAG$" dig.out.test$n > /dev/null || ret=1
|
||||||
|
grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
|
||||||
|
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||||
|
status=`expr $status + $ret`
|
||||||
|
|
||||||
|
n=`expr $n + 1`
|
||||||
|
echo "I:check that dig processes +ednsopt=key-tag:<value-list> ($n)"
|
||||||
|
$DIG $DIGOPTS @10.53.0.3 +ednsopt=key-tag:00010002 a.example +qr > dig.out.test$n 2>&1 || ret=1
|
||||||
|
grep "; KEY-TAG: 1, 2$" dig.out.test$n > /dev/null || ret=1
|
||||||
|
grep "status: FORMERR" dig.out.test$n > /dev/null && ret=1
|
||||||
|
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||||
|
status=`expr $status + $ret`
|
||||||
|
|
||||||
|
n=`expr $n + 1`
|
||||||
|
echo "I:check that dig processes +ednsopt=key-tag:<malformed-value-list> and FORMERR is returned ($n)"
|
||||||
|
ret=0
|
||||||
|
$DIG $DIGOPTS @10.53.0.3 +ednsopt=key-tag:0001000201 a.example +qr > dig.out.test$n 2>&1 || ret=1
|
||||||
|
grep "; KEY-TAG: 00 01 00 02 01" dig.out.test$n > /dev/null || ret=1
|
||||||
|
grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
|
||||||
|
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||||
|
status=`expr $status + $ret`
|
||||||
|
|
||||||
else
|
else
|
||||||
echo "$DIG is needed, so skipping these dig tests"
|
echo "$DIG is needed, so skipping these dig tests"
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -269,10 +269,6 @@
|
|||||||
records for a name, but omits types RRSIG, NSEC and NSEC3.
|
records for a name, but omits types RRSIG, NSEC and NSEC3.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Several areas of code have been refactored for improved
|
Several areas of code have been refactored for improved
|
||||||
@@ -405,6 +401,11 @@
|
|||||||
[RT #44696]
|
[RT #44696]
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
EDNS KEY TAG options are verified and printed.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|||||||
@@ -99,6 +99,7 @@
|
|||||||
#define DNS_OPT_COOKIE 10 /*%< COOKIE opt code */
|
#define DNS_OPT_COOKIE 10 /*%< COOKIE opt code */
|
||||||
#define DNS_OPT_TCP_KEEPALIVE 11 /*%< TCP keepalive opt code */
|
#define DNS_OPT_TCP_KEEPALIVE 11 /*%< TCP keepalive opt code */
|
||||||
#define DNS_OPT_PAD 12 /*%< PAD opt code */
|
#define DNS_OPT_PAD 12 /*%< PAD opt code */
|
||||||
|
#define DNS_OPT_KEY_TAG 14 /*%< Key tag opt code */
|
||||||
|
|
||||||
/*%< Experimental options [65001...65534] as per RFC6891 */
|
/*%< Experimental options [65001...65534] as per RFC6891 */
|
||||||
|
|
||||||
|
|||||||
@@ -3608,6 +3608,23 @@ dns_message_pseudosectiontoyaml(dns_message_t *msg,
|
|||||||
} else if (optcode == DNS_OPT_PAD) {
|
} else if (optcode == DNS_OPT_PAD) {
|
||||||
INDENT(style);
|
INDENT(style);
|
||||||
ADD_STRING(target, "PAD");
|
ADD_STRING(target, "PAD");
|
||||||
|
} else if (optcode == DNS_OPT_KEY_TAG) {
|
||||||
|
INDENT(style);
|
||||||
|
ADD_STRING(target, "KEY-TAG");
|
||||||
|
if (optlen > 0U && (optlen % 2U) == 0U) {
|
||||||
|
const char *sep = ": ";
|
||||||
|
isc_uint16_t id;
|
||||||
|
while (optlen > 0U) {
|
||||||
|
id = isc_buffer_getuint16(&optbuf);
|
||||||
|
snprintf(buf, sizeof(buf), "%s%u",
|
||||||
|
sep, id);
|
||||||
|
ADD_STRING(target, buf);
|
||||||
|
sep = ", ";
|
||||||
|
optlen -= 2;
|
||||||
|
}
|
||||||
|
ADD_STRING(target, "\n");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
INDENT(style);
|
INDENT(style);
|
||||||
ADD_STRING(target, "OPT: ");
|
ADD_STRING(target, "OPT: ");
|
||||||
@@ -3860,6 +3877,22 @@ dns_message_pseudosectiontotext(dns_message_t *msg,
|
|||||||
}
|
}
|
||||||
ADD_STRING(target, "\n");
|
ADD_STRING(target, "\n");
|
||||||
continue;
|
continue;
|
||||||
|
} else if (optcode == DNS_OPT_KEY_TAG) {
|
||||||
|
ADD_STRING(target, "; KEY-TAG");
|
||||||
|
if (optlen > 0U && (optlen % 2U) == 0U) {
|
||||||
|
const char *sep = ": ";
|
||||||
|
isc_uint16_t id;
|
||||||
|
while (optlen > 0U) {
|
||||||
|
id = isc_buffer_getuint16(&optbuf);
|
||||||
|
snprintf(buf, sizeof(buf), "%s%u",
|
||||||
|
sep, id);
|
||||||
|
ADD_STRING(target, buf);
|
||||||
|
sep = ", ";
|
||||||
|
optlen -= 2;
|
||||||
|
}
|
||||||
|
ADD_STRING(target, "\n");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
ADD_STRING(target, "; OPT=");
|
ADD_STRING(target, "; OPT=");
|
||||||
snprintf(buf, sizeof(buf), "%u", optcode);
|
snprintf(buf, sizeof(buf), "%u", optcode);
|
||||||
|
|||||||
@@ -176,6 +176,11 @@ fromwire_opt(ARGS_FROMWIRE) {
|
|||||||
return (DNS_R_OPTERR);
|
return (DNS_R_OPTERR);
|
||||||
isc_region_consume(&sregion, length);
|
isc_region_consume(&sregion, length);
|
||||||
break;
|
break;
|
||||||
|
case DNS_OPT_KEY_TAG:
|
||||||
|
if (length == 0 || (length % 2) != 0)
|
||||||
|
return (DNS_R_OPTERR);
|
||||||
|
isc_region_consume(&sregion, length);
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
isc_region_consume(&sregion, length);
|
isc_region_consume(&sregion, length);
|
||||||
break;
|
break;
|
||||||
|
|||||||
Reference in New Issue
Block a user