From c3bc4e02519d15e27b8e32291bda1a59ed08f42b Mon Sep 17 00:00:00 2001 From: JINMEI Tatuya Date: Thu, 12 Apr 2012 13:55:14 -0700 Subject: [PATCH] [1579] suggest change: made findWildcardMatch DNSSEC-agnostic. to do this, I extended getDNSSECRRset(name) further: it now takes 'covering' parameter, depending on whether the requested NSEC is for the exact name or the covering ("previous") name. In the latter case it does the same thing as findNSECCover() (which will be merged to getDNSSECRRset later). --- src/lib/datasrc/database.cc | 29 ++++++++++++++--------------- src/lib/datasrc/database.h | 6 ++++-- 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/src/lib/datasrc/database.cc b/src/lib/datasrc/database.cc index c35479b912..dc3da71488 100644 --- a/src/lib/datasrc/database.cc +++ b/src/lib/datasrc/database.cc @@ -609,8 +609,7 @@ DatabaseClient::Finder::findWildcardMatch( // Note that during the search we are going to search not only for the // requested type, but also for types that indicate a delegation - // NS and DNAME. - WantedTypes final_types(dnssec_ctx.isNSEC3() ? FINAL_TYPES_NO_NSEC() : - FINAL_TYPES()); + WantedTypes final_types(FINAL_TYPES()); final_types.insert(type); const size_t remove_labels = name.getLabelCount() - dresult.last_known; @@ -667,13 +666,9 @@ DatabaseClient::Finder::findWildcardMatch( arg(accessor_->getDBName()).arg(wildcard).arg(name); const FindResultFlags flags = (RESULT_WILDCARD | dnssec_ctx.getResultFlags()); - if (dnssec_ctx.isNSEC()) { - ConstRRsetPtr nsec = findNSECCover(Name(wildcard)); - if (nsec) { - return (ResultContext(NXRRSET, nsec, flags)); - } - } - return (ResultContext(NXRRSET, ConstRRsetPtr(), flags)); + return (ResultContext(NXRRSET, + dnssec_ctx.getDNSSECRRset(Name(wildcard), + true), flags)); } } @@ -778,15 +773,19 @@ DatabaseClient::Finder::FindDNSSECContext::getDNSSECRRset( } isc::dns::ConstRRsetPtr -DatabaseClient::Finder::FindDNSSECContext::getDNSSECRRset(const Name &name) { +DatabaseClient::Finder::FindDNSSECContext::getDNSSECRRset(const Name &name, + bool covering) +{ if (!isNSEC()) { return (ConstRRsetPtr()); } - const FoundRRsets wfound = finder_.getRRsets(name.toText(), NSEC_TYPES(), - true); - const FoundIterator nci = wfound.second.find(RRType::NSEC()); - if (nci != wfound.second.end()) { + const Name& nsec_name = covering ? finder_.findPreviousName(name) : name; + const bool need_nscheck = (nsec_name == finder_.getOrigin()); + const FoundRRsets found = finder_.getRRsets(nsec_name.toText(), + NSEC_TYPES(), need_nscheck); + const FoundIterator nci = found.second.find(RRType::NSEC()); + if (nci != found.second.end()) { return (nci->second); } else { return (ConstRRsetPtr()); @@ -892,7 +891,7 @@ DatabaseClient::Finder::findOnNameResult(const Name& name, // NSEC records in the name of the wildcard, not the substituted one, // so we need to search the tree again. const ConstRRsetPtr dnssec_rrset = - wild ? dnssec_ctx.getDNSSECRRset(Name(*wildname)) : + wild ? dnssec_ctx.getDNSSECRRset(Name(*wildname), false) : dnssec_ctx.getDNSSECRRset(found); if (dnssec_rrset) { // This log message covers both normal and wildcard cases, so we pass diff --git a/src/lib/datasrc/database.h b/src/lib/datasrc/database.h index b0e929a602..351a08c00e 100644 --- a/src/lib/datasrc/database.h +++ b/src/lib/datasrc/database.h @@ -882,9 +882,11 @@ public: /// It should return the needed NSEC RRset. /// /// \param name The name which the NSEC RRset belong to. + /// \param covering true if a covering NSEC is required; false if + /// a matching NSEC is required. /// \return the needed NSEC RRsets. - isc::dns::ConstRRsetPtr getDNSSECRRset(const isc::dns::Name& - name); + isc::dns::ConstRRsetPtr getDNSSECRRset( + const isc::dns::Name& name, bool covering); /// \brief Get the needed NSEC RRset. ///