diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2026-05-22 13:37:52 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2026-05-22 13:37:52 +0000 |
| commit | 5eb18e8576462f5bb33fbd60fcbd752fe5791f33 (patch) | |
| tree | 1df0f35c7c4d1a30393064d3eda05cd642b0b1a7 | |
| parent | 3dcfa5af412125cd1bad1d383ff7c18c5effbd77 (diff) | |
59 files changed, 1782 insertions, 710 deletions
diff --git a/Changelog b/Changelog index c7f36767b360..74e2631af72d 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,49 @@ +1.9.0 2025-12-04 + * PR #246: Make ldns_calc_keytag() available for CDNSKEY RR + Thanks tgreenx and pnax + * PR #247: Make ldns_key_rr2ds() available for CDNSKEY RR + Thanks tgreenx + * PR #248: Make ldns_rr_compare_{ds,ds_dnskey}() available for + CDS and CDNSKEY RRs. Thanks tgreenx + * PR #245: Make drill trace use IPv6 when used with -6 + Thanks Paul Radford + * Fix #254: Unquoted "value" rdata for CAA records fail to validate. + Follows the long string unquoted syntax from RFC8659, section 4.1.1. + * Fix #266: ldns-read-zone -u fails if a type is the only type in a + window and the type modulo 256 is equal to zero. + * Fix #271: Intermittent build failure with multi-job + builds (make -j). + * Add ldns-verify-zone -s option. It checks all signature results, + instead of passing by when one RRSIG validates. That prints output + for spurious RRSIGs, the failures for them. + * Fix RR types NSAP-PTR, GPOS and RESINFO to print unquoted strings. + * Fix memory leak when trying to read zones that have equal RRs. + the ldns_dnssec_*_add_rr() functions now return LDNS_STATUS_EQUAL_RR + when an already existing RR is tried to be added. This is a API + change, hence this also bumps the version to 1.9.0 + * PR #282: ensure returning pkt with LDNS_STATUS_OK. Thanks grobian. + * PR #286: Fix RR Type AMTRELAY type nogateway, to print relay '.', + and memory leaks in parsing it. + * DSYNC is no longer a draft RR type and compiled by default + * RFC 9824 support: Compact Denial of Existence in DNSSEC + * The HHIT and BRID draft RR types + * PR #249: If RNG is already seeded, return early. + Thanks crrodriguez + * PR #221: Improve error messages. Thanks jschauma + * PR #256: Use SWIG_AppendOutput to support swig 4.3 + Thanks pemensik + * PR #188: Homogenize paths for source files during compilation + Thanks duthils + * Fix #283: ldns-walk fails after update from 1.8.3 to 1.8.4 + Thanks jschauma + * PR #200: Allow compiled tests to link to ldns statically via + environment variable. Thanks FGasper and pemensik + * PR #220: Optionally exclude ZONEMD RRs in ldns-compare-zone + Thanks gjherbiet + * Fix #285: A WALLET RR breaks TXT signing. Thanks bortzmeyer + * Fix #287: ldns-verify-zone hangs with missing NSEC3 RRs. + Thanks Roy Arends + 1.8.4 2024-07-19 * Fix building documentation in build directory. Thanks Michael Tokarev diff --git a/Makefile.in b/Makefile.in index 32b91576d0d9..b5ca1d3c3adf 100644 --- a/Makefile.in +++ b/Makefile.in @@ -132,11 +132,11 @@ all: setup-builddir lib linktest manpages @P5_DNS_LDNS@ @PYLDNS@ @DRILL@ @EXAMPL .SUFFIXES: .c .o .a .lo .h .i .c.lo: - $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $< -o $@ + $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $(srcdir)/$< -o $@ # Need libtool compile .c.o: - $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $< -o $@ + $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $(srcdir)/$< -o $@ $(LDNS_LOBJS) $(LIBLOBJS) $(DRILL_LOBJS) $(EXAMPLE_LOBJS): $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $(srcdir)/$(@:.lo=.c) -o $@ @@ -571,9 +571,9 @@ depend: done; \ done for p in $(EXAMPLE_PROGS) $(LDNS_DPA) $(LDNS_DANE) $(EX_SSL_PROGS); do \ - echo "$$p: $$p.lo $$p.o \$$(LIB)" >> $(DEPEND_TMP) ; done + echo "$$p: $$p.lo \$$(LIB)" >> $(DEPEND_TMP) ; done echo "$(TESTNS): `for o in $(TESTNS_LOBJS) ; do \ - echo -n "$$o $${o%lo}o " ; done` \$$(LIB)" \ + echo -n "$$o " ; done`\$$(LIB)" \ >> $(DEPEND_TMP) cp $(DEPEND_TARGET) $(DEPEND_TMP2) head -`egrep -n "# Dependencies" $(DEPEND_TARGET) | tail -1 | sed -e 's/:.*$$//'` $(DEPEND_TMP2) > $(DEPEND_TARGET) @@ -1114,28 +1114,28 @@ drill/work.lo drill/work.o: $(srcdir)/drill/work.c $(srcdir)/drill/drill.h ldns/ $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h -examples/ldns-chaos: examples/ldns-chaos.lo examples/ldns-chaos.o $(LIB) -examples/ldns-compare-zones: examples/ldns-compare-zones.lo examples/ldns-compare-zones.o $(LIB) -examples/ldnsd: examples/ldnsd.lo examples/ldnsd.o $(LIB) -examples/ldns-gen-zone: examples/ldns-gen-zone.lo examples/ldns-gen-zone.o $(LIB) -examples/ldns-key2ds: examples/ldns-key2ds.lo examples/ldns-key2ds.o $(LIB) -examples/ldns-keyfetcher: examples/ldns-keyfetcher.lo examples/ldns-keyfetcher.o $(LIB) -examples/ldns-keygen: examples/ldns-keygen.lo examples/ldns-keygen.o $(LIB) -examples/ldns-mx: examples/ldns-mx.lo examples/ldns-mx.o $(LIB) -examples/ldns-notify: examples/ldns-notify.lo examples/ldns-notify.o $(LIB) -examples/ldns-read-zone: examples/ldns-read-zone.lo examples/ldns-read-zone.o $(LIB) -examples/ldns-resolver: examples/ldns-resolver.lo examples/ldns-resolver.o $(LIB) -examples/ldns-rrsig: examples/ldns-rrsig.lo examples/ldns-rrsig.o $(LIB) -examples/ldns-test-edns: examples/ldns-test-edns.lo examples/ldns-test-edns.o $(LIB) -examples/ldns-update: examples/ldns-update.lo examples/ldns-update.o $(LIB) -examples/ldns-version: examples/ldns-version.lo examples/ldns-version.o $(LIB) -examples/ldns-walk: examples/ldns-walk.lo examples/ldns-walk.o $(LIB) -examples/ldns-zcat: examples/ldns-zcat.lo examples/ldns-zcat.o $(LIB) -examples/ldns-zsplit: examples/ldns-zsplit.lo examples/ldns-zsplit.o $(LIB) -examples/ldns-dpa: examples/ldns-dpa.lo examples/ldns-dpa.o $(LIB) -examples/ldns-dane: examples/ldns-dane.lo examples/ldns-dane.o $(LIB) -examples/ldns-nsec3-hash: examples/ldns-nsec3-hash.lo examples/ldns-nsec3-hash.o $(LIB) -examples/ldns-revoke: examples/ldns-revoke.lo examples/ldns-revoke.o $(LIB) -examples/ldns-signzone: examples/ldns-signzone.lo examples/ldns-signzone.o $(LIB) -examples/ldns-verify-zone: examples/ldns-verify-zone.lo examples/ldns-verify-zone.o $(LIB) -examples/ldns-testns: examples/ldns-testns.lo examples/ldns-testns.o examples/ldns-testpkts.lo examples/ldns-testpkts.o $(LIB) +examples/ldns-chaos: examples/ldns-chaos.lo $(LIB) +examples/ldns-compare-zones: examples/ldns-compare-zones.lo $(LIB) +examples/ldnsd: examples/ldnsd.lo $(LIB) +examples/ldns-gen-zone: examples/ldns-gen-zone.lo $(LIB) +examples/ldns-key2ds: examples/ldns-key2ds.lo $(LIB) +examples/ldns-keyfetcher: examples/ldns-keyfetcher.lo $(LIB) +examples/ldns-keygen: examples/ldns-keygen.lo $(LIB) +examples/ldns-mx: examples/ldns-mx.lo $(LIB) +examples/ldns-notify: examples/ldns-notify.lo $(LIB) +examples/ldns-read-zone: examples/ldns-read-zone.lo $(LIB) +examples/ldns-resolver: examples/ldns-resolver.lo $(LIB) +examples/ldns-rrsig: examples/ldns-rrsig.lo $(LIB) +examples/ldns-test-edns: examples/ldns-test-edns.lo $(LIB) +examples/ldns-update: examples/ldns-update.lo $(LIB) +examples/ldns-version: examples/ldns-version.lo $(LIB) +examples/ldns-walk: examples/ldns-walk.lo $(LIB) +examples/ldns-zcat: examples/ldns-zcat.lo $(LIB) +examples/ldns-zsplit: examples/ldns-zsplit.lo $(LIB) +examples/ldns-dpa: examples/ldns-dpa.lo $(LIB) +examples/ldns-dane: examples/ldns-dane.lo $(LIB) +examples/ldns-nsec3-hash: examples/ldns-nsec3-hash.lo $(LIB) +examples/ldns-revoke: examples/ldns-revoke.lo $(LIB) +examples/ldns-signzone: examples/ldns-signzone.lo $(LIB) +examples/ldns-verify-zone: examples/ldns-verify-zone.lo $(LIB) +examples/ldns-testns: examples/ldns-testns.lo examples/ldns-testpkts.lo $(LIB) @@ -1,3 +1,21 @@ +DEVELOPMENT VISION + +Note: ldns has been in maintenance mode since 2020, with no plans for major +features. We welcome PRs from contributors who want to add new functionality. +We also actively fix bugs, so users can continue to rely on ldns if its +current features meet their needs. + +We will continue to make occasional use of ldns in an experimental +setting, such as during an IETF Hackathon to build a proof of concept for an +Internet Draft. + +The natural successor to the ldns library is the domain library for Rust: +https://github.com/NLnetLabs/domain + +We offer drop-in replacements for commonly used ldns example tools in dnst: +https://github.com/NLnetLabs/dnst + +--- Contents: REQUIREMENTS @@ -10,7 +28,6 @@ Contents: Solaris KNOWN ISSUES pyldns - Your Support Project page: http://www.nlnetlabs.nl/ldns/ diff --git a/config.guess b/config.guess index f6d217a49f8f..a9d01fde4617 100755 --- a/config.guess +++ b/config.guess @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2024 Free Software Foundation, Inc. +# Copyright 1992-2025 Free Software Foundation, Inc. # shellcheck disable=SC2006,SC2268 # see below for rationale -timestamp='2024-01-01' +timestamp='2025-07-10' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -60,7 +60,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2024 Free Software Foundation, Inc. +Copyright 1992-2025 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -123,7 +123,7 @@ set_cc_for_build() { dummy=$tmp/dummy case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in ,,) echo "int x;" > "$dummy.c" - for driver in cc gcc c89 c99 ; do + for driver in cc gcc c17 c99 c89 ; do if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then CC_FOR_BUILD=$driver break @@ -634,7 +634,8 @@ EOF sed 's/^ //' << EOF > "$dummy.c" #include <sys/systemcfg.h> - main() + int + main () { if (!__power_pc()) exit(1); @@ -718,7 +719,8 @@ EOF #include <stdlib.h> #include <unistd.h> - int main () + int + main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); @@ -1595,8 +1597,11 @@ EOF *:Unleashed:*:*) GUESS=$UNAME_MACHINE-unknown-unleashed$UNAME_RELEASE ;; - *:Ironclad:*:*) - GUESS=$UNAME_MACHINE-unknown-ironclad + x86_64:[Ii]ronclad:*:*|i?86:[Ii]ronclad:*:*) + GUESS=$UNAME_MACHINE-pc-ironclad-mlibc + ;; + *:[Ii]ronclad:*:*) + GUESS=$UNAME_MACHINE-unknown-ironclad-mlibc ;; esac @@ -1621,6 +1626,7 @@ cat > "$dummy.c" <<EOF #endif #endif #endif +int main () { #if defined (sony) @@ -1805,8 +1811,8 @@ fi exit 1 # Local variables: -# eval: (add-hook 'before-save-hook 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp nil t) # time-stamp-start: "timestamp='" -# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-format: "%Y-%02m-%02d" # time-stamp-end: "'" # End: diff --git a/config.sub b/config.sub index 2c6a07ab3c34..3d35cde174de 100755 --- a/config.sub +++ b/config.sub @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2024 Free Software Foundation, Inc. +# Copyright 1992-2025 Free Software Foundation, Inc. -# shellcheck disable=SC2006,SC2268 # see below for rationale +# shellcheck disable=SC2006,SC2268,SC2162 # see below for rationale -timestamp='2024-01-01' +timestamp='2025-07-10' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -76,7 +76,7 @@ Report bugs and patches to <config-patches@gnu.org>." version="\ GNU config.sub ($timestamp) -Copyright 1992-2024 Free Software Foundation, Inc. +Copyright 1992-2025 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -120,7 +120,6 @@ case $# in esac # Split fields of configuration type -# shellcheck disable=SC2162 saved_IFS=$IFS IFS="-" read field1 field2 field3 field4 <<EOF $1 @@ -142,10 +141,21 @@ case $1 in # parts maybe_os=$field2-$field3 case $maybe_os in - nto-qnx* | linux-* | uclinux-uclibc* \ - | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \ - | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \ - | storm-chaos* | os2-emx* | rtmk-nova* | managarm-* \ + cloudabi*-eabi* \ + | kfreebsd*-gnu* \ + | knetbsd*-gnu* \ + | kopensolaris*-gnu* \ + | ironclad-* \ + | linux-* \ + | managarm-* \ + | netbsd*-eabi* \ + | netbsd*-gnu* \ + | nto-qnx* \ + | os2-emx* \ + | rtmk-nova* \ + | storm-chaos* \ + | uclinux-gnu* \ + | uclinux-uclibc* \ | windows-* ) basic_machine=$field1 basic_os=$maybe_os @@ -161,8 +171,12 @@ case $1 in esac ;; *-*) - # A lone config we happen to match not fitting any pattern case $field1-$field2 in + # Shorthands that happen to contain a single dash + convex-c[12] | convex-c3[248]) + basic_machine=$field2-convex + basic_os= + ;; decstation-3100) basic_machine=mips-dec basic_os= @@ -170,28 +184,87 @@ case $1 in *-*) # Second component is usually, but not always the OS case $field2 in - # Prevent following clause from handling this valid os + # Do not treat sunos as a manufacturer sun*os*) basic_machine=$field1 basic_os=$field2 ;; - zephyr*) - basic_machine=$field1-unknown - basic_os=$field2 - ;; # Manufacturers - dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \ - | att* | 7300* | 3300* | delta* | motorola* | sun[234]* \ - | unicom* | ibm* | next | hp | isi* | apollo | altos* \ - | convergent* | ncr* | news | 32* | 3600* | 3100* \ - | hitachi* | c[123]* | convex* | sun | crds | omron* | dg \ - | ultra | tti* | harris | dolphin | highlevel | gould \ - | cbm | ns | masscomp | apple | axis | knuth | cray \ - | microblaze* | sim | cisco \ - | oki | wec | wrs | winbond) + 3100* \ + | 32* \ + | 3300* \ + | 3600* \ + | 7300* \ + | acorn \ + | altos* \ + | apollo \ + | apple \ + | atari \ + | att* \ + | axis \ + | be \ + | bull \ + | cbm \ + | ccur \ + | cisco \ + | commodore \ + | convergent* \ + | convex* \ + | cray \ + | crds \ + | dec* \ + | delta* \ + | dg \ + | digital \ + | dolphin \ + | encore* \ + | gould \ + | harris \ + | highlevel \ + | hitachi* \ + | hp \ + | ibm* \ + | intergraph \ + | isi* \ + | knuth \ + | masscomp \ + | microblaze* \ + | mips* \ + | motorola* \ + | ncr* \ + | news \ + | next \ + | ns \ + | oki \ + | omron* \ + | pc533* \ + | rebel \ + | rom68k \ + | rombug \ + | semi \ + | sequent* \ + | sgi* \ + | siemens \ + | sim \ + | sni \ + | sony* \ + | stratus \ + | sun \ + | sun[234]* \ + | tektronix \ + | tti* \ + | ultra \ + | unicom* \ + | wec \ + | winbond \ + | wrs) basic_machine=$field1-$field2 basic_os= ;; + tock* | zephyr*) + basic_machine=$field1-unknown + basic_os=$field2 + ;; *) basic_machine=$field1 basic_os=$field2 @@ -272,26 +345,6 @@ case $1 in basic_machine=arm-unknown basic_os=cegcc ;; - convex-c1) - basic_machine=c1-convex - basic_os=bsd - ;; - convex-c2) - basic_machine=c2-convex - basic_os=bsd - ;; - convex-c32) - basic_machine=c32-convex - basic_os=bsd - ;; - convex-c34) - basic_machine=c34-convex - basic_os=bsd - ;; - convex-c38) - basic_machine=c38-convex - basic_os=bsd - ;; cray) basic_machine=j90-cray basic_os=unicos @@ -714,15 +767,26 @@ case $basic_machine in vendor=dec basic_os=tops20 ;; - delta | 3300 | motorola-3300 | motorola-delta \ - | 3300-motorola | delta-motorola) + delta | 3300 | delta-motorola | 3300-motorola | motorola-delta | motorola-3300) cpu=m68k vendor=motorola ;; - dpx2*) + # This used to be dpx2*, but that gets the RS6000-based + # DPX/20 and the x86-based DPX/2-100 wrong. See + # https://oldskool.silicium.org/stations/bull_dpx20.htm + # https://www.feb-patrimoine.com/english/bull_dpx2.htm + # https://www.feb-patrimoine.com/english/unix_and_bull.htm + dpx2 | dpx2[23]00 | dpx2[23]xx) cpu=m68k vendor=bull - basic_os=sysv3 + ;; + dpx2100 | dpx21xx) + cpu=i386 + vendor=bull + ;; + dpx20) + cpu=rs6000 + vendor=bull ;; encore | umax | mmax) cpu=ns32k @@ -837,18 +901,6 @@ case $basic_machine in next | m*-next) cpu=m68k vendor=next - case $basic_os in - openstep*) - ;; - nextstep*) - ;; - ns2*) - basic_os=nextstep2 - ;; - *) - basic_os=nextstep3 - ;; - esac ;; np1) cpu=np1 @@ -937,7 +989,6 @@ case $basic_machine in ;; *-*) - # shellcheck disable=SC2162 saved_IFS=$IFS IFS="-" read cpu vendor <<EOF $basic_machine @@ -972,15 +1023,19 @@ unset -v basic_machine # Decode basic machines in the full and proper CPU-Company form. case $cpu-$vendor in - # Here we handle the default manufacturer of certain CPU types in canonical form. It is in - # some cases the only manufacturer, in others, it is the most popular. + # Here we handle the default manufacturer of certain CPU types in canonical form. + # It is in some cases the only manufacturer, in others, it is the most popular. + c[12]-convex | c[12]-unknown | c3[248]-convex | c3[248]-unknown) + vendor=convex + basic_os=${basic_os:-bsd} + ;; craynv-unknown) vendor=cray basic_os=${basic_os:-unicosmp} ;; c90-unknown | c90-cray) vendor=cray - basic_os=${Basic_os:-unicos} + basic_os=${basic_os:-unicos} ;; fx80-unknown) vendor=alliant @@ -1026,11 +1081,29 @@ case $cpu-$vendor in vendor=alt basic_os=${basic_os:-linux-gnueabihf} ;; - dpx20-unknown | dpx20-bull) - cpu=rs6000 - vendor=bull + + # Normalized CPU+vendor pairs that imply an OS, if not otherwise specified + m68k-isi) + basic_os=${basic_os:-sysv} + ;; + m68k-sony) + basic_os=${basic_os:-newsos} + ;; + m68k-tektronix) + basic_os=${basic_os:-bsd} + ;; + m88k-harris) + basic_os=${basic_os:-sysv3} + ;; + i386-bull | m68k-bull) + basic_os=${basic_os:-sysv3} + ;; + rs6000-bull) basic_os=${basic_os:-bosx} ;; + mips-sni) + basic_os=${basic_os:-sysv4} + ;; # Here we normalize CPU types irrespective of the vendor amd64-*) @@ -1038,7 +1111,7 @@ case $cpu-$vendor in ;; blackfin-*) cpu=bfin - basic_os=linux + basic_os=${basic_os:-linux} ;; c54x-*) cpu=tic54x @@ -1061,7 +1134,7 @@ case $cpu-$vendor in ;; m68knommu-*) cpu=m68k - basic_os=linux + basic_os=${basic_os:-linux} ;; m9s12z-* | m68hcs12z-* | hcs12z-* | s12z-*) cpu=s12z @@ -1071,7 +1144,7 @@ case $cpu-$vendor in ;; parisc-*) cpu=hppa - basic_os=linux + basic_os=${basic_os:-linux} ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) cpu=i586 @@ -1085,9 +1158,6 @@ case $cpu-$vendor in pentium4-*) cpu=i786 ;; - pc98-*) - cpu=i386 - ;; ppc-* | ppcbe-*) cpu=powerpc ;; @@ -1121,13 +1191,10 @@ case $cpu-$vendor in tx39el-*) cpu=mipstx39el ;; - x64-*) - cpu=x86_64 - ;; xscale-* | xscalee[bl]-*) cpu=`echo "$cpu" | sed 's/^xscale/arm/'` ;; - arm64-* | aarch64le-*) + arm64-* | aarch64le-* | arm64_32-*) cpu=aarch64 ;; @@ -1179,90 +1246,228 @@ case $cpu-$vendor in # Recognize the canonical CPU types that are allowed with any # company name. case $cpu in - 1750a | 580 \ + 1750a \ + | 580 \ + | [cjt]90 \ | a29k \ - | aarch64 | aarch64_be | aarch64c | arm64ec \ + | aarch64 \ + | aarch64_be \ + | aarch64c \ | abacus \ - | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] \ - | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] \ - | alphapca5[67] | alpha64pca5[67] \ + | alpha \ + | alpha64 \ + | alpha64ev56 \ + | alpha64ev6[78] \ + | alpha64ev[4-8] \ + | alpha64pca5[67] \ + | alphaev56 \ + | alphaev6[78] \ + | alphaev[4-8] \ + | alphapca5[67] \ | am33_2.0 \ | amdgcn \ - | arc | arceb | arc32 | arc64 \ - | arm | arm[lb]e | arme[lb] | armv* \ - | avr | avr32 \ + | arc \ + | arc32 \ + | arc64 \ + | arceb \ + | arm \ + | arm64e \ + | arm64ec \ + | arm[lb]e \ + | arme[lb] \ + | armv* \ | asmjs \ + | avr \ + | avr32 \ | ba \ - | be32 | be64 \ - | bfin | bpf | bs2000 \ - | c[123]* | c30 | [cjt]90 | c4x \ - | c8051 | clipper | craynv | csky | cydra \ - | d10v | d30v | dlx | dsp16xx \ - | e2k | elxsi | epiphany \ - | f30[01] | f700 | fido | fr30 | frv | ft32 | fx80 \ - | javascript \ - | h8300 | h8500 \ - | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | be32 \ + | be64 \ + | bfin \ + | bpf \ + | bs2000 \ + | c30 \ + | c4x \ + | c8051 \ + | c[123]* \ + | clipper \ + | craynv \ + | csky \ + | cydra \ + | d10v \ + | d30v \ + | dlx \ + | dsp16xx \ + | e2k \ + | elxsi \ + | epiphany \ + | f30[01] \ + | f700 \ + | fido \ + | fr30 \ + | frv \ + | ft32 \ + | fx80 \ + | h8300 \ + | h8500 \ | hexagon \ - | i370 | i*86 | i860 | i960 | ia16 | ia64 \ - | ip2k | iq2000 \ + | hppa \ + | hppa1.[01] \ + | hppa2.0 \ + | hppa2.0[nw] \ + | hppa64 \ + | i*86 \ + | i370 \ + | i860 \ + | i960 \ + | ia16 \ + | ia64 \ + | intelgt \ + | ip2k \ + | iq2000 \ + | javascript \ | k1om \ | kvx \ - | le32 | le64 \ + | le32 \ + | le64 \ | lm32 \ - | loongarch32 | loongarch64 \ - | m32c | m32r | m32rle \ - | m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k \ - | m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \ - | m88110 | m88k | maxq | mb | mcore | mep | metag \ - | microblaze | microblazeel \ + | loongarch32 \ + | loongarch64 \ + | m32c \ + | m32r \ + | m32rle \ + | m5200 \ + | m68000 \ + | m680[012346]0 \ + | m6811 \ + | m6812 \ + | m68360 \ + | m683?2 \ + | m68hc11 \ + | m68hc12 \ + | m68hcs12x \ + | m68k \ + | m88110 \ + | m88k \ + | maxq \ + | mb \ + | mcore \ + | mep \ + | metag \ + | microblaze \ + | microblazeel \ | mips* \ | mmix \ - | mn10200 | mn10300 \ + | mn10200 \ + | mn10300 \ | moxie \ - | mt \ | msp430 \ + | mt \ | nanomips* \ - | nds32 | nds32le | nds32be \ + | nds32 \ + | nds32be \ + | nds32le \ | nfp \ - | nios | nios2 | nios2eb | nios2el \ - | none | np1 | ns16k | ns32k | nvptx \ + | nios \ + | nios2 \ + | nios2eb \ + | nios2el \ + | none \ + | np1 \ + | ns16k \ + | ns32k \ + | nvptx \ | open8 \ | or1k* \ | or32 \ | orion \ + | pdp10 \ + | pdp11 \ | picochip \ - | pdp10 | pdp11 | pj | pjl | pn | power \ - | powerpc | powerpc64 | powerpc64le | powerpcle | powerpcspe \ + | pj \ + | pjl \ + | pn \ + | power \ + | powerpc \ + | powerpc64 \ + | powerpc64le \ + | powerpcle \ + | powerpcspe \ | pru \ | pyramid \ - | riscv | riscv32 | riscv32be | riscv64 | riscv64be \ - | rl78 | romp | rs6000 | rx \ - | s390 | s390x \ + | riscv \ + | riscv32 \ + | riscv32be \ + | riscv64 \ + | riscv64be \ + | rl78 \ + | romp \ + | rs6000 \ + | rx \ + | s390 \ + | s390x \ | score \ - | sh | shl \ - | sh[1234] | sh[24]a | sh[24]ae[lb] | sh[23]e | she[lb] | sh[lb]e \ - | sh[1234]e[lb] | sh[12345][lb]e | sh[23]ele | sh64 | sh64le \ - | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet \ + | sh \ + | sh64 \ + | sh64le \ + | sh[12345][lb]e \ + | sh[1234] \ + | sh[1234]e[lb] \ + | sh[23]e \ + | sh[23]ele \ + | sh[24]a \ + | sh[24]ae[lb] \ + | sh[lb]e \ + | she[lb] \ + | shl \ + | sparc \ + | sparc64 \ + | sparc64b \ + | sparc64v \ + | sparc86x \ + | sparclet \ | sparclite \ - | sparcv8 | sparcv9 | sparcv9b | sparcv9v | sv1 | sx* \ + | sparcv8 \ + | sparcv9 \ + | sparcv9b \ + | sparcv9v \ | spu \ + | sv1 \ + | sx* \ | tahoe \ | thumbv7* \ - | tic30 | tic4x | tic54x | tic55x | tic6x | tic80 \ + | tic30 \ + | tic4x \ + | tic54x \ + | tic55x \ + | tic6x \ + | tic80 \ | tron \ | ubicom32 \ - | v70 | v850 | v850e | v850e1 | v850es | v850e2 | v850e2v3 \ + | v70 \ + | v810 \ + | v850 \ + | v850e \ + | v850e1 \ + | v850e2 \ + | v850e2v3 \ + | v850es \ | vax \ | vc4 \ | visium \ | w65 \ - | wasm32 | wasm64 \ + | wasm32 \ + | wasm64 \ | we32k \ - | x86 | x86_64 | xc16x | xgate | xps100 \ - | xstormy16 | xtensa* \ + | x86 \ + | x86_64 \ + | xc16x \ + | xgate \ + | xps100 \ + | xstormy16 \ + | xtensa* \ | ymp \ - | z8k | z80) + | z80 \ + | z8k) ;; *) @@ -1307,7 +1512,6 @@ case $basic_os in os=`echo "$basic_os" | sed -e 's|nto-qnx|qnx|'` ;; *-*) - # shellcheck disable=SC2162 saved_IFS=$IFS IFS="-" read kernel os <<EOF $basic_os @@ -1319,6 +1523,10 @@ EOF kernel=nto os=`echo "$basic_os" | sed -e 's|nto|qnx|'` ;; + ironclad*) + kernel=ironclad + os=`echo "$basic_os" | sed -e 's|ironclad|mlibc|'` + ;; linux*) kernel=linux os=`echo "$basic_os" | sed -e 's|linux|gnu|'` @@ -1354,6 +1562,23 @@ case $os in unixware*) os=sysv4.2uw ;; + # The marketing names for NeXT's operating systems were + # NeXTSTEP, NeXTSTEP 2, OpenSTEP 3, OpenSTEP 4. 'openstep' is + # mapped to 'openstep3', but 'openstep1' and 'openstep2' are + # mapped to 'nextstep' and 'nextstep2', consistent with the + # treatment of SunOS/Solaris. + ns | ns1 | nextstep | nextstep1 | openstep1) + os=nextstep + ;; + ns2 | nextstep2 | openstep2) + os=nextstep2 + ;; + ns3 | nextstep3 | openstep | openstep3) + os=openstep3 + ;; + ns4 | nextstep4 | openstep4) + os=openstep4 + ;; # es1800 is here to avoid being matched by es* (a different OS) es1800*) os=ose @@ -1424,6 +1649,7 @@ case $os in ;; utek*) os=bsd + vendor=`echo "$vendor" | sed -e 's|^unknown$|tektronix|'` ;; dynix*) os=bsd @@ -1440,21 +1666,25 @@ case $os in 386bsd) os=bsd ;; - ctix* | uts*) + ctix*) os=sysv + vendor=`echo "$vendor" | sed -e 's|^unknown$|convergent|'` ;; - nova*) - os=rtmk-nova + uts*) + os=sysv ;; - ns2) - os=nextstep2 + nova*) + kernel=rtmk + os=nova ;; # Preserve the version number of sinix5. sinix5.*) os=`echo "$os" | sed -e 's|sinix|sysv|'` + vendor=`echo "$vendor" | sed -e 's|^unknown$|sni|'` ;; sinix*) os=sysv4 + vendor=`echo "$vendor" | sed -e 's|^unknown$|sni|'` ;; tpf*) os=tpf @@ -1595,6 +1825,14 @@ case $cpu-$vendor in os= obj=elf ;; + # The -sgi and -siemens entries must be before the mips- entry + # or we get the wrong os. + *-sgi) + os=irix + ;; + *-siemens) + os=sysv4 + ;; mips*-cisco) os= obj=elf @@ -1607,7 +1845,8 @@ case $cpu-$vendor in os= obj=coff ;; - *-tti) # must be before sparc entry or we get the wrong os. + # This must be before the sparc-* entry or we get the wrong os. + *-tti) os=sysv3 ;; sparc-* | *-sun) @@ -1639,7 +1878,7 @@ case $cpu-$vendor in os=hpux ;; *-hitachi) - os=hiux + os=hiuxwe2 ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=sysv @@ -1683,12 +1922,6 @@ case $cpu-$vendor in *-encore) os=bsd ;; - *-sgi) - os=irix - ;; - *-siemens) - os=sysv4 - ;; *-masscomp) os=rtu ;; @@ -1735,40 +1968,194 @@ case $os in ghcjs) ;; # Now accept the basic system types. - # The portable systems comes first. # Each alternative MUST end in a * to match a version number. - gnu* | android* | bsd* | mach* | minix* | genix* | ultrix* | irix* \ - | *vms* | esix* | aix* | cnk* | sunos | sunos[34]* \ - | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \ - | sym* | plan9* | psp* | sim* | xray* | os68k* | v88r* \ - | hiux* | abug | nacl* | netware* | windows* \ - | os9* | macos* | osx* | ios* | tvos* | watchos* \ - | mpw* | magic* | mmixware* | mon960* | lnews* \ - | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \ - | aos* | aros* | cloudabi* | sortix* | twizzler* \ - | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \ - | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \ - | mirbsd* | netbsd* | dicos* | openedition* | ose* \ - | bitrig* | openbsd* | secbsd* | solidbsd* | libertybsd* | os108* \ - | ekkobsd* | freebsd* | riscix* | lynxos* | os400* \ - | bosx* | nextstep* | cxux* | oabi* \ - | ptx* | ecoff* | winnt* | domain* | vsta* \ - | udi* | lites* | ieee* | go32* | aux* | hcos* \ - | chorusrdb* | cegcc* | glidix* | serenity* \ - | cygwin* | msys* | moss* | proelf* | rtems* \ - | midipix* | mingw32* | mingw64* | mint* \ - | uxpv* | beos* | mpeix* | udk* | moxiebox* \ - | interix* | uwin* | mks* | rhapsody* | darwin* \ - | openstep* | oskit* | conix* | pw32* | nonstopux* \ - | storm-chaos* | tops10* | tenex* | tops20* | its* \ - | os2* | vos* | palmos* | uclinux* | nucleus* | morphos* \ - | scout* | superux* | sysv* | rtmk* | tpf* | windiss* \ - | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \ - | skyos* | haiku* | rdos* | toppers* | drops* | es* \ - | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \ - | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \ - | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr* \ - | fiwix* | mlibc* | cos* | mbr* | ironclad* ) + abug \ + | aix* \ + | amdhsa* \ + | amigados* \ + | amigaos* \ + | android* \ + | aof* \ + | aos* \ + | aros* \ + | atheos* \ + | auroraux* \ + | aux* \ + | banan_os* \ + | beos* \ + | bitrig* \ + | bme* \ + | bosx* \ + | bsd* \ + | cegcc* \ + | chorusos* \ + | chorusrdb* \ + | clix* \ + | cloudabi* \ + | cnk* \ + | conix* \ + | cos* \ + | cxux* \ + | cygwin* \ + | darwin* \ + | dgux* \ + | dicos* \ + | dnix* \ + | domain* \ + | dragonfly* \ + | drops* \ + | ebmon* \ + | ecoff* \ + | ekkobsd* \ + | emscripten* \ + | emx* \ + | es* \ + | fiwix* \ + | freebsd* \ + | fuchsia* \ + | genix* \ + | genode* \ + | glidix* \ + | gnu* \ + | go32* \ + | haiku* \ + | hcos* \ + | hiux* \ + | hms* \ + | hpux* \ + | ieee* \ + | interix* \ + | ios* \ + | iris* \ + | irix* \ + | isc* \ + | its* \ + | l4re* \ + | libertybsd* \ + | lites* \ + | lnews* \ + | luna* \ + | lynxos* \ + | mach* \ + | macos* \ + | magic* \ + | mbr* \ + | midipix* \ + | midnightbsd* \ + | mingw32* \ + | mingw64* \ + | minix* \ + | mint* \ + | mirbsd* \ + | mks* \ + | mlibc* \ + | mmixware* \ + | mon960* \ + | morphos* \ + | moss* \ + | moxiebox* \ + | mpeix* \ + | mpw* \ + | msdos* \ + | msys* \ + | mvs* \ + | nacl* \ + | netbsd* \ + | netware* \ + | newsos* \ + | nextstep* \ + | nindy* \ + | nonstopux* \ + | nova* \ + | nsk* \ + | nucleus* \ + | nx6 \ + | nx7 \ + | oabi* \ + | ohos* \ + | onefs* \ + | openbsd* \ + | openedition* \ + | openstep* \ + | os108* \ + | os2* \ + | os400* \ + | os68k* \ + | os9* \ + | ose* \ + | osf* \ + | oskit* \ + | osx* \ + | palmos* \ + | phoenix* \ + | plan9* \ + | powermax* \ + | powerunix* \ + | proelf* \ + | psos* \ + | psp* \ + | ptx* \ + | pw32* \ + | qnx* \ + | rdos* \ + | redox* \ + | rhapsody* \ + | riscix* \ + | riscos* \ + | rtems* \ + | rtmk* \ + | rtu* \ + | scout* \ + | secbsd* \ + | sei* \ + | serenity* \ + | sim* \ + | skyos* \ + | solaris* \ + | solidbsd* \ + | sortix* \ + | storm-chaos* \ + | sunos \ + | sunos[34]* \ + | superux* \ + | syllable* \ + | sym* \ + | sysv* \ + | tenex* \ + | tirtos* \ + | tock* \ + | toppers* \ + | tops10* \ + | tops20* \ + | tpf* \ + | tvos* \ + | twizzler* \ + | uclinux* \ + | udi* \ + | udk* \ + | ultrix* \ + | unicos* \ + | uniplus* \ + | unleashed* \ + | unos* \ + | uwin* \ + | uxpv* \ + | v88r* \ + |*vms* \ + | vos* \ + | vsta* \ + | vxsim* \ + | vxworks* \ + | wasi* \ + | watchos* \ + | wince* \ + | windiss* \ + | windows* \ + | winnt* \ + | xenix* \ + | xray* \ + | zephyr* \ + | zvmoe* ) ;; # This one is extra strict with allowed versions sco3.2v2 | sco3.2v[4-9]* | sco5v6*) @@ -1829,9 +2216,11 @@ esac case $kernel-$os-$obj in linux-gnu*- | linux-android*- | linux-dietlibc*- | linux-llvm*- \ | linux-mlibc*- | linux-musl*- | linux-newlib*- \ - | linux-relibc*- | linux-uclibc*- ) + | linux-relibc*- | linux-uclibc*- | linux-ohos*- ) + ;; + uclinux-uclibc*- | uclinux-gnu*- ) ;; - uclinux-uclibc*- ) + ironclad-mlibc*-) ;; managarm-mlibc*- | managarm-kernel*- ) ;; @@ -1856,7 +2245,7 @@ case $kernel-$os-$obj in echo "Invalid configuration '$1': '$os' needs 'windows'." 1>&2 exit 1 ;; - kfreebsd*-gnu*- | kopensolaris*-gnu*-) + kfreebsd*-gnu*- | knetbsd*-gnu*- | netbsd*-gnu*- | kopensolaris*-gnu*-) ;; vxworks-simlinux- | vxworks-simwindows- | vxworks-spe-) ;; @@ -1864,8 +2253,12 @@ case $kernel-$os-$obj in ;; os2-emx-) ;; + rtmk-nova-) + ;; *-eabi*- | *-gnueabi*-) ;; + ios*-simulator- | tvos*-simulator- | watchos*-simulator- ) + ;; none--*) # None (no kernel, i.e. freestanding / bare metal), # can be paired with an machine code file format @@ -1890,7 +2283,7 @@ case $vendor in *-riscix*) vendor=acorn ;; - *-sunos*) + *-sunos* | *-solaris*) vendor=sun ;; *-cnk* | *-aix*) @@ -1964,8 +2357,8 @@ echo "$cpu-$vendor${kernel:+-$kernel}${os:+-$os}${obj:+-$obj}" exit # Local variables: -# eval: (add-hook 'before-save-hook 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp nil t) # time-stamp-start: "timestamp='" -# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-format: "%Y-%02m-%02d" # time-stamp-end: "'" # End: diff --git a/configure b/configure index 42ceafb240b6..7585de58d622 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for ldns 1.8.4. +# Generated by GNU Autoconf 2.71 for ldns 1.9.0. # # Report bugs to <dns-team@nlnetlabs.nl>. # @@ -621,8 +621,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='ldns' PACKAGE_TARNAME='libdns' -PACKAGE_VERSION='1.8.4' -PACKAGE_STRING='ldns 1.8.4' +PACKAGE_VERSION='1.9.0' +PACKAGE_STRING='ldns 1.9.0' PACKAGE_BUGREPORT='dns-team@nlnetlabs.nl' PACKAGE_URL='' @@ -851,6 +851,7 @@ enable_dane_ta_usage enable_full_dane enable_no_dane_ta_usage enable_no_dane_verify +enable_draft_rrtypes enable_rrtype_ninfo enable_rrtype_rkey enable_rrtype_openpgpkey @@ -860,6 +861,9 @@ enable_rrtype_doa enable_rrtype_amtrelay enable_rrtype_svcb_https enable_rrtype_resinfo +enable_rrtype_dsync +enable_rrtypes_cla_ipn +enable_rrtypes_hhit_brid enable_rpath with_xcode_sdk with_trust_anchor @@ -1424,7 +1428,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ldns 1.8.4 to adapt to many kinds of systems. +\`configure' configures ldns 1.9.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1490,7 +1494,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ldns 1.8.4:";; + short | recursive ) echo "Configuration of ldns 1.9.0:";; esac cat <<\_ACEOF @@ -1520,6 +1524,7 @@ Optional Features: --disable-dane-verify Disable DANE verify support --disable-dane-ta-usage Disable DANE-TA usage type support + --enable-draft-rrtypes Enable all draft RR types. --enable-rrtype-ninfo Enable draft RR type ninfo. --enable-rrtype-rkey Enable draft RR type rkey. --disable-rrtype-openpgpkey @@ -1531,7 +1536,13 @@ Optional Features: Disable RR type AMTRELAY. --disable-rrtype-svcb-https Disable RR types SVCB and HTTPS. - --enable-rrtype-resinfo Disable RR type RESINFO. + --disable-rrtype-resinfo + Disable RR type RESINFO. + --disable-rrtype-dsync Disable RR type DSYNC. + --enable-rrtypes-cla-ipn + Enable draft RR types CLA and IPN. + --enable-rrtypes-hhit-brid + Enable draft RR types HHIT and BRID. --disable-rpath disable hardcoded rpath (default=enabled) Optional Packages: @@ -1645,7 +1656,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ldns configure 1.8.4 +ldns configure 1.9.0 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2264,7 +2275,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ldns $as_me 1.8.4, which was +It was created by ldns $as_me 1.9.0, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -3028,9 +3039,9 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu # needed to build correct soname LDNS_VERSION_MAJOR=1 -LDNS_VERSION_MINOR=8 +LDNS_VERSION_MINOR=9 -LDNS_VERSION_MICRO=4 +LDNS_VERSION_MICRO=0 # Library version @@ -3052,6 +3063,7 @@ LDNS_VERSION_MICRO=4 # ldns-1.8.1 had libversion 6:0:3 # ldns-1.8.2 had libversion 7:0:4 # ldns-1.8.3 has libversion 8:0:5 +# ldns-1.9.0 will have libversion 9:0:6 (new behaviour for dnssec_rrs_add_rr) # VERSION_INFO=9:0:6 @@ -17560,12 +17572,19 @@ printf "%s\n" "#define USE_DANE_TA_USAGE 1" >>confdefs.h ;; esac +# Check whether --enable-draft-rrtypes was given. +if test ${enable_draft_rrtypes+y} +then : + enableval=$enable_draft_rrtypes; +fi + # Check whether --enable-rrtype-ninfo was given. if test ${enable_rrtype_ninfo+y} then : enableval=$enable_rrtype_ninfo; fi +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_ninfo="yes"; fi case "$enable_rrtype_ninfo" in yes) @@ -17581,6 +17600,7 @@ then : enableval=$enable_rrtype_rkey; fi +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_rkey="yes"; fi case "$enable_rrtype_rkey" in yes) @@ -17611,6 +17631,7 @@ then : enableval=$enable_rrtype_ta; fi +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_ta="yes"; fi case "$enable_rrtype_ta" in yes) @@ -17626,6 +17647,7 @@ then : enableval=$enable_rrtype_avc; fi +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_avc="yes"; fi case "$enable_rrtype_avc" in yes) @@ -17641,6 +17663,7 @@ then : enableval=$enable_rrtype_doa; fi +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_doa="yes"; fi case "$enable_rrtype_doa" in yes) @@ -17695,6 +17718,53 @@ printf "%s\n" "#define RRTYPE_RESINFO /**/" >>confdefs.h ;; esac +# Check whether --enable-rrtype-dsync was given. +if test ${enable_rrtype_dsync+y} +then : + enableval=$enable_rrtype_dsync; +fi + +case "$enable_rrtype_dsync" in + no) + ;; + yes|*) + +printf "%s\n" "#define RRTYPE_DSYNC /**/" >>confdefs.h + + ;; +esac +# Check whether --enable-rrtypes-cla-ipn was given. +if test ${enable_rrtypes_cla_ipn+y} +then : + enableval=$enable_rrtypes_cla_ipn; +fi + +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtypes_cla_ipn="yes"; fi +case "$enable_rrtypes_cla_ipn" in + yes) + +printf "%s\n" "#define RRTYPE_CLA_IPN /**/" >>confdefs.h + + ;; + no|*) + ;; +esac +# Check whether --enable-rrtypes-hhit-brid was given. +if test ${enable_rrtypes_hhit_brid+y} +then : + enableval=$enable_rrtypes_hhit_brid; +fi + +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtypes_hhit_brid="yes"; fi +case "$enable_rrtypes_hhit_brid" in + yes) + +printf "%s\n" "#define RRTYPE_HHIT_BRID /**/" >>confdefs.h + + ;; + no|*) + ;; +esac if echo "$tmp_LIBS" | grep "ws2_32" >/dev/null; then @@ -20467,7 +20537,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ldns $as_me 1.8.4, which was +This file was extended by ldns $as_me 1.9.0, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20535,7 +20605,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -ldns config.status 1.8.4 +ldns config.status 1.9.0 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 9bf9823f73c1..91938e4a3430 100644 --- a/configure.ac +++ b/configure.ac @@ -5,8 +5,8 @@ sinclude(acx_nlnetlabs.m4) # must be numbers. ac_defun because of later processing. m4_define([VERSION_MAJOR],[1]) -m4_define([VERSION_MINOR],[8]) -m4_define([VERSION_MICRO],[4]) +m4_define([VERSION_MINOR],[9]) +m4_define([VERSION_MICRO],[0]) AC_INIT([ldns],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[dns-team@nlnetlabs.nl],[libdns]) AC_CONFIG_SRCDIR([packet.c]) # needed to build correct soname @@ -33,6 +33,7 @@ AC_SUBST(LDNS_VERSION_MICRO, [VERSION_MICRO]) # ldns-1.8.1 had libversion 6:0:3 # ldns-1.8.2 had libversion 7:0:4 # ldns-1.8.3 has libversion 8:0:5 +# ldns-1.9.0 will have libversion 9:0:6 (new behaviour for dnssec_rrs_add_rr) # AC_SUBST(VERSION_INFO, [9:0:6]) @@ -667,7 +668,9 @@ case "$enable_dane" in ;; esac +AC_ARG_ENABLE(draft-rrtypes, AS_HELP_STRING([--enable-draft-rrtypes],[Enable all draft RR types.])) AC_ARG_ENABLE(rrtype-ninfo, AS_HELP_STRING([--enable-rrtype-ninfo],[Enable draft RR type ninfo.])) +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_ninfo="yes"; fi case "$enable_rrtype_ninfo" in yes) AC_DEFINE_UNQUOTED([RRTYPE_NINFO], [], [Define this to enable RR type NINFO.]) @@ -676,6 +679,7 @@ case "$enable_rrtype_ninfo" in ;; esac AC_ARG_ENABLE(rrtype-rkey, AS_HELP_STRING([--enable-rrtype-rkey],[Enable draft RR type rkey.])) +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_rkey="yes"; fi case "$enable_rrtype_rkey" in yes) AC_DEFINE_UNQUOTED([RRTYPE_RKEY], [], [Define this to enable RR type RKEY.]) @@ -692,6 +696,7 @@ case "$enable_rrtype_openpgpkey" in ;; esac AC_ARG_ENABLE(rrtype-ta, AS_HELP_STRING([--enable-rrtype-ta],[Enable draft RR type ta.])) +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_ta="yes"; fi case "$enable_rrtype_ta" in yes) AC_DEFINE_UNQUOTED([RRTYPE_TA], [], [Define this to enable RR type TA.]) @@ -700,6 +705,7 @@ case "$enable_rrtype_ta" in ;; esac AC_ARG_ENABLE(rrtype-avc, AS_HELP_STRING([--enable-rrtype-avc],[Enable draft RR type avc.])) +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_avc="yes"; fi case "$enable_rrtype_avc" in yes) AC_DEFINE_UNQUOTED([RRTYPE_AVC], [], [Define this to enable RR type AVC.]) @@ -708,6 +714,7 @@ case "$enable_rrtype_avc" in ;; esac AC_ARG_ENABLE(rrtype-doa, AS_HELP_STRING([--enable-rrtype-doa],[Enable draft RR type DOA.])) +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_doa="yes"; fi case "$enable_rrtype_doa" in yes) AC_DEFINE_UNQUOTED([RRTYPE_DOA], [], [Define this to enable RR type DOA.]) @@ -731,7 +738,7 @@ case "$enable_rrtype_svcb_https" in AC_DEFINE_UNQUOTED([RRTYPE_SVCB_HTTPS], [], [Define this to enable RR types SVCB and HTTPS.]) ;; esac -AC_ARG_ENABLE(rrtype-resinfo, AS_HELP_STRING([--enable-rrtype-resinfo],[Disable RR type RESINFO.])) +AC_ARG_ENABLE(rrtype-resinfo, AS_HELP_STRING([--disable-rrtype-resinfo],[Disable RR type RESINFO.])) case "$enable_rrtype_resinfo" in no) ;; @@ -739,6 +746,32 @@ case "$enable_rrtype_resinfo" in AC_DEFINE_UNQUOTED([RRTYPE_RESINFO], [], [Define this to enable RR type RESINFO.]) ;; esac +AC_ARG_ENABLE(rrtype-dsync, AS_HELP_STRING([--disable-rrtype-dsync],[Disable RR type DSYNC.])) +case "$enable_rrtype_dsync" in + no) + ;; + yes|*) + AC_DEFINE_UNQUOTED([RRTYPE_DSYNC], [], [Define this to enable RR type DSYNC.]) + ;; +esac +AC_ARG_ENABLE(rrtypes-cla-ipn, AS_HELP_STRING([--enable-rrtypes-cla-ipn],[Enable draft RR types CLA and IPN.])) +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtypes_cla_ipn="yes"; fi +case "$enable_rrtypes_cla_ipn" in + yes) + AC_DEFINE_UNQUOTED([RRTYPE_CLA_IPN], [], [Define this to enable RR types CLA and IPN.]) + ;; + no|*) + ;; +esac +AC_ARG_ENABLE(rrtypes-hhit-brid, AS_HELP_STRING([--enable-rrtypes-hhit-brid],[Enable draft RR types HHIT and BRID.])) +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtypes_hhit_brid="yes"; fi +case "$enable_rrtypes_hhit_brid" in + yes) + AC_DEFINE_UNQUOTED([RRTYPE_HHIT_BRID], [], [Define this to enable RR types HHIT and BRID.]) + ;; + no|*) + ;; +esac if echo "$tmp_LIBS" | grep "ws2_32" >/dev/null; then @@ -1193,7 +1226,7 @@ size_t strlcpy(char *dst, const char *src, size_t siz); #define close_socket(_s) do { if (_s != SOCK_INVALID) {closesocket(_s); _s = -1;} } while(0) #else #define SOCK_INVALID -1 -#define close_socket(_s) do { if (_s != SOCK_INVALID) {close(_s); _s = -1;} } while(0) +#define close_socket(_s) do { if (_s != SOCK_INVALID) {close(_s >= -1 ? _s : -1); _s = -1;} } while(0) #endif #ifdef __cplusplus diff --git a/contrib/python/ldns_buffer.i b/contrib/python/ldns_buffer.i index 5c2d583bea4d..0a3e38958fd5 100644 --- a/contrib/python/ldns_buffer.i +++ b/contrib/python/ldns_buffer.i @@ -45,7 +45,7 @@ /* Result generation, appends (ldns_buffer *) after the result. */ %typemap(argout, noblock=1) (ldns_buffer **) { - $result = SWIG_Python_AppendOutput($result, + $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_buf), SWIGTYPE_p_ldns_struct_buffer, SWIG_POINTER_OWN | 0)); } diff --git a/contrib/python/ldns_key.i b/contrib/python/ldns_key.i index dc67e67bf774..6a3c2db4317f 100644 --- a/contrib/python/ldns_key.i +++ b/contrib/python/ldns_key.i @@ -38,7 +38,7 @@ /* result generation */ %typemap(argout,noblock=1) (ldns_key **) { - $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_key), SWIGTYPE_p_ldns_struct_key, SWIG_POINTER_OWN | 0 )); + $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_key), SWIGTYPE_p_ldns_struct_key, SWIG_POINTER_OWN | 0 )); } %typemap(argout) ldns_rdf *r "Py_INCREF($input);" diff --git a/contrib/python/ldns_packet.i b/contrib/python/ldns_packet.i index c2d7a3b63cca..8309808d3072 100644 --- a/contrib/python/ldns_packet.i +++ b/contrib/python/ldns_packet.i @@ -45,7 +45,7 @@ /* Result generation, appends (ldns_pkt *) after the result. */ %typemap(argout,noblock=1) (ldns_pkt **) { - $result = SWIG_Python_AppendOutput($result, + $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_pkt), SWIGTYPE_p_ldns_struct_pkt, SWIG_POINTER_OWN | 0 )); } diff --git a/contrib/python/ldns_rdf.i b/contrib/python/ldns_rdf.i index 39f9af1895cb..ed1f0d009db2 100644 --- a/contrib/python/ldns_rdf.i +++ b/contrib/python/ldns_rdf.i @@ -45,7 +45,7 @@ /* Result generation, appends (ldns_rdf *) after the result. */ %typemap(argout, noblock=1) (ldns_rdf **) { - $result = SWIG_Python_AppendOutput($result, + $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_rdf), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0)); } diff --git a/contrib/python/ldns_resolver.i b/contrib/python/ldns_resolver.i index 8468cce3819b..8d0abc6ea03a 100644 --- a/contrib/python/ldns_resolver.i +++ b/contrib/python/ldns_resolver.i @@ -45,7 +45,7 @@ /* Result generation, appends (ldns_resolver *) after the result. */ %typemap(argout,noblock=1) (ldns_resolver **r) { - $result = SWIG_Python_AppendOutput($result, + $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_res), SWIGTYPE_p_ldns_struct_resolver, SWIG_POINTER_OWN | 0 )); } diff --git a/contrib/python/ldns_rr.i b/contrib/python/ldns_rr.i index 2e0a07140d41..c53955cf9218 100644 --- a/contrib/python/ldns_rr.i +++ b/contrib/python/ldns_rr.i @@ -45,7 +45,7 @@ /* Result generation, appends (ldns_rr *) after the result. */ %typemap(argout, noblock=1) (ldns_rr **) { - $result = SWIG_Python_AppendOutput($result, + $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_rr), SWIGTYPE_p_ldns_struct_rr, SWIG_POINTER_OWN | 0 )); } diff --git a/contrib/python/ldns_zone.i b/contrib/python/ldns_zone.i index bbb8d8f21aeb..3459478ae087 100644 --- a/contrib/python/ldns_zone.i +++ b/contrib/python/ldns_zone.i @@ -39,7 +39,7 @@ /* result generation */ %typemap(argout,noblock=1) (ldns_zone **) { - $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_zone), SWIGTYPE_p_ldns_struct_zone, SWIG_POINTER_OWN | 0 )); + $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_zone), SWIGTYPE_p_ldns_struct_zone, SWIG_POINTER_OWN | 0 )); } %nodefaultctor ldns_struct_zone; //no default constructor & destructor @@ -285,6 +285,7 @@ ldns_calc_keytag(const ldns_rr *key) } if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY && + ldns_rr_get_type(key) != LDNS_RR_TYPE_CDNSKEY && ldns_rr_get_type(key) != LDNS_RR_TYPE_KEY ) { return 0; @@ -517,7 +518,8 @@ ldns_key_rr2ds(const ldns_rr *key, ldns_hash h) const EVP_MD* md = NULL; #endif - if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY) { + if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY && + ldns_rr_get_type(key) != LDNS_RR_TYPE_CDNSKEY) { return NULL; } diff --git a/dnssec_zone.c b/dnssec_zone.c index 013517f4ac1a..ef2359bbaab1 100644 --- a/dnssec_zone.c +++ b/dnssec_zone.c @@ -71,8 +71,9 @@ ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr) new_rrs->next = rrs->next; rrs->rr = rr; rrs->next = new_rrs; - } - /* Silently ignore equal rr's */ + } else + return LDNS_STATUS_EQUAL_RR; + return LDNS_STATUS_OK; } @@ -732,25 +733,37 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* or */ ldns_rr_set_ttl(cur_rr, ldns_rr_ttl(prev_rr)); - prev_rr = cur_rr; #endif status = ldns_dnssec_zone_add_rr(newzone, cur_rr); - if (status == - LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) { - + switch(status) { + case LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND: if (rr_is_rrsig_covering(cur_rr, LDNS_RR_TYPE_NSEC3)){ ldns_rr_list_push_rr(todo_nsec3_rrsigs, cur_rr); } else { ldns_rr_list_push_rr(todo_nsec3s, - cur_rr); + cur_rr); } status = LDNS_STATUS_OK; - - } else if (status != LDNS_STATUS_OK) + break; + case LDNS_STATUS_EQUAL_RR: + ldns_rr_free(cur_rr); +#ifndef FASTER_DNSSEC_ZONE_NEW_FRM_FP + cur_rr = prev_rr; +#else + cur_rr = NULL; +#endif + status = LDNS_STATUS_OK; + break; + case LDNS_STATUS_OK: + break; + default: goto error; - + } +#ifndef FASTER_DNSSEC_ZONE_NEW_FRM_FP + prev_rr = cur_rr; +#endif break; case LDNS_STATUS_SYNTAX_TTL: /* the ttl was set*/ @@ -1510,11 +1523,18 @@ dnssec_zone_rr_iter_first(dnssec_zone_rr_iter *i, ldns_dnssec_zone *zone) : (ldns_dnssec_name *)i->node->data; if (zone->hashed_names) { - do { - i->nsec3_node = ldns_rbtree_first(zone->hashed_names); - i->nsec3_name = i->nsec3_node == LDNS_RBTREE_NULL ?NULL - : (ldns_dnssec_name*)i->nsec3_node->data; - } while (i->nsec3_name && !i->nsec3_name->nsec); + i->nsec3_node = ldns_rbtree_first(zone->hashed_names); + i->nsec3_name = i->nsec3_node == LDNS_RBTREE_NULL ? NULL + : (ldns_dnssec_name*)i->nsec3_node->data; + /* While there is no NSEC3 RR present at this hashed name, + * skip to the next hashed name. + */ + while (i->nsec3_name && !i->nsec3_name->nsec) { + /* next nsec3 */ + i->nsec3_node = ldns_rbtree_next(i->nsec3_node); + i->nsec3_name = i->nsec3_node == LDNS_RBTREE_NULL ? NULL + : (ldns_dnssec_name*)i->nsec3_node->data; + } } dnssec_zone_rr_iter_set_state_for_next_name(i); return dnssec_zone_rr_iter_next(i); diff --git a/doc/ldns_manpages b/doc/ldns_manpages index ed9f5c93f1fa..fe99fbb101fe 100644 --- a/doc/ldns_manpages +++ b/doc/ldns_manpages @@ -1,15 +1,171 @@ -ldns_zone_push_rr -ldns_zone_push_rr_list -ldns_rr_rdf -ldns_rr_owner -ldns_rr_rd_count -ldns_rr_ttl -ldns_rr_get_class -ldns_init_random -ldns_rr2canonical +ldns_rr_mx_preference +ldns_rr_mx_exchange +ldns_rdf2buffer_str_a +ldns_rdf2buffer_str_aaaa +ldns_rdf2buffer_str_str +ldns_rdf2buffer_str_b64 +ldns_rdf2buffer_str_hex +ldns_rdf2buffer_str_type +ldns_rdf2buffer_str_class +ldns_rdf2buffer_str_alg +ldns_rdf2buffer_str_loc +ldns_rdf2buffer_str_unknown +ldns_rdf2buffer_str_nsap +ldns_rdf2buffer_str_wks +ldns_rdf2buffer_str_nsec +ldns_rdf2buffer_str_period +ldns_rdf2buffer_str_tsigtime +ldns_rdf2buffer_str_apl +ldns_rdf2buffer_str_int16_data +ldns_rdf2buffer_str_int16 +ldns_rdf2buffer_str_ipseckey +ldns_rdf_address_reverse +ldns_duration_type +ldns_duration_create +ldns_duration_create_from_string +ldns_duration_cleanup +ldns_duration_compare +ldns_duration2string +ldns_duration2time +ldns_rr_descriptor +ldns_rr_descript +ldns_rr_descriptor_minimum +ldns_rr_descriptor_maximum +ldns_rr_descriptor_field_type +ldns_str2period +ldns_get_rr_class_by_name +ldns_get_rr_type_by_name +ldns_rr_list_cat +ldns_rr_list_push_rr +ldns_rr_list_pop_rr +ldns_buffer +ldns_buffer_new +ldns_buffer_new_frm_data +ldns_buffer_clear +ldns_buffer_printf +ldns_buffer_free +ldns_buffer_copy +ldns_buffer_export +ldns_buffer_export2str +ldns_buffer2str +ldns_rr_push_rdf +ldns_rr_pop_rdf +ldns_update_zocount +ldns_update_prcount +ldns_update_upcount +ldns_update_adcount +ldns_algorithm +ldns_rr_dnskey_flags +ldns_rr_dnskey_set_flags +ldns_rr_dnskey_protocol +ldns_rr_dnskey_set_protocol +ldns_rr_dnskey_algorithm +ldns_rr_dnskey_set_algorithm +ldns_rr_dnskey_key +ldns_rr_dnskey_set_key +ldns_buffer_limit +ldns_buffer_set_limit +ldns_buffer_capacity +ldns_buffer_set_capacity +ldns_buffer_reserve +ldns_buffer_at +ldns_buffer_begin +ldns_buffer_end +ldns_buffer_current ldns_zone_rrs ldns_zone_soa +ldns_pkt_set_flags +ldns_pkt_set_id +ldns_pkt_set_qr +ldns_pkt_set_aa +ldns_pkt_set_tc +ldns_pkt_set_rd +ldns_pkt_set_cd +ldns_pkt_set_ra +ldns_pkt_set_ad +ldns_pkt_set_opcode +ldns_pkt_set_rcode +ldns_pkt_set_qdcount +ldns_pkt_set_ancount +ldns_pkt_set_nscount +ldns_pkt_set_arcount +ldns_pkt_set_answerfrom +ldns_pkt_set_querytime +ldns_pkt_set_size +ldns_pkt_set_section_count +ldns_pkt_set_tsig +ldns_pkt_verify +ldns_rr2str +ldns_pkt2str +ldns_rdf2str +ldns_rr_list2str +ldns_key2str +ldns_fget_token +ldns_fskipcs +ldns_pkt +ldns_pkt_section +ldns_pkt_type +ldns_zone_sort +ldns_zone_glue_rr_list +ldns_rr2canonical +ldns_rdf_size +ldns_rdf_get_type +ldns_rdf_data +ldns_rdf_compare +ldns_rr_list_rr_count +ldns_rr_list_set_rr_count +ldns_dnssec_trust_tree_new +ldns_dnssec_trust_tree_free +ldns_dnssec_trust_tree_depth +ldns_dnssec_derive_trust_tree +ldns_dnssec_trust_tree_contains_keys +ldns_dnssec_trust_tree_print +ldns_dnssec_trust_tree_print_sm +ldns_dnssec_trust_tree_add_parent +ldns_dnssec_derive_trust_tree_normal_rrset +ldns_dnssec_derive_trust_tree_dnskey_rrset +ldns_dnssec_derive_trust_tree_ds_rrset +ldns_dnssec_derive_trust_tree_no_sig ldns_rr_ns_nsdname +ldns_dname_left_chop +ldns_dname_label_count +ldns_dname_new +ldns_dname_new_frm_str +ldns_dname_new_frm_data +ldns_rr_list_new +ldns_rr_list_free +ldns_pkt_new +ldns_pkt_free +ldns_pkt_print +ldns_pkt_query_new +ldns_pkt_query_new_frm_str +ldns_pkt_reply_type +ldns_zone_set_rrs +ldns_zone_set_soa +ldns_dnssec_rrs_new +ldns_dnssec_rrs_free +ldns_dnssec_rrs_add_rr +ldns_dnssec_rrs_print +ldns_key2rr +ldns_update_pkt_new +ldns_rr_rrsig_typecovered +ldns_rr_rrsig_set_typecovered +ldns_rr_rrsig_algorithm +ldns_rr_rrsig_set_algorithm +ldns_rr_rrsig_labels +ldns_rr_rrsig_set_labels +ldns_rr_rrsig_origttl +ldns_rr_rrsig_set_origttl +ldns_rr_rrsig_expiration +ldns_rr_rrsig_set_expiration +ldns_rr_rrsig_inception +ldns_rr_rrsig_set_inception +ldns_rr_rrsig_keytag +ldns_rr_rrsig_set_keytag +ldns_rr_rrsig_signame +ldns_rr_rrsig_set_signame +ldns_rr_rrsig_sig +ldns_rr_rrsig_set_sig ldns_buffer_write_at ldns_buffer_write ldns_buffer_write_string_at @@ -28,24 +184,77 @@ ldns_buffer_read_u32_at ldns_buffer_read_u32 ldns_buffer_write_u32 ldns_buffer_write_u32_at -ldns_update_pkt_new -ldns_update_set_zocount -ldns_update_set_prcount -ldns_update_set_upcount -ldns_update_set_adcount -ldns_key -ldns_rr_dnskey_flags -ldns_rr_dnskey_set_flags -ldns_rr_dnskey_protocol -ldns_rr_dnskey_set_protocol -ldns_rr_dnskey_algorithm -ldns_rr_dnskey_set_algorithm -ldns_rr_dnskey_key -ldns_rr_dnskey_set_key +ldns_key_list_key_count +ldns_key_list_key +ldns_key_rsa_key +ldns_key_dsa_key +ldns_key_algorithm +ldns_key_hmac_key +ldns_key_origttl +ldns_key_inception +ldns_key_expiration +ldns_key_keytag +ldns_key_pubkey_owner +ldns_key_flags ldns_rr2wire ldns_pkt2wire ldns_rdf2wire -ldns_send +ldns_zone_push_rr +ldns_zone_push_rr_list +ldns_dname_cat_clone +ldns_dname_cat +ldns_key_list_push_key +ldns_key_list_pop_key +ldns_init_random +ldns_sign_public_dsa +ldns_sign_public_rsamd5 +ldns_sign_public_rsasha1 +ldns_buffer2pkt_wire +ldns_rr_new +ldns_rr_new_frm_type +ldns_rr_new_frm_str +ldns_rr_new_frm_fp +ldns_rr_free +ldns_rr_print +ldns_rr +ldns_rr_class +ldns_rr_type +ldns_rr_compress +ldns_rr_list +ldns_zone_sign +ldns_zone_sign_nsec3 +ldns_get_rr_list_addr_by_name +ldns_get_rr_list_name_by_addr +ldns_key_rr2ds +ldns_native2rdf_int8 +ldns_native2rdf_int16 +ldns_native2rdf_int32 +ldns_native2rdf_int16_data +ldns_rdf2native_int8 +ldns_rdf2native_int16 +ldns_rdf2native_int32 +ldns_rdf2native_sockaddr_storage +ldns_rdf2native_time_t +ldns_zone +ldns_zone_new +ldns_zone_free +ldns_zone_deep_free +ldns_zone_new_frm_fp +ldns_zone_new_frm_fp_l +ldns_zone_print +ldns_zone_print_fmt +ldns_wire2rr +ldns_wire2pkt +ldns_wire2rdf +ldns_wire2dname +ldns_dane_verify +ldns_dane_verify_rr +ldns_verify +ldns_verify_rrsig +ldns_verify_rrsig_keylist +ldns_verify_rrsig_keylist_notime +ldns_verify_notime +ldns_zone_rr_count ldns_key_set_algorithm ldns_key_set_rsa_key ldns_key_set_dsa_key @@ -58,50 +267,76 @@ ldns_key_set_keytag ldns_key_set_flags ldns_key_list_set_key_count ldns_key_algo_supported -ldns_rr -ldns_rr_class -ldns_rr_type -ldns_rr_compress -ldns_rr_list -ldns_buffer2pkt_wire +ldns_dnssec_name_new +ldns_dnssec_name_new_frm_rr +ldns_dnssec_name_free +ldns_dnssec_name_name +ldns_dnssec_name_set_name +ldns_dnssec_name_set_nsec +ldns_dnssec_name_cmp +ldns_dnssec_name_add_rr +ldns_dnssec_name_find_rrset +ldns_dnssec_name_print ldns_bubblebabble -ldns_rr2str -ldns_pkt2str -ldns_rdf2str -ldns_rr_list2str -ldns_key2str -ldns_dname_cat_clone -ldns_dname_cat -ldns_dname_left_chop -ldns_dname_label_count -ldns_dnssec_data_chain -ldns_dnssec_data_chain_struct -ldns_dnssec_trust_tree -ldns_buffer -ldns_buffer_new -ldns_buffer_new_frm_data -ldns_buffer_clear -ldns_buffer_printf -ldns_buffer_free -ldns_buffer_copy -ldns_buffer_export -ldns_buffer_export2str -ldns_buffer2str +ldns_key +ldns_key_list_new +ldns_tcp_send_query +ldns_tcp_read_wire +ldns_tcp_connect +ldns_pkt2buffer_str +ldns_pktheader2buffer_str +ldns_rr2buffer_str +ldns_rr_list2buffer_str +ldns_rdf2buffer_str +ldns_key2buffer_str +ldns_pkt2buffer_wire +ldns_rr2buffer_wire +ldns_rdf2buffer_wire +ldns_rrsig2buffer_wire +ldns_rr_rdata2buffer_wire +ldns_send ldns_update_pkt_tsig_add -ldns_dname_is_subdomain -ldns_dname_str_absolute -ldns_dname_label -ldns_key_buf2dsa -ldns_key_buf2rsa -ldns_key_print +ldns_dnssec_data_chain_new +ldns_dnssec_data_chain_free +ldns_dnssec_data_chain_deep_free +ldns_dnssec_build_data_chain +ldns_dnssec_data_chain_print +ldns_get_rr_list_hosts_frm_file +ldns_get_rr_list_hosts_frm_fp +ldns_get_rr_list_hosts_frm_fp_l +ldns_dnssec_rrsets_new +ldns_dnssec_rrsets_free +ldns_dnssec_rrsets_type +ldns_dnssec_rrsets_set_type +ldns_dnssec_rrsets_add_rr +ldns_dnssec_rrsets_print ldns_dnssec_verify_denial ldns_dnssec_verify_denial_nsec3 -ldns_rr_mx_preference -ldns_rr_mx_exchange -ldns_rdf_size -ldns_rdf_get_type -ldns_rdf_data -ldns_rdf_compare +ldns_pkt_tsig_verify +ldns_pkt_tsig_sign +ldns_buffer_flip +ldns_buffer_rewind +ldns_buffer_position +ldns_buffer_set_position +ldns_buffer_skip +ldns_rdf_new +ldns_rdf_clone +ldns_rdf_new_frm_data +ldns_rdf_new_frm_str +ldns_rdf_new_frm_fp +ldns_rdf_free +ldns_rdf_deep_free +ldns_rdf_print +ldns_rr_label_count +ldns_dname2canonical +ldns_axfr_start +ldns_axfr_next +ldns_axfr_abort +ldns_axfr_complete +ldns_axfr_last_pkt +ldns_bget_token +ldns_bgetc +ldns_bskipcs ldns_pkt_id ldns_pkt_qr ldns_pkt_aa @@ -128,67 +363,47 @@ ldns_pkt_get_section_clone ldns_pkt_rr_list_by_name ldns_pkt_rr_list_by_type ldns_pkt_rr_list_by_name_and_type -ldns_pkt2buffer_str -ldns_pktheader2buffer_str -ldns_rr2buffer_str -ldns_rr_list2buffer_str -ldns_rdf2buffer_str -ldns_key2buffer_str -ldns_pkt2buffer_wire -ldns_rr2buffer_wire -ldns_rdf2buffer_wire -ldns_rrsig2buffer_wire -ldns_rr_rdata2buffer_wire -ldns_rr_set_push_rr -ldns_rr_set_pop_rr +ldns_dname_compare +ldns_dname_interval +ldns_update_set_zocount +ldns_update_set_prcount +ldns_update_set_upcount +ldns_update_set_adcount +ldns_get_errorstr_by_id +ldns_status ldns_key_free ldns_key_deep_free ldns_key_list_free -ldns_get_rr_list_addr_by_name -ldns_get_rr_list_name_by_addr -ldns_algorithm -ldns_key_rr2ds +ldns_rr_list_sort +ldns_dnssec_zone_sign +ldns_dnssec_zone_sign_nsec3 +ldns_dnssec_zone_mark_glue +ldns_dnssec_name_node_next_nonglue +ldns_dnssec_zone_create_nsecs +ldns_dnssec_remove_signatures +ldns_dnssec_zone_create_rrsigs +ldns_key_print +ldns_buffer_remaining_at +ldns_buffer_remaining +ldns_buffer_available_at +ldns_buffer_available +ldns_buffer_status +ldns_buffer_status_ok +ldns_rdf_set_size +ldns_rdf_set_type +ldns_rdf_set_data +ldns_key_buf2dsa +ldns_key_buf2rsa ldns_b32_ntop_calculate_size ldns_b32_pton_calculate_size ldns_b64_ntop_calculate_size ldns_b64_pton_calculate_size -ldns_get_errorstr_by_id -ldns_status -ldns_key_list_key_count -ldns_key_list_key -ldns_key_rsa_key -ldns_key_dsa_key -ldns_key_algorithm -ldns_key_hmac_key -ldns_key_origttl -ldns_key_inception -ldns_key_expiration -ldns_key_keytag -ldns_key_pubkey_owner -ldns_key_flags -ldns_dnssec_name_new -ldns_dnssec_name_new_frm_rr -ldns_dnssec_name_free -ldns_dnssec_name_name -ldns_dnssec_name_set_name -ldns_dnssec_name_set_nsec -ldns_dnssec_name_cmp -ldns_dnssec_name_add_rr -ldns_dnssec_name_find_rrset -ldns_dnssec_name_print -ldns_rdf_new -ldns_rdf_clone -ldns_rdf_new_frm_data -ldns_rdf_new_frm_str -ldns_rdf_new_frm_fp -ldns_rdf_free -ldns_rdf_deep_free -ldns_rdf_print -ldns_bget_token -ldns_bgetc -ldns_bskipcs -ldns_get_rr_class_by_name -ldns_get_rr_type_by_name +ldns_rr_compare +ldns_rr_compare_ds +ldns_calc_keytag +ldns_calc_keytag_raw +ldns_rdf +ldns_rdf_type ldns_dnssec_zone_find_rrset ldns_dnssec_zone_new ldns_dnssec_zone_free @@ -196,87 +411,14 @@ ldns_dnssec_zone_add_rr ldns_dnssec_zone_names_print ldns_dnssec_zone_print ldns_dnssec_zone_add_empty_nonterminals -ldns_sign_public_dsa -ldns_sign_public_rsamd5 -ldns_sign_public_rsasha1 -ldns_rdf_address_reverse -ldns_pkt_verify -ldns_dnssec_trust_tree_new -ldns_dnssec_trust_tree_free -ldns_dnssec_trust_tree_depth -ldns_dnssec_derive_trust_tree -ldns_dnssec_trust_tree_contains_keys -ldns_dnssec_trust_tree_print -ldns_dnssec_trust_tree_print_sm -ldns_dnssec_trust_tree_add_parent -ldns_dnssec_derive_trust_tree_normal_rrset -ldns_dnssec_derive_trust_tree_dnskey_rrset -ldns_dnssec_derive_trust_tree_ds_rrset -ldns_dnssec_derive_trust_tree_no_sig -ldns_dname_compare -ldns_dname_interval -ldns_rr_new -ldns_rr_new_frm_type -ldns_rr_new_frm_str -ldns_rr_new_frm_fp -ldns_rr_free -ldns_rr_print -ldns_key_list_new -ldns_pkt -ldns_pkt_section -ldns_pkt_type -ldns_verify -ldns_verify_rrsig -ldns_verify_rrsig_keylist -ldns_verify_rrsig_keylist_notime -ldns_verify_notime -ldns_str2period ldns_create_nsec -ldns_rr_uncompressed_size -ldns_native2rdf_int8 -ldns_native2rdf_int16 -ldns_native2rdf_int32 -ldns_native2rdf_int16_data -ldns_rdf2native_int8 -ldns_rdf2native_int16 -ldns_rdf2native_int32 -ldns_rdf2native_sockaddr_storage -ldns_rdf2native_time_t -ldns_dname2canonical -ldns_dnssec_zone -ldns_dnssec_name -ldns_dnssec_rrs -ldns_dnssec_rrsets -ldns_pkt_set_flags -ldns_pkt_set_id -ldns_pkt_set_qr -ldns_pkt_set_aa -ldns_pkt_set_tc -ldns_pkt_set_rd -ldns_pkt_set_cd -ldns_pkt_set_ra -ldns_pkt_set_ad -ldns_pkt_set_opcode -ldns_pkt_set_rcode -ldns_pkt_set_qdcount -ldns_pkt_set_ancount -ldns_pkt_set_nscount -ldns_pkt_set_arcount -ldns_pkt_set_answerfrom -ldns_pkt_set_querytime -ldns_pkt_set_size -ldns_pkt_set_section_count -ldns_pkt_set_tsig -ldns_zone_rr_count -ldns_rr_set_owner -ldns_rr_set_ttl -ldns_rr_set_type -ldns_rr_set_rd_count -ldns_rr_set_class -ldns_rr_set_rdf -ldns_zone_sort -ldns_zone_glue_rr_list +ldns_dane_create_tlsa_rr +ldns_dane_create_tlsa_owner +ldns_dane_cert2rdf +ldns_dane_select_certificate ldns_getaddrinfo +ldns_rr_set_push_rr +ldns_rr_set_pop_rr ldns_key_new ldns_key_new_frm_algorithm ldns_key_new_frm_fp @@ -285,131 +427,24 @@ ldns_key_new_frm_fp_rsa ldns_key_new_frm_fp_rsa_l ldns_key_new_frm_fp_dsa ldns_key_new_frm_fp_dsa_l -ldns_sign_public -ldns_rr_label_count -ldns_rr_list_cat -ldns_rr_list_push_rr -ldns_rr_list_pop_rr -ldns_fget_token -ldns_fskipcs -ldns_dane_create_tlsa_rr -ldns_dane_create_tlsa_owner -ldns_dane_cert2rdf -ldns_dane_select_certificate -ldns_rdf2buffer_str_a -ldns_rdf2buffer_str_aaaa -ldns_rdf2buffer_str_str -ldns_rdf2buffer_str_b64 -ldns_rdf2buffer_str_hex -ldns_rdf2buffer_str_type -ldns_rdf2buffer_str_class -ldns_rdf2buffer_str_alg -ldns_rdf2buffer_str_loc -ldns_rdf2buffer_str_unknown -ldns_rdf2buffer_str_nsap -ldns_rdf2buffer_str_wks -ldns_rdf2buffer_str_nsec -ldns_rdf2buffer_str_period -ldns_rdf2buffer_str_tsigtime -ldns_rdf2buffer_str_apl -ldns_rdf2buffer_str_int16_data -ldns_rdf2buffer_str_int16 -ldns_rdf2buffer_str_ipseckey -ldns_verify_rrsig_dsa -ldns_verify_rrsig_rsasha1 -ldns_verify_rrsig_rsamd5 -ldns_key_list_push_key -ldns_key_list_pop_key -ldns_zone_sign -ldns_zone_sign_nsec3 -ldns_rr_push_rdf -ldns_rr_pop_rdf -ldns_dnssec_zone_sign -ldns_dnssec_zone_sign_nsec3 -ldns_dnssec_zone_mark_glue -ldns_dnssec_name_node_next_nonglue -ldns_dnssec_zone_create_nsecs -ldns_dnssec_remove_signatures -ldns_dnssec_zone_create_rrsigs -ldns_key2rr -ldns_dane_verify -ldns_dane_verify_rr -ldns_version -ldns_rr_compare -ldns_rr_compare_ds -ldns_wire2rr -ldns_wire2pkt -ldns_wire2rdf -ldns_wire2dname -ldns_dnssec_rrs_new -ldns_dnssec_rrs_free -ldns_dnssec_rrs_add_rr -ldns_dnssec_rrs_print -ldns_axfr_start -ldns_axfr_next -ldns_axfr_abort -ldns_axfr_complete -ldns_axfr_last_pkt +ldns_octet ldns_rr_list_clone -ldns_buffer_flip -ldns_buffer_rewind -ldns_buffer_position -ldns_buffer_set_position -ldns_buffer_skip -ldns_rr_list_sort -ldns_rdf -ldns_rdf_type -ldns_calc_keytag -ldns_calc_keytag_raw -ldns_dnssec_rrsets_new -ldns_dnssec_rrsets_free -ldns_dnssec_rrsets_type -ldns_dnssec_rrsets_set_type -ldns_dnssec_rrsets_add_rr -ldns_dnssec_rrsets_print -ldns_tcp_send_query -ldns_tcp_read_wire -ldns_tcp_connect -ldns_pkt_tsig_verify -ldns_pkt_tsig_sign -ldns_rdf_set_size -ldns_rdf_set_type -ldns_rdf_set_data -ldns_dnssec_data_chain_new -ldns_dnssec_data_chain_free -ldns_dnssec_data_chain_deep_free -ldns_dnssec_build_data_chain -ldns_dnssec_data_chain_print -ldns_buffer_remaining_at -ldns_buffer_remaining -ldns_buffer_available_at -ldns_buffer_available -ldns_buffer_status -ldns_buffer_status_ok -ldns_buffer_limit -ldns_buffer_set_limit -ldns_buffer_capacity -ldns_buffer_set_capacity -ldns_buffer_reserve -ldns_buffer_at -ldns_buffer_begin -ldns_buffer_end -ldns_buffer_current -ldns_get_rr_list_hosts_frm_file -ldns_get_rr_list_hosts_frm_fp -ldns_get_rr_list_hosts_frm_fp_l -ldns_dname_new -ldns_dname_new_frm_str -ldns_dname_new_frm_data -ldns_duration_type -ldns_duration_create -ldns_duration_create_from_string -ldns_duration_cleanup -ldns_duration_compare -ldns_duration2string -ldns_duration2time -ldns_rr_list_new -ldns_rr_list_free +ldns_dnssec_zone +ldns_dnssec_name +ldns_dnssec_rrs +ldns_dnssec_rrsets +ldns_version +ldns_rr_rdf +ldns_rr_owner +ldns_rr_rd_count +ldns_rr_ttl +ldns_rr_get_class +ldns_rr_set_owner +ldns_rr_set_ttl +ldns_rr_set_type +ldns_rr_set_rd_count +ldns_rr_set_class +ldns_rr_set_rdf ldns_pkt_edns ldns_pkt_edns_udp_size ldns_pkt_edns_extended_rcode @@ -421,50 +456,15 @@ ldns_pkt_set_edns_extended_rcode ldns_pkt_set_edns_version ldns_pkt_set_edns_z ldns_pkt_set_edns_data -ldns_update_zocount -ldns_update_prcount -ldns_update_upcount -ldns_update_adcount -ldns_rr_list_rr_count -ldns_rr_list_set_rr_count -ldns_zone_set_rrs -ldns_zone_set_soa +ldns_sign_public +ldns_dnssec_data_chain +ldns_dnssec_data_chain_struct +ldns_dnssec_trust_tree +ldns_verify_rrsig_dsa +ldns_verify_rrsig_rsasha1 +ldns_verify_rrsig_rsamd5 +ldns_dname_is_subdomain +ldns_dname_str_absolute +ldns_dname_label ldns_is_rrset -ldns_octet -ldns_zone -ldns_zone_new -ldns_zone_free -ldns_zone_deep_free -ldns_zone_new_frm_fp -ldns_zone_new_frm_fp_l -ldns_zone_print -ldns_zone_print_fmt -ldns_rr_rrsig_typecovered -ldns_rr_rrsig_set_typecovered -ldns_rr_rrsig_algorithm -ldns_rr_rrsig_set_algorithm -ldns_rr_rrsig_labels -ldns_rr_rrsig_set_labels -ldns_rr_rrsig_origttl -ldns_rr_rrsig_set_origttl -ldns_rr_rrsig_expiration -ldns_rr_rrsig_set_expiration -ldns_rr_rrsig_inception -ldns_rr_rrsig_set_inception -ldns_rr_rrsig_keytag -ldns_rr_rrsig_set_keytag -ldns_rr_rrsig_signame -ldns_rr_rrsig_set_signame -ldns_rr_rrsig_sig -ldns_rr_rrsig_set_sig -ldns_pkt_new -ldns_pkt_free -ldns_pkt_print -ldns_pkt_query_new -ldns_pkt_query_new_frm_str -ldns_pkt_reply_type -ldns_rr_descriptor -ldns_rr_descript -ldns_rr_descriptor_minimum -ldns_rr_descriptor_maximum -ldns_rr_descriptor_field_type +ldns_rr_uncompressed_size diff --git a/doc/man/man3/ldns_dnssec_name_new.3 b/doc/man/man3/ldns_dnssec_name_new.3 index 79f2dc4f7287..34223915deea 100644 --- a/doc/man/man3/ldns_dnssec_name_new.3 +++ b/doc/man/man3/ldns_dnssec_name_new.3 @@ -105,7 +105,9 @@ No checking is done whether the name matches \.br \fBrr\fR: The \%RR to add \.br -Returns \%LDNS_STATUS_OK on success, error code otherwise +Returns \%LDNS_STATUS_OK on success and \%LDNS_STATUS_EQUAL_ERR when and +\%RR with equal ownername, class, type and rdata already exists, +and an error code otherwise .PP .HP \fIldns_dnssec_name_find_rrset\fR() diff --git a/doc/man/man3/ldns_dnssec_rrs_new.3 b/doc/man/man3/ldns_dnssec_rrs_new.3 index 11ff044c4419..327617445f42 100644 --- a/doc/man/man3/ldns_dnssec_rrs_new.3 +++ b/doc/man/man3/ldns_dnssec_rrs_new.3 @@ -42,7 +42,8 @@ If an equal \%RR already exists, this \%RR will not be added. \.br \fBrr\fR: the \%RR to add \.br -Returns \%LDNS_STATUS_OK on success +Returns \%LDNS_STATUS_OK on success and \%LDNS_STATUS_EQUAL_ERR when and +\%RR with equal ownername, class, type and rdata already exists. .PP .HP \fIldns_dnssec_rrs_print\fR() diff --git a/doc/man/man3/ldns_dnssec_rrsets_new.3 b/doc/man/man3/ldns_dnssec_rrsets_new.3 index 198060289649..ff5e312c3cd6 100644 --- a/doc/man/man3/ldns_dnssec_rrsets_new.3 +++ b/doc/man/man3/ldns_dnssec_rrsets_new.3 @@ -69,7 +69,8 @@ If it is not present, add it as a new RRset with 1 record. \.br \fBrr\fR: the rr to add to the list of rrsets \.br -Returns \%LDNS_STATUS_OK on success +Returns \%LDNS_STATUS_OK on success and \%LDNS_STATUS_EQUAL_ERR when and +\%RR with equal ownername, class, type and rdata already exists. .PP .HP \fIldns_dnssec_rrsets_print\fR() diff --git a/doc/man/man3/ldns_dnssec_zone_find_rrset.3 b/doc/man/man3/ldns_dnssec_zone_find_rrset.3 index 802f33ca6f9f..4e1d7695feed 100644 --- a/doc/man/man3/ldns_dnssec_zone_find_rrset.3 +++ b/doc/man/man3/ldns_dnssec_zone_find_rrset.3 @@ -65,7 +65,9 @@ Special handling of \%NSEC and \%RRSIG provided \.br \fBrr\fR: The \%RR to add \.br -Returns \%LDNS_STATUS_OK on success, an error code otherwise +Returns \%LDNS_STATUS_OK on success and \%LDNS_STATUS_EQUAL_ERR when and +\%RR with equal ownername, class, type and rdata already exists, +and an error code otherwise .PP .HP \fIldns_dnssec_zone_names_print\fR() diff --git a/doc/man/man3/ldns_rdf.3 b/doc/man/man3/ldns_rdf.3 index dca0cd5e1f17..0dd8ff171c22 100644 --- a/doc/man/man3/ldns_rdf.3 +++ b/doc/man/man3/ldns_rdf.3 @@ -75,6 +75,10 @@ enum ldns_enum_rdf_type .br LDNS_RDF_TYPE_INT32, .br + \fB64 bits:\fR +.br + LDNS_RDF_TYPE_INT64, +.br \fBA record:\fR .br LDNS_RDF_TYPE_A, @@ -107,6 +111,8 @@ enum ldns_enum_rdf_type .br LDNS_RDF_TYPE_NSEC, .br + LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC, +.br \fBa RR type:\fR .br LDNS_RDF_TYPE_TYPE, @@ -207,6 +213,12 @@ enum ldns_enum_rdf_type .br .br + \fBCharacter string without quotes.:\fR +.br + LDNS_RDF_TYPE_UNQUOTED, +.br + +.br /** A non-zero sequence of US-ASCII letters and numbers in lower case. .br * For CAA. @@ -257,9 +269,9 @@ enum ldns_enum_rdf_type .br .br - /* Aliases */ + \fBdraft-johnson-dns-ipn-cla-07 *:\fR .br - LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC + LDNS_RDF_TYPE_IPN .br }; .br diff --git a/doc/man/man3/ldns_rr.3 b/doc/man/man3/ldns_rr.3 index 57f726d33246..a34e09346772 100644 --- a/doc/man/man3/ldns_rr.3 +++ b/doc/man/man3/ldns_rr.3 @@ -462,6 +462,12 @@ enum ldns_enum_rr_type .br LDNS_RR_TYPE_HTTPS = 65, /* RFC 9460 */ .br + LDNS_RR_TYPE_DSYNC = 66, /* RFC 9859 */ +.br + LDNS_RR_TYPE_HHIT = 67, /* draft-ietf-drip-registries-28 */ +.br + LDNS_RR_TYPE_BRID = 68, /* draft-ietf-drip-registries-28 */ +.br .br LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */ @@ -494,7 +500,7 @@ enum ldns_enum_rr_type .br .br - LDNS_RR_TYPE_NXNAME = 128, /* draft-ietf-dnsop-compact-denial-of-existence */ + LDNS_RR_TYPE_NXNAME = 128, /* RFC 9824 */ .br .br @@ -546,6 +552,18 @@ enum ldns_enum_rr_type .br .br + \fBhttps://www.iana.org/assignments/dns-parameters/CLA/cla-completed-template:\fR +.br + LDNS_RR_TYPE_CLA = 263, +.br + +.br + \fBhttps://www.iana.org/assignments/dns-parameters/IPN/ipn-completed-template:\fR +.br + LDNS_RR_TYPE_IPN = 264, +.br + +.br \fBDNSSEC Trust Authorities:\fR .br LDNS_RR_TYPE_TA = 32768, diff --git a/drill/drill.c b/drill/drill.c index 44c1b7687aec..9db77cf1cc7b 100644 --- a/drill/drill.c +++ b/drill/drill.c @@ -855,7 +855,7 @@ main(int argc, char *argv[]) status = ldns_send_buffer(&pkt, res, query_buffer, NULL); ldns_buffer_free(query_buffer); if (status != LDNS_STATUS_OK) { - printf("Error: %s\n", ldns_get_errorstr_by_id(status)); + fprintf(stderr, "Error: %s\n", ldns_get_errorstr_by_id(status)); exit(1); } } else { diff --git a/drill/securetrace.c b/drill/securetrace.c index 90014b4e3007..dcd5c7739f44 100644 --- a/drill/securetrace.c +++ b/drill/securetrace.c @@ -291,7 +291,12 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, /* trust glue? */ new_ns_addr = NULL; if (ldns_dname_is_subdomain(pop, labels[i])) { - new_ns_addr = ldns_pkt_rr_list_by_name_and_type(local_p, pop, LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL); + if (ldns_resolver_ip6(res) == LDNS_RESOLV_INET6) { + new_ns_addr = ldns_pkt_rr_list_by_name_and_type(local_p, pop, LDNS_RR_TYPE_AAAA, LDNS_SECTION_ADDITIONAL); + } else { + /* If IPv4 is specified, or no IP version is specified, default to A record and use IPv4 */ + new_ns_addr = ldns_pkt_rr_list_by_name_and_type(local_p, pop, LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL); + } } if (!new_ns_addr || ldns_rr_list_rr_count(new_ns_addr) == 0) { new_ns_addr = ldns_get_rr_list_addr_by_name(res, pop, c, 0); @@ -189,6 +189,8 @@ ldns_lookup_table ldns_error_str[] = { { LDNS_STATUS_EDE_OPTION_MALFORMED, "The extended error code option is malformed, expected " "at least 2 bytes of option data" }, + { LDNS_STATUS_EQUAL_RR, + "An identical RR already existed in the zone" }, { 0, NULL } }; diff --git a/examples/ldns-compare-zones.1 b/examples/ldns-compare-zones.1 index 5a4a579fb55d..7690134993d6 100644 --- a/examples/ldns-compare-zones.1 +++ b/examples/ldns-compare-zones.1 @@ -8,6 +8,7 @@ ldns-compare-zones \- read and compare two zonefiles and print differences .IR [-u] .IR [-i] .IR [-d] +.IR [-Z] .IR [-z] .IR [-s] .IR ZONEFILE1 @@ -44,6 +45,9 @@ Print resource records whose owner names are present only in ZONEFILE1 (a.k.a. d Print all changes (except unchanged). Specifying this option is the same as specifying \-c \-i and \-d. .TP +\fB-Z\fR +exclude ZONEMD records from comparison +.TP \fB-z\fR Suppress zone sorting; this option is not recommended; it can cause records to be incorrectly marked as changed, depending of the nature of the changes. diff --git a/examples/ldns-compare-zones.c b/examples/ldns-compare-zones.c index 750a8455aec5..1ee3602e3fef 100644 --- a/examples/ldns-compare-zones.c +++ b/examples/ldns-compare-zones.c @@ -26,7 +26,7 @@ static void usage(char *prog) { - printf("Usage: %s [-v] [-i] [-d] [-c] [-u] [-s] [-e] " + printf("Usage: %s [-v] [-i] [-d] [-c] [-u] [-s] [-Z] [-e] " "<zonefile1> <zonefile2>\n", prog); printf(" -i - print inserted\n"); printf(" -d - print deleted\n"); @@ -35,6 +35,7 @@ usage(char *prog) printf(" -U - print unchanged records in changed names\n"); printf(" -a - print all differences (-i -d -c)\n"); printf(" -s - do not exclude SOA record from comparison\n"); + printf(" -Z - exclude ZONEMD records from comparison\n"); printf(" -z - do not sort zones\n"); printf(" -e - exit with status 2 on changed zones\n"); printf(" -h - show usage and exit\n"); @@ -60,11 +61,11 @@ main(int argc, char **argv) int c; bool opt_deleted = false, opt_inserted = false; bool opt_changed = false, opt_unchanged = false, opt_Unchanged = false; - bool sort = true, inc_soa = false; + bool sort = true, inc_soa = false, exc_zonemd = false; bool opt_exit_status = false; char op = 0; - while ((c = getopt(argc, argv, "ahvdicuUesz")) != -1) { + while ((c = getopt(argc, argv, "ahvdicuUesZz")) != -1) { switch (c) { case 'h': usage(argv[0]); @@ -83,6 +84,9 @@ main(int argc, char **argv) case 's': inc_soa = true; break; + case 'Z': + exc_zonemd = true; + break; case 'z': sort = false; break; @@ -208,6 +212,18 @@ main(int argc, char **argv) * set the operator again. */ for (i = 0, j = 0; i < rrc1 || j < rrc2;) { + if (exc_zonemd) { + if (ldns_rr_get_type(ldns_rr_list_rr(rrl1, i)) + == LDNS_RR_TYPE_ZONEMD) { + i += 1; + continue; + } + if (ldns_rr_get_type(ldns_rr_list_rr(rrl2, j)) + == LDNS_RR_TYPE_ZONEMD) { + j += 1; + continue; + } + } rr_cmp = 0; if (i < rrc1 && j < rrc2) { rr1 = ldns_rr_list_rr(rrl1, i); diff --git a/examples/ldns-dpa.c b/examples/ldns-dpa.c index 46d8f9ad7baa..9c7578a72e04 100644 --- a/examples/ldns-dpa.c +++ b/examples/ldns-dpa.c @@ -85,6 +85,7 @@ enum enum_match_ids { MATCH_EDNS, MATCH_EDNS_PACKETSIZE, MATCH_DO, + MATCH_CO, MATCH_QUESTION_SIZE, MATCH_ANSWER_SIZE, MATCH_AUTHORITY_SIZE, @@ -237,6 +238,7 @@ const match_table matches[] = { { MATCH_RD, "rd", "value of rd bit", TYPE_BOOL }, { MATCH_EDNS, "edns", "existence of edns rr", TYPE_BOOL }, { MATCH_DO, "do", "value of do bit", TYPE_BOOL }, + { MATCH_CO, "co", "value of co bit", TYPE_BOOL }, { MATCH_QUESTION_SIZE, "questionsize", "number of rrs in the question section", TYPE_INT }, { MATCH_ANSWER_SIZE, "answersize", "number of rrs in the answer section", TYPE_INT }, { MATCH_AUTHORITY_SIZE, "authoritysize", "number of rrs in the authority section", TYPE_INT }, @@ -1129,6 +1131,7 @@ value_matches(match_id id, case MATCH_CD: case MATCH_RD: case MATCH_DO: + case MATCH_CO: case MATCH_PACKETSIZE: case MATCH_EDNS: case MATCH_EDNS_PACKETSIZE: @@ -1214,6 +1217,9 @@ get_string_value(match_id id, ldns_pkt *pkt, ldns_rdf *src_addr, ldns_rdf *dst_a case MATCH_DO: snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_edns_do(pkt)); break; + case MATCH_CO: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_edns_co(pkt)); + break; case MATCH_QUESTION_SIZE: snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_qdcount(pkt)); break; diff --git a/examples/ldns-signzone.1 b/examples/ldns-signzone.1 index b1cdeebf9172..dc0a776e8dbb 100644 --- a/examples/ldns-signzone.1 +++ b/examples/ldns-signzone.1 @@ -16,8 +16,8 @@ KEY .SH DESCRIPTION \fBldns-signzone\fR is used to generate a DNSSEC signed zone. When run it -will create a new zonefile that contains RRSIG and NSEC resource records, as -specified in RFC 4033, RFC 4034 and RFC 4035. +will create a new zonefile that contains RRSIG and NSEC(3) resource records, +as specified in RFC 4033, RFC 4034 and RFC 4035. Keys must be specified by their base name (i.e. without .private). If the DNSKEY that belongs to the key in the .private file is not present @@ -25,9 +25,9 @@ in the zone, it will be read from the file <base name>.key. If that file does not exist, the DNSKEY value will be generated from the private key. -Multiple keys can be specified, Key Signing Keys are used as such when +Multiple keys can be specified. Key Signing Keys are used as such when they are either already present in the zone, or specified in a .key -file, and have the KSK bit set. +file, and have the SEP bit set. .SH OPTIONS .TP @@ -42,10 +42,7 @@ the comment text. .TP \fB-d\fR -Normally, if the DNSKEY RR for a key that is used to sign the zone is -not found in the zone file, it will be read from .key, or derived from -the private key (in that order). This option turns that feature off, -so that only the signatures are added to the zone. +Do not add DNSKEY resource records for used keys to the signed zone. .TP \fB-e\fR \fIdate\fR @@ -95,7 +92,7 @@ turns off the default and all keys are used to sign the DNSKEY RRset. \fB-U\fR Sign with every unique algorithm in the provided keys. The DNSKEY set is signed with all the SEP keys, plus all the non\-SEP keys that have an -algorithm that was not presen in the SEP key set. +algorithm that was not present in the SEP key set. .TP \fB-E\fR \fIname\fR diff --git a/examples/ldns-testpkts.c b/examples/ldns-testpkts.c index 033b96013784..c74f0f75477f 100644 --- a/examples/ldns-testpkts.c +++ b/examples/ldns-testpkts.c @@ -114,6 +114,8 @@ static void matchline(char* line, struct entry* e) e->match_ttl = true; } else if(str_keyword(&parse, "DO")) { e->match_do = true; + } else if(str_keyword(&parse, "CO")) { + e->match_co = true; } else if(str_keyword(&parse, "noedns")) { e->match_noedns = true; } else if(str_keyword(&parse, "ednsdata")) { @@ -202,6 +204,9 @@ static void replyline(char* line, ldns_pkt *reply) } else if(str_keyword(&parse, "DO")) { ldns_pkt_set_edns_udp_size(reply, 4096); ldns_pkt_set_edns_do(reply, true); + } else if(str_keyword(&parse, "CO")) { + ldns_pkt_set_edns_udp_size(reply, 4096); + ldns_pkt_set_edns_co(reply, true); } else { error("could not parse REPLY: '%s'", parse); } @@ -246,6 +251,7 @@ static struct entry* new_entry(void) e->match_all = false; e->match_ttl = false; e->match_do = false; + e->match_co = false; e->match_noedns = false; e->match_serial = false; e->ixfr_soa_serial = 0; @@ -794,6 +800,10 @@ find_match(struct entry* entries, ldns_pkt* query_pkt, verbose(3, "no DO bit set\n"); continue; } + if(p->match_co && !ldns_pkt_edns_co(query_pkt)) { + verbose(3, "no CO bit set\n"); + continue; + } if(p->match_noedns && ldns_pkt_edns(query_pkt)) { verbose(3, "bad; EDNS OPT present\n"); continue; diff --git a/examples/ldns-testpkts.h b/examples/ldns-testpkts.h index 0a20d016ae48..33b58740ee16 100644 --- a/examples/ldns-testpkts.h +++ b/examples/ldns-testpkts.h @@ -180,6 +180,8 @@ struct entry { bool match_ttl; /** match DO bit */ bool match_do; + /** match CO bit */ + bool match_co; /** match absence of EDNS OPT record in query */ bool match_noedns; /** match edns data field given in hex */ diff --git a/examples/ldns-verify-zone.1.in b/examples/ldns-verify-zone.1.in index 6bea57f0c153..ea232d7130bd 100644 --- a/examples/ldns-verify-zone.1.in +++ b/examples/ldns-verify-zone.1.in @@ -49,6 +49,13 @@ Which names to check is determined randomly. Defaults to 100. .TP +\fB-s\fR +Check all signature results, instead of one. Without the option one signature +that validates stops error output for the RRset. With the option, all +results from signature validations are printed. For spurious RRSIGs that +prints output for the spurious RRSIGs if they are wrong. + +.TP \fB-S\fR Chase signature(s) to a known key. The network may be accessed to validate the zone's DNSKEYs. (implies \-k) diff --git a/examples/ldns-verify-zone.c b/examples/ldns-verify-zone.c index ac076cd1afe7..38da9deaba6b 100644 --- a/examples/ldns-verify-zone.c +++ b/examples/ldns-verify-zone.c @@ -26,6 +26,7 @@ static int32_t inception_offset = 0; static int32_t expiration_offset = 0; static bool do_sigchase = false; static bool no_nomatch_msg = false; +static int check_all_sigs = 0; static FILE* myout; static FILE* myerr; @@ -171,23 +172,32 @@ verify_rrs(ldns_rr_list* rrset_rrs, ldns_dnssec_rrs* cur_sig, ldns_rr_list* keys) { ldns_status status, result = LDNS_STATUS_OK; + int one_signature_verified = 0; ldns_dnssec_rrs *cur_sig_bak = cur_sig; + int is_dnskey_rrset = ldns_rr_list_rr_count(rrset_rrs) > 0 && + ldns_rr_get_type(ldns_rr_list_rr(rrset_rrs, 0)) == LDNS_RR_TYPE_DNSKEY; /* A single valid signature validates the RRset */ - while (cur_sig) { + /* With check all sigs, it skips this, except for the DNSKEY RRset. */ + if(!check_all_sigs || is_dnskey_rrset) { + while (cur_sig) { if (ldns_verify_rrsig_keylist_time( rrset_rrs, cur_sig->rr , keys, check_time, NULL) || rrsig_check_time_margins(cur_sig->rr)) cur_sig = cur_sig->next; else return LDNS_STATUS_OK; + } } /* Without any valid signature, do print all errors. */ + /* When checking all sigs, keep track if one is valid. */ for (cur_sig = cur_sig_bak; cur_sig; cur_sig = cur_sig->next) { status = ldns_verify_rrsig_keylist_time(rrset_rrs, cur_sig->rr, keys, check_time, NULL); status = status ? status : rrsig_check_time_margins(cur_sig->rr); + if(check_all_sigs && status == LDNS_STATUS_OK) + one_signature_verified += 1; if (!status) ; /* pass */ else if (!no_nomatch_msg || status != @@ -196,6 +206,8 @@ verify_rrs(ldns_rr_list* rrset_rrs, ldns_dnssec_rrs* cur_sig, myerr, rrset_rrs, status, cur_sig); update_error(&result, status); } + if(check_all_sigs && one_signature_verified) + return LDNS_STATUS_OK; return result; } @@ -712,6 +724,7 @@ static void print_usage(FILE *out, const char *progname) "\t\t\tDefault is %s\n", LDNS_TRUST_ANCHOR_FILE); fprintf(out, "\t-p [0-100]\tonly checks this percentage of " "the zone.\n\t\t\tDefaults to 100\n"); + fprintf(out, "\t-s\t\tcheck all signature results, instead of one.\n"); fprintf(out, "\t-S\t\tchase signature(s) to a known key. " "The network may be\n\t\t\taccessed to " "validate the zone's DNSKEYs. (implies -k)\n"); @@ -759,13 +772,14 @@ main(int argc, char **argv) myout = stdout; myerr = stderr; - while ((c = getopt(argc, argv, "ae:hi:k:vV:p:St:Z")) != -1) { + while ((c = getopt(argc, argv, "ae:hi:k:vV:p:sSt:Z")) != -1) { switch(c) { case 'a': apexonly = true; break; case 'h': print_usage(stdout, progname); + ldns_rr_list_deep_free(keys); exit(EXIT_SUCCESS); break; case 'e': @@ -779,6 +793,7 @@ main(int argc, char **argv) "P[n]Y[n]M[n]DT[n]H[n]M[n]S\n" ); } + ldns_rr_list_deep_free(keys); exit(EXIT_FAILURE); } if (c == 'e') @@ -804,6 +819,7 @@ main(int argc, char **argv) "%s: %s\n",optarg, ldns_get_errorstr_by_id(s)); } + ldns_rr_list_deep_free(keys); exit(EXIT_FAILURE); } if (ldns_rr_list_rr_count(keys) == nkeys) { @@ -812,6 +828,7 @@ main(int argc, char **argv) "No keys found in file %s\n", optarg); } + ldns_rr_list_deep_free(keys); exit(EXIT_FAILURE); } nkeys = ldns_rr_list_rr_count(keys); @@ -824,10 +841,14 @@ main(int argc, char **argv) "percentage needs to fall " "between 0..100\n"); } + ldns_rr_list_deep_free(keys); exit(EXIT_FAILURE); } srandom(time(NULL) ^ getpid()); break; + case 's': + check_all_sigs = 1; + break; case 'S': do_sigchase = true; /* may chase */ @@ -850,6 +871,7 @@ main(int argc, char **argv) case 'v': printf("verify-zone version %s (ldns version %s)\n", LDNS_VERSION, ldns_version()); + ldns_rr_list_deep_free(keys); exit(EXIT_SUCCESS); break; case 'V': @@ -869,6 +891,7 @@ main(int argc, char **argv) fprintf(myerr, "Unable to chase " "signature without keys.\n"); } + ldns_rr_list_deep_free(keys); exit(EXIT_FAILURE); } } @@ -887,10 +910,12 @@ main(int argc, char **argv) fprintf(myerr, "Unable to open %s: %s\n", filename, strerror(errno)); } + ldns_rr_list_deep_free(keys); exit(EXIT_FAILURE); } } else { print_usage(stderr, progname); + ldns_rr_list_deep_free(keys); exit(EXIT_FAILURE); } @@ -901,6 +926,7 @@ main(int argc, char **argv) fprintf(myerr, "%s at line %d\n", ldns_get_errorstr_by_id(s), line_nr); } + ldns_rr_list_deep_free(keys); exit(EXIT_FAILURE); } if (!dnssec_zone->soa) { @@ -908,6 +934,7 @@ main(int argc, char **argv) fprintf(myerr, "; Error: no SOA in the zone\n"); } + ldns_rr_list_deep_free(keys); exit(EXIT_FAILURE); } @@ -927,9 +954,10 @@ main(int argc, char **argv) if (zonemd_required == 1 && !ldns_dnssec_zone_find_rrset(dnssec_zone, - dnssec_zone->soa->name, LDNS_RR_TYPE_DNSKEY)) + dnssec_zone->soa->name, LDNS_RR_TYPE_DNSKEY)) { + ldns_rr_list_deep_free(keys); result = LDNS_STATUS_OK; - else + } else result = verify_dnssec_zone(dnssec_zone, dnssec_zone->soa->name, keys, apexonly, percentage, zonemd_required > 2); diff --git a/examples/ldns-walk.c b/examples/ldns-walk.c index f320b99d6000..8d767723c146 100644 --- a/examples/ldns-walk.c +++ b/examples/ldns-walk.c @@ -38,22 +38,24 @@ create_dname_plus_1(ldns_rdf *dname) size_t i; ldns_dname2canonical(dname); + labellen = ldns_rdf_data(dname)[0]; if (verbosity >= 3) { printf("Create +e for "); ldns_rdf_print(stdout, dname); printf("\n"); } - if (ldns_rdf_size(dname) < LDNS_MAX_DOMAINLEN) { - wire = malloc(ldns_rdf_size(dname) + 2); + if (labellen < 63) { + wire = malloc(ldns_rdf_size(dname) + 1); if (!wire) { fprintf(stderr, "Malloc error: out of memory?\n"); exit(127); } - wire[0] = (uint8_t) 1; - wire[1] = (uint8_t) '\000'; - memcpy(&wire[2], ldns_rdf_data(dname), ldns_rdf_size(dname)); + wire[0] = labellen + 1; + memcpy(&wire[1], ldns_rdf_data(dname) + 1, labellen); + memcpy(&wire[labellen+1], ldns_rdf_data(dname) + labellen, ldns_rdf_size(dname) - labellen); + wire[labellen+1] = (uint8_t) '\000'; pos = 0; - status = ldns_wire2dname(&newdname, wire, ldns_rdf_size(dname) + 2, &pos); + status = ldns_wire2dname(&newdname, wire, ldns_rdf_size(dname) + 1, &pos); free(wire); } else { wire = malloc(ldns_rdf_size(dname)); @@ -61,7 +63,6 @@ create_dname_plus_1(ldns_rdf *dname) fprintf(stderr, "Malloc error: out of memory?\n"); exit(127); } - labellen = ldns_rdf_data(dname)[0]; wire[0] = labellen; memcpy(&wire[1], ldns_rdf_data(dname) + 1, labellen); memcpy(&wire[labellen], ldns_rdf_data(dname) + labellen, ldns_rdf_size(dname) - labellen); @@ -323,7 +324,7 @@ main(int argc, char *argv[]) /* create a new resolver from /etc/resolv.conf */ if(!serv) { if (ldns_resolver_new_frm_file(&res, NULL) != LDNS_STATUS_OK) { - fprintf(stderr, "%s", "Could not create resolver obj"); + fprintf(stderr, "%s\n", "Could not create resolver obj."); result = EXIT_FAILURE; goto exit; } @@ -344,7 +345,7 @@ main(int argc, char *argv[]) status = ldns_resolver_new_frm_file(&cmdline_res, NULL); if (status != LDNS_STATUS_OK) { - fprintf(stderr, "%s", "@server ip could not be converted"); + fprintf(stderr, "%s\n", "@server ip could not be converted"); result = EXIT_FAILURE; goto exit; } @@ -358,7 +359,7 @@ main(int argc, char *argv[]) ldns_rdf_deep_free(cmdline_dname); ldns_resolver_deep_free(cmdline_res); if (!cmdline_rr_list) { - fprintf(stderr, "%s %s", "could not find any address for the name: ", serv); + fprintf(stderr, "%s %s\n", "Could not find any address for the name:", serv); result = EXIT_FAILURE; goto exit; } else { @@ -366,7 +367,7 @@ main(int argc, char *argv[]) res, cmdline_rr_list ) != LDNS_STATUS_OK) { - fprintf(stderr, "%s", "pushing nameserver"); + fprintf(stderr, "%s\n", "pushing nameserver"); result = EXIT_FAILURE; ldns_rr_list_deep_free(cmdline_rr_list); goto exit; @@ -375,7 +376,7 @@ main(int argc, char *argv[]) } } else { if (ldns_resolver_push_nameserver(res, serv_rdf) != LDNS_STATUS_OK) { - fprintf(stderr, "%s", "pushing nameserver"); + fprintf(stderr, "%s\n", "pushing nameserver"); result = EXIT_FAILURE; goto exit; } else { @@ -569,7 +570,7 @@ main(int argc, char *argv[]) if (!rrlist) { fflush(stdout); fprintf(stderr, "Zone does not seem to be DNSSEC secured," - "or it uses NSEC3.\n"); + " or it uses NSEC3.\n"); fflush(stderr); goto exit; } diff --git a/host2str.c b/host2str.c index deeeaf634e63..9f2795afadba 100644 --- a/host2str.c +++ b/host2str.c @@ -410,6 +410,14 @@ ldns_rdf2buffer_str_int32(ldns_buffer *output, const ldns_rdf *rdf) } ldns_status +ldns_rdf2buffer_str_int64(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint64_t data = ldns_read_uint64(ldns_rdf_data(rdf)); + ldns_buffer_printf(output, "%llu", (unsigned long long) data); + return ldns_buffer_status(output); +} + +ldns_status ldns_rdf2buffer_str_time(ldns_buffer *output, const ldns_rdf *rdf) { /* create a YYYYMMDDHHMMSS string if possible */ @@ -1225,6 +1233,34 @@ ldns_rdf2buffer_str_eui64(ldns_buffer *output, const ldns_rdf *rdf) } ldns_status +ldns_rdf2buffer_str_unquoted(ldns_buffer *output, const ldns_rdf *rdf) +{ + size_t amount, i; + uint8_t ch; + if(ldns_rdf_size(rdf) < 1) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + if((int)ldns_rdf_size(rdf) < (int)ldns_rdf_data(rdf)[0] + 1) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + amount = ldns_rdf_data(rdf)[0]; + for(i=0; i<amount; i++) { + ch = ldns_rdf_data(rdf)[1+i]; + if (isprint((int)ch) || ch == '\t') { + if (ch == '\"' || ch == '\\' || ch == '\'' || + ch == '(' || ch == ')' || isspace((int)ch)) + ldns_buffer_printf(output, "\\%c", ch); + else + ldns_buffer_printf(output, "%c", ch); + } else { + ldns_buffer_printf(output, "\\%03u", + (unsigned)(uint8_t) ch); + } + } + return ldns_buffer_status(output); +} + +ldns_status ldns_rdf2buffer_str_tag(ldns_buffer *output, const ldns_rdf *rdf) { size_t nchars; @@ -1386,6 +1422,8 @@ ldns_rdf2buffer_str_amtrelay(ldns_buffer *output, const ldns_rdf *rdf) precedence, discovery_optional, relay_type); if (relay) (void) ldns_rdf2buffer_str(output, relay); + else + ldns_buffer_printf(output, "."); ldns_rdf_deep_free(relay); return ldns_buffer_status(output); @@ -1644,6 +1682,10 @@ ldns_rdf2buffer_str_fmt(ldns_buffer *buffer, case LDNS_RDF_TYPE_INT32: res = ldns_rdf2buffer_str_int32(buffer, rdf); break; + case LDNS_RDF_TYPE_INT64: + case LDNS_RDF_TYPE_IPN: + res = ldns_rdf2buffer_str_int64(buffer, rdf); + break; case LDNS_RDF_TYPE_PERIOD: res = ldns_rdf2buffer_str_period(buffer, rdf); break; @@ -1726,6 +1768,9 @@ ldns_rdf2buffer_str_fmt(ldns_buffer *buffer, case LDNS_RDF_TYPE_EUI64: res = ldns_rdf2buffer_str_eui64(buffer, rdf); break; + case LDNS_RDF_TYPE_UNQUOTED: + res = ldns_rdf2buffer_str_unquoted(buffer, rdf); + break; case LDNS_RDF_TYPE_TAG: res = ldns_rdf2buffer_str_tag(buffer, rdf); break; @@ -2545,6 +2590,18 @@ ldns_edns_ede2buffer_str(ldns_buffer* output, uint8_t* data, size_t len) case LDNS_EDE_TOO_EARLY: ldns_buffer_printf(output, " 26 (Too Early)"); break; + case LDNS_EDE_UNSUPPORTED_NSEC3_ITERATIONS_VALUE: + ldns_buffer_printf(output, " 27 (Unsupported NSEC3 Iterations Value)"); + break; + case LDNS_EDE_UNABLE_TO_CONFORM_TO_POLICY: + ldns_buffer_printf(output, " 28 (Unable to conform to policy)"); + break; + case LDNS_EDE_SYNTHESIZED: + ldns_buffer_printf(output, " 29 (Synthesized)"); + break; + case LDNS_EDE_INVALID_QUERY_TYPE: + ldns_buffer_printf(output, " 30 (Invalid Query Type)"); + break; default: ldns_buffer_printf(output, " %02x", data[0]); ldns_buffer_printf(output, " %02x", data[1]); @@ -2773,6 +2830,9 @@ ldns_pkt2buffer_str_fmt(ldns_buffer *output, if (ldns_pkt_edns_do(pkt)) { ldns_buffer_printf(output, " do"); } + if (ldns_pkt_edns_co(pkt)) { + ldns_buffer_printf(output, " co"); + } /* the extended rcode is the value set, shifted four bits, * and or'd with the original rcode */ if (ldns_pkt_edns_extended_rcode(pkt)) { diff --git a/host2wire.c b/host2wire.c index d1539214796d..01a3df2e935f 100644 --- a/host2wire.c +++ b/host2wire.c @@ -376,7 +376,7 @@ ldns_status ldns_pkt2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet) { ldns_status status; - ldns_rbtree_t *compression_data = ldns_rbtree_create((int (*)(const void *, const void *))ldns_dname_compare); + ldns_rbtree_t *compression_data = ldns_rbtree_create(ldns_dname_compare_v); status = ldns_pkt2buffer_wire_compress(buffer, packet, compression_data); @@ -1530,11 +1530,13 @@ ldns_key_hmac_key(const ldns_key *k) size_t ldns_key_hmac_size(const ldns_key *k) { +#ifndef __clang_analyzer__ if (k->_key.hmac.size) { return k->_key.hmac.size; } else { return 0; } +#endif } void * diff --git a/ldns/config.h.in b/ldns/config.h.in index 5449bee63381..a8f061617a84 100644 --- a/ldns/config.h.in +++ b/ldns/config.h.in @@ -394,9 +394,18 @@ /* Define this to enable RR type AVC. */ #undef RRTYPE_AVC +/* Define this to enable RR types CLA and IPN. */ +#undef RRTYPE_CLA_IPN + /* Define this to enable RR type DOA. */ #undef RRTYPE_DOA +/* Define this to enable RR type DSYNC. */ +#undef RRTYPE_DSYNC + +/* Define this to enable RR types HHIT and BRID. */ +#undef RRTYPE_HHIT_BRID + /* Define this to enable RR type NINFO. */ #undef RRTYPE_NINFO @@ -772,7 +781,7 @@ size_t strlcpy(char *dst, const char *src, size_t siz); #define close_socket(_s) do { if (_s != SOCK_INVALID) {closesocket(_s); _s = -1;} } while(0) #else #define SOCK_INVALID -1 -#define close_socket(_s) do { if (_s != SOCK_INVALID) {close(_s); _s = -1;} } while(0) +#define close_socket(_s) do { if (_s != SOCK_INVALID) {close(_s >= -1 ? _s : -1); _s = -1;} } while(0) #endif #ifdef __cplusplus diff --git a/ldns/dnssec_zone.h b/ldns/dnssec_zone.h index 156e39102327..335f57a3c4a6 100644 --- a/ldns/dnssec_zone.h +++ b/ldns/dnssec_zone.h @@ -131,7 +131,8 @@ void ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs); * * \param[in] rrs the list to add to * \param[in] rr the RR to add - * \return LDNS_STATUS_OK on success + * \return LDNS_STATUS_OK on success and LDNS_STATUS_EQUAL_ERR when and + * RR with equal ownername, class, type and rdata already exists. */ ldns_status ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr); @@ -199,7 +200,8 @@ ldns_status ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets, * * \param[in] rrsets the list of rrsets to add the RR to * \param[in] rr the rr to add to the list of rrsets - * \return LDNS_STATUS_OK on success + * \return LDNS_STATUS_OK on success and LDNS_STATUS_EQUAL_ERR when and + * RR with equal ownername, class, type and rdata already exists. */ ldns_status ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr); @@ -313,7 +315,9 @@ int ldns_dnssec_name_cmp(const void *a, const void *b); * * \param[in] name The ldns_dnssec_name to add the RR to * \param[in] rr The RR to add - * \return LDNS_STATUS_OK on success, error code otherwise + * \return LDNS_STATUS_OK on success and LDNS_STATUS_EQUAL_ERR when and + * RR with equal ownername, class, type and rdata already exists, + * and an error code otherwise */ ldns_status ldns_dnssec_name_add_rr(ldns_dnssec_name *name, ldns_rr *rr); @@ -415,7 +419,9 @@ void ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone); * * \param[in] zone the zone to add the RR to * \param[in] rr The RR to add - * \return LDNS_STATUS_OK on success, an error code otherwise + * \return LDNS_STATUS_OK on success and LDNS_STATUS_EQUAL_ERR when and + * RR with equal ownername, class, type and rdata already exists, + * and an error code otherwise */ ldns_status ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr); diff --git a/ldns/edns.h b/ldns/edns.h index a33ed0557679..7e51ab322cea 100644 --- a/ldns/edns.h +++ b/ldns/edns.h @@ -76,7 +76,11 @@ enum ldns_edns_enum_ede_code LDNS_EDE_NETWORK_ERROR = 23, LDNS_EDE_INVALID_DATA = 24, LDNS_EDE_SIGNATURE_EXPIRED_BEFORE_VALID = 25, - LDNS_EDE_TOO_EARLY = 26 + LDNS_EDE_TOO_EARLY = 26, /* RFC 9250 */ + LDNS_EDE_UNSUPPORTED_NSEC3_ITERATIONS_VALUE = 27, /* RFC 9276 */ + LDNS_EDE_UNABLE_TO_CONFORM_TO_POLICY = 28, /* draft-homburg-dnsop-codcp-00 */ + LDNS_EDE_SYNTHESIZED = 29, /* https://github.com/PowerDNS/pdns/pull/12334 */ + LDNS_EDE_INVALID_QUERY_TYPE = 30 /* RFC 9824 */ }; typedef enum ldns_edns_enum_ede_code ldns_edns_ede_code; diff --git a/ldns/error.h b/ldns/error.h index 011df284725a..a76eb2ecab5d 100644 --- a/ldns/error.h +++ b/ldns/error.h @@ -143,7 +143,8 @@ enum ldns_enum_status { LDNS_STATUS_SVCPARAM_KEY_MORE_THAN_ONCE, LDNS_STATUS_INVALID_SVCPARAM_VALUE, LDNS_STATUS_NOT_EDE, - LDNS_STATUS_EDE_OPTION_MALFORMED + LDNS_STATUS_EDE_OPTION_MALFORMED, + LDNS_STATUS_EQUAL_RR }; typedef enum ldns_enum_status ldns_status; diff --git a/ldns/host2str.h b/ldns/host2str.h index 79f5561a9451..2f67e2787938 100644 --- a/ldns/host2str.h +++ b/ldns/host2str.h @@ -581,6 +581,14 @@ ldns_status ldns_rdf2buffer_str_int16(ldns_buffer *output, const ldns_rdf *rdf); */ ldns_status ldns_rdf2buffer_str_int32(ldns_buffer *output, const ldns_rdf *rdf); +/** + * Converts an LDNS_RDF_TYPE_INT64 rdata element to presentation format. + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_int64(ldns_buffer *output, const ldns_rdf *rdf); + /** * Converts an LDNS_RDF_TYPE_TIME rdata element to string format and adds it to the output buffer * \param[in] *rdf The rdata to convert @@ -619,6 +627,16 @@ ldns_status ldns_rdf2buffer_str_eui48(ldns_buffer *output, ldns_status ldns_rdf2buffer_str_eui64(ldns_buffer *output, const ldns_rdf *rdf); +/** + * Adds the LDNS_RDF_TYPE_UNQUOTED rdata to the output buffer, + * it escapes nonprinting and special characters. + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_unquoted(ldns_buffer *output, + const ldns_rdf *rdf); + /** * Adds the LDNS_RDF_TYPE_TAG rdata to the output buffer, * provided it contains only alphanumeric characters. diff --git a/ldns/packet.h b/ldns/packet.h index 2c60609fc07a..974944149a27 100644 --- a/ldns/packet.h +++ b/ldns/packet.h @@ -710,6 +710,19 @@ bool ldns_pkt_edns_do(const ldns_pkt *packet); void ldns_pkt_set_edns_do(ldns_pkt *packet, bool value); /** + * return the packet's edns co bit + * \param[in] packet the packet + * \return the bit's value + */ +bool ldns_pkt_edns_co(const ldns_pkt *packet); +/** + * Set the packet's edns co bit + * \param[in] packet the packet + * \param[in] value the bit's new value + */ +void ldns_pkt_set_edns_co(ldns_pkt *packet, bool value); + +/** * return the packet's EDNS header bits that are unassigned. */ uint16_t ldns_pkt_edns_unassigned(const ldns_pkt *packet); diff --git a/ldns/rdata.h b/ldns/rdata.h index 1e2fd397a38a..7623bd17a73b 100644 --- a/ldns/rdata.h +++ b/ldns/rdata.h @@ -54,6 +54,8 @@ enum ldns_enum_rdf_type LDNS_RDF_TYPE_INT16, /** 32 bits */ LDNS_RDF_TYPE_INT32, + /** 64 bits */ + LDNS_RDF_TYPE_INT64, /** A record */ LDNS_RDF_TYPE_A, /** AAAA record */ @@ -70,6 +72,7 @@ enum ldns_enum_rdf_type LDNS_RDF_TYPE_HEX, /** nsec type codes */ LDNS_RDF_TYPE_NSEC, + LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC, /** a RR type */ LDNS_RDF_TYPE_TYPE, /** a class */ @@ -120,6 +123,9 @@ enum ldns_enum_rdf_type /** 8 * 8 bit hex numbers separated by dashes. For EUI64. */ LDNS_RDF_TYPE_EUI64, + /** Character string without quotes. */ + LDNS_RDF_TYPE_UNQUOTED, + /** A non-zero sequence of US-ASCII letters and numbers in lower case. * For CAA. */ @@ -145,8 +151,8 @@ enum ldns_enum_rdf_type /** draft-ietf-dnsop-svcb-https **/ LDNS_RDF_TYPE_SVCPARAMS, - /* Aliases */ - LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC + /** draft-johnson-dns-ipn-cla-07 **/ + LDNS_RDF_TYPE_IPN }; typedef enum ldns_enum_rdf_type ldns_rdf_type; diff --git a/ldns/rr.h b/ldns/rr.h index 314f159707b3..d2e4ee90aa9c 100644 --- a/ldns/rr.h +++ b/ldns/rr.h @@ -194,6 +194,9 @@ enum ldns_enum_rr_type LDNS_RR_TYPE_ZONEMD = 63, /* RFC 8976 */ LDNS_RR_TYPE_SVCB = 64, /* RFC 9460 */ LDNS_RR_TYPE_HTTPS = 65, /* RFC 9460 */ + LDNS_RR_TYPE_DSYNC = 66, /* RFC 9859 */ + LDNS_RR_TYPE_HHIT = 67, /* draft-ietf-drip-registries-28 */ + LDNS_RR_TYPE_BRID = 68, /* draft-ietf-drip-registries-28 */ LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */ @@ -210,7 +213,7 @@ enum ldns_enum_rr_type LDNS_RR_TYPE_EUI48 = 108, /* RFC 7043 */ LDNS_RR_TYPE_EUI64 = 109, /* RFC 7043 */ - LDNS_RR_TYPE_NXNAME = 128, /* draft-ietf-dnsop-compact-denial-of-existence */ + LDNS_RR_TYPE_NXNAME = 128, /* RFC 9824 */ LDNS_RR_TYPE_TKEY = 249, /* RFC 2930 */ LDNS_RR_TYPE_TSIG = 250, @@ -236,6 +239,12 @@ enum ldns_enum_rr_type /** https://iana.org/assignments/dns-parameters/WALLET/wallet-completed-template */ LDNS_RR_TYPE_WALLET = 262, + /** https://www.iana.org/assignments/dns-parameters/CLA/cla-completed-template */ + LDNS_RR_TYPE_CLA = 263, + + /** https://www.iana.org/assignments/dns-parameters/IPN/ipn-completed-template */ + LDNS_RR_TYPE_IPN = 264, + /** DNSSEC Trust Authorities */ LDNS_RR_TYPE_TA = 32768, /* RFC 4431, 5074, DNSSEC Lookaside Validation */ @@ -251,7 +260,7 @@ enum ldns_enum_rr_type typedef enum ldns_enum_rr_type ldns_rr_type; /* The first fields are contiguous and can be referenced instantly */ -#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON (LDNS_RR_TYPE_WALLET + 1) +#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON (LDNS_RR_TYPE_IPN + 1) /** * Resource Record @@ -725,6 +734,13 @@ bool ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, const ldns_rr *rr); bool ldns_is_rrset(const ldns_rr_list *rr_list); /** + * checks if an rr_list is a rrset, including checking for TTL. + * \param[in] rr_list the rr_list to check + * \return true if it is an rrset otherwise false + */ +bool ldns_is_rrset_strict(const ldns_rr_list *rr_list); + +/** * pushes an rr to an rrset (which really are rr_list's). * \param[in] *rr_list the rrset to push the rr to * \param[in] *rr the rr to push diff --git a/ldns/str2host.h b/ldns/str2host.h index 2892db0bfb1c..18bd7f6d7e8a 100644 --- a/ldns/str2host.h +++ b/ldns/str2host.h @@ -331,6 +331,16 @@ ldns_status ldns_str2rdf_amtrelay(ldns_rdf **rd, const char *str); */ ldns_status ldns_str2rdf_svcparams(ldns_rdf **rd, const char *str); +/** + * Convert either two unsigned 32 bit decimal numbers seperated by a '.', + * or a single unsigned 64 bit decimal number, as described in + * [draft-johnson-dns-ipn-cla-07]. + * \param[out] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_ipn(ldns_rdf **rd, const char *str); + #ifdef __cplusplus } diff --git a/ldns/util.h.in b/ldns/util.h.in index 7115a2b7f3bf..6b243ac2b5af 100644 --- a/ldns/util.h.in +++ b/ldns/util.h.in @@ -72,8 +72,10 @@ ldns_read_uint16(const void *src) #ifdef ALLOW_UNALIGNED_ACCESSES return ntohs(*(const uint16_t *) src); #else +# ifndef __clang_analyzer__ const uint8_t *p = (const uint8_t *) src; return ((uint16_t) p[0] << 8) | (uint16_t) p[1]; +# endif #endif } @@ -91,6 +93,26 @@ ldns_read_uint32(const void *src) #endif } +INLINE uint64_t +ldns_read_uint64(const void *src) +{ +#ifdef ALLOW_UNALIGNED_ACCESSES + const uint32_t *p = (const uint32_t *) src; + return ( ((uint64_t) ntohl(src[0]) << 32) + | (uint64_t) ntohl(src[1])); +#else + const uint8_t *p = (const uint8_t *) src; + return ( ((uint64_t) p[0] << 56) + | ((uint64_t) p[1] << 48) + | ((uint64_t) p[2] << 40) + | ((uint64_t) p[3] << 32) + | ((uint64_t) p[4] << 24) + | ((uint64_t) p[5] << 16) + | ((uint64_t) p[6] << 8) + | (uint64_t) p[7]); +#endif +} + /* * Copy data allowing for unaligned accesses in network byte order * (big endian). @@ -754,6 +754,8 @@ ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout) uint16_t wire_size; ssize_t bytes = 0, rc = 0; + if(sockfd < 0) + return NULL; wire = LDNS_XMALLOC(uint8_t, 2); if (!wire) { *size = 0; @@ -26,7 +26,10 @@ */ #define LDNS_EDNS_MASK_DO_BIT 0x8000 -#define LDNS_EDNS_MASK_UNASSIGNED (0xFFFF & ~LDNS_EDNS_MASK_DO_BIT) +#define LDNS_EDNS_MASK_CO_BIT 0x4000 +#define LDNS_EDNS_MASK_UNASSIGNED (0xFFFF & ~( LDNS_EDNS_MASK_DO_BIT \ + | LDNS_EDNS_MASK_CO_BIT )) + /* TODO defines for 3600 */ /* convert to and from numerical flag values */ @@ -243,6 +246,22 @@ ldns_pkt_set_edns_do(ldns_pkt *packet, bool value) } } +bool +ldns_pkt_edns_co(const ldns_pkt *packet) +{ + return (packet->_edns_z & LDNS_EDNS_MASK_CO_BIT); +} + +void +ldns_pkt_set_edns_co(ldns_pkt *packet, bool value) +{ + if (value) { + packet->_edns_z = packet->_edns_z | LDNS_EDNS_MASK_CO_BIT; + } else { + packet->_edns_z = packet->_edns_z & ~LDNS_EDNS_MASK_CO_BIT; + } +} + uint16_t ldns_pkt_edns_unassigned(const ldns_pkt *packet) { @@ -753,6 +772,7 @@ ldns_pkt_edns(const ldns_pkt *pkt) ldns_pkt_edns_extended_rcode(pkt) > 0 || ldns_pkt_edns_data(pkt) || ldns_pkt_edns_do(pkt) || + ldns_pkt_edns_co(pkt) || pkt->_edns_list || pkt->_edns_present ); @@ -1254,6 +1274,7 @@ ldns_pkt_clone(const ldns_pkt *pkt) ldns_pkt_set_edns_data(new_pkt, ldns_rdf_clone(ldns_pkt_edns_data(pkt))); ldns_pkt_set_edns_do(new_pkt, ldns_pkt_edns_do(pkt)); + ldns_pkt_set_edns_co(new_pkt, ldns_pkt_edns_co(pkt)); if (pkt->_edns_list) ldns_pkt_set_edns_option_list(new_pkt, ldns_edns_option_list_clone(pkt->_edns_list)); @@ -345,6 +345,9 @@ ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str) case LDNS_RDF_TYPE_EUI64: status = ldns_str2rdf_eui64(&rdf, str); break; + case LDNS_RDF_TYPE_UNQUOTED: + status = ldns_str2rdf_str(&rdf, str); + break; case LDNS_RDF_TYPE_TAG: status = ldns_str2rdf_tag(&rdf, str); break; @@ -366,6 +369,9 @@ ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str) case LDNS_RDF_TYPE_SVCPARAMS: status = ldns_str2rdf_svcparams(&rdf, str); break; + case LDNS_RDF_TYPE_IPN: + status = ldns_str2rdf_ipn(&rdf, str); + break; case LDNS_RDF_TYPE_NONE: default: /* default default ??? */ diff --git a/resolver.c b/resolver.c index a426b82c034e..0f2fdb52e5d0 100644 --- a/resolver.c +++ b/resolver.c @@ -1062,6 +1062,8 @@ ldns_resolver_search_status(ldns_pkt** pkt, /* query as-is */ return ldns_resolver_query_status(pkt, r, name, t, c, flags); } else if (ldns_resolver_dnsrch(r)) { + ldns_pkt *return_pkt = NULL; + search_list = ldns_resolver_searchlist(r); for (i = 0; i <= ldns_resolver_searchlist_count(r); i++) { if (i == ldns_resolver_searchlist_count(r)) { @@ -1072,21 +1074,25 @@ ldns_resolver_search_status(ldns_pkt** pkt, search_list[i]); } - s = ldns_resolver_query_status(pkt, r, + s = ldns_resolver_query_status(&return_pkt, r, new_name, t, c, flags); ldns_rdf_deep_free(new_name); - if (pkt && *pkt) { + if (return_pkt) { if (s == LDNS_STATUS_OK && - ldns_pkt_get_rcode(*pkt) == - LDNS_RCODE_NOERROR) { + ldns_pkt_get_rcode(return_pkt) + == LDNS_RCODE_NOERROR) { return LDNS_STATUS_OK; + } else if (i < ldns_resolver_searchlist_count(r)) { + ldns_pkt_free(return_pkt); + return_pkt = NULL; } - ldns_pkt_free(*pkt); - *pkt = NULL; } } + if (pkt && return_pkt) { + *pkt = return_pkt; + } } return s; } @@ -390,12 +390,6 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str, ldns_buffer_skip(rd_buf, 1); quoted = true; } - if (!quoted && ldns_rr_descriptor_field_type(desc, r_cnt) - == LDNS_RDF_TYPE_LONG_STR) { - - status = LDNS_STATUS_SYNTAX_RDATA_ERR; - goto error; - } } /* because number of fields can be variable, we can't rely on @@ -411,8 +405,8 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str, } pre_data_pos = ldns_buffer_position(rd_buf); - if (-1 == (c = ldns_bget_token( - rd_buf, rd, delimiters, LDNS_MAX_RDFLEN))) { + if (-1 == ldns_bget_token( + rd_buf, rd, delimiters, LDNS_MAX_RDFLEN)) { done = true; (void)done; /* we're breaking, so done not read anymore */ @@ -1287,7 +1281,47 @@ ldns_is_rrset(const ldns_rr_list *rr_list) if (c != ldns_rr_get_class(tmp)) { return false; } - if (ldns_rdf_compare(o, ldns_rr_owner(tmp)) != 0) { + if (ldns_dname_compare(o, ldns_rr_owner(tmp)) != 0) { + return false; + } + } + return true; +} + +bool +ldns_is_rrset_strict(const ldns_rr_list *rr_list) +{ + ldns_rr_type t; + ldns_rr_class c; + uint32_t l; + ldns_rdf *o; + ldns_rr *tmp; + size_t i; + + if (!rr_list || ldns_rr_list_rr_count(rr_list) == 0) { + return false; + } + + tmp = ldns_rr_list_rr(rr_list, 0); + + t = ldns_rr_get_type(tmp); + c = ldns_rr_get_class(tmp); + l = ldns_rr_ttl(tmp); + o = ldns_rr_owner(tmp); + + /* compare these with the rest of the rr_list, start with 1 */ + for (i = 1; i < ldns_rr_list_rr_count(rr_list); i++) { + tmp = ldns_rr_list_rr(rr_list, i); + if (t != ldns_rr_get_type(tmp)) { + return false; + } + if (c != ldns_rr_get_class(tmp)) { + return false; + } + if (l != ldns_rr_ttl(tmp)) { + return false; + } + if (ldns_dname_compare(o, ldns_rr_owner(tmp)) != 0) { return false; } } @@ -1681,8 +1715,8 @@ ldns_rr_compare(const ldns_rr *rr1, const ldns_rr *rr2) return result; } -/* convert dnskey to a ds with the given algorithm, - * then compare the result with the given ds */ +/* convert (c)dnskey to a (c)ds with the given algorithm, + * then compare the result with the given (c)ds */ static int ldns_rr_compare_ds_dnskey(ldns_rr *ds, ldns_rr *dnskey) @@ -1692,8 +1726,10 @@ ldns_rr_compare_ds_dnskey(ldns_rr *ds, ldns_hash algo; if (!dnskey || !ds || - ldns_rr_get_type(ds) != LDNS_RR_TYPE_DS || - ldns_rr_get_type(dnskey) != LDNS_RR_TYPE_DNSKEY) { + (ldns_rr_get_type(ds) != LDNS_RR_TYPE_DS && + ldns_rr_get_type(ds) != LDNS_RR_TYPE_CDS) || + (ldns_rr_get_type(dnskey) != LDNS_RR_TYPE_DNSKEY && + ldns_rr_get_type(dnskey) != LDNS_RR_TYPE_CDNSKEY)) { return false; } @@ -1727,6 +1763,12 @@ ldns_rr_compare_ds(const ldns_rr *orr1, const ldns_rr *orr2) } else if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DNSKEY && ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DS) { result = ldns_rr_compare_ds_dnskey(rr2, rr1); + } else if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_CDS && + ldns_rr_get_type(rr2) == LDNS_RR_TYPE_CDNSKEY) { + result = ldns_rr_compare_ds_dnskey(rr1, rr2); + } else if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_CDNSKEY && + ldns_rr_get_type(rr2) == LDNS_RR_TYPE_CDS) { + result = ldns_rr_compare_ds_dnskey(rr2, rr1); } else { result = (ldns_rr_compare(rr1, rr2) == 0); } @@ -1897,7 +1939,7 @@ static const ldns_rdf_type type_nsap_wireformat[] = { LDNS_RDF_TYPE_NSAP }; static const ldns_rdf_type type_nsap_ptr_wireformat[] = { - LDNS_RDF_TYPE_STR + LDNS_RDF_TYPE_UNQUOTED }; static const ldns_rdf_type type_sig_wireformat[] = { LDNS_RDF_TYPE_TYPE, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT32, @@ -1911,7 +1953,7 @@ static const ldns_rdf_type type_px_wireformat[] = { LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME }; static const ldns_rdf_type type_gpos_wireformat[] = { - LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR + LDNS_RDF_TYPE_UNQUOTED, LDNS_RDF_TYPE_UNQUOTED, LDNS_RDF_TYPE_UNQUOTED }; static const ldns_rdf_type type_aaaa_wireformat[] = { LDNS_RDF_TYPE_AAAA }; static const ldns_rdf_type type_loc_wireformat[] = { LDNS_RDF_TYPE_LOC }; @@ -1988,6 +2030,23 @@ static const ldns_rdf_type type_svcb_wireformat[] = { LDNS_RDF_TYPE_SVCPARAMS }; #endif +#ifdef RRTYPE_DSYNC +static const ldns_rdf_type type_dsync_wireformat[] = { + LDNS_RDF_TYPE_TYPE, + LDNS_RDF_TYPE_INT8, + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_DNAME +}; +#endif +#ifdef RRTYPE_HHIT_BRID +static const ldns_rdf_type type_hhit_wireformat[] = { + LDNS_RDF_TYPE_B64 +}; +static const ldns_rdf_type type_brid_wireformat[] = { + LDNS_RDF_TYPE_B64 +}; +#endif + /* nsec3 is some vars, followed by same type of data of nsec */ static const ldns_rdf_type type_nsec3_wireformat[] = { /* LDNS_RDF_TYPE_NSEC3_VARS, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC*/ @@ -2081,6 +2140,12 @@ static const ldns_rdf_type type_amtrelay_wireformat[] = { LDNS_RDF_TYPE_AMTRELAY }; #endif +#ifdef RRTYPE_CLA_IPN +static const ldns_rdf_type type_ipn_wireformat[] = { + LDNS_RDF_TYPE_IPN +}; +#endif + /** \endcond */ @@ -2248,9 +2313,21 @@ static ldns_rr_descriptor rdata_field_descriptors[] = { {LDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {LDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, #endif +#ifdef RRTYPE_DSYNC + /* 66 */ + {LDNS_RR_TYPE_DSYNC, "DSYNC", 4, 4, type_dsync_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, +#else {LDNS_RR_TYPE_NULL, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#endif +#ifdef RRTYPE_HHIT_BRID + /* 67 */ + {LDNS_RR_TYPE_HHIT, "HHIT", 1, 1, type_hhit_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 68 */ + {LDNS_RR_TYPE_BRID, "BRID", 1, 1, type_brid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#else {LDNS_RR_TYPE_NULL, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {LDNS_RR_TYPE_NULL, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#endif {LDNS_RR_TYPE_NULL, "TYPE69", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {LDNS_RR_TYPE_NULL, "TYPE70", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {LDNS_RR_TYPE_NULL, "TYPE71", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, @@ -2494,13 +2571,21 @@ static ldns_rr_descriptor rdata_field_descriptors[] = { #endif #ifdef RRTYPE_RESINFO /* 261 */ - {LDNS_RR_TYPE_RESINFO, "RESINFO", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, + {LDNS_RR_TYPE_RESINFO, "RESINFO", 1, 0, NULL, LDNS_RDF_TYPE_UNQUOTED, LDNS_RR_NO_COMPRESS, 0 }, #else {LDNS_RR_TYPE_NULL, "TYPE261", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, #endif /* 262 */ - {LDNS_RR_TYPE_WALLET, "TXT", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, - + {LDNS_RR_TYPE_WALLET, "WALLET", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, +#ifdef RRTYPE_CLA_IPN + /* 263 */ + {LDNS_RR_TYPE_CLA, "CLA", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, + /* 264 */ + {LDNS_RR_TYPE_IPN, "IPN", 1, 1, type_ipn_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#else +{LDNS_RR_TYPE_NULL, "TYPE263", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE264", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#endif /* split in array, no longer contiguous */ #ifdef RRTYPE_TA @@ -2586,6 +2671,14 @@ ldns_rdf_bitmap_known_rr_types_set(ldns_rdf** rdf, int value) for (d=rdata_field_descriptors; d < rdata_field_descriptors_end; d++) { window = d->_type >> 8; subtype = d->_type & 0xff; + + /* In the code below, windows[window] == 0 means that the + * window is not in use. So subtype == 0 is a problem. The + * easiest solution is to set subtype to 1, that marks the + * window as in use and doesn't have negative effects. + */ + if (subtype == 0) + subtype = 1; if (windows[window] < subtype) { windows[window] = subtype; } @@ -97,7 +97,7 @@ ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOC state[4] += e; /* Wipe variables */ a = b = c = d = e = 0; - (void)a; + (void)a; (void)b; (void)c; (void)d; (void)e; } @@ -494,7 +494,8 @@ static void ldns_sha256_Transform(ldns_sha256_CTX* context, /* Clean up */ a = b = c = d = e = f = g = h = T1 = T2 = 0; - (void)a; + (void)a; (void)b; (void)c; (void)d; (void)e; (void)f; (void)g; (void)h; + (void)T1; (void)T2; } #endif /* SHA2_UNROLL_TRANSFORM */ @@ -528,7 +529,7 @@ void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t context->bitcount += len << 3; /* Clean up: */ usedspace = freespace = 0; - (void)usedspace; + (void)usedspace; (void)freespace; return; } } @@ -546,7 +547,7 @@ void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t } /* Clean up: */ usedspace = freespace = 0; - (void)usedspace; + (void)usedspace; (void)freespace; } typedef union _ldns_sha2_buffer_union { @@ -737,6 +738,7 @@ static void ldns_sha512_Transform(ldns_sha512_CTX* context, sha2_word64 a, b, c, d, e, f, g, h, s0, s1; sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer; int j; + sha2_word64 aligned; /* initialize registers with the prev. intermediate value */ a = context->state[0]; @@ -752,7 +754,8 @@ static void ldns_sha512_Transform(ldns_sha512_CTX* context, do { #if BYTE_ORDER == LITTLE_ENDIAN /* Convert TO host byte order */ - REVERSE64(*data++, W512[j]); + memcpy(&aligned, data++, sizeof(aligned)); + REVERSE64(aligned, W512[j]); /* Apply the SHA-512 compression function to update a..h */ T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; #else /* BYTE_ORDER == LITTLE_ENDIAN */ @@ -807,7 +810,8 @@ static void ldns_sha512_Transform(ldns_sha512_CTX* context, /* Clean up */ a = b = c = d = e = f = g = h = T1 = T2 = 0; - (void)a; + (void)a; (void)b; (void)c; (void)d; (void)e; (void)f; (void)g; (void)h; + (void)T1; (void)T2; } #endif /* SHA2_UNROLL_TRANSFORM */ @@ -841,7 +845,7 @@ void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t ADDINC128(context->bitcount, len << 3); /* Clean up: */ usedspace = freespace = 0; - (void)usedspace; + (void)usedspace; (void)freespace; return; } } @@ -859,7 +863,7 @@ void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t } /* Clean up: */ usedspace = freespace = 0; - (void)usedspace; + (void)usedspace; (void)freespace; } static void ldns_sha512_Last(ldns_sha512_CTX* context) { diff --git a/str2host.c b/str2host.c index 5b78e5bc5907..8a325921bc6e 100644 --- a/str2host.c +++ b/str2host.c @@ -224,6 +224,69 @@ ldns_str2rdf_int32(ldns_rdf **rd, const char *longstr) } } +#ifdef __BYTE_ORDER__ +# if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +# define htonll(x) (x) +# define ntohll(x) (x) +# else +# define htonll(x) (((uint64_t)htonl((x) & 0xFFFFFFFF) << 32) | htonl((x) >> 32)) +# define ntohll(x) (((uint64_t)ntohl((x) & 0xFFFFFFFF) << 32) | ntohl((x) >> 32)) +# endif +#else +# define htonll(x) ((1==htonl(1)) ? (x) : ((uint64_t)htonl((x) & 0xFFFFFFFF) << 32) | htonl((x) >> 32)) +# define ntohll(x) ((1==ntohl(1)) ? (x) : ((uint64_t)ntohl((x) & 0xFFFFFFFF) << 32) | ntohl((x) >> 32)) +#endif + +ldns_status +ldns_str2rdf_ipn(ldns_rdf **rd, const char *ipnstr) +{ + char *end; + uint8_t r[sizeof(uint64_t)]; + char left[21], *right; + + if(strlen(ipnstr) > 21) + return LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW; + errno = 0; /* must set to zero before call, + note race condition on errno */ + if((right = strchr(ipnstr, '.'))) { + uint32_t u32 = strtoul(right + 1, &end, 10); + + if(*end != 0) + return LDNS_STATUS_ERR; + + if(errno == ERANGE) + return LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW; + + u32 = htonl(u32); + memcpy(r + sizeof(uint32_t), &u32, sizeof(uint32_t)); + memcpy(left, ipnstr, right - ipnstr); + left[right - ipnstr] = 0; + + u32 = strtoul(left, &end, 10); + if(*end != 0) + return LDNS_STATUS_ERR; + + if(errno == ERANGE) + return LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW; + + u32 = htonl(u32); + memcpy(r, &u32, sizeof(uint32_t)); + } else { + uint64_t u64 = strtoull(ipnstr, &end, 10); + + if(*end != 0) + return LDNS_STATUS_ERR; + + if(u64 == ULLONG_MAX && errno == ERANGE) + return LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW; + + u64 = htonll(u64); + memcpy(r, &u64, sizeof(uint64_t)); + } + *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_IPN, sizeof(r), r); + return *rd ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; +} + ldns_status ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr) { @@ -1767,6 +1830,7 @@ ldns_str2rdf_amtrelay(ldns_rdf **rd, const char *str) LDNS_FREE(relay); LDNS_FREE(token); ldns_buffer_free(str_buf); + ldns_rdf_deep_free(relay_rdf); return LDNS_STATUS_INVALID_STR; } @@ -1782,7 +1846,7 @@ ldns_str2rdf_amtrelay(ldns_rdf **rd, const char *str) LDNS_FREE(relay); LDNS_FREE(token); ldns_buffer_free(str_buf); - if (relay_rdf) ldns_rdf_free(relay_rdf); + ldns_rdf_deep_free(relay_rdf); return LDNS_STATUS_MEM_ERR; } @@ -1801,7 +1865,7 @@ ldns_str2rdf_amtrelay(ldns_rdf **rd, const char *str) LDNS_FREE(relay); LDNS_FREE(token); ldns_buffer_free(str_buf); - ldns_rdf_free(relay_rdf); + ldns_rdf_deep_free(relay_rdf); LDNS_FREE(data); if(!*rd) return LDNS_STATUS_MEM_ERR; return LDNS_STATUS_OK; @@ -346,6 +346,11 @@ ldns_init_random(FILE *fd, unsigned int size) unsigned int seed_i; struct timeval tv; +#ifdef HAVE_SSL + if(RAND_status() == 1) + /* already seeded */ + return 0; +#endif /* we'll need at least sizeof(unsigned int) bytes for the standard prng seed */ if (size < (unsigned int) sizeof(seed_i)){ diff --git a/wire2host.c b/wire2host.c index 91d3f1364d75..9c05001493b8 100644 --- a/wire2host.c +++ b/wire2host.c @@ -223,6 +223,8 @@ ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos) break; case LDNS_RDF_TYPE_ILNP64: case LDNS_RDF_TYPE_EUI64: + case LDNS_RDF_TYPE_IPN: + case LDNS_RDF_TYPE_INT64: cur_rdf_length = LDNS_RDF_SIZE_8BYTES; break; case LDNS_RDF_TYPE_AAAA: @@ -230,6 +232,7 @@ ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos) break; case LDNS_RDF_TYPE_STR: case LDNS_RDF_TYPE_NSEC3_SALT: + case LDNS_RDF_TYPE_UNQUOTED: case LDNS_RDF_TYPE_TAG: /* len is stored in first byte * it should be in the rdf too, so just @@ -350,7 +350,7 @@ error: ldns_rdf_deep_free(my_prev); } if (newzone) { - ldns_zone_free(newzone); + ldns_zone_deep_free(newzone); } return ret; } |