BIND 10 trac2165_2, updated. 1fbbeb35aae24cab6e48169517e6aafadb9dc97d [2165] Stop RRSIGs from being added in getRRsets() itself
BIND 10 source code commits
bind10-changes at lists.isc.org
Thu Aug 23 03:43:42 UTC 2012
The branch, trac2165_2 has been updated
via 1fbbeb35aae24cab6e48169517e6aafadb9dc97d (commit)
from 7f00956d43e793624bddf52454a8eedf91376e69 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1fbbeb35aae24cab6e48169517e6aafadb9dc97d
Author: Mukund Sivaraman <muks at isc.org>
Date: Thu Aug 23 08:51:40 2012 +0530
[2165] Stop RRSIGs from being added in getRRsets() itself
... instead of stripping them later.
-----------------------------------------------------------------------
Summary of changes:
src/lib/datasrc/database.cc | 54 ++++++++++++++++++++++++-------------------
src/lib/datasrc/database.h | 3 +++
2 files changed, 33 insertions(+), 24 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/lib/datasrc/database.cc b/src/lib/datasrc/database.cc
index 022e2b9..9e29587 100644
--- a/src/lib/datasrc/database.cc
+++ b/src/lib/datasrc/database.cc
@@ -180,6 +180,7 @@ private:
DatabaseClient::Finder::FoundRRsets
DatabaseClient::Finder::getRRsets(const string& name, const WantedTypes& types,
+ bool sigs,
const string* construct_name, bool any,
DatabaseAccessor::IteratorContextPtr context)
{
@@ -276,10 +277,12 @@ DatabaseClient::Finder::getRRsets(const string& name, const WantedTypes& types,
isc_throw(DataSourceError, "CNAME shares domain " << name <<
" with something else");
}
- // Add signatures to all found RRsets
- for (std::map<RRType, RRsetPtr>::iterator i(result.begin());
- i != result.end(); ++ i) {
- sig_store.appendSignatures(i->second);
+ if (sigs) {
+ // Add signatures to all found RRsets
+ for (std::map<RRType, RRsetPtr>::iterator i(result.begin());
+ i != result.end(); ++ i) {
+ sig_store.appendSignatures(i->second);
+ }
}
if (records_found && any) {
result[RRType::ANY()] = RRsetPtr();
@@ -448,7 +451,9 @@ DatabaseClient::Finder::findDelegationPoint(const isc::dns::Name& name,
// Look if there's NS or DNAME at this point of the tree, but ignore
// the NS RRs at the apex of the zone.
const FoundRRsets found = getRRsets(superdomain.toText(),
- DELEGATION_TYPES());
+ DELEGATION_TYPES(),
+ ((options & FIND_DNSSEC) ==
+ FIND_DNSSEC));
if (found.first) {
// This node contains either NS or DNAME RRs so it does exist.
const FoundIterator nsi(found.second.find(RRType::NS()));
@@ -581,6 +586,8 @@ DatabaseClient::Finder::findWildcardMatch(
// RFC 4592 section 4.4).
// Search for a match. The types are the same as with original query.
const FoundRRsets found = getRRsets(wildcard, final_types,
+ ((options & FIND_DNSSEC) ==
+ FIND_DNSSEC),
&construct_name,
type == RRType::ANY());
if (found.first) {
@@ -601,8 +608,7 @@ DatabaseClient::Finder::findWildcardMatch(
DATASRC_DATABASE_WILDCARD_CANCEL_NS).
arg(accessor_->getDBName()).arg(wildcard).
arg(dresult.first_ns->getName());
- return (ResultContext(DELEGATION,
- stripRRsigs(dresult.first_ns, options)));
+ return (ResultContext(DELEGATION, dresult.first_ns));
} else if (!hasSubdomains(name.split(i - 1).toText())) {
// The wildcard match is the best one, find the final result
// at it. Note that wildcard should never be the zone origin.
@@ -686,7 +692,7 @@ DatabaseClient::Finder::FindDNSSECContext::probe() {
// such cases).
const string origin = finder_.getOrigin().toText();
const FoundRRsets nsec3_found =
- finder_.getRRsets(origin, NSEC3PARAM_TYPES());
+ finder_.getRRsets(origin, NSEC3PARAM_TYPES(), true);
const FoundIterator nfi=
nsec3_found.second.find(RRType::NSEC3PARAM());
is_nsec3_ = (nfi != nsec3_found.second.end());
@@ -697,7 +703,7 @@ DatabaseClient::Finder::FindDNSSECContext::probe() {
// described in Section 10.4 of RFC 5155.
if (!is_nsec3_) {
const FoundRRsets nsec_found =
- finder_.getRRsets(origin, NSEC_TYPES());
+ finder_.getRRsets(origin, NSEC_TYPES(), true);
const FoundIterator nfi =
nsec_found.second.find(RRType::NSEC());
is_nsec_ = (nfi != nsec_found.second.end());
@@ -750,7 +756,7 @@ DatabaseClient::Finder::FindDNSSECContext::getDNSSECRRset(const Name &name,
const Name& nsec_name =
covering ? finder_.findPreviousName(name) : name;
const FoundRRsets found = finder_.getRRsets(nsec_name.toText(),
- NSEC_TYPES());
+ NSEC_TYPES(), true);
const FoundIterator nci = found.second.find(RRType::NSEC());
if (nci != found.second.end()) {
return (nci->second);
@@ -810,7 +816,7 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
// - when we are looking for glue records (FIND_GLUE_OK), or
// - when the query type is DS (which cancels the delegation)
return (logAndCreateResult(name, wildname, type, DELEGATION,
- stripRRsigs(nsi->second, options),
+ nsi->second,
wild ? DATASRC_DATABASE_WILDCARD_NS :
DATASRC_DATABASE_FOUND_DELEGATION_EXACT,
flags));
@@ -826,8 +832,7 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
cni->second->getRdataCount() << " rdata at " << name <<
", expected 1");
}
- return (logAndCreateResult(name, wildname, type, CNAME,
- stripRRsigs(cni->second, options),
+ return (logAndCreateResult(name, wildname, type, CNAME, cni->second,
wild ? DATASRC_DATABASE_WILDCARD_CNAME :
DATASRC_DATABASE_FOUND_CNAME,
flags));
@@ -840,7 +845,7 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
it != found.second.end(); ++it) {
if (it->second) {
// Skip over the empty ANY
- target->push_back(stripRRsigs(it->second, options));
+ target->push_back(it->second);
}
}
if (wild) {
@@ -868,8 +873,7 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
// includes the case where we were explicitly querying for a CNAME and
// found it. It also includes the case where we were querying for an
// NS RRset and found it at the apex of the zone.)
- return (ResultContext(SUCCESS, stripRRsigs(wti->second, options),
- flags));
+ return (ResultContext(SUCCESS, wti->second, flags));
}
// If we get here, we have found something at the requested name but not
@@ -884,13 +888,11 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
if (dnssec_rrset) {
// This log message covers both normal and wildcard cases, so we pass
// NULL for 'wildname'.
- return (logAndCreateResult(name, NULL, type, NXRRSET,
- dnssec_rrset,
+ return (logAndCreateResult(name, NULL, type, NXRRSET, dnssec_rrset,
DATASRC_DATABASE_FOUND_NXRRSET_NSEC,
flags | RESULT_NSEC_SIGNED));
}
- return (logAndCreateResult(name, wildname, type, NXRRSET,
- dnssec_rrset,
+ return (logAndCreateResult(name, wildname, type, NXRRSET, dnssec_rrset,
wild ? DATASRC_DATABASE_WILDCARD_NXRRSET :
DATASRC_DATABASE_FOUND_NXRRSET,
flags | dnssec_ctx.getResultFlags()));
@@ -969,8 +971,7 @@ DatabaseClient::Finder::findInternal(const Name& name, const RRType& type,
const DelegationSearchResult dresult = findDelegationPoint(name, options);
if (dresult.rrset) {
// In this case no special flags are needed.
- return (ResultContext(dresult.code,
- stripRRsigs(dresult.rrset, options)));
+ return (ResultContext(dresult.code, dresult.rrset));
}
// If there is no delegation, look for the exact match to the request
@@ -982,6 +983,8 @@ DatabaseClient::Finder::findInternal(const Name& name, const RRType& type,
WantedTypes final_types(FINAL_TYPES());
final_types.insert(type);
const FoundRRsets found = getRRsets(name.toText(), final_types,
+ ((options & FIND_DNSSEC) ==
+ FIND_DNSSEC),
NULL, type == RRType::ANY());
FindDNSSECContext dnssec_ctx(*this, options);
if (found.first) {
@@ -1015,7 +1018,8 @@ DatabaseClient::Finder::findNSEC3(const Name& name, bool recursive) {
// Now, we need to get the NSEC3 params from the apex and create the hash
// creator for it.
const FoundRRsets nsec3param(getRRsets(getOrigin().toText(),
- NSEC3PARAM_TYPES()));
+ NSEC3PARAM_TYPES(),
+ true));
const FoundIterator param(nsec3param.second.find(RRType::NSEC3PARAM()));
if (!nsec3param.first || param == nsec3param.second.end()) {
// No NSEC3 params? :-(
@@ -1055,6 +1059,7 @@ DatabaseClient::Finder::findNSEC3(const Name& name, bool recursive) {
}
const FoundRRsets nsec3(getRRsets(hash + "." + otext, NSEC3_TYPES(),
+ true,
NULL, false, context));
if (nsec3.first) {
@@ -1080,7 +1085,8 @@ DatabaseClient::Finder::findNSEC3(const Name& name, bool recursive) {
arg(labels).arg(prevHash);
context = accessor_->getNSEC3Records(prevHash, zone_id_);
const FoundRRsets prev_nsec3(getRRsets(prevHash + "." + otext,
- NSEC3_TYPES(), NULL, false,
+ NSEC3_TYPES(), true,
+ NULL, false,
context));
if (!prev_nsec3.first) {
diff --git a/src/lib/datasrc/database.h b/src/lib/datasrc/database.h
index 65ddfcc..6895509 100644
--- a/src/lib/datasrc/database.h
+++ b/src/lib/datasrc/database.h
@@ -963,6 +963,8 @@ public:
///
/// \param name Which domain name should be scanned.
/// \param types List of types the caller is interested in.
+ /// \param sigs Return RRSIGs if true is passed. Otherwise, no
+ /// associated RRSIGs are set on the returned RRsets.
/// \param construct_name If this is NULL, the resulting RRsets have
/// their name set to name. If it is not NULL, it overrides the
/// name and uses this one (this can be used for wildcard
@@ -984,6 +986,7 @@ public:
/// database or the database contains bad data.
FoundRRsets getRRsets(const std::string& name,
const WantedTypes& types,
+ bool sigs,
const std::string* construct_name = NULL,
bool any = false,
DatabaseAccessor::IteratorContextPtr srcContext =
More information about the bind10-changes
mailing list