resolved: add comments referencing various RFCs to various places
This commit is contained in:
parent
6f717d0817
commit
6af47493de
|
@ -26,7 +26,8 @@
|
||||||
#include "resolved-dns-packet.h"
|
#include "resolved-dns-packet.h"
|
||||||
#include "string-util.h"
|
#include "string-util.h"
|
||||||
|
|
||||||
/* Never cache more than 4K entries */
|
/* Never cache more than 4K entries. RFC 1536, Section 5 suggests to
|
||||||
|
* leave DNS caches unbounded, but that's crazy. */
|
||||||
#define CACHE_MAX 4096
|
#define CACHE_MAX 4096
|
||||||
|
|
||||||
/* We never keep any item longer than 2h in our cache */
|
/* We never keep any item longer than 2h in our cache */
|
||||||
|
|
|
@ -458,7 +458,15 @@ static int dnssec_rrsig_expired(DnsResourceRecord *rrsig, usec_t realtime) {
|
||||||
|
|
||||||
static int algorithm_to_gcrypt_md(uint8_t algorithm) {
|
static int algorithm_to_gcrypt_md(uint8_t algorithm) {
|
||||||
|
|
||||||
/* Translates a DNSSEC signature algorithm into a gcrypt digest identifier */
|
/* Translates a DNSSEC signature algorithm into a gcrypt
|
||||||
|
* digest identifier.
|
||||||
|
*
|
||||||
|
* Note that we implement all algorithms listed as "Must
|
||||||
|
* implement" and "Recommended to Implement" in RFC6944. We
|
||||||
|
* don't implement any algorithms that are listed as
|
||||||
|
* "Optional" or "Must Not Implement". Specifically, we do not
|
||||||
|
* implement RSAMD5, DSASHA1, DH, DSA-NSEC3-SHA1, and
|
||||||
|
* GOST-ECC. */
|
||||||
|
|
||||||
switch (algorithm) {
|
switch (algorithm) {
|
||||||
|
|
||||||
|
|
|
@ -311,6 +311,9 @@ int dns_resource_key_to_string(const DnsResourceKey *key, char **ret) {
|
||||||
const char *c, *t;
|
const char *c, *t;
|
||||||
char *s;
|
char *s;
|
||||||
|
|
||||||
|
/* If we cannot convert the CLASS/TYPE into a known string,
|
||||||
|
use the format recommended by RFC 3597, Section 5. */
|
||||||
|
|
||||||
c = dns_class_to_string(key->class);
|
c = dns_class_to_string(key->class);
|
||||||
if (!c) {
|
if (!c) {
|
||||||
sprintf(cbuf, "CLASS%u", key->class);
|
sprintf(cbuf, "CLASS%u", key->class);
|
||||||
|
@ -1021,6 +1024,7 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) {
|
||||||
if (!t)
|
if (!t)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
|
/* Format as documented in RFC 3597, Section 5 */
|
||||||
r = asprintf(&s, "%s \\# %zu %s", k, rr->generic.size, t);
|
r = asprintf(&s, "%s \\# %zu %s", k, rr->generic.size, t);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -157,6 +157,7 @@ struct DnsResourceRecord {
|
||||||
char *exchange;
|
char *exchange;
|
||||||
} mx;
|
} mx;
|
||||||
|
|
||||||
|
/* https://tools.ietf.org/html/rfc1876 */
|
||||||
struct {
|
struct {
|
||||||
uint8_t version;
|
uint8_t version;
|
||||||
uint8_t size;
|
uint8_t size;
|
||||||
|
@ -167,14 +168,6 @@ struct DnsResourceRecord {
|
||||||
uint32_t altitude;
|
uint32_t altitude;
|
||||||
} loc;
|
} loc;
|
||||||
|
|
||||||
struct {
|
|
||||||
uint16_t key_tag;
|
|
||||||
uint8_t algorithm;
|
|
||||||
uint8_t digest_type;
|
|
||||||
void *digest;
|
|
||||||
size_t digest_size;
|
|
||||||
} ds;
|
|
||||||
|
|
||||||
/* https://tools.ietf.org/html/rfc4255#section-3.1 */
|
/* https://tools.ietf.org/html/rfc4255#section-3.1 */
|
||||||
struct {
|
struct {
|
||||||
uint8_t algorithm;
|
uint8_t algorithm;
|
||||||
|
@ -212,6 +205,15 @@ struct DnsResourceRecord {
|
||||||
Bitmap *types;
|
Bitmap *types;
|
||||||
} nsec;
|
} nsec;
|
||||||
|
|
||||||
|
/* https://tools.ietf.org/html/rfc4034#section-5.1 */
|
||||||
|
struct {
|
||||||
|
uint16_t key_tag;
|
||||||
|
uint8_t algorithm;
|
||||||
|
uint8_t digest_type;
|
||||||
|
void *digest;
|
||||||
|
size_t digest_size;
|
||||||
|
} ds;
|
||||||
|
|
||||||
struct {
|
struct {
|
||||||
uint8_t algorithm;
|
uint8_t algorithm;
|
||||||
uint8_t flags;
|
uint8_t flags;
|
||||||
|
|
Loading…
Reference in a new issue