mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 10:10:06 +00:00
Code Issues Releases Wiki Activity

Add dns_rdatatype_isnsec() helper function

Browse Source 
Replace the checks for both NSEC and NSEC3 with a single helper
function.
This commit is contained in:
Ondřej Surý 2025-08-11 10:06:33 +02:00 committed by Ondřej Surý
parent 59d1326175
commit 3445362918
No known key found for this signature in database
GPG Key ID: 2820F37E873DEA41
11 changed files with 28 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bin/dig/host.c
View File

@ -240,8 +240,7 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
} }
if (list_almost_all && if (list_almost_all &&
(rdataset->type == dns_rdatatype_rrsig || (rdataset->type == dns_rdatatype_rrsig ||
rdataset->type == dns_rdatatype_nsec || dns_rdatatype_isnsec(rdataset->type)))
rdataset->type == dns_rdatatype_nsec3))
{ {
continue; continue;
} }

7
bin/dnssec/dnssec-signzone.c
View File

@ -214,8 +214,7 @@ dumpnode(dns_name_t *name, dns_dbnode_t *node) {
dns_rdatasetiter_current(iter, &rds); dns_rdatasetiter_current(iter, &rds);
if (rds.type != dns_rdatatype_rrsig && if (rds.type != dns_rdatatype_rrsig &&
rds.type != dns_rdatatype_nsec && !dns_rdatatype_isnsec(rds.type) &&
rds.type != dns_rdatatype_nsec3 &&
rds.type != dns_rdatatype_nsec3param && rds.type != dns_rdatatype_nsec3param &&
(!smartsign || rds.type != dns_rdatatype_dnskey)) (!smartsign || rds.type != dns_rdatatype_dnskey))
{ {
@ -1264,9 +1263,7 @@ active_node(dns_dbnode_t *node) {
dns_rdatatype_t t = rdataset.type; dns_rdatatype_t t = rdataset.type;
dns_rdataset_disassociate(&rdataset); dns_rdataset_disassociate(&rdataset);
if (t != dns_rdatatype_nsec && t != dns_rdatatype_nsec3 && if (!dns_rdatatype_isnsec(t) && t != dns_rdatatype_rrsig) {
t != dns_rdatatype_rrsig)
{
active = true; active = true;
break; break;
} }

8
lib/dns/include/dns/rdata.h
View File

@ -736,6 +736,14 @@ dns_rdatatype_issig(dns_rdatatype_t type) {
return type == dns_rdatatype_rrsig || type == dns_rdatatype_sig; return type == dns_rdatatype_rrsig || type == dns_rdatatype_sig;
} }
/*%
* Return true iff the rdata type is a insecurity proof: either NSEC or NSEC3.
*/
static inline bool
dns_rdatatype_isnsec(dns_rdatatype_t type) {
return type == dns_rdatatype_nsec || type == dns_rdatatype_nsec3;
}
/*% /*%
* Return true iff the rdata type is an address: either A or AAAA. * Return true iff the rdata type is an address: either A or AAAA.
*/ */

3
lib/dns/ncache.c
View File

@ -154,8 +154,7 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
type = rdataset->covers; type = rdataset->covers;
} }
if (type == dns_rdatatype_soa || if (type == dns_rdatatype_soa ||
type == dns_rdatatype_nsec || dns_rdatatype_isnsec(type))
type == dns_rdatatype_nsec3)
{ {
if (ttl > rdataset->ttl) { if (ttl > rdataset->ttl) {
ttl = rdataset->ttl; ttl = rdataset->ttl;

3
lib/dns/nsec.c
View File

@ -125,8 +125,7 @@ dns_nsec_buildrdata(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
DNS_RDATASETITER_FOREACH (rdsiter) { DNS_RDATASETITER_FOREACH (rdsiter) {
dns_rdataset_t rdataset = DNS_RDATASET_INIT; dns_rdataset_t rdataset = DNS_RDATASET_INIT;
dns_rdatasetiter_current(rdsiter, &rdataset); dns_rdatasetiter_current(rdsiter, &rdataset);
if (rdataset.type != dns_rdatatype_nsec && if (!dns_rdatatype_isnsec(rdataset.type) &&
rdataset.type != dns_rdatatype_nsec3 &&
rdataset.type != dns_rdatatype_rrsig) rdataset.type != dns_rdatatype_rrsig)
{ {
if (rdataset.type > max_type) { if (rdataset.type > max_type) {

3
lib/dns/nsec3.c
View File

@ -123,8 +123,7 @@ dns_nsec3_buildrdata(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
DNS_RDATASETITER_FOREACH (rdsiter) { DNS_RDATASETITER_FOREACH (rdsiter) {
dns_rdataset_t rdataset = DNS_RDATASET_INIT; dns_rdataset_t rdataset = DNS_RDATASET_INIT;
dns_rdatasetiter_current(rdsiter, &rdataset); dns_rdatasetiter_current(rdsiter, &rdataset);
if (rdataset.type != dns_rdatatype_nsec && if (!dns_rdatatype_isnsec(rdataset.type) &&
rdataset.type != dns_rdatatype_nsec3 &&
rdataset.type != dns_rdatatype_rrsig) rdataset.type != dns_rdatatype_rrsig)
{ {
if (rdataset.type > max_type) { if (rdataset.type > max_type) {

3
lib/dns/qpzone.c
View File

@ -3867,8 +3867,7 @@ found:
* cut or not. It is needed for RFC3007 * cut or not. It is needed for RFC3007
* validated updates. * validated updates.
*/ */
if (type == dns_rdatatype_nsec || if (dns_rdatatype_isnsec(type) ||
type == dns_rdatatype_nsec3 ||
type == dns_rdatatype_key) type == dns_rdatatype_key)
{ {
result = ISC_R_SUCCESS; result = ISC_R_SUCCESS;

16
lib/dns/rdatalist.c
View File

@ -182,9 +182,7 @@ dns_rdatalist_addnoqname(dns_rdataset_t *rdataset, dns_name_t *name) {
if (rdset->rdclass != rdataset->rdclass) { if (rdset->rdclass != rdataset->rdclass) {
continue; continue;
} }
if (rdset->type == dns_rdatatype_nsec || if (dns_rdatatype_isnsec(rdset->type)) {
rdset->type == dns_rdatatype_nsec3)
{
neg = rdset; neg = rdset;
} }
} }
@ -241,9 +239,7 @@ dns_rdatalist_getnoqname(dns_rdataset_t *rdataset, dns_name_t *name,
if (rdset->rdclass != rdclass) { if (rdset->rdclass != rdclass) {
continue; continue;
} }
if (rdset->type == dns_rdatatype_nsec || if (dns_rdatatype_isnsec(rdset->type)) {
rdset->type == dns_rdatatype_nsec3)
{
tneg = rdset; tneg = rdset;
} }
} }
@ -280,9 +276,7 @@ dns_rdatalist_addclosest(dns_rdataset_t *rdataset, dns_name_t *name) {
if (rdset->rdclass != rdataset->rdclass) { if (rdset->rdclass != rdataset->rdclass) {
continue; continue;
} }
if (rdset->type == dns_rdatatype_nsec || if (dns_rdatatype_isnsec(rdset->type)) {
rdset->type == dns_rdatatype_nsec3)
{
neg = rdset; neg = rdset;
} }
} }
@ -338,9 +332,7 @@ dns_rdatalist_getclosest(dns_rdataset_t *rdataset, dns_name_t *name,
if (rdset->rdclass != rdclass) { if (rdset->rdclass != rdclass) {
continue; continue;
} }
if (rdset->type == dns_rdatatype_nsec || if (dns_rdatatype_isnsec(rdset->type)) {
rdset->type == dns_rdatatype_nsec3)
{
tneg = rdset; tneg = rdset;
} }
} }

4
lib/dns/resolver.c
View File

@ -5683,9 +5683,7 @@ findnoqname(fetchctx_t *fctx, dns_message_t *message, dns_name_t *name,
bool setclosest = false; bool setclosest = false;
bool setnearest = false; bool setnearest = false;
if (nrdataset->type != dns_rdatatype_nsec && if (!dns_rdatatype_isnsec(nrdataset->type)) {
nrdataset->type != dns_rdatatype_nsec3)
{
continue; continue;
} }

6
lib/dns/update.c
View File

@ -750,11 +750,9 @@ failure:
static isc_result_t static isc_result_t
is_non_nsec_action(void *data, dns_rdataset_t *rrset) { is_non_nsec_action(void *data, dns_rdataset_t *rrset) {
UNUSED(data); UNUSED(data);
if (!(rrset->type == dns_rdatatype_nsec || if (!(dns_rdatatype_isnsec(rrset->type) ||
rrset->type == dns_rdatatype_nsec3 ||
(rrset->type == dns_rdatatype_rrsig && (rrset->type == dns_rdatatype_rrsig &&
(rrset->covers == dns_rdatatype_nsec || dns_rdatatype_isnsec(rrset->covers))))
rrset->covers == dns_rdatatype_nsec3))))
{ {
return ISC_R_EXISTS; return ISC_R_EXISTS;
} }

19
lib/ns/query.c
View File

@ -4376,8 +4376,7 @@ rpz_ck_dnssec(ns_client_t *client, isc_result_t qresult,
/* /*
* Do not rewrite if there is any sign of signatures. * Do not rewrite if there is any sign of signatures.
*/ */
if (rdataset->type == dns_rdatatype_nsec || if (dns_rdatatype_isnsec(rdataset->type) ||
rdataset->type == dns_rdatatype_nsec3 ||
rdataset->type == dns_rdatatype_rrsig) rdataset->type == dns_rdatatype_rrsig)
{ {
return false; return false;
@ -4395,9 +4394,7 @@ rpz_ck_dnssec(ns_client_t *client, isc_result_t qresult,
dns_ncache_current(rdataset, found, &trdataset); dns_ncache_current(rdataset, found, &trdataset);
type = trdataset.type; type = trdataset.type;
dns_rdataset_disassociate(&trdataset); dns_rdataset_disassociate(&trdataset);
if (type == dns_rdatatype_nsec || type == dns_rdatatype_nsec3 || if (dns_rdatatype_isnsec(type) || type == dns_rdatatype_rrsig) {
type == dns_rdatatype_rrsig)
{
return false; return false;
} }
} }
@ -4732,8 +4729,7 @@ redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset,
return ISC_R_NOTFOUND; return ISC_R_NOTFOUND;
} }
if (rdataset->trust == dns_trust_ultimate && if (rdataset->trust == dns_trust_ultimate &&
(rdataset->type == dns_rdatatype_nsec || dns_rdatatype_isnsec(rdataset->type))
rdataset->type == dns_rdatatype_nsec3))
{ {
return ISC_R_NOTFOUND; return ISC_R_NOTFOUND;
} }
@ -4742,8 +4738,7 @@ redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset,
dns_ncache_current(rdataset, found, &trdataset); dns_ncache_current(rdataset, found, &trdataset);
type = trdataset.type; type = trdataset.type;
dns_rdataset_disassociate(&trdataset); dns_rdataset_disassociate(&trdataset);
if (type == dns_rdatatype_nsec || if (dns_rdatatype_isnsec(type) ||
type == dns_rdatatype_nsec3 ||
type == dns_rdatatype_rrsig) type == dns_rdatatype_rrsig)
{ {
return ISC_R_NOTFOUND; return ISC_R_NOTFOUND;
@ -4866,8 +4861,7 @@ redirect2(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset,
return ISC_R_NOTFOUND; return ISC_R_NOTFOUND;
} }
if (rdataset->trust == dns_trust_ultimate && if (rdataset->trust == dns_trust_ultimate &&
(rdataset->type == dns_rdatatype_nsec || dns_rdatatype_isnsec(rdataset->type))
rdataset->type == dns_rdatatype_nsec3))
{ {
return ISC_R_NOTFOUND; return ISC_R_NOTFOUND;
} }
@ -4876,8 +4870,7 @@ redirect2(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset,
dns_ncache_current(rdataset, found, &trdataset); dns_ncache_current(rdataset, found, &trdataset);
type = trdataset.type; type = trdataset.type;
dns_rdataset_disassociate(&trdataset); dns_rdataset_disassociate(&trdataset);
if (type == dns_rdatatype_nsec || if (dns_rdatatype_isnsec(type) ||
type == dns_rdatatype_nsec3 ||
type == dns_rdatatype_rrsig) type == dns_rdatatype_rrsig)
{ {
return ISC_R_NOTFOUND; return ISC_R_NOTFOUND;