summaryrefslogtreecommitdiff
path: root/contrib/unbound/validator/val_nsec.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/unbound/validator/val_nsec.c')
-rw-r--r--contrib/unbound/validator/val_nsec.c83
1 files changed, 0 insertions, 83 deletions
diff --git a/contrib/unbound/validator/val_nsec.c b/contrib/unbound/validator/val_nsec.c
index a795e77339d3..032d2ae03a42 100644
--- a/contrib/unbound/validator/val_nsec.c
+++ b/contrib/unbound/validator/val_nsec.c
@@ -541,86 +541,3 @@ val_nsec_proves_no_wc(struct ub_packed_rrset_key* nsec, uint8_t* qname,
}
return 0;
}
-
-/**
- * Find shared topdomain that exists
- */
-static void
-dlv_topdomain(struct ub_packed_rrset_key* nsec, uint8_t* qname,
- uint8_t** nm, size_t* nm_len)
-{
- /* make sure reply is part of nm */
- /* take shared topdomain with left of NSEC. */
-
- /* because, if empty nonterminal, then right is subdomain of qname.
- * and any shared topdomain would be empty nonterminals.
- *
- * If nxdomain, then the right is bigger, and could have an
- * interesting shared topdomain, but if it does have one, it is
- * an empty nonterminal. An empty nonterminal shared with the left
- * one. */
- int n;
- uint8_t* common = dname_get_shared_topdomain(qname, nsec->rk.dname);
- n = dname_count_labels(*nm) - dname_count_labels(common);
- dname_remove_labels(nm, nm_len, n);
-}
-
-int val_nsec_check_dlv(struct query_info* qinfo,
- struct reply_info* rep, uint8_t** nm, size_t* nm_len)
-{
- uint8_t* next;
- size_t i, nlen;
- int c;
- /* we should now have a NOERROR/NODATA or NXDOMAIN message */
- if(rep->an_numrrsets != 0) {
- return 0;
- }
- /* is this NOERROR ? */
- if(FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) {
- /* it can be a plain NSEC match - go up one more level. */
- /* or its an empty nonterminal - go up to nonempty level */
- for(i=0; i<rep->ns_numrrsets; i++) {
- if(htons(rep->rrsets[i]->rk.type)!=LDNS_RR_TYPE_NSEC ||
- !nsec_get_next(rep->rrsets[i], &next, &nlen))
- continue;
- c = dname_canonical_compare(
- rep->rrsets[i]->rk.dname, qinfo->qname);
- if(c == 0) {
- /* plain match */
- if(nsec_has_type(rep->rrsets[i],
- LDNS_RR_TYPE_DLV))
- return 0;
- dname_remove_label(nm, nm_len);
- return 1;
- } else if(c < 0 &&
- dname_strict_subdomain_c(next, qinfo->qname)) {
- /* ENT */
- dlv_topdomain(rep->rrsets[i], qinfo->qname,
- nm, nm_len);
- return 1;
- }
- }
- return 0;
- }
-
- /* is this NXDOMAIN ? */
- if(FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN) {
- /* find the qname denial NSEC record. It can tell us
- * a closest encloser name; or that we not need bother */
- for(i=0; i<rep->ns_numrrsets; i++) {
- if(htons(rep->rrsets[i]->rk.type) != LDNS_RR_TYPE_NSEC)
- continue;
- if(val_nsec_proves_name_error(rep->rrsets[i],
- qinfo->qname)) {
- log_nametypeclass(VERB_ALGO, "topdomain on",
- rep->rrsets[i]->rk.dname,
- ntohs(rep->rrsets[i]->rk.type), 0);
- dlv_topdomain(rep->rrsets[i], qinfo->qname,
- nm, nm_len);
- return 1;
- }
- }
- return 0;
- }
- return 0;
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-22 08:22:02 +0000