mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-09-01 15:05:23 +00:00
Simplify the DNS_R_UNCHANGED handling in dns_resolver unit
Instead of catching the DNS_R_UNCHANGED from dns_db_addrdataset() (via cache_rrset() and dns_ncache_add()) individually, mask it properly as soon as possible, by moving the sigrdataset caching logic inside cache_rrset() and returning ISC_R_SUCCESS from cache_rrset() and dns_ncache_add() when the database was unchanged.
This commit is contained in:
Ondřej Surý
@@ -17,6 +17,7 @@
|
|||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
|
|
||||||
#include <isc/buffer.h>
|
#include <isc/buffer.h>
|
||||||
|
#include <isc/result.h>
|
||||||
#include <isc/util.h>
|
#include <isc/util.h>
|
||||||
|
|
||||||
#include <dns/db.h>
|
#include <dns/db.h>
|
||||||
@@ -108,6 +109,7 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
|
|||||||
dns_rdatalist_t ncrdatalist;
|
dns_rdatalist_t ncrdatalist;
|
||||||
unsigned char data[65536];
|
unsigned char data[65536];
|
||||||
unsigned int next = 0;
|
unsigned int next = 0;
|
||||||
|
isc_result_t result;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Convert the authority data from 'message' into a negative cache
|
* Convert the authority data from 'message' into a negative cache
|
||||||
@@ -140,7 +142,7 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
|
|||||||
isc_buffer_init(&buffer, data, sizeof(data));
|
isc_buffer_init(&buffer, data, sizeof(data));
|
||||||
|
|
||||||
MSG_SECTION_FOREACH (message, DNS_SECTION_AUTHORITY, name) {
|
MSG_SECTION_FOREACH (message, DNS_SECTION_AUTHORITY, name) {
|
||||||
isc_result_t result = ISC_R_SUCCESS;
|
result = ISC_R_SUCCESS;
|
||||||
|
|
||||||
if (name->attributes.ncache) {
|
if (name->attributes.ncache) {
|
||||||
ISC_LIST_FOREACH (name->list, rdataset, link) {
|
ISC_LIST_FOREACH (name->list, rdataset, link) {
|
||||||
@@ -247,8 +249,13 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
|
|||||||
ncrdataset.attributes.optout = true;
|
ncrdataset.attributes.optout = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
return dns_db_addrdataset(cache, node, NULL, now, &ncrdataset, 0,
|
result = dns_db_addrdataset(cache, node, NULL, now, &ncrdataset, 0,
|
||||||
addedrdataset);
|
addedrdataset);
|
||||||
|
if (result != ISC_R_SUCCESS && result != DNS_R_UNCHANGED) {
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ISC_R_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
isc_result_t
|
isc_result_t
|
||||||
|
|||||||
@@ -5222,7 +5222,7 @@ static isc_result_t
|
|||||||
cache_rrset(fetchctx_t *fctx, isc_stdtime_t now, dns_name_t *name,
|
cache_rrset(fetchctx_t *fctx, isc_stdtime_t now, dns_name_t *name,
|
||||||
dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
|
dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
|
||||||
dns_dbnode_t **nodep, dns_rdataset_t *added,
|
dns_dbnode_t **nodep, dns_rdataset_t *added,
|
||||||
dns_rdataset_t *addedsig) {
|
dns_rdataset_t *addedsig, bool need_validation) {
|
||||||
isc_result_t result = ISC_R_SUCCESS;
|
isc_result_t result = ISC_R_SUCCESS;
|
||||||
unsigned int options = 0;
|
unsigned int options = 0;
|
||||||
dns_dbnode_t *node = NULL;
|
dns_dbnode_t *node = NULL;
|
||||||
@@ -5265,16 +5265,33 @@ cache_rrset(fetchctx_t *fctx, isc_stdtime_t now, dns_name_t *name,
|
|||||||
result = dns_db_addrdataset(fctx->cache, node, NULL, now,
|
result = dns_db_addrdataset(fctx->cache, node, NULL, now,
|
||||||
rdataset, options, added);
|
rdataset, options, added);
|
||||||
}
|
}
|
||||||
if ((result == ISC_R_SUCCESS || result == DNS_R_UNCHANGED) &&
|
|
||||||
sigrdataset != NULL)
|
if (result == DNS_R_UNCHANGED) {
|
||||||
{
|
/*
|
||||||
result = dns_db_addrdataset(fctx->cache, node, NULL, now,
|
* The cache wasn't updated because something was
|
||||||
sigrdataset, options, addedsig);
|
* already there. If the data was the same as what
|
||||||
if (result == DNS_R_UNCHANGED) {
|
* we were trying to add, then sigrdataset might
|
||||||
|
* still be useful.
|
||||||
|
*/
|
||||||
|
if (!need_validation && added != NULL &&
|
||||||
|
!dns_rdataset_equals(rdataset, added))
|
||||||
|
{
|
||||||
|
/* Skip adding the sigrdataset */
|
||||||
|
} else {
|
||||||
|
/* Carry on caching the sigrdataset */
|
||||||
result = ISC_R_SUCCESS;
|
result = ISC_R_SUCCESS;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (result == ISC_R_SUCCESS && sigrdataset != NULL) {
|
||||||
|
result = dns_db_addrdataset(fctx->cache, node, NULL, now,
|
||||||
|
sigrdataset, options, addedsig);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (result == DNS_R_UNCHANGED) {
|
||||||
|
result = ISC_R_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If we're passing a node that we looked up back to the
|
* If we're passing a node that we looked up back to the
|
||||||
* caller, then we don't detach it.
|
* caller, then we don't detach it.
|
||||||
@@ -5368,10 +5385,9 @@ fctx_cacheauthority(fetchctx_t *fctx, dns_message_t *message,
|
|||||||
}
|
}
|
||||||
|
|
||||||
result = cache_rrset(fctx, now, name, rdataset,
|
result = cache_rrset(fctx, now, name, rdataset,
|
||||||
sigrdataset, NULL, NULL, NULL);
|
sigrdataset, NULL, NULL, NULL,
|
||||||
if (result != ISC_R_SUCCESS &&
|
false);
|
||||||
result != DNS_R_UNCHANGED)
|
if (result != ISC_R_SUCCESS) {
|
||||||
{
|
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -5439,7 +5455,7 @@ validated(void *arg) {
|
|||||||
* Cache the data as pending for later validation.
|
* Cache the data as pending for later validation.
|
||||||
*/
|
*/
|
||||||
cache_rrset(fctx, now, val->name, val->rdataset,
|
cache_rrset(fctx, now, val->name, val->rdataset,
|
||||||
val->sigrdataset, NULL, NULL, NULL);
|
val->sigrdataset, NULL, NULL, NULL, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
add_bad(fctx, message, addrinfo, result, badns_validation);
|
add_bad(fctx, message, addrinfo, result, badns_validation);
|
||||||
@@ -5521,7 +5537,8 @@ validated(void *arg) {
|
|||||||
* The data was already cached as pending. Re-cache it as secure.
|
* The data was already cached as pending. Re-cache it as secure.
|
||||||
*/
|
*/
|
||||||
result = cache_rrset(fctx, now, val->name, val->rdataset,
|
result = cache_rrset(fctx, now, val->name, val->rdataset,
|
||||||
val->sigrdataset, &node, ardataset, asigrdataset);
|
val->sigrdataset, &node, ardataset, asigrdataset,
|
||||||
|
true);
|
||||||
if (result != ISC_R_SUCCESS) {
|
if (result != ISC_R_SUCCESS) {
|
||||||
done = true;
|
done = true;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@@ -5550,7 +5567,8 @@ answer_response:
|
|||||||
gettrust(val->sigrdataset) == dns_trust_secure)
|
gettrust(val->sigrdataset) == dns_trust_secure)
|
||||||
{
|
{
|
||||||
cache_rrset(fctx, now, dns_fixedname_name(&val->wild),
|
cache_rrset(fctx, now, dns_fixedname_name(&val->wild),
|
||||||
val->rdataset, val->sigrdataset, NULL, NULL, NULL);
|
val->rdataset, val->sigrdataset, NULL, NULL, NULL,
|
||||||
|
true);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -5868,33 +5886,11 @@ rctx_cache_secure(respctx_t *rctx, dns_message_t *message, dns_name_t *name,
|
|||||||
* (if any) in two steps, so we can do an extra check
|
* (if any) in two steps, so we can do an extra check
|
||||||
* in-between.
|
* in-between.
|
||||||
*/
|
*/
|
||||||
result = cache_rrset(fctx, rctx->now, name, rdataset, NULL,
|
|
||||||
&node, ardataset, NULL);
|
|
||||||
if (result != DNS_R_UNCHANGED && result != ISC_R_SUCCESS) {
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (sigrdataset == NULL) {
|
result = cache_rrset(fctx, rctx->now, name, rdataset,
|
||||||
return ISC_R_SUCCESS;
|
sigrdataset, &node, ardataset, asigset,
|
||||||
}
|
need_validation);
|
||||||
|
if (result != ISC_R_SUCCESS) {
|
||||||
if (result == DNS_R_UNCHANGED && !need_validation &&
|
|
||||||
ardataset != NULL &&
|
|
||||||
!dns_rdataset_equals(rdataset, ardataset))
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* The cache wasn't updated because something was
|
|
||||||
* already there. If the data was the same as what
|
|
||||||
* we were trying to add, then sigrdataset might
|
|
||||||
* still be useful, and we should carry on caching
|
|
||||||
* it. Otherwise, move on.
|
|
||||||
*/
|
|
||||||
return ISC_R_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
result = cache_rrset(fctx, rctx->now, name, sigrdataset, NULL,
|
|
||||||
&node, asigset, NULL);
|
|
||||||
if (result != DNS_R_UNCHANGED && result != ISC_R_SUCCESS) {
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -5937,10 +5933,7 @@ rctx_cache_insecure(respctx_t *rctx, dns_message_t *message, dns_name_t *name,
|
|||||||
* Cache the rdataset.
|
* Cache the rdataset.
|
||||||
*/
|
*/
|
||||||
result = cache_rrset(fctx, rctx->now, name, rdataset, NULL, &node,
|
result = cache_rrset(fctx, rctx->now, name, rdataset, NULL, &node,
|
||||||
added, NULL);
|
added, NULL, NULL);
|
||||||
if (result == DNS_R_UNCHANGED) {
|
|
||||||
result = ISC_R_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
@@ -6158,9 +6151,6 @@ negcache(dns_message_t *message, fetchctx_t *fctx, const dns_name_t *name,
|
|||||||
|
|
||||||
result = dns_ncache_add(message, cache, node, covers, now, minttl,
|
result = dns_ncache_add(message, cache, node, covers, now, minttl,
|
||||||
maxttl, optout, secure, added);
|
maxttl, optout, secure, added);
|
||||||
if (result == DNS_R_UNCHANGED) {
|
|
||||||
result = ISC_R_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (added == &rdataset && dns_rdataset_isassociated(added)) {
|
if (added == &rdataset && dns_rdataset_isassociated(added)) {
|
||||||
dns_rdataset_disassociate(added);
|
dns_rdataset_disassociate(added);
|
||||||
|
|||||||
Reference in New Issue
Block a user