diff options
Diffstat (limited to 'contrib/unbound/validator/val_nsec.c')
-rw-r--r-- | contrib/unbound/validator/val_nsec.c | 83 |
1 files changed, 0 insertions, 83 deletions
diff --git a/contrib/unbound/validator/val_nsec.c b/contrib/unbound/validator/val_nsec.c index a795e77339d3..032d2ae03a42 100644 --- a/contrib/unbound/validator/val_nsec.c +++ b/contrib/unbound/validator/val_nsec.c @@ -541,86 +541,3 @@ val_nsec_proves_no_wc(struct ub_packed_rrset_key* nsec, uint8_t* qname, } return 0; } - -/** - * Find shared topdomain that exists - */ -static void -dlv_topdomain(struct ub_packed_rrset_key* nsec, uint8_t* qname, - uint8_t** nm, size_t* nm_len) -{ - /* make sure reply is part of nm */ - /* take shared topdomain with left of NSEC. */ - - /* because, if empty nonterminal, then right is subdomain of qname. - * and any shared topdomain would be empty nonterminals. - * - * If nxdomain, then the right is bigger, and could have an - * interesting shared topdomain, but if it does have one, it is - * an empty nonterminal. An empty nonterminal shared with the left - * one. */ - int n; - uint8_t* common = dname_get_shared_topdomain(qname, nsec->rk.dname); - n = dname_count_labels(*nm) - dname_count_labels(common); - dname_remove_labels(nm, nm_len, n); -} - -int val_nsec_check_dlv(struct query_info* qinfo, - struct reply_info* rep, uint8_t** nm, size_t* nm_len) -{ - uint8_t* next; - size_t i, nlen; - int c; - /* we should now have a NOERROR/NODATA or NXDOMAIN message */ - if(rep->an_numrrsets != 0) { - return 0; - } - /* is this NOERROR ? */ - if(FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) { - /* it can be a plain NSEC match - go up one more level. */ - /* or its an empty nonterminal - go up to nonempty level */ - for(i=0; i<rep->ns_numrrsets; i++) { - if(htons(rep->rrsets[i]->rk.type)!=LDNS_RR_TYPE_NSEC || - !nsec_get_next(rep->rrsets[i], &next, &nlen)) - continue; - c = dname_canonical_compare( - rep->rrsets[i]->rk.dname, qinfo->qname); - if(c == 0) { - /* plain match */ - if(nsec_has_type(rep->rrsets[i], - LDNS_RR_TYPE_DLV)) - return 0; - dname_remove_label(nm, nm_len); - return 1; - } else if(c < 0 && - dname_strict_subdomain_c(next, qinfo->qname)) { - /* ENT */ - dlv_topdomain(rep->rrsets[i], qinfo->qname, - nm, nm_len); - return 1; - } - } - return 0; - } - - /* is this NXDOMAIN ? */ - if(FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN) { - /* find the qname denial NSEC record. It can tell us - * a closest encloser name; or that we not need bother */ - for(i=0; i<rep->ns_numrrsets; i++) { - if(htons(rep->rrsets[i]->rk.type) != LDNS_RR_TYPE_NSEC) - continue; - if(val_nsec_proves_name_error(rep->rrsets[i], - qinfo->qname)) { - log_nametypeclass(VERB_ALGO, "topdomain on", - rep->rrsets[i]->rk.dname, - ntohs(rep->rrsets[i]->rk.type), 0); - dlv_topdomain(rep->rrsets[i], qinfo->qname, - nm, nm_len); - return 1; - } - } - return 0; - } - return 0; -} |