BIND 10 trac534, updated. b086fbca9ce75d8950cd51d0b9de3d49715565a7 [trac534] Take some context check to helper function
BIND 10 source code commits
bind10-changes at lists.isc.org
Sun Jan 30 20:16:38 UTC 2011
The branch, trac534 has been updated
via b086fbca9ce75d8950cd51d0b9de3d49715565a7 (commit)
via eb4c7905227413fe7d4ee8a42d1e8dfc185d36f1 (commit)
via 47dc887dfdf6d3501a73bad82f30f6148fc2ff8e (commit)
from 83904ae5b53bf4a5a5436902f4be88f818db984a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b086fbca9ce75d8950cd51d0b9de3d49715565a7
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date: Sun Jan 30 20:53:55 2011 +0100
[trac534] Take some context check to helper function
commit eb4c7905227413fe7d4ee8a42d1e8dfc185d36f1
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date: Sun Jan 30 20:41:10 2011 +0100
[trac534] Check for origin by pointer, not name
commit 47dc887dfdf6d3501a73bad82f30f6148fc2ff8e
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date: Sun Jan 30 20:23:40 2011 +0100
[trac534] Some references to RFC
-----------------------------------------------------------------------
Summary of changes:
src/lib/datasrc/memory_datasrc.cc | 112 +++++++++++++++++++++++--------------
1 files changed, 69 insertions(+), 43 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/lib/datasrc/memory_datasrc.cc b/src/lib/datasrc/memory_datasrc.cc
index ae09a3e..a0a7be5 100644
--- a/src/lib/datasrc/memory_datasrc.cc
+++ b/src/lib/datasrc/memory_datasrc.cc
@@ -35,14 +35,9 @@ namespace datasrc {
struct MemoryZone::MemoryZoneImpl {
// Constructor
MemoryZoneImpl(const RRClass& zone_class, const Name& origin) :
- zone_class_(zone_class), origin_(origin)
+ zone_class_(zone_class), origin_(origin), origin_data_(NULL)
{}
- // Information about the zone
- RRClass zone_class_;
- Name origin_;
- string file_name_;
-
// Some type aliases
/*
* Each domain consists of some RRsets. They will be looked up by the
@@ -61,10 +56,62 @@ struct MemoryZone::MemoryZoneImpl {
// The tree stores domains
typedef RBTree<Domain> DomainTree;
typedef RBNode<Domain> DomainNode;
+
+ // Information about the zone
+ RRClass zone_class_;
+ Name origin_;
+ DomainNode* origin_data_;
+ string file_name_;
+
// The actual zone data
DomainTree domains_;
/*
+ * Does some checks in context of the data that are already in the zone.
+ * Currently checks for forbidden combinations of RRsets in the same
+ * domain (CNAME+anything, DNAME+NS).
+ *
+ * If such condition is found, it throws AddError.
+ */
+ void contextCheck(const ConstRRsetPtr& rrset, const DomainPtr& domain) {
+ // Ensure CNAME and other type of RR don't coexist for the same
+ // owner name.
+ // Note: when the check fails and the exception is thrown, it may
+ // break strong exception guarantee. At the moment we prefer
+ // code simplicity and don't bother to introduce complicated
+ // recovery code.
+ if (rrset->getType() == RRType::CNAME()) {
+ // XXX: this check will become incorrect when we support DNSSEC
+ // (depending on how we support DNSSEC). We should revisit it
+ // at that point.
+ if (!domain->empty()) {
+ isc_throw(AddError, "CNAME can't be added with other data for "
+ << rrset->getName());
+ }
+ } else if (domain->find(RRType::CNAME()) != domain->end()) {
+ isc_throw(AddError, "CNAME and " << rrset->getType() <<
+ " can't coexist for " << rrset->getName());
+ }
+
+ /*
+ * Similar with DNAME, but it must not coexist only with NS and only in
+ * non-apex domains.
+ * RFC 2672 section 3 mentions that it is implied from it and RFC 2181
+ */
+ if (rrset->getName() != origin_ &&
+ // Adding DNAME, NS already there
+ ((rrset->getType() == RRType::DNAME() &&
+ domain->find(RRType::NS()) != domain->end()) ||
+ // Adding NS, DNAME already there
+ (rrset->getType() == RRType::NS() &&
+ domain->find(RRType::DNAME()) != domain->end())))
+ {
+ isc_throw(AddError, "DNAME can't coexist with NS in non-apex "
+ "domain " << rrset->getName());
+ }
+ }
+
+ /*
* Implementation of longer methods. We put them here, because the
* access is without the impl_-> and it will get inlined anyway.
*/
@@ -74,6 +121,8 @@ struct MemoryZone::MemoryZoneImpl {
if (!rrset) {
isc_throw(NullRRset, "The rrset provided is NULL");
}
+ // Check for singleton RRs. It should probably handled at a different
+ // in future.
if ((rrset->getType() == RRType::CNAME() ||
rrset->getType() == RRType::DNAME()) &&
rrset->getRdataCount() > 1)
@@ -112,44 +161,15 @@ struct MemoryZone::MemoryZoneImpl {
if (node->isEmpty()) {
domain.reset(new Domain);
node->setData(domain);
+ if (origin_data_ == NULL && name == origin_) {
+ origin_data_ = node;
+ }
} else { // Get existing one
domain = node->getData();
}
- // Ensure CNAME and other type of RR don't coexist for the same
- // owner name.
- // Note: when the check fails and the exception is thrown, it may
- // break strong exception guarantee. At the moment we prefer
- // code simplicity and don't bother to introduce complicated
- // recovery code.
- if (rrset->getType() == RRType::CNAME()) {
- // XXX: this check will become incorrect when we support DNSSEC
- // (depending on how we support DNSSEC). We should revisit it
- // at that point.
- if (!domain->empty()) {
- isc_throw(AddError, "CNAME can't be added with other data for "
- << rrset->getName());
- }
- } else if (domain->find(RRType::CNAME()) != domain->end()) {
- isc_throw(AddError, "CNAME and " << rrset->getType() <<
- " can't coexist for " << rrset->getName());
- }
-
- /*
- * Similar with DNAME, but it must not coexist only with NS and only in
- * non-apex domains.
- */
- if (rrset->getName() != origin_ &&
- // Adding DNAME, NS already there
- ((rrset->getType() == RRType::DNAME() &&
- domain->find(RRType::NS()) != domain->end()) ||
- // Adding NS, DNAME already there
- (rrset->getType() == RRType::NS() &&
- domain->find(RRType::DNAME()) != domain->end())))
- {
- isc_throw(AddError, "DNAME can't coexist with NS in non-apex "
- "domain " << rrset->getName());
- }
+ // Checks related to the surrounding data
+ contextCheck(rrset, domain);
// Try inserting the rrset there
if (domain->insert(DomainPair(rrset->getType(), rrset)).second) {
@@ -216,13 +236,19 @@ struct MemoryZone::MemoryZoneImpl {
// We need to look for DNAME first, there's allowed case where
// DNAME and NS coexist in the apex. DNAME is the one to notice,
- // the NS is authoritative, not delegation
+ // the NS is authoritative, not delegation (corner case explicitly
+ // allowed by section 3 of 2672)
const Domain::const_iterator foundDNAME(node.getData()->find(
RRType::DNAME()));
if (foundDNAME != node.getData()->end()) {
state->dname_node_ = &node;
state->rrset_ = foundDNAME->second;
- // No more processing below the DNAME
+ // No more processing below the DNAME (RFC 2672, section 3
+ // forbids anything to exist below it, so there's no need
+ // to actually search for it). This is strictly speaking
+ // a different way than described in 4.1 of that RFC,
+ // but because of the assumption in section 3, it has the
+ // same behaviour.
return true;
}
@@ -289,7 +315,7 @@ struct MemoryZone::MemoryZoneImpl {
// If the node callback is enabled, this may be a zone cut. If it
// has a NS RR, we should return a delegation, but not in the apex.
- if (node->isCallbackEnabled() && node->getName() != origin_) {
+ if (node->isCallbackEnabled() && node != origin_data_) {
found = node->getData()->find(RRType::NS());
if (found != node->getData()->end()) {
return (FindResult(DELEGATION, found->second));
More information about the bind10-changes
mailing list