BIND 10 trac1807, updated. 85a727dcbf99b3af919623e87b526e5eba12c300 [1807] fix NSEC on nonterminal wildcard match
BIND 10 source code commits
bind10-changes at lists.isc.org
Thu May 10 13:07:18 UTC 2012
The branch, trac1807 has been updated
via 85a727dcbf99b3af919623e87b526e5eba12c300 (commit)
via fa16480fcbc6ac41cd8582af4158b0ab8112dff6 (commit)
from 7468970f434e5c50be3e3cf2962a74b22b266e67 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 85a727dcbf99b3af919623e87b526e5eba12c300
Author: Jelte Jansen <jelte at isc.org>
Date: Thu May 10 15:06:16 2012 +0200
[1807] fix NSEC on nonterminal wildcard match
and add check to see which exact nsec is returned
commit fa16480fcbc6ac41cd8582af4158b0ab8112dff6
Author: Jelte Jansen <jelte at isc.org>
Date: Thu May 10 10:45:57 2012 +0200
[1807] re-add accidentally removed test for 'normal' ENT
-----------------------------------------------------------------------
Summary of changes:
src/lib/datasrc/memory_datasrc.cc | 8 ++++-
src/lib/datasrc/tests/memory_datasrc_unittest.cc | 41 ++++++++++++++++++----
2 files changed, 41 insertions(+), 8 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/lib/datasrc/memory_datasrc.cc b/src/lib/datasrc/memory_datasrc.cc
index 9bce23c..4fb328c 100644
--- a/src/lib/datasrc/memory_datasrc.cc
+++ b/src/lib/datasrc/memory_datasrc.cc
@@ -460,7 +460,13 @@ ZoneData::findNode(const Name& name, RBTreeNodeChain<Domain>& node_path,
// Now the wildcard should be the best match.
const Name wildcard(Name("*").concatenate(
node_path.getAbsoluteName()));
- DomainTree::Result result = domains_.find(wildcard, &node);
+
+ // Clear the node_path so that we don't keep incorrect (NSEC)
+ // context
+ node_path.clear();
+ DomainTree::Result result(domains_.find<void*>(wildcard, &node,
+ node_path, NULL,
+ NULL));
// Otherwise, why would the domain_flag::WILD be there if
// there was no wildcard under it?
assert(result == DomainTree::EXACTMATCH);
diff --git a/src/lib/datasrc/tests/memory_datasrc_unittest.cc b/src/lib/datasrc/tests/memory_datasrc_unittest.cc
index 56b456f..2d6c926 100644
--- a/src/lib/datasrc/tests/memory_datasrc_unittest.cc
+++ b/src/lib/datasrc/tests/memory_datasrc_unittest.cc
@@ -386,6 +386,7 @@ protected:
void emptyWildcardCheck(ZoneFinder::FindResultFlags expected_flags =
ZoneFinder::RESULT_DEFAULT);
void findNSECENTCheck(const Name& ent_name,
+ ConstRRsetPtr expected_nsec,
ZoneFinder::FindResultFlags expected_flags =
ZoneFinder::RESULT_DEFAULT);
@@ -444,8 +445,18 @@ public:
{"0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM.example.org. 300 IN "
"NSEC3 1 1 12 aabbccdd 2T7B4G4VSA5SMI47K61MV5BV1A22BOJR A RRSIG",
&rr_nsec3_},
- {"example.org. 300 IN NSEC cname.example.org. A NS NSEC",
- &rr_nsec_},
+ {"example.org. 300 IN NSEC wild.*.foo.example.org. "
+ "NS SOA RRSIG NSEC DNSKEY", &rr_nsec_},
+ // Together with the apex NSEC, these next NSECs make a complete
+ // chain in the case of the zone for the emptyNonterminal tests
+ // (We may want to clean up this generator code and/or masterLoad
+ // so that we can prepare conflicting datasets better)
+ {"wild.*.foo.example.org. 3600 IN NSEC ns.example.org. "
+ "A RRSIG NSEC", &rr_ent_nsec2_},
+ {"ns.example.org. 3600 IN NSEC foo.wild.example.org. A RRSIG NSEC",
+ &rr_ent_nsec3_},
+ {"foo.wild.example.org. 3600 IN NSEC example.org. A RRSIG NSEC",
+ &rr_ent_nsec4_},
{NULL, NULL}
};
@@ -511,6 +522,9 @@ public:
RRsetPtr rr_not_wild_another_;
RRsetPtr rr_nsec3_;
RRsetPtr rr_nsec_;
+ RRsetPtr rr_ent_nsec2_;
+ RRsetPtr rr_ent_nsec3_;
+ RRsetPtr rr_ent_nsec4_;
// A faked NSEC3 hash calculator for convenience.
// Tests that need to use the faked hashed values should call
@@ -1045,9 +1059,11 @@ TEST_F(InMemoryZoneFinderTest, findNSECSigned) {
// Generalized test for Empty Nonterminal (ENT) cases with NSEC
void
InMemoryZoneFinderTest::findNSECENTCheck(const Name& ent_name,
+ ConstRRsetPtr expected_nsec,
ZoneFinder::FindResultFlags expected_flags)
{
EXPECT_EQ(SUCCESS, zone_finder_.add(rr_emptywild_));
+ EXPECT_EQ(SUCCESS, zone_finder_.add(rr_under_wild_));
// Sanity check: Should result in NXRRSET
findTest(ent_name, RRType::A(), ZoneFinder::NXRRSET, true,
@@ -1057,7 +1073,13 @@ InMemoryZoneFinderTest::findNSECENTCheck(const Name& ent_name,
ConstRRsetPtr(), expected_flags,
NULL, ZoneFinder::FIND_DNSSEC);
- zone_finder_.add(rr_nsec_);
+ // Now add the NSEC rrs makeing it a 'complete' zone (in terms of NSEC,
+ // there are no sigs)
+ EXPECT_EQ(SUCCESS, zone_finder_.add(rr_nsec_));
+ EXPECT_EQ(SUCCESS, zone_finder_.add(rr_ent_nsec2_));
+ EXPECT_EQ(SUCCESS, zone_finder_.add(rr_ent_nsec3_));
+ EXPECT_EQ(SUCCESS, zone_finder_.add(rr_ent_nsec4_));
+
// Should result in NXRRSET, and RESULT_NSEC_SIGNED
findTest(ent_name, RRType::A(), ZoneFinder::NXRRSET, true,
ConstRRsetPtr(),
@@ -1065,20 +1087,25 @@ InMemoryZoneFinderTest::findNSECENTCheck(const Name& ent_name,
// And check for the NSEC if DNSSEC_OK
findTest(ent_name, RRType::A(), ZoneFinder::NXRRSET, true,
- rr_nsec_, expected_flags | ZoneFinder::RESULT_NSEC_SIGNED,
+ expected_nsec, expected_flags | ZoneFinder::RESULT_NSEC_SIGNED,
NULL, ZoneFinder::FIND_DNSSEC);
}
TEST_F(InMemoryZoneFinderTest,findNSECEmptyNonterminal) {
// Non-wildcard case
- findNSECENTCheck(Name("foo.example.org"));
+ findNSECENTCheck(Name("wild.example.org"), rr_ent_nsec3_);
}
TEST_F(InMemoryZoneFinderTest,findNSECEmptyNonterminalWildcard) {
- // Wildcard case
- findNSECENTCheck(Name("bar.foo.example.org"), ZoneFinder::RESULT_WILDCARD);
+ // Wildcard case, above actual wildcard
+ findNSECENTCheck(Name("foo.example.org"), rr_nsec_);
}
+TEST_F(InMemoryZoneFinderTest,findNSECEmptyNonterminalAtWildcard) {
+ // Wildcard case, at actual wildcard
+ findNSECENTCheck(Name("bar.foo.example.org"), rr_nsec_,
+ ZoneFinder::RESULT_WILDCARD);
+}
void
InMemoryZoneFinderTest::emptyNodeCheck(
More information about the bind10-changes
mailing list