mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

General cleanup of dns_rpz implementation

Browse Source 
Do a general cleanup of lib/dns/rpz.c style:

 * Removed deprecated and unused functions
 * Unified dns_rpz_zone_t naming to rpz
 * Unified dns_rpz_zones_t naming to rpzs
 * Add and use rpz_attach() and rpz_attach_rpzs() functions
 * Shuffled variables to be more local (cppcheck cleanup)
This commit is contained in:
Ondřej Surý
2022-03-07 13:55:03 +01:00
parent cadd1a0ab3
commit 840179a247
2 changed files with 236 additions and 260 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/dns/include/dns/rpz.h
View File

@@ -405,14 +405,6 @@ dns_rpz_attach_rpzs(dns_rpz_zones_t *source, dns_rpz_zones_t **target);
void void
dns_rpz_detach_rpzs(dns_rpz_zones_t **rpzsp); dns_rpz_detach_rpzs(dns_rpz_zones_t **rpzsp);
isc_result_t
dns_rpz_beginload(dns_rpz_zones_t **load_rpzsp, dns_rpz_zones_t *rpzs,
dns_rpz_num_t rpz_num) ISC_DEPRECATED;
isc_result_t
dns_rpz_ready(dns_rpz_zones_t *rpzs, dns_rpz_zones_t **load_rpzsp,
dns_rpz_num_t rpz_num) ISC_DEPRECATED;
isc_result_t isc_result_t
dns_rpz_add(dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num, dns_rpz_add(dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num,
const dns_name_t *name); const dns_name_t *name);

378
lib/dns/rpz.c
View File

@@ -172,30 +172,15 @@ struct dns_rpz_nm_data {
dns_rpz_nm_zbits_t wild; dns_rpz_nm_zbits_t wild;
}; };
static void
rpz_attach(dns_rpz_zone_t *rpz, dns_rpz_zone_t **rpzp);
static void static void
rpz_detach(dns_rpz_zone_t **rpzp); rpz_detach(dns_rpz_zone_t **rpzp);
static void static void
rpz_detach_rpzs(dns_rpz_zones_t **rpzsp); rpz_attach_rpzs(dns_rpz_zones_t *rpzs, dns_rpz_zones_t **rpzsp);
#if 0
/*
* Catch a name while debugging.
*/
static void static void
catch_name(const dns_name_t *src_name, const char *tgt, const char *str) { rpz_detach_rpzs(dns_rpz_zones_t **rpzsp);
dns_fixedname_t tgt_namef;
dns_name_t *tgt_name;
tgt_name = dns_fixedname_initname(&tgt_namef);
dns_name_fromstring(tgt_name, tgt, DNS_NAME_DOWNCASE, NULL);
if (dns_name_equal(src_name, tgt_name)) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_RPZ,
DNS_LOGMODULE_RBTDB, DNS_RPZ_ERROR_LEVEL,
"rpz hit failed: %s %s", str, tgt);
}
}
#endif /* if 0 */
const char * const char *
dns_rpz_type2str(dns_rpz_type_t type) { dns_rpz_type2str(dns_rpz_type_t type) {
@@ -370,13 +355,12 @@ make_nm_set(dns_rpz_nm_zbits_t *tgt_set, dns_rpz_num_t rpz_num,
*/ */
static void static void
set_sum_pair(dns_rpz_cidr_node_t *cnode) { set_sum_pair(dns_rpz_cidr_node_t *cnode) {
dns_rpz_cidr_node_t *child;
dns_rpz_addr_zbits_t sum; dns_rpz_addr_zbits_t sum;
do { do {
dns_rpz_cidr_node_t *child = cnode->child[0];
sum = cnode->set; sum = cnode->set;
child = cnode->child[0];
if (child != NULL) { if (child != NULL) {
sum.client_ip |= child->sum.client_ip; sum.client_ip |= child->sum.client_ip;
sum.ip |= child->sum.ip; sum.ip |= child->sum.ip;
@@ -640,13 +624,14 @@ new_node(dns_rpz_zones_t *rpzs, const dns_rpz_cidr_key_t *ip,
int i, words, wlen; int i, words, wlen;
node = isc_mem_get(rpzs->mctx, sizeof(*node)); node = isc_mem_get(rpzs->mctx, sizeof(*node));
memset(node, 0, sizeof(*node)); *node = (dns_rpz_cidr_node_t){
.prefix = prefix,
};
if (child != NULL) { if (child != NULL) {
node->sum = child->sum; node->sum = child->sum;
} }
node->prefix = prefix;
words = prefix / DNS_RPZ_CIDR_WORD_BITS; words = prefix / DNS_RPZ_CIDR_WORD_BITS;
wlen = prefix % DNS_RPZ_CIDR_WORD_BITS; wlen = prefix % DNS_RPZ_CIDR_WORD_BITS;
i = 0; i = 0;
@@ -667,12 +652,11 @@ new_node(dns_rpz_zones_t *rpzs, const dns_rpz_cidr_key_t *ip,
static void static void
badname(int level, const dns_name_t *name, const char *str1, const char *str2) { badname(int level, const dns_name_t *name, const char *str1, const char *str2) {
char namebuf[DNS_NAME_FORMATSIZE];
/* /*
* bin/tests/system/rpz/tests.sh looks for "invalid rpz". * bin/tests/system/rpz/tests.sh looks for "invalid rpz".
*/ */
if (level < DNS_RPZ_DEBUG_QUIET && isc_log_wouldlog(dns_lctx, level)) { if (level < DNS_RPZ_DEBUG_QUIET && isc_log_wouldlog(dns_lctx, level)) {
char namebuf[DNS_NAME_FORMATSIZE];
dns_name_format(name, namebuf, sizeof(namebuf)); dns_name_format(name, namebuf, sizeof(namebuf));
isc_log_write(dns_lctx, DNS_LOGCATEGORY_RPZ, isc_log_write(dns_lctx, DNS_LOGCATEGORY_RPZ,
DNS_LOGMODULE_RBTDB, level, DNS_LOGMODULE_RBTDB, level,
@@ -698,12 +682,10 @@ ip2name(const dns_rpz_cidr_key_t *tgt_ip, dns_rpz_prefix_t tgt_prefix,
#ifndef INET6_ADDRSTRLEN #ifndef INET6_ADDRSTRLEN
#define INET6_ADDRSTRLEN 46 #define INET6_ADDRSTRLEN 46
#endif /* ifndef INET6_ADDRSTRLEN */ #endif /* ifndef INET6_ADDRSTRLEN */
int w[DNS_RPZ_CIDR_WORDS * 2];
char str[1 + 8 + 1 + INET6_ADDRSTRLEN + 1]; char str[1 + 8 + 1 + INET6_ADDRSTRLEN + 1];
isc_buffer_t buffer; isc_buffer_t buffer;
isc_result_t result; isc_result_t result;
int best_first, best_len, cur_first, cur_len; int len;
int i, n, len;
if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) { if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
len = snprintf(str, sizeof(str), "%u.%u.%u.%u.%u", len = snprintf(str, sizeof(str), "%u.%u.%u.%u.%u",
@@ -715,16 +697,19 @@ ip2name(const dns_rpz_cidr_key_t *tgt_ip, dns_rpz_prefix_t tgt_prefix,
return (ISC_R_FAILURE); return (ISC_R_FAILURE);
} }
} else { } else {
int w[DNS_RPZ_CIDR_WORDS * 2];
int best_first, best_len, cur_first, cur_len;
len = snprintf(str, sizeof(str), "%d", tgt_prefix); len = snprintf(str, sizeof(str), "%d", tgt_prefix);
if (len < 0 || (size_t)len >= sizeof(str)) { if (len < 0 || (size_t)len >= sizeof(str)) {
return (ISC_R_FAILURE); return (ISC_R_FAILURE);
} }
for (i = 0; i < DNS_RPZ_CIDR_WORDS; i++) { for (int n = 0; n < DNS_RPZ_CIDR_WORDS; n++) {
w[i * 2 + 1] = w[n * 2 + 1] =
((tgt_ip->w[DNS_RPZ_CIDR_WORDS - 1 - i] >> 16) & ((tgt_ip->w[DNS_RPZ_CIDR_WORDS - 1 - n] >> 16) &
0xffff); 0xffff);
w[i * 2] = tgt_ip->w[DNS_RPZ_CIDR_WORDS - 1 - i] & w[n * 2] = tgt_ip->w[DNS_RPZ_CIDR_WORDS - 1 - n] &
0xffff; 0xffff;
} }
/* /*
@@ -735,7 +720,7 @@ ip2name(const dns_rpz_cidr_key_t *tgt_ip, dns_rpz_prefix_t tgt_prefix,
best_len = 0; best_len = 0;
cur_first = -1; cur_first = -1;
cur_len = 0; cur_len = 0;
for (n = 0; n <= 7; ++n) { for (int n = 0; n <= 7; ++n) {
if (w[n] != 0) { if (w[n] != 0) {
cur_len = 0; cur_len = 0;
cur_first = -1; cur_first = -1;
@@ -750,7 +735,9 @@ ip2name(const dns_rpz_cidr_key_t *tgt_ip, dns_rpz_prefix_t tgt_prefix,
} }
} }
for (n = 0; n <= 7; ++n) { for (int n = 0; n <= 7; ++n) {
int i;
INSIST(len > 0 && (size_t)len < sizeof(str)); INSIST(len > 0 && (size_t)len < sizeof(str));
if (n == best_first) { if (n == best_first) {
i = snprintf(str + len, sizeof(str) - len, i = snprintf(str + len, sizeof(str) - len,
@@ -813,10 +800,10 @@ name2ipkey(int log_level, const dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num,
dns_rpz_cidr_key_t *tgt_ip, dns_rpz_prefix_t *tgt_prefix, dns_rpz_cidr_key_t *tgt_ip, dns_rpz_prefix_t *tgt_prefix,
dns_rpz_addr_zbits_t *new_set) { dns_rpz_addr_zbits_t *new_set) {
dns_rpz_zone_t *rpz; dns_rpz_zone_t *rpz;
char ip_str[DNS_NAME_FORMATSIZE], ip2_str[DNS_NAME_FORMATSIZE]; char ip_str[DNS_NAME_FORMATSIZE];
dns_offsets_t ip_name_offsets; dns_offsets_t ip_name_offsets;
dns_fixedname_t ip_name2f; dns_fixedname_t ip_name2f;
dns_name_t ip_name, *ip_name2; dns_name_t ip_name;
const char *prefix_str, *cp, *end; const char *prefix_str, *cp, *end;
char *cp2; char *cp2;
int ip_labels; int ip_labels;
@@ -967,11 +954,12 @@ name2ipkey(int log_level, const dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num,
* Convert the address back to a canonical domain name * Convert the address back to a canonical domain name
* to ensure that the original name is in canonical form. * to ensure that the original name is in canonical form.
*/ */
ip_name2 = dns_fixedname_initname(&ip_name2f); dns_name_t *ip_name2 = dns_fixedname_initname(&ip_name2f);
result = ip2name(tgt_ip, (dns_rpz_prefix_t)prefix_num, NULL, result = ip2name(tgt_ip, (dns_rpz_prefix_t)prefix_num, NULL,
ip_name2); ip_name2);
if (result != ISC_R_SUCCESS || if (result != ISC_R_SUCCESS ||
!dns_name_equal(&ip_name, ip_name2)) { !dns_name_equal(&ip_name, ip_name2)) {
char ip2_str[DNS_NAME_FORMATSIZE];
dns_name_format(ip_name2, ip2_str, sizeof(ip2_str)); dns_name_format(ip_name2, ip2_str, sizeof(ip2_str));
isc_log_write(dns_lctx, DNS_LOGCATEGORY_RPZ, isc_log_write(dns_lctx, DNS_LOGCATEGORY_RPZ,
DNS_LOGMODULE_RBTDB, log_level, DNS_LOGMODULE_RBTDB, log_level,
@@ -1131,7 +1119,6 @@ search(dns_rpz_zones_t *rpzs, const dns_rpz_cidr_key_t *tgt_ip,
dns_rpz_cidr_node_t *cur, *parent, *child, *new_parent, *sibling; dns_rpz_cidr_node_t *cur, *parent, *child, *new_parent, *sibling;
dns_rpz_addr_zbits_t set; dns_rpz_addr_zbits_t set;
int cur_num, child_num; int cur_num, child_num;
dns_rpz_prefix_t dbit;
isc_result_t find_result; isc_result_t find_result;
set = *tgt_set; set = *tgt_set;
@@ -1141,6 +1128,7 @@ search(dns_rpz_zones_t *rpzs, const dns_rpz_cidr_key_t *tgt_ip,
parent = NULL; parent = NULL;
cur_num = 0; cur_num = 0;
for (;;) { for (;;) {
dns_rpz_prefix_t dbit;
if (cur == NULL) { if (cur == NULL) {
/* /*
* No child so we cannot go down. * No child so we cannot go down.
@@ -1449,67 +1437,71 @@ isc_result_t
dns_rpz_new_zones(dns_rpz_zones_t **rpzsp, char *rps_cstr, size_t rps_cstr_size, dns_rpz_new_zones(dns_rpz_zones_t **rpzsp, char *rps_cstr, size_t rps_cstr_size,
isc_mem_t *mctx, isc_taskmgr_t *taskmgr, isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
isc_timermgr_t *timermgr) { isc_timermgr_t *timermgr) {
dns_rpz_zones_t *zones; dns_rpz_zones_t *rpzs;
isc_result_t result = ISC_R_SUCCESS; isc_result_t result = ISC_R_SUCCESS;
REQUIRE(rpzsp != NULL && *rpzsp == NULL); REQUIRE(rpzsp != NULL && *rpzsp == NULL);
zones = isc_mem_get(mctx, sizeof(*zones)); rpzs = isc_mem_get(mctx, sizeof(*rpzs));
memset(zones, 0, sizeof(*zones)); *rpzs = (dns_rpz_zones_t){
.rps_cstr = rps_cstr,
.rps_cstr_size = rps_cstr_size,
.timermgr = timermgr,
.taskmgr = taskmgr,
};
isc_rwlock_init(&zones->search_lock, 0, 0); isc_rwlock_init(&rpzs->search_lock, 0, 0);
isc_mutex_init(&zones->maint_lock); isc_mutex_init(&rpzs->maint_lock);
isc_refcount_init(&zones->refs, 1); isc_refcount_init(&rpzs->refs, 1);
isc_refcount_init(&zones->irefs, 1); isc_refcount_init(&rpzs->irefs, 1);
zones->rps_cstr = rps_cstr;
zones->rps_cstr_size = rps_cstr_size;
#ifdef USE_DNSRPS #ifdef USE_DNSRPS
if (rps_cstr != NULL) { if (rps_cstr != NULL) {
result = dns_dnsrps_view_init(zones, rps_cstr); result = dns_dnsrps_view_init(rpzs, rps_cstr);
if (result != ISC_R_SUCCESS) {
goto cleanup_rbt;
}
} }
#else /* ifdef USE_DNSRPS */ #else /* ifdef USE_DNSRPS */
INSIST(!zones->p.dnsrps_enabled); INSIST(!rpzs->p.dnsrps_enabled);
#endif /* ifdef USE_DNSRPS */ #endif /* ifdef USE_DNSRPS */
if (result == ISC_R_SUCCESS && !zones->p.dnsrps_enabled) { if (!rpzs->p.dnsrps_enabled) {
result = dns_rbt_create(mctx, rpz_node_deleter, mctx, result = dns_rbt_create(mctx, rpz_node_deleter, mctx,
&zones->rbt); &rpzs->rbt);
} }
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
goto cleanup_rbt; goto cleanup_rbt;
} }
result = isc_task_create(taskmgr, 0, &zones->updater); result = isc_task_create(taskmgr, 0, &rpzs->updater);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
goto cleanup_task; goto cleanup_task;
} }
isc_mem_attach(mctx, &zones->mctx); isc_mem_attach(mctx, &rpzs->mctx);
zones->timermgr = timermgr;
zones->taskmgr = taskmgr;
*rpzsp = zones; *rpzsp = rpzs;
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
cleanup_task: cleanup_task:
dns_rbt_destroy(&zones->rbt); dns_rbt_destroy(&rpzs->rbt);
cleanup_rbt: cleanup_rbt:
isc_refcount_decrementz(&zones->irefs); isc_refcount_decrementz(&rpzs->irefs);
isc_refcount_destroy(&zones->irefs); isc_refcount_destroy(&rpzs->irefs);
isc_refcount_decrementz(&zones->refs); isc_refcount_decrementz(&rpzs->refs);
isc_refcount_destroy(&zones->refs); isc_refcount_destroy(&rpzs->refs);
isc_mutex_destroy(&zones->maint_lock); isc_mutex_destroy(&rpzs->maint_lock);
isc_rwlock_destroy(&zones->search_lock); isc_rwlock_destroy(&rpzs->search_lock);
isc_mem_put(mctx, zones, sizeof(*zones)); isc_mem_put(mctx, rpzs, sizeof(*rpzs));
return (result); return (result);
} }
isc_result_t isc_result_t
dns_rpz_new_zone(dns_rpz_zones_t *rpzs, dns_rpz_zone_t **rpzp) { dns_rpz_new_zone(dns_rpz_zones_t *rpzs, dns_rpz_zone_t **rpzp) {
dns_rpz_zone_t *zone; dns_rpz_zone_t *rpz;
REQUIRE(rpzp != NULL && *rpzp == NULL); REQUIRE(rpzp != NULL && *rpzp == NULL);
REQUIRE(rpzs != NULL); REQUIRE(rpzs != NULL);
@@ -1517,91 +1509,85 @@ dns_rpz_new_zone(dns_rpz_zones_t *rpzs, dns_rpz_zone_t **rpzp) {
return (ISC_R_NOSPACE); return (ISC_R_NOSPACE);
} }
zone = isc_mem_get(rpzs->mctx, sizeof(*zone)); rpz = isc_mem_get(rpzs->mctx, sizeof(*rpz));
*rpz = (dns_rpz_zone_t){
memset(zone, 0, sizeof(*zone)); .addsoa = true,
isc_refcount_init(&zone->refs, 1); };
isc_timer_create(rpzs->timermgr, rpzs->updater, isc_timer_create(rpzs->timermgr, rpzs->updater,
dns_rpz_update_taskaction, zone, &zone->updatetimer); dns_rpz_update_taskaction, rpz, &rpz->updatetimer);
isc_refcount_init(&rpz->refs, 1);
/* /*
* This will never be used, but costs us nothing and * This will never be used, but costs us nothing and
* simplifies update_from_db * simplifies update_from_db
*/ */
isc_ht_init(&zone->nodes, rpzs->mctx, 1, ISC_HT_CASE_SENSITIVE); isc_ht_init(&rpz->nodes, rpzs->mctx, 1, ISC_HT_CASE_SENSITIVE);
dns_name_init(&zone->origin, NULL); dns_name_init(&rpz->origin, NULL);
dns_name_init(&zone->client_ip, NULL); dns_name_init(&rpz->client_ip, NULL);
dns_name_init(&zone->ip, NULL); dns_name_init(&rpz->ip, NULL);
dns_name_init(&zone->nsdname, NULL); dns_name_init(&rpz->nsdname, NULL);
dns_name_init(&zone->nsip, NULL); dns_name_init(&rpz->nsip, NULL);
dns_name_init(&zone->passthru, NULL); dns_name_init(&rpz->passthru, NULL);
dns_name_init(&zone->drop, NULL); dns_name_init(&rpz->drop, NULL);
dns_name_init(&zone->tcp_only, NULL); dns_name_init(&rpz->tcp_only, NULL);
dns_name_init(&zone->cname, NULL); dns_name_init(&rpz->cname, NULL);
isc_time_settoepoch(&zone->lastupdated); isc_time_settoepoch(&rpz->lastupdated);
zone->updatepending = false;
zone->updaterunning = false;
zone->db = NULL;
zone->dbversion = NULL;
zone->updb = NULL;
zone->updbversion = NULL;
zone->updbit = NULL;
isc_refcount_increment(&rpzs->irefs);
zone->rpzs = rpzs;
zone->db_registered = false;
zone->addsoa = true;
ISC_EVENT_INIT(&zone->updateevent, sizeof(zone->updateevent), 0, NULL,
0, NULL, NULL, NULL, NULL, NULL);
zone->num = rpzs->p.num_zones++; rpz_attach_rpzs(rpzs, &rpz->rpzs);
rpzs->zones[zone->num] = zone;
*rpzp = zone; ISC_EVENT_INIT(&rpz->updateevent, sizeof(rpz->updateevent), 0, NULL, 0,
NULL, NULL, NULL, NULL, NULL);
rpz->num = rpzs->p.num_zones++;
rpzs->zones[rpz->num] = rpz;
*rpzp = rpz;
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
} }
isc_result_t isc_result_t
dns_rpz_dbupdate_callback(dns_db_t *db, void *fn_arg) { dns_rpz_dbupdate_callback(dns_db_t *db, void *fn_arg) {
dns_rpz_zone_t *zone = (dns_rpz_zone_t *)fn_arg; dns_rpz_zone_t *rpz = (dns_rpz_zone_t *)fn_arg;
isc_time_t now; isc_time_t now;
uint64_t tdiff; uint64_t tdiff;
isc_result_t result = ISC_R_SUCCESS; isc_result_t result = ISC_R_SUCCESS;
char dname[DNS_NAME_FORMATSIZE]; char dname[DNS_NAME_FORMATSIZE];
REQUIRE(DNS_DB_VALID(db)); REQUIRE(DNS_DB_VALID(db));
REQUIRE(zone != NULL); REQUIRE(rpz != NULL);
LOCK(&zone->rpzs->maint_lock); LOCK(&rpz->rpzs->maint_lock);
/* New zone came as AXFR */ /* New zone came as AXFR */
if (zone->db != NULL && zone->db != db) { if (rpz->db != NULL && rpz->db != db) {
/* We need to clean up the old DB */ /* We need to clean up the old DB */
if (zone->dbversion != NULL) { if (rpz->dbversion != NULL) {
dns_db_closeversion(zone->db, &zone->dbversion, false); dns_db_closeversion(rpz->db, &rpz->dbversion, false);
} }
dns_db_updatenotify_unregister(zone->db, dns_db_updatenotify_unregister(rpz->db,
dns_rpz_dbupdate_callback, zone); dns_rpz_dbupdate_callback, rpz);
dns_db_detach(&zone->db); dns_db_detach(&rpz->db);
} }
if (zone->db == NULL) { if (rpz->db == NULL) {
RUNTIME_CHECK(zone->dbversion == NULL); RUNTIME_CHECK(rpz->dbversion == NULL);
dns_db_attach(db, &zone->db); dns_db_attach(db, &rpz->db);
} }
if (!zone->updatepending && !zone->updaterunning) { if (!rpz->updatepending && !rpz->updaterunning) {
zone->updatepending = true; rpz->updatepending = true;
isc_time_now(&now); isc_time_now(&now);
tdiff = isc_time_microdiff(&now, &zone->lastupdated) / 1000000; tdiff = isc_time_microdiff(&now, &rpz->lastupdated) / 1000000;
if (tdiff < zone->min_update_interval) { if (tdiff < rpz->min_update_interval) {
uint64_t defer = zone->min_update_interval - tdiff; uint64_t defer = rpz->min_update_interval - tdiff;
isc_interval_t interval; isc_interval_t interval;
dns_name_format(&zone->origin, dname, dns_name_format(&rpz->origin, dname,
DNS_NAME_FORMATSIZE); DNS_NAME_FORMATSIZE);
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_MASTER, ISC_LOG_INFO, DNS_LOGMODULE_MASTER, ISC_LOG_INFO,
@@ -1610,8 +1596,8 @@ dns_rpz_dbupdate_callback(dns_db_t *db, void *fn_arg) {
"%" PRIu64 " seconds", "%" PRIu64 " seconds",
dname, defer); dname, defer);
isc_interval_set(&interval, (unsigned int)defer, 0); isc_interval_set(&interval, (unsigned int)defer, 0);
dns_db_currentversion(zone->db, &zone->dbversion); dns_db_currentversion(rpz->db, &rpz->dbversion);
result = isc_timer_reset(zone->updatetimer, result = isc_timer_reset(rpz->updatetimer,
isc_timertype_once, &interval, isc_timertype_once, &interval,
true); true);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
@@ -1620,31 +1606,31 @@ dns_rpz_dbupdate_callback(dns_db_t *db, void *fn_arg) {
} else { } else {
isc_event_t *event; isc_event_t *event;
dns_db_currentversion(zone->db, &zone->dbversion); dns_db_currentversion(rpz->db, &rpz->dbversion);
INSIST(!ISC_LINK_LINKED(&zone->updateevent, ev_link)); INSIST(!ISC_LINK_LINKED(&rpz->updateevent, ev_link));
ISC_EVENT_INIT(&zone->updateevent, ISC_EVENT_INIT(&rpz->updateevent,
sizeof(zone->updateevent), 0, NULL, sizeof(rpz->updateevent), 0, NULL,
DNS_EVENT_RPZUPDATED, DNS_EVENT_RPZUPDATED,
dns_rpz_update_taskaction, zone, zone, dns_rpz_update_taskaction, rpz, rpz,
NULL, NULL); NULL, NULL);
event = &zone->updateevent; event = &rpz->updateevent;
isc_task_send(zone->rpzs->updater, &event); isc_task_send(rpz->rpzs->updater, &event);
} }
} else { } else {
zone->updatepending = true; rpz->updatepending = true;
dns_name_format(&zone->origin, dname, DNS_NAME_FORMATSIZE); dns_name_format(&rpz->origin, dname, DNS_NAME_FORMATSIZE);
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_MASTER, ISC_LOG_DEBUG(3), DNS_LOGMODULE_MASTER, ISC_LOG_DEBUG(3),
"rpz: %s: update already queued or running", "rpz: %s: update already queued or running",
dname); dname);
if (zone->dbversion != NULL) { if (rpz->dbversion != NULL) {
dns_db_closeversion(zone->db, &zone->dbversion, false); dns_db_closeversion(rpz->db, &rpz->dbversion, false);
} }
dns_db_currentversion(zone->db, &zone->dbversion); dns_db_currentversion(rpz->db, &rpz->dbversion);
} }
cleanup: cleanup:
UNLOCK(&zone->rpzs->maint_lock); UNLOCK(&rpz->rpzs->maint_lock);
return (result); return (result);
} }
@@ -1652,24 +1638,24 @@ cleanup:
static void static void
dns_rpz_update_taskaction(isc_task_t *task, isc_event_t *event) { dns_rpz_update_taskaction(isc_task_t *task, isc_event_t *event) {
isc_result_t result; isc_result_t result;
dns_rpz_zone_t *zone; dns_rpz_zone_t *rpz;
REQUIRE(event != NULL); REQUIRE(event != NULL);
REQUIRE(event->ev_arg != NULL); REQUIRE(event->ev_arg != NULL);
UNUSED(task); UNUSED(task);
zone = (dns_rpz_zone_t *)event->ev_arg; rpz = (dns_rpz_zone_t *)event->ev_arg;
isc_event_free(&event); isc_event_free(&event);
LOCK(&zone->rpzs->maint_lock); LOCK(&rpz->rpzs->maint_lock);
zone->updatepending = false; rpz->updatepending = false;
zone->updaterunning = true; rpz->updaterunning = true;
dns_rpz_update_from_db(zone); dns_rpz_update_from_db(rpz);
result = isc_timer_reset(zone->updatetimer, isc_timertype_inactive, result = isc_timer_reset(rpz->updatetimer, isc_timertype_inactive, NULL,
NULL, true); true);
RUNTIME_CHECK(result == ISC_R_SUCCESS); RUNTIME_CHECK(result == ISC_R_SUCCESS);
result = isc_time_now(&zone->lastupdated); result = isc_time_now(&rpz->lastupdated);
RUNTIME_CHECK(result == ISC_R_SUCCESS); RUNTIME_CHECK(result == ISC_R_SUCCESS);
UNLOCK(&zone->rpzs->maint_lock); UNLOCK(&rpz->rpzs->maint_lock);
} }
static isc_result_t static isc_result_t
@@ -2050,7 +2036,8 @@ dns_rpz_update_from_db(dns_rpz_zone_t *rpz) {
REQUIRE(rpz->updbit == NULL); REQUIRE(rpz->updbit == NULL);
REQUIRE(rpz->newnodes == NULL); REQUIRE(rpz->newnodes == NULL);
isc_refcount_increment(&rpz->refs); rpz_attach(rpz, &(dns_rpz_zone_t *){ NULL });
dns_db_attach(rpz->db, &rpz->updb); dns_db_attach(rpz->db, &rpz->updb);
rpz->updbversion = rpz->dbversion; rpz->updbversion = rpz->dbversion;
rpz->dbversion = NULL; rpz->dbversion = NULL;
@@ -2113,26 +2100,22 @@ cidr_free(dns_rpz_zones_t *rpzs) {
} }
} }
/*
* Discard a response policy zone blob
* before discarding the overall rpz structure.
*/
static void static void
rpz_detach(dns_rpz_zone_t **rpzp) { rpz_attach(dns_rpz_zone_t *rpz, dns_rpz_zone_t **rpzp) {
dns_rpz_zone_t *rpz; REQUIRE(rpz != NULL);
dns_rpz_zones_t *rpzs; REQUIRE(rpzp != NULL && *rpzp == NULL);
REQUIRE(rpzp != NULL && *rpzp != NULL); isc_refcount_increment(&rpz->refs);
*rpzp = rpz;
}
rpz = *rpzp; static void
*rpzp = NULL; rpz_destroy(dns_rpz_zone_t *rpz) {
dns_rpz_zones_t *rpzs = rpz->rpzs;
if (isc_refcount_decrement(&rpz->refs) == 1) {
isc_refcount_destroy(&rpz->refs);
rpzs = rpz->rpzs;
rpz->rpzs = NULL; rpz->rpzs = NULL;
isc_refcount_destroy(&rpz->refs);
if (dns_name_dynamic(&rpz->origin)) { if (dns_name_dynamic(&rpz->origin)) {
dns_name_free(&rpz->origin, rpzs->mctx); dns_name_free(&rpz->origin, rpzs->mctx);
} }
@@ -2162,11 +2145,10 @@ rpz_detach(dns_rpz_zone_t **rpzp) {
} }
if (rpz->db != NULL) { if (rpz->db != NULL) {
if (rpz->dbversion != NULL) { if (rpz->dbversion != NULL) {
dns_db_closeversion(rpz->db, &rpz->dbversion, dns_db_closeversion(rpz->db, &rpz->dbversion, false);
false);
} }
dns_db_updatenotify_unregister( dns_db_updatenotify_unregister(rpz->db,
rpz->db, dns_rpz_dbupdate_callback, rpz); dns_rpz_dbupdate_callback, rpz);
dns_db_detach(&rpz->db); dns_db_detach(&rpz->db);
} }
if (rpz->updaterunning) { if (rpz->updaterunning) {
@@ -2180,21 +2162,35 @@ rpz_detach(dns_rpz_zone_t **rpzp) {
if (rpz->updb != NULL) { if (rpz->updb != NULL) {
if (rpz->updbversion != NULL) { if (rpz->updbversion != NULL) {
dns_db_closeversion(rpz->updb, dns_db_closeversion(rpz->updb,
&rpz->updbversion, &rpz->updbversion, false);
false);
} }
dns_db_detach(&rpz->updb); dns_db_detach(&rpz->updb);
} }
} }
isc_timer_reset(rpz->updatetimer, isc_timertype_inactive, NULL,
true);
isc_timer_destroy(&rpz->updatetimer); isc_timer_destroy(&rpz->updatetimer);
isc_ht_destroy(&rpz->nodes); isc_ht_destroy(&rpz->nodes);
isc_mem_put(rpzs->mctx, rpz, sizeof(*rpz)); isc_mem_put(rpzs->mctx, rpz, sizeof(*rpz));
rpz_detach_rpzs(&rpzs); rpz_detach_rpzs(&rpzs);
}
/*
* Discard a response policy zone blob
* before discarding the overall rpz structure.
*/
static void
rpz_detach(dns_rpz_zone_t **rpzp) {
dns_rpz_zone_t *rpz;
REQUIRE(rpzp != NULL && *rpzp != NULL);
rpz = *rpzp;
*rpzp = NULL;
if (isc_refcount_decrement(&rpz->refs) == 1) {
rpz_destroy(rpz);
} }
} }
@@ -2234,18 +2230,22 @@ dns_rpz_detach_rpzs(dns_rpz_zones_t **rpzsp) {
} }
static void static void
rpz_detach_rpzs(dns_rpz_zones_t **rpzsp) { rpz_attach_rpzs(dns_rpz_zones_t *rpzs, dns_rpz_zones_t **rpzsp) {
REQUIRE(rpzsp != NULL && *rpzsp != NULL); REQUIRE(rpzs != NULL);
dns_rpz_zones_t *rpzs = *rpzsp; REQUIRE(rpzsp != NULL && *rpzsp == NULL);
*rpzsp = NULL;
if (isc_refcount_decrement(&rpzs->irefs) == 1) { isc_refcount_increment(&rpzs->irefs);
*rpzsp = rpzs;
}
static void
rpz_destroy_rpzs(dns_rpz_zones_t *rpzs) {
if (rpzs->rps_cstr_size != 0) { if (rpzs->rps_cstr_size != 0) {
#ifdef USE_DNSRPS #ifdef USE_DNSRPS
librpz->client_detach(&rpzs->rps_client); librpz->client_detach(&rpzs->rps_client);
#endif /* ifdef USE_DNSRPS */ #endif /* ifdef USE_DNSRPS */
isc_mem_put(rpzs->mctx, rpzs->rps_cstr, isc_mem_put(rpzs->mctx, rpzs->rps_cstr, rpzs->rps_cstr_size);
rpzs->rps_cstr_size);
} }
cidr_free(rpzs); cidr_free(rpzs);
@@ -2257,35 +2257,19 @@ rpz_detach_rpzs(dns_rpz_zones_t **rpzsp) {
isc_rwlock_destroy(&rpzs->search_lock); isc_rwlock_destroy(&rpzs->search_lock);
isc_refcount_destroy(&rpzs->refs); isc_refcount_destroy(&rpzs->refs);
isc_mem_putanddetach(&rpzs->mctx, rpzs, sizeof(*rpzs)); isc_mem_putanddetach(&rpzs->mctx, rpzs, sizeof(*rpzs));
}
static void
rpz_detach_rpzs(dns_rpz_zones_t **rpzsp) {
REQUIRE(rpzsp != NULL && *rpzsp != NULL);
dns_rpz_zones_t *rpzs = *rpzsp;
*rpzsp = NULL;
if (isc_refcount_decrement(&rpzs->irefs) == 1) {
rpz_destroy_rpzs(rpzs);
} }
} }
/*
* Deprecated and removed.
*/
isc_result_t
dns_rpz_beginload(dns_rpz_zones_t **load_rpzsp, dns_rpz_zones_t *rpzs,
dns_rpz_num_t rpz_num) {
UNUSED(load_rpzsp);
UNUSED(rpzs);
UNUSED(rpz_num);
return (ISC_R_NOTIMPLEMENTED);
}
/*
* Deprecated and removed.
*/
isc_result_t
dns_rpz_ready(dns_rpz_zones_t *rpzs, dns_rpz_zones_t **load_rpzsp,
dns_rpz_num_t rpz_num) {
UNUSED(rpzs);
UNUSED(load_rpzsp);
UNUSED(rpz_num);
return (ISC_R_NOTIMPLEMENTED);
}
/* /*
* Add an IP address to the radix tree or a name to the summary database. * Add an IP address to the radix tree or a name to the summary database.
*/ */