BIND 10 trac2165_2, updated. 9a13449fd43574629557b2b0aa67592a58729fc5 [2165] Remove RRSIG filtering code from getAdditionalAddrs()
BIND 10 source code commits
bind10-changes at lists.isc.org
Wed Aug 22 03:05:52 UTC 2012
The branch, trac2165_2 has been updated
via 9a13449fd43574629557b2b0aa67592a58729fc5 (commit)
via 2a22df22a13e01d9a18a02e65bf1334b8ac3b58a (commit)
from 52f1d2c35bb10b9d5d3f7d055ce39cac3b2423b8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9a13449fd43574629557b2b0aa67592a58729fc5
Author: Mukund Sivaraman <muks at isc.org>
Date: Wed Aug 22 08:22:54 2012 +0530
[2165] Remove RRSIG filtering code from getAdditionalAddrs()
Do it in the database data source itself. We also adjust doFindTest()
so that we only check for returned RRSIGs if FIND_DNSSEC option is
specified. Otherwise we assert that no RRSIGs are returned by find().
commit 2a22df22a13e01d9a18a02e65bf1334b8ac3b58a
Author: Mukund Sivaraman <muks at isc.org>
Date: Wed Aug 22 08:20:38 2012 +0530
[2165] Check for NULL rrsets in stripRRsigs() itself
This will also be useful in the next commit.
-----------------------------------------------------------------------
Summary of changes:
src/bin/auth/tests/query_unittest.cc | 2 +-
src/lib/datasrc/database.cc | 26 +++++++++++++---------
src/lib/datasrc/database.h | 1 +
src/lib/datasrc/tests/database_unittest.cc | 23 +++++++++++--------
src/lib/datasrc/zone.h | 33 +++++++++++++++-------------
src/lib/datasrc/zone_finder_context.cc | 3 +--
6 files changed, 51 insertions(+), 37 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/bin/auth/tests/query_unittest.cc b/src/bin/auth/tests/query_unittest.cc
index b9650d6..513b18b 100644
--- a/src/bin/auth/tests/query_unittest.cc
+++ b/src/bin/auth/tests/query_unittest.cc
@@ -485,7 +485,7 @@ protected:
isc::dns::ConstRRsetPtr rrset,
FindResultFlags flags = RESULT_DEFAULT)
{
- ConstRRsetPtr rr = (rrset ? stripRRsigs(rrset, options) : rrset);
+ ConstRRsetPtr rr = stripRRsigs(rrset, options);
return (ZoneFinderContextPtr(
new Context(*this, options,
ResultContext(code, rr, flags))));
diff --git a/src/lib/datasrc/database.cc b/src/lib/datasrc/database.cc
index 82a5e54..09f7e3b 100644
--- a/src/lib/datasrc/database.cc
+++ b/src/lib/datasrc/database.cc
@@ -601,7 +601,8 @@ DatabaseClient::Finder::findWildcardMatch(
DATASRC_DATABASE_WILDCARD_CANCEL_NS).
arg(accessor_->getDBName()).arg(wildcard).
arg(dresult.first_ns->getName());
- return (ResultContext(DELEGATION, dresult.first_ns));
+ return (ResultContext(DELEGATION,
+ stripRRsigs(dresult.first_ns, options)));
} else if (!hasSubdomains(name.split(i - 1).toText())) {
// The wildcard match is the best one, find the final result
// at it. Note that wildcard should never be the zone origin.
@@ -637,7 +638,7 @@ DatabaseClient::Finder::findWildcardMatch(
ZoneFinder::ResultContext
DatabaseClient::Finder::logAndCreateResult(
const Name& name, const string* wildname, const RRType& type,
- ZoneFinder::Result code, ConstRRsetPtr rrset,
+ ZoneFinder::Result code, ConstRRsetPtr rrset, const FindOptions options,
const isc::log::MessageID& log_id, FindResultFlags flags) const
{
if (rrset) {
@@ -661,7 +662,7 @@ DatabaseClient::Finder::logAndCreateResult(
arg(getClass()).arg(*wildname);
}
}
- return (ResultContext(code, rrset, flags));
+ return (ResultContext(code, stripRRsigs(rrset, options), flags));
}
DatabaseClient::Finder::FindDNSSECContext::FindDNSSECContext(
@@ -809,7 +810,7 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
// - when we are looking for glue records (FIND_GLUE_OK), or
// - when the query type is DS (which cancels the delegation)
return (logAndCreateResult(name, wildname, type, DELEGATION,
- nsi->second,
+ nsi->second, options,
wild ? DATASRC_DATABASE_WILDCARD_NS :
DATASRC_DATABASE_FOUND_DELEGATION_EXACT,
flags));
@@ -825,7 +826,8 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
cni->second->getRdataCount() << " rdata at " << name <<
", expected 1");
}
- return (logAndCreateResult(name, wildname, type, CNAME, cni->second,
+ return (logAndCreateResult(name, wildname, type, CNAME,
+ cni->second, options,
wild ? DATASRC_DATABASE_WILDCARD_CNAME :
DATASRC_DATABASE_FOUND_CNAME,
flags));
@@ -838,7 +840,7 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
it != found.second.end(); ++it) {
if (it->second) {
// Skip over the empty ANY
- target->push_back(it->second);
+ target->push_back(stripRRsigs(it->second, options));
}
}
if (wild) {
@@ -866,7 +868,8 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
// includes the case where we were explicitly querying for a CNAME and
// found it. It also includes the case where we were querying for an
// NS RRset and found it at the apex of the zone.)
- return (ResultContext(SUCCESS, wti->second, flags));
+ return (ResultContext(SUCCESS, stripRRsigs(wti->second, options),
+ flags));
}
// If we get here, we have found something at the requested name but not
@@ -881,11 +884,13 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
if (dnssec_rrset) {
// This log message covers both normal and wildcard cases, so we pass
// NULL for 'wildname'.
- return (logAndCreateResult(name, NULL, type, NXRRSET, dnssec_rrset,
+ return (logAndCreateResult(name, NULL, type, NXRRSET,
+ dnssec_rrset, options,
DATASRC_DATABASE_FOUND_NXRRSET_NSEC,
flags | RESULT_NSEC_SIGNED));
}
- return (logAndCreateResult(name, wildname, type, NXRRSET, dnssec_rrset,
+ return (logAndCreateResult(name, wildname, type, NXRRSET,
+ dnssec_rrset, options,
wild ? DATASRC_DATABASE_WILDCARD_NXRRSET :
DATASRC_DATABASE_FOUND_NXRRSET,
flags | dnssec_ctx.getResultFlags()));
@@ -964,7 +969,8 @@ DatabaseClient::Finder::findInternal(const Name& name, const RRType& type,
const DelegationSearchResult dresult = findDelegationPoint(name, options);
if (dresult.rrset) {
// In this case no special flags are needed.
- return (ResultContext(dresult.code, dresult.rrset));
+ return (ResultContext(dresult.code,
+ stripRRsigs(dresult.rrset, options)));
}
// If there is no delegation, look for the exact match to the request
diff --git a/src/lib/datasrc/database.h b/src/lib/datasrc/database.h
index 65ddfcc..2a2b484 100644
--- a/src/lib/datasrc/database.h
+++ b/src/lib/datasrc/database.h
@@ -1336,6 +1336,7 @@ public:
const isc::dns::RRType& type,
ZoneFinder::Result code,
isc::dns::ConstRRsetPtr rrset,
+ const FindOptions options,
const isc::log::MessageID& log_id,
FindResultFlags flags) const;
diff --git a/src/lib/datasrc/tests/database_unittest.cc b/src/lib/datasrc/tests/database_unittest.cc
index 11e6752..cd1b59a 100644
--- a/src/lib/datasrc/tests/database_unittest.cc
+++ b/src/lib/datasrc/tests/database_unittest.cc
@@ -1711,17 +1711,22 @@ doFindTest(ZoneFinder& finder,
checkRRset(result->rrset, expected_name != Name(".") ? expected_name :
name, finder.getClass(), expected_type, expected_ttl,
expected_rdatas);
-
- if (!expected_sig_rdatas.empty() && result->rrset->getRRsig()) {
- checkRRset(result->rrset->getRRsig(), expected_name != Name(".") ?
- expected_name : name, finder.getClass(),
- isc::dns::RRType::RRSIG(), expected_ttl,
- expected_sig_rdatas);
- } else if (expected_sig_rdatas.empty()) {
+ if ((options & ZoneFinder::FIND_DNSSEC) == ZoneFinder::FIND_DNSSEC) {
+ if (!expected_sig_rdatas.empty() && result->rrset->getRRsig()) {
+ checkRRset(result->rrset->getRRsig(),
+ expected_name != Name(".") ? expected_name : name,
+ finder.getClass(),
+ isc::dns::RRType::RRSIG(), expected_ttl,
+ expected_sig_rdatas);
+ } else if (expected_sig_rdatas.empty()) {
+ EXPECT_EQ(isc::dns::RRsetPtr(), result->rrset->getRRsig()) <<
+ "Unexpected RRSIG: " << result->rrset->getRRsig()->toText();
+ } else {
+ ADD_FAILURE() << "Missing RRSIG";
+ }
+ } else if (result->rrset->getRRsig()) {
EXPECT_EQ(isc::dns::RRsetPtr(), result->rrset->getRRsig()) <<
"Unexpected RRSIG: " << result->rrset->getRRsig()->toText();
- } else {
- ADD_FAILURE() << "Missing RRSIG";
}
} else if (expected_rdatas.empty()) {
EXPECT_EQ(isc::dns::RRsetPtr(), result->rrset) <<
diff --git a/src/lib/datasrc/zone.h b/src/lib/datasrc/zone.h
index 4babefe..15a949d 100644
--- a/src/lib/datasrc/zone.h
+++ b/src/lib/datasrc/zone.h
@@ -138,23 +138,26 @@ public:
/// requested.
static isc::dns::ConstRRsetPtr
stripRRsigs(isc::dns::ConstRRsetPtr rr, const FindOptions options) {
- isc::dns::ConstRRsetPtr sig_rrset = rr->getRRsig();
- if (sig_rrset &&
- ((options & ZoneFinder::FIND_DNSSEC) == 0)) {
- isc::dns::RRsetPtr result_base(new isc::dns::RRset(rr->getName(),
- rr->getClass(),
- rr->getType(),
- rr->getTTL()));
- for (isc::dns::RdataIteratorPtr i(rr->getRdataIterator());
- !i->isLast();
- i->next()) {
- result_base->addRdata(i->getCurrent());
- }
+ if (rr) {
+ isc::dns::ConstRRsetPtr sig_rrset = rr->getRRsig();
+ if (sig_rrset &&
+ ((options & ZoneFinder::FIND_DNSSEC) == 0)) {
+ isc::dns::RRsetPtr result_base
+ (new isc::dns::RRset(rr->getName(),
+ rr->getClass(),
+ rr->getType(),
+ rr->getTTL()));
+ for (isc::dns::RdataIteratorPtr i(rr->getRdataIterator());
+ !i->isLast();
+ i->next()) {
+ result_base->addRdata(i->getCurrent());
+ }
- return(result_base);
- } else {
- return(rr);
+ return (result_base);
+ }
}
+
+ return (rr);
}
/// \brief Context of the result of a find() call.
diff --git a/src/lib/datasrc/zone_finder_context.cc b/src/lib/datasrc/zone_finder_context.cc
index bf9c4b0..7913d71 100644
--- a/src/lib/datasrc/zone_finder_context.cc
+++ b/src/lib/datasrc/zone_finder_context.cc
@@ -47,8 +47,7 @@ getAdditionalAddrs(ZoneFinder& finder, const Name& name,
BOOST_FOREACH(RRType rrtype, requested_types) {
ConstZoneFinderContextPtr ctx = finder.find(name, rrtype, options);
if (ctx->code == ZoneFinder::SUCCESS) {
- result_rrsets.push_back(ZoneFinder::stripRRsigs(ctx->rrset,
- options));
+ result_rrsets.push_back(ctx->rrset);
}
}
}
More information about the bind10-changes
mailing list