BIND 10 trac1577, updated. c47c4c3541a5a9ed7a77f47610d8f14c29295969 [1577] Code comments for findNSEC3

BIND 10 source code commits bind10-changes at lists.isc.org
Thu Apr 12 12:59:04 UTC 2012 

The branch, trac1577 has been updated
       via  c47c4c3541a5a9ed7a77f47610d8f14c29295969 (commit)
      from  7130e28820b2e9e603f64546deebf12b410b897d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c47c4c3541a5a9ed7a77f47610d8f14c29295969
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date:   Thu Apr 12 14:58:52 2012 +0200

    [1577] Code comments for findNSEC3

-----------------------------------------------------------------------

Summary of changes:
 src/lib/datasrc/database.cc |   17 ++++++++++++++---
 1 files changed, 14 insertions(+), 3 deletions(-)

-----------------------------------------------------------------------
diff --git a/src/lib/datasrc/database.cc b/src/lib/datasrc/database.cc
index a57e3d1..96cf461 100644
--- a/src/lib/datasrc/database.cc
+++ b/src/lib/datasrc/database.cc
@@ -939,12 +939,12 @@ DatabaseClient::Finder::findInternal(const Name& name, const RRType& type,
     }
 }
 
+// The behaviour is inspired by the one in the in-memory implementation.
 ZoneFinder::FindNSEC3Result
 DatabaseClient::Finder::findNSEC3(const Name& name, bool recursive) {
     LOG_DEBUG(logger, DBG_TRACE_BASIC, DATASRC_DATABASE_FINDNSEC3).arg(name).
         arg(recursive ? "recursive" : "non-recursive");
 
-
     // First, validate the input
     const NameComparisonResult cmp_result(name.compare(getOrigin()));
     if (cmp_result.getRelation() != NameComparisonResult::EQUAL &&
@@ -955,7 +955,6 @@ DatabaseClient::Finder::findNSEC3(const Name& name, bool recursive) {
 
     // Now, we need to get the NSEC3 params from the apex and create the hash
     // creator for it.
-
     const FoundRRsets nsec3param(getRRsets(getOrigin().toText(),
                                  NSEC3PARAM_TYPES(), false));
     const FoundIterator param(nsec3param.second.find(RRType::NSEC3PARAM()));
@@ -971,17 +970,21 @@ DatabaseClient::Finder::findNSEC3(const Name& name, bool recursive) {
         dynamic_cast<const generic::NSEC3PARAM&>(
             param->second->getRdataIterator()->getCurrent())));
 
+    // Few shortcut variables
     const unsigned olabels(getOrigin().getLabelCount());
     const unsigned qlabels(name.getLabelCount());
-
     const string otext(getOrigin().toText());
 
+    // This will be set to the one covering the query name
     ConstRRsetPtr covering_proof;
 
+    // We keep stripping the leftmost label until we find something.
+    // In case it is recursive, we'll exit the loop at the first iteration.
     for (unsigned labels(qlabels); labels >= olabels; -- labels) {
         const string hash(calculator->calculate(labels == qlabels ? name :
                                                 name.split(qlabels - labels,
                                                            labels)));
+        // Get the exact match for the name.
         LOG_DEBUG(logger, DBG_TRACE_BASIC, DATASRC_DATABASE_FINDNSEC3_TRYHASH).
             arg(name).arg(labels).arg(hash);
 
@@ -1006,8 +1009,11 @@ DatabaseClient::Finder::findNSEC3(const Name& name, bool recursive) {
             LOG_DEBUG(logger, DBG_TRACE_BASIC,
                       DATASRC_DATABASE_FINDNSEC3_MATCH).arg(name).arg(labels).
                 arg(*it->second);
+            // Yes, we win
             return (FindNSEC3Result(true, labels, it->second, covering_proof));
         } else {
+            // There's no exact match. We try a previous one. We must find it
+            // (if the zone is properly signed).
             const string prevHash(accessor_->findPreviousNSEC3Hash(zone_id_,
                                                                    hash));
             LOG_DEBUG(logger, DBG_TRACE_BASIC,
@@ -1030,6 +1036,9 @@ DatabaseClient::Finder::findNSEC3(const Name& name, bool recursive) {
             }
 
             covering_proof = prev_it->second;
+            // In case it is recursive, we try to get an exact match a level
+            // up. If it is not recursive, the caller is ok with a covering
+            // one, so we just return it.
             if (!recursive) {
                 LOG_DEBUG(logger, DBG_TRACE_BASIC,
                           DATASRC_DATABASE_FINDNSEC3_COVER).arg(name).
@@ -1040,6 +1049,8 @@ DatabaseClient::Finder::findNSEC3(const Name& name, bool recursive) {
         }
     }
 
+    // The zone must contain at least the apex and that one should match
+    // exactly. If that doesn't happen, we have a problem.
     isc_throw(DataSourceError, "recursive findNSEC3 mode didn't stop, likely a "
               "broken NSEC3 zone: " << otext << "/" << getClass());
 }

More information about the bind10-changes mailing list