BIND 10 master, updated. 82bb5bc1cd3385d1bd0362c10308afb04a0e6914 [master] [1701] small optimization: skip generating sync RRSIG for wildcard if !DNSSEC. tests were slightly adjusted accordingly.
BIND 10 source code commits
bind10-changes at lists.isc.org
Fri Feb 24 22:16:19 UTC 2012
The branch, master has been updated
via 82bb5bc1cd3385d1bd0362c10308afb04a0e6914 (commit)
via b995540a1bd00fab2ca883c965edc954080be84c (commit)
from 38edb7e80589f08524b2753a7f29f1b6570ef4d6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 82bb5bc1cd3385d1bd0362c10308afb04a0e6914
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Wed Feb 22 14:43:05 2012 -0800
[master] [1701] small optimization: skip generating sync RRSIG for wildcard if !DNSSEC.
tests were slightly adjusted accordingly.
commit b995540a1bd00fab2ca883c965edc954080be84c
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Wed Feb 22 14:22:35 2012 -0800
[master] [1701] make sure in-memory find() return synthesized RRSIGs with wildcard
expansion. extended tests to check this case.
-----------------------------------------------------------------------
Summary of changes:
src/lib/datasrc/memory_datasrc.cc | 51 +++++++++++++-------
src/lib/datasrc/tests/memory_datasrc_unittest.cc | 57 +++++++++++++++++++---
2 files changed, 84 insertions(+), 24 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/lib/datasrc/memory_datasrc.cc b/src/lib/datasrc/memory_datasrc.cc
index 5137727..dfe1614 100644
--- a/src/lib/datasrc/memory_datasrc.cc
+++ b/src/lib/datasrc/memory_datasrc.cc
@@ -605,27 +605,40 @@ struct InMemoryZoneFinder::InMemoryZoneFinderImpl {
*
* If rename is false, it returns the one provided. If it is true, it
* creates a new rrset with the same data but with provided name.
+ * In addition, if DNSSEC records are required by the original caller of
+ * find(), it also creates expanded RRSIG based on the RRSIG of the
+ * wildcard RRset.
* It is designed for wildcard case, where we create the rrsets
* dynamically.
*/
- static ConstRRsetPtr prepareRRset(const Name& name, const ConstRRsetPtr&
- rrset, bool rename)
+ static ConstRRsetPtr prepareRRset(const Name& name,
+ const ConstRRsetPtr& rrset,
+ bool rename, FindOptions options)
{
if (rename) {
LOG_DEBUG(logger, DBG_TRACE_DETAILED, DATASRC_MEM_RENAME).
arg(rrset->getName()).arg(name);
- /*
- * We lose a signature here. But it would be wrong anyway, because
- * the name changed. This might turn out to be unimportant in
- * future, because wildcards will probably be handled somehow
- * by DNSSEC.
- */
RRsetPtr result(new RRset(name, rrset->getClass(),
- rrset->getType(), rrset->getTTL()));
+ rrset->getType(), rrset->getTTL()));
for (RdataIteratorPtr i(rrset->getRdataIterator()); !i->isLast();
- i->next()) {
+ i->next()) {
result->addRdata(i->getCurrent());
}
+ if ((options & FIND_DNSSEC) != 0) {
+ ConstRRsetPtr sig_rrset = rrset->getRRsig();
+ if (sig_rrset) {
+ RRsetPtr result_sig(new RRset(name, sig_rrset->getClass(),
+ RRType::RRSIG(),
+ sig_rrset->getTTL()));
+ for (RdataIteratorPtr i(sig_rrset->getRdataIterator());
+ !i->isLast();
+ i->next())
+ {
+ result_sig->addRdata(i->getCurrent());
+ }
+ result->addRRsig(result_sig);
+ }
+ }
return (result);
} else {
return (rrset);
@@ -652,7 +665,7 @@ struct InMemoryZoneFinder::InMemoryZoneFinderImpl {
// Implementation of InMemoryZoneFinder::find
FindResult find(const Name& name, RRType type,
- std::vector<ConstRRsetPtr> *target,
+ std::vector<ConstRRsetPtr>* target,
const FindOptions options) const
{
LOG_DEBUG(logger, DBG_TRACE_BASIC, DATASRC_MEM_FIND).arg(name).
@@ -689,14 +702,14 @@ struct InMemoryZoneFinder::InMemoryZoneFinderImpl {
// We were traversing a DNAME node (and wanted to go
// lower below it), so return the DNAME
return (FindResult(DNAME, prepareRRset(name, state.rrset_,
- false)));
+ false, options)));
}
if (state.zonecut_node_ != NULL) {
LOG_DEBUG(logger, DBG_TRACE_DATA, DATASRC_MEM_DELEG_FOUND).
arg(state.rrset_->getName());
return (FindResult(DELEGATION,
prepareRRset(name, state.rrset_,
- false)));
+ false, options)));
}
// If the RBTree search stopped at a node for a super domain
@@ -800,7 +813,8 @@ struct InMemoryZoneFinder::InMemoryZoneFinderImpl {
LOG_DEBUG(logger, DBG_TRACE_DATA,
DATASRC_MEM_EXACT_DELEGATION).arg(name);
return (FindResult(DELEGATION,
- prepareRRset(name, found->second, rename)));
+ prepareRRset(name, found->second, rename,
+ options)));
}
}
@@ -810,7 +824,8 @@ struct InMemoryZoneFinder::InMemoryZoneFinderImpl {
for (found = node->getData()->begin();
found != node->getData()->end(); ++found)
{
- target->push_back(prepareRRset(name, found->second, rename));
+ target->push_back(prepareRRset(name, found->second, rename,
+ options));
}
LOG_DEBUG(logger, DBG_TRACE_DATA, DATASRC_MEM_ANY_SUCCESS).
arg(name);
@@ -824,7 +839,8 @@ struct InMemoryZoneFinder::InMemoryZoneFinderImpl {
arg(type);
return (createFindResult(SUCCESS, prepareRRset(name,
found->second,
- rename), rename));
+ rename, options),
+ rename));
} else {
// Next, try CNAME.
found = node->getData()->find(RRType::CNAME());
@@ -832,7 +848,8 @@ struct InMemoryZoneFinder::InMemoryZoneFinderImpl {
LOG_DEBUG(logger, DBG_TRACE_DATA, DATASRC_MEM_CNAME).arg(name);
return (createFindResult(CNAME,
prepareRRset(name, found->second,
- rename), rename));
+ rename, options),
+ rename));
}
}
// No exact match or CNAME. Return NXRRSET.
diff --git a/src/lib/datasrc/tests/memory_datasrc_unittest.cc b/src/lib/datasrc/tests/memory_datasrc_unittest.cc
index abf6090..e5ccdfa 100644
--- a/src/lib/datasrc/tests/memory_datasrc_unittest.cc
+++ b/src/lib/datasrc/tests/memory_datasrc_unittest.cc
@@ -539,6 +539,7 @@ public:
if (zone_finder == NULL) {
zone_finder = &zone_finder_;
}
+ const ConstRRsetPtr answer_sig = answer ? answer->getRRsig() : answer;
// The whole block is inside, because we need to check the result and
// we can't assign to FindResult
EXPECT_NO_THROW({
@@ -558,6 +559,11 @@ public:
} else {
ASSERT_TRUE(find_result.rrset);
rrsetCheck(answer, find_result.rrset);
+ if (answer_sig) {
+ ASSERT_TRUE(find_result.rrset->getRRsig());
+ rrsetCheck(answer_sig,
+ find_result.rrset->getRRsig());
+ }
}
} else if (check_wild_answer) {
ASSERT_NE(ConstRRsetPtr(), answer) <<
@@ -575,6 +581,22 @@ public:
wildanswer->addRdata(expectedIt->getCurrent());
}
rrsetCheck(wildanswer, find_result.rrset);
+
+ // Same for the RRSIG, if any.
+ if (answer_sig) {
+ ASSERT_TRUE(find_result.rrset->getRRsig());
+
+ RRsetPtr wildsig(new RRset(name,
+ answer_sig->getClass(),
+ RRType::RRSIG(),
+ answer_sig->getTTL()));
+ RdataIteratorPtr expectedIt(
+ answer_sig->getRdataIterator());
+ for (; !expectedIt->isLast(); expectedIt->next()) {
+ wildsig->addRdata(expectedIt->getCurrent());
+ }
+ rrsetCheck(wildsig, find_result.rrset->getRRsig());
+ }
}
});
}
@@ -1079,6 +1101,24 @@ InMemoryZoneFinderTest::wildcardCheck(
* |
* *
*/
+
+ // If the zone is "signed" (detecting it by the NSEC/NSEC3 signed flags),
+ // add RRSIGs to the records.
+ ZoneFinder::FindOptions find_options = ZoneFinder::FIND_DEFAULT;
+ if ((expected_flags & ZoneFinder::RESULT_NSEC_SIGNED) != 0 ||
+ (expected_flags & ZoneFinder::RESULT_NSEC3_SIGNED) != 0) {
+ // Convenience shortcut. The RDATA is not really validatable, but
+ // it doesn't matter for our tests.
+ const char* const rrsig_common = "5 3 3600 "
+ "20000101000000 20000201000000 12345 example.org. FAKEFAKEFAKE";
+
+ find_options = find_options | ZoneFinder::FIND_DNSSEC;
+ rr_wild_->addRRsig(textToRRset("*.wild.example.org. 300 IN RRSIG A " +
+ string(rrsig_common)));
+ rr_cnamewild_->addRRsig(textToRRset("*.cnamewild.example.org. 300 IN "
+ "RRSIG CNAME " +
+ string(rrsig_common)));
+ }
EXPECT_EQ(SUCCESS, zone_finder_.add(rr_wild_));
EXPECT_EQ(SUCCESS, zone_finder_.add(rr_cnamewild_));
// If the zone is expected to be "signed" with NSEC3, add an NSEC3.
@@ -1092,14 +1132,15 @@ InMemoryZoneFinderTest::wildcardCheck(
{
SCOPED_TRACE("Search at parent");
findTest(Name("wild.example.org"), RRType::A(), ZoneFinder::NXRRSET,
- true, ConstRRsetPtr(), expected_flags);
+ true, ConstRRsetPtr(), expected_flags, NULL, find_options);
}
// Search the original name of wildcard
{
SCOPED_TRACE("Search directly at *");
findTest(Name("*.wild.example.org"), RRType::A(), ZoneFinder::SUCCESS,
- true, rr_wild_);
+ true, rr_wild_, ZoneFinder::RESULT_DEFAULT, NULL,
+ find_options);
}
// Search "created" name.
{
@@ -1107,11 +1148,12 @@ InMemoryZoneFinderTest::wildcardCheck(
findTest(Name("a.wild.example.org"), RRType::A(), ZoneFinder::SUCCESS,
false, rr_wild_,
ZoneFinder::RESULT_WILDCARD | expected_flags, NULL,
- ZoneFinder::FIND_DEFAULT, true);
+ find_options, true);
// Wildcard match, but no data
findTest(Name("a.wild.example.org"), RRType::AAAA(),
ZoneFinder::NXRRSET, true, ConstRRsetPtr(),
- ZoneFinder::RESULT_WILDCARD | expected_flags);
+ ZoneFinder::RESULT_WILDCARD | expected_flags, NULL,
+ find_options);
}
// Search name that has CNAME.
@@ -1120,7 +1162,7 @@ InMemoryZoneFinderTest::wildcardCheck(
findTest(Name("a.cnamewild.example.org"), RRType::A(),
ZoneFinder::CNAME, false, rr_cnamewild_,
ZoneFinder::RESULT_WILDCARD | expected_flags, NULL,
- ZoneFinder::FIND_DEFAULT, true);
+ find_options, true);
}
// Search another created name, this time little bit lower
@@ -1129,14 +1171,15 @@ InMemoryZoneFinderTest::wildcardCheck(
findTest(Name("a.b.wild.example.org"), RRType::A(),
ZoneFinder::SUCCESS, false, rr_wild_,
ZoneFinder::RESULT_WILDCARD | expected_flags, NULL,
- ZoneFinder::FIND_DEFAULT, true);
+ find_options, true);
}
EXPECT_EQ(SUCCESS, zone_finder_.add(rr_under_wild_));
{
SCOPED_TRACE("Search under non-wildcard");
findTest(Name("bar.foo.wild.example.org"), RRType::A(),
- ZoneFinder::NXDOMAIN, true, ConstRRsetPtr(), expected_flags);
+ ZoneFinder::NXDOMAIN, true, ConstRRsetPtr(), expected_flags,
+ NULL, find_options);
}
}
More information about the bind10-changes
mailing list