Commit f7352934 authored by Mark Andrews's avatar Mark Andrews
Browse files

4743. [func] Exclude trust-anchor-telementry queries from

                        synth-from-dnssec processing. [RT #46123]
parent e00fdad1
4743. [func] Exclude trust-anchor-telementry queries from
synth-from-dnssec processing. [RT #46123]
4742. [func] Synthesis of responses from DNSSEC-verified records.
Stage 2 - synthesis of records from wildcard data.
If the dns64 or filter-aaaa* is configured then the
......
......@@ -1318,6 +1318,12 @@ dns_name_isula(const dns_name_t *owner);
* Determine if the 'name' is in the ULA reverse namespace.
*/
isc_boolean_t
dns_name_istat(const dns_name_t *name);
/*
* Determine if 'name' is a potential 'trust-anchor-telementry' name.
*/
ISC_LANG_ENDDECLS
/*
......
......@@ -2755,3 +2755,62 @@ dns_name_isula(const dns_name_t *name) {
return (ISC_TRUE);
return (ISC_FALSE);
}
/*
* Use a simple table as we don't want all the locale stuff
* associated with ishexdigit().
*/
const char
ishex[256] = {
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0,
0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
isc_boolean_t
dns_name_istat(const dns_name_t *name) {
unsigned char len;
const unsigned char *ndata;
REQUIRE(VALID_NAME(name));
if (name->labels < 1)
return (ISC_FALSE);
ndata = name->ndata;
len = ndata[0];
INSIST(len <= name->length);
ndata++;
/*
* Is there at least one trust anchor reported and is the
* label length consistent with a trust-anchor-telementry label.
*/
if ((len < 8) || (len - 3) % 5 != 0) {
return (ISC_FALSE);
}
if (ndata[0] != '_' ||
maptolower[ndata[1]] != 't' ||
maptolower[ndata[2]] != 'a') {
return (ISC_FALSE);
}
ndata += 3;
len -= 3;
while (len > 0) {
INSIST(len >= 5);
if (ndata[0] != '-' || !ishex[ndata[1]] || !ishex[ndata[2]] ||
!ishex[ndata[3]] || !ishex[ndata[4]]) {
return (ISC_FALSE);
}
ndata += 5;
len -= 5;
}
return (ISC_TRUE);
}
......@@ -277,6 +277,54 @@ ATF_TC_BODY(compression, tc) {
dns_test_end();
}
ATF_TC(istat);
ATF_TC_HEAD(istat, tc) {
atf_tc_set_md_var(tc, "descr", "is trust-anchor-telementry test");
}
ATF_TC_BODY(istat, tc) {
dns_fixedname_t fixed;
dns_name_t *name;
isc_result_t result;
size_t i;
struct {
const char *name;
isc_boolean_t istat;
} data[] = {
{ ".", ISC_FALSE },
{ "_ta-", ISC_FALSE },
{ "_ta-1234", ISC_TRUE },
{ "_TA-1234", ISC_TRUE },
{ "+TA-1234", ISC_FALSE },
{ "_fa-1234", ISC_FALSE },
{ "_td-1234", ISC_FALSE },
{ "_ta_1234", ISC_FALSE },
{ "_ta-g234", ISC_FALSE },
{ "_ta-1h34", ISC_FALSE },
{ "_ta-12i4", ISC_FALSE },
{ "_ta-123j", ISC_FALSE },
{ "_ta-1234-abcf", ISC_TRUE },
{ "_ta-1234-abcf-ED89", ISC_TRUE },
{ "_ta-12345-abcf-ED89", ISC_FALSE },
{ "_ta-.example", ISC_FALSE },
{ "_ta-1234.example", ISC_TRUE },
{ "_ta-1234-abcf.example", ISC_TRUE },
{ "_ta-1234-abcf-ED89.example", ISC_TRUE },
{ "_ta-12345-abcf-ED89.example", ISC_FALSE },
{ "_ta-1234-abcfe-ED89.example", ISC_FALSE },
{ "_ta-1234-abcf-EcD89.example", ISC_FALSE }
};
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
for (i = 0; i < sizeof(data)/sizeof(data[0]); i++) {
result = dns_name_fromstring(name, data[i].name, 0, NULL);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
ATF_CHECK_EQ_MSG(dns_name_istat(name), data[i].istat,
"testing %s - expected %u", data[i].name, data[i].istat);
}
}
#ifdef ISC_PLATFORM_USETHREADS
#ifdef DNS_BENCHMARK_TESTS
......@@ -381,6 +429,7 @@ ATF_TC_BODY(benchmark, tc) {
ATF_TP_ADD_TCS(tp) {
ATF_TP_ADD_TC(tp, fullcompare);
ATF_TP_ADD_TC(tp, compression);
ATF_TP_ADD_TC(tp, istat);
#ifdef ISC_PLATFORM_USETHREADS
#ifdef DNS_BENCHMARK_TESTS
ATF_TP_ADD_TC(tp, benchmark);
......@@ -389,4 +438,3 @@ ATF_TP_ADD_TCS(tp) {
return (atf_no_error());
}
......@@ -5371,7 +5371,8 @@ query_lookup(query_ctx_t *qctx) {
}
dboptions = qctx->client->query.dboptions;
if (!qctx->is_zone && qctx->findcoveringnsec)
if (!qctx->is_zone && qctx->findcoveringnsec &&
(qctx->type != dns_rdatatype_null || !dns_name_istat(rpzqname)))
dboptions |= DNS_DBFIND_COVERINGNSEC;
result = dns_db_findext(qctx->db, rpzqname, qctx->version, qctx->type,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment