Skip to content

Add the basic EDE (RFC8914) cases #604

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
TCY16 merged 103 commits into from
May 6, 2022
+16,282 −13,167
Merged

Add the basic EDE (RFC8914) cases #604

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
103 commits
Select commit Hold shift + click to select a range
285f93f
Add EDE EDNS0 Option code
wtoorop Jun 24, 2021
a8d78b2
Simple EDE example
wtoorop Jun 24, 2021
4049885
add locations for EDE errors
Aug 13, 2021
0703a38
Fix: use EDE codes with EDNS_OPT_APPEND_EDE
Aug 16, 2021
eac4eb3
Return EDE_DNSSEC_BOGUS when returning bogus answers
Aug 16, 2021
6b5f314
Show reason when returning EDE_DNSSEC_BOGUS
Aug 16, 2021
a9e6f6b
add variable bogus reason
Aug 17, 2021
b3f60db
add local anwser blocked
Aug 19, 2021
935634d
Revert "add local anwser blocked"
Aug 19, 2021
5fff0f7
Fix dont echo edns0 option list ...
Aug 19, 2021
5f1bad7
Merge branch 'master' into features/rfc8914-ede
Aug 20, 2021
04daac4
set up for tpkg test
Aug 23, 2021
8b06787
add localzones test
Aug 23, 2021
160fd01
add DNSSEC indeterminate EDE and DNAME expansion test
Sep 8, 2021
8bcc78c
add mesh bogus test, possible locations for more EDE and remove super…
Sep 13, 2021
c62828f
First step towards specific EDE DNSSEC errors
Sep 14, 2021
f840be0
add possible EDE spots
Sep 15, 2021
2b422df
Answer LDNS_EDE_RRSIGS_MISSING for normal answers with missing signat…
Sep 15, 2021
c3a2ce2
add routine to do EDE on ACL blocked messages
Sep 20, 2021
4ac3a7c
add forgotten compile error fixes from previous commit
Sep 20, 2021
8b3e1d8
add routine to add EDE to ACL:refused at correct location
Sep 27, 2021
7d0d645
change strncpy to memmove at @wcawijngaards' suggestion
Sep 28, 2021
6d0cd16
process @wcawijngaards' comments
Sep 28, 2021
3b20150
process @wcawijngaards' comments v2
Sep 28, 2021
65e71a3
fix CH class response
Sep 28, 2021
8e4e6c6
add QDCOUNT=0 to CHAOS query in ACL
Sep 29, 2021
d386e3a
add EDE response to autotrust_init_fail test
Sep 30, 2021
0e959d4
add EDE response to autotrust_init_failsig test
Sep 30, 2021
16f8248
add EDE responses to unittests
Oct 1, 2021
b3dca3a
add DNSKEY EDE code
Oct 8, 2021
869ea6e
add more tests
Oct 8, 2021
98eb2bf
add test setup for DNSSEC EDEs
Oct 13, 2021
3f9c631
- Introduce 'ede=<info-code>' and 'all_noedns' as options in the MATC…
gthess Oct 13, 2021
97f9ee6
change unittests to match just the ede code
Oct 13, 2021
59604cc
- Fix testcode, 0 is a valid EDE INFO-CODE.
gthess Oct 14, 2021
2856dea
add dnssec ede tests
Oct 18, 2021
9be2025
Merge branch 'master' into features/rfc8914-ede
Nov 15, 2021
f9b8b5c
Fix merge bugs
Nov 15, 2021
eec427d
remove superfluous EDE left over from merge
Nov 16, 2021
f836793
merge all basic EDE changes, merge with current master, and resolve …
Jan 12, 2022
2d420d3
Merge branch 'master' into features/ede-basic
Jan 12, 2022
6a9b6fc
remove unused function 'msgparse_check_edns_in_packet' left over from…
Jan 12, 2022
d1c9516
finish up adding validator EDEs and other TODOs and fix tests with mo…
Dec 6, 2021
aa1da52
add config options to test conf, fix local-zone EDE printing logic, a…
Dec 7, 2021
c853492
expand ede.tdir to do validator test for DNSKEY, RRSIG and NSEC missing
Dec 15, 2021
6c86de2
add todo for tests and fix EDE codes for DNSKEY missing
Dec 15, 2021
df694bb
fix DNSSEC nsec-failure test
Dec 15, 2021
7278e8e
fix rpl tests
Dec 15, 2021
f12a2ae
remove parent-split artifacts in localzone and fix tests correspondingly
Jan 12, 2022
ad386ba
modify tdir test to ignore localzone tests and add cache snoop case
Jan 13, 2022
6a7599e
add EDE stale and modify rpl tests accordingly
Jan 19, 2022
a970078
add forgotten rpl test for EDE stale
Jan 19, 2022
9485dbc
add EDE stale for mesh, change rpl tests accordingly
Jan 19, 2022
063c71e
Apply suggestions to ACL code
TCY16 Jan 24, 2022
6ad896f
Cleanup of the not so simple EDE cases
TCY16 Jan 24, 2022
71e7bbf
remove more not-so-simple EDE cases in local_zone and the corespondin…
Jan 26, 2022
bbe04d4
add serve-expired-ede as a config option and processed review comment…
Jan 27, 2022
de451eb
process review comments on validator
Jan 27, 2022
9d05fbc
add verbose EDE attach logging, change simple tpk tests to .rpls, and…
Feb 3, 2022
9148a97
fix typo in doc/unbound.conf.5.in
TCY16 Feb 3, 2022
02dbbdd
remove tpkg test cases that became rpls
Feb 3, 2022
c7584a0
Merge branch 'master' into features/ede-basic
Feb 4, 2022
4a2466f
add EDE code in EDNS list, stop-gap nsid_bogus rpl, and fix error in …
Feb 4, 2022
ea384ae
add global do-ede config option which is checked when attaching an ED…
Feb 8, 2022
1e77cca
- Introduce 'ede=any' as option in the MATCH line for replay test
gthess Feb 9, 2022
41072e5
- Update replay tests for new EDE matching logic.
gthess Feb 9, 2022
99b92db
add debug statement to make test which gives the output of the failed…
Feb 10, 2022
a1c4382
process @wtoorop's review comments v1
Feb 10, 2022
451d0f3
add missing sec_status_bogus EDEs
Feb 10, 2022
9440292
- Show the replay test that failed again after the output.
gthess Feb 11, 2022
95fd5b6
- Makefile commands should be oneliners.
gthess Feb 11, 2022
a1f0a88
- Add missing '\'.
gthess Feb 11, 2022
3ee6812
- Fix for EDE test code: initialise variable.
gthess Feb 16, 2022
bb32641
- Fix for EDE test code: Restore the original packet for each entry.
gthess Feb 16, 2022
a562af1
- Fix typo in test.
gthess Feb 16, 2022
a03c660
- Fix doc string after feedback from doxygen.
gthess Feb 16, 2022
19796fd
Merge branch 'master' into features/ede-basic
gthess Feb 16, 2022
665d618
- Fix EDE test code: reset the original packet on return.
gthess Feb 16, 2022
be73653
change logic in validator.c:processValidate to not overwrite previous…
Feb 17, 2022
f3375e4
remove superflous _ede from functions
Feb 18, 2022
9da1992
add missing do-ede: yes to tpkg conf
Feb 21, 2022
da8c6e0
process first round of review comments by @wcawijngaards
Feb 24, 2022
b756131
correctly remove broken keys in tdir script
Mar 2, 2022
3ce652c
make ede.tdir compatible with MacOS
Mar 9, 2022
96649c6
move from only using ede.tdir to using the .pre/.post structure
Mar 9, 2022
4d5a7ea
fix correct scenario name
Mar 9, 2022
b8bb920
process final round of comments by @wcawijngaards
Mar 10, 2022
d828b1e
Merge branch 'master' into features/ede-basic
Mar 10, 2022
5841bea
apply suggestions from @gthess's code review, as well as consolidatin…
Apr 25, 2022
a3ea4ec
add a few nits from @gthess's review, add LDNS_EDE_NONE as none-type …
Apr 26, 2022
e37b9bd
Merge branch 'master' into features/ede-basic
Apr 28, 2022
306a5b2
EDE review: properly use LDNS_EDE_NONE in localzone.c.
gthess May 1, 2022
43035ab
EDE review: document reason_bougs for dnskeyset_verify_rrset().
gthess May 1, 2022
0e16468
Apply click suggestions from @gthess's code review
TCY16 May 2, 2022
a769821
change LDNS_EDE_NONE to be outside of the EDE range, correct nsec3 ed…
May 3, 2022
03717b7
store ede code in key_entry_data struct to remember why key is bad, c…
May 4, 2022
4121755
remove superfluous check in val_kentry:key_entry_get_reason_bogus()
May 4, 2022
785bff6
fix typo in doc
May 4, 2022
bcd8db1
rename cfg serve-expired-ede to ede-serve-expired and add add checkin…
May 6, 2022
e229826
document the ede-serve-expired changes in the manpage
May 6, 2022
e63616f
rename do-ede option to do ede
May 6, 2022
1f30be2
EDE review: update man page.
gthess May 6, 2022
1126c50
EDE review: update example.conf.in
gthess May 6, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
- Introduce 'ede=any' as option in the MATCH line for replay test 
  packets.
- Finish EDE matching code; when matching EDE snip the option out of the
  OPT record to facilitate other matching rules.
  • Loading branch information
@gthess
gthess committed Feb 9, 2022
commit 1e77cca171bf8072c5143f7c8bca1437488f90d4
67 changes: 43 additions & 24 deletions testcode/testpkts.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,14 @@ static void matchline(char* line, struct entry* e)
if(*parse != '=' && *parse != ':')
error("expected = or : in MATCH: %s", line);
parse++;
e->ede_info_code = (uint16_t)strtol(parse, (char**)&parse, 10);
while(isspace((unsigned char)*parse))
parse++;
if(str_keyword(&parse, "any")) {
e->match_ede_any = 1;
} else {
e->ede_info_code = (uint16_t)strtol(parse,
(char**)&parse, 10);
}
while(isspace((unsigned char)*parse))
parse++;
} else {
Expand Down Expand Up @@ -283,7 +290,8 @@ static struct entry* new_entry(void)
e->match_serial = 0;
e->ixfr_soa_serial = 0;
e->match_ede = 0;
e->ede_info_code = 0;
e->match_ede_any = 0;
e->ede_info_code = -1;
e->match_transport = transport_any;
e->reply_list = NULL;
e->copy_id = 0;
Expand Down Expand Up @@ -897,25 +905,34 @@ get_do_flag(uint8_t* pkt, size_t len)
return (int)(edns_bits&LDNS_EDNS_MASK_DO_BIT);
}

/** return the EDNS EDE INFO-CODE if found, else -1 */
/** Snips the EDE option out of the OPT record and returns the EDNS EDE
* INFO-CODE if found, else -1 */
static int
get_ede_info_code(uint8_t* pkt, size_t len)
extract_ede(uint8_t* pkt, size_t len)
{
uint8_t *rdata;
uint8_t *rdata, *opt_position = pkt;
uint16_t rdlen, optlen;
/* use arguments as temporary variables */
if(!pkt_find_edns_opt(&pkt, &len)) return -1;
if(len < 8) return -1; /* malformed */
rdlen = sldns_read_uint16(pkt+6);
rdata = pkt + 8;
size_t remaining;
int ede_code;
if(!pkt_find_edns_opt(&opt_position, &remaining)) return -1;
if(remaining < 8) return -1; /* malformed */
rdlen = sldns_read_uint16(opt_position+6);
rdata = opt_position + 8;
while(rdlen > 0) {
if(rdlen < 4) return -1; /* malformed */
optlen = sldns_read_uint16(rdata+2);
if(sldns_read_uint16(rdata) == LDNS_EDNS_EDE) {
if(rdlen < 6) return -1; /* malformed */
return sldns_read_uint16(rdata+4);
ede_code = sldns_read_uint16(rdata+4);
/* snip option from packet; assumes len is correct */
memmove(rdata, rdata+4+optlen,
(pkt+len)-(rdata+4+optlen));
/* update OPT size */
sldns_write_uint16(opt_position+6,
sldns_read_uint16(opt_position+6)-(4+optlen));
return ede_code;
}
optlen = sldns_read_uint16(rdata+2);
rdlen -= optlen;
rdlen -= 4 + optlen;
rdata += 4 + optlen;
}
return -1;
Expand Down Expand Up @@ -1333,7 +1350,7 @@ match_answer(uint8_t* q, size_t qlen, uint8_t* p, size_t plen, int mttl)
* zero out if at end of the string */
static int
ignore_edns_lines(char* str) {
char* current = str, *edns = str, *n;
char* edns = str, *n;
size_t str_len = strlen(str);
while((edns = strstr(edns, "; EDNS"))) {
n = strchr(edns, '\n');
Expand All @@ -1355,10 +1372,10 @@ match_all(uint8_t* q, size_t qlen, uint8_t* p, size_t plen, int mttl,
char* qstr, *pstr;
uint8_t* qb = q, *pb = p;
int r;
/* zero TTLs */
qb = memdup(q, qlen);
pb = memdup(p, plen);
if(!qb || !pb) error("out of memory");
/* zero TTLs */
if(!mttl) {
zerottls(qb, qlen);
zerottls(pb, plen);
Expand Down Expand Up @@ -1494,6 +1511,17 @@ find_match(struct entry* entries, uint8_t* query_pkt, size_t len,
verbose(3, "comparepkt: ");
reply = p->reply_list->reply_pkt;
rlen = p->reply_list->reply_len;
/* Should be first since it may change the query_pkt */
if(p->match_ede) {
int info_code = extract_ede(query_pkt, len);
if(info_code == -1 || (!p->match_ede_any &&
(uint16_t)info_code != p->ede_info_code)) {
verbose(3, "bad EDE INFO-CODE. Expected: %d, "
"and got: %d\n", p->ede_info_code,
info_code);
continue;
}
}
if(p->match_opcode && get_opcode(query_pkt, len) !=
get_opcode(reply, rlen)) {
verbose(3, "bad opcode\n");
Expand Down Expand Up @@ -1545,15 +1573,6 @@ find_match(struct entry* entries, uint8_t* query_pkt, size_t len,
verbose(3, "bad serial\n");
continue;
}
if(p->match_ede) {
int info_code = get_ede_info_code(query_pkt, len);
if(info_code == -1 ||
(uint16_t)info_code != p->ede_info_code) {
verbose(3, "bad EDE INFO-CODE. Expected: %d, and got: %d\n",
p->ede_info_code, info_code);
continue;
}
}
if(p->match_do && !get_do_flag(query_pkt, len)) {
verbose(3, "no DO bit set\n");
continue;
Expand Down
7 changes: 7 additions & 0 deletions testcode/testpkts.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,11 @@ struct sldns_file_parse_state;
; 'UDP' matches if the transport is UDP.
; 'TCP' matches if the transport is TCP.
; 'ede=2' makes the query match if the EDNS EDE info-code is 2.
; It also snips the EDE record out of the packet to facilitate
; other matches.
; 'ede=any' makes the query match any EDNS EDE info-code.
; It also snips the EDE record out of the packet to facilitate
; other matches.
MATCH [opcode] [qtype] [qname] [serial=<value>] [all] [ttl]
MATCH [UDP|TCP] DO
MATCH ...
Expand Down Expand Up @@ -195,6 +200,8 @@ struct entry {
uint8_t match_serial;
/** match EDNS EDE info-code */
uint8_t match_ede;
/** match any EDNS EDE info-code */
uint8_t match_ede_any;
/** match all of the packet */
uint8_t match_all;
/** match all of the packet; ignore EDNS */
Expand Down