clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 06:37:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

send recursive queries to test cache drop off.

Browse Source 
git-svn-id: file:///svn/unbound/trunk@549 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2007-08-27 11:26:03 +00:00
parent c9107bfb1a
commit 674fdd5e39
3 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
daemon/worker.c
View File

@ -311,14 +311,42 @@ check_delegation_secure(struct reply_info *rep)
size_t i;
enum sec_status sec = sec_status_secure;
enum sec_status s;
for(i=0; i<rep->rrset_count; i++) {
size_t num = rep->an_numrrsets + rep->ns_numrrsets;
/* check if answer and authority are OK */
for(i=0; i<num; i++) {
s = ((struct packed_rrset_data*)rep->rrsets[i])->security;
if(s < sec)
sec = s;
}
/* in additional, only unchecked triggers revalidation */
for(i=num; i<rep->rrset_count; i++) {
s = ((struct packed_rrset_data*)rep->rrsets[i])->security;
if(s == sec_status_unchecked)
return s;
}
return sec;
}
/** remove nonsecure from a delegation referral additional section */
static void
deleg_remove_nonsecure_additional(struct reply_info* rep)
{
/* we can simply edit it, since we are working in the scratch region */
size_t i;
enum sec_status s;
for(i = rep->an_numrrsets+rep->ns_numrrsets; i<rep->rrset_count; i++) {
s = ((struct packed_rrset_data*)rep->rrsets[i])->security;
if(s != sec_status_secure) {
memmove(rep->rrsets+i, rep->rrsets+i+1,
sizeof(struct ub_packed_rrset_key*)*
(rep->rrset_count - i - 1));
rep->ar_numrrsets--;
rep->rrset_count--;
}
}
}
/** answer nonrecursive query from the cache */
static int
answer_norec_from_cache(struct worker* worker, struct query_info* qinfo,
@ -367,6 +395,9 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo,
return 1;
case sec_status_secure:
/* all rrsets are secure */
/* remove non-secure rrsets from the add. section*/
if(worker->env.cfg->val_clean_additional)
deleg_remove_nonsecure_additional(msg->rep);
secure = 1;
break;
case sec_status_indeterminate:
@ -384,7 +415,7 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo,
edns->bits &= EDNS_DO;
msg->rep->flags |= BIT_QR|BIT_RA;
if(!reply_info_answer_encode(&msg->qinfo, msg->rep, id, flags,
repinfo->c->buffer, timenow, 1, worker->scratchpad,
repinfo->c->buffer, 0, 1, worker->scratchpad,
udpsize, edns, (int)(edns->bits & EDNS_DO), secure)) {
error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
&msg->qinfo, id, flags, edns);

2
doc/Changelog
View File

@ -1,6 +1,8 @@
27 August 2007: Wouter
- do not garble the edns if a cache answer fails.
- answer norecursive from cache if possible.
- honor clean_additional setting when returning secure non-recursive
referrals.
24 August 2007: Wouter
- message is bogus if unsecure authority rrsets are present.

3
testdata/fwd_lrudrop.rpl vendored
View File

@ -11,6 +11,7 @@ SCENARIO_BEGIN Old answer is dropped from the cache
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
@ -47,6 +48,7 @@ ENTRY_END
; another query to force the cache to drop the example.com entry.
STEP 11 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.net. IN A
ENTRY_END
@ -84,6 +86,7 @@ ENTRY_END
; query, same as first, but it fell out of the cache.
STEP 21 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END