zone-update.c 22.7 KB
Newer Older
1
/*  Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
2 3 4 5 6 7 8 9 10 11 12 13

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
14
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
15 16
 */

17
#include "knot/common/log.h"
18
#include "knot/dnssec/zone-events.h"
Daniel Salzman's avatar
Daniel Salzman committed
19
#include "knot/updates/zone-update.h"
Libor Peltan's avatar
Libor Peltan committed
20
#include "knot/zone/adjust.h"
21
#include "knot/zone/serial.h"
22
#include "knot/zone/zone-diff.h"
23
#include "contrib/mempattern.h"
24
#include "contrib/trim.h"
25
#include "contrib/ucw/lists.h"
26
#include "contrib/ucw/mempool.h"
27

28 29
#include <urcu.h>

30
static int init_incremental(zone_update_t *update, zone_t *zone, zone_contents_t *old_contents, bool deep_copy)
31
{
32
	if (old_contents == NULL) {
33 34
		return KNOT_EINVAL;
	}
35

36 37 38 39
	int ret = changeset_init(&update->change, zone->name);
	if (ret != KNOT_EOK) {
		return ret;
	}
40

41 42 43 44 45 46 47 48 49 50
	if (deep_copy) {
		update->new_cont_deep_copy = true;
		update->new_cont = old_contents;
	} else {
		update->new_cont_deep_copy = false;
		ret = apply_prepare_zone_copy(old_contents, &update->new_cont);
		if (ret != KNOT_EOK) {
			changeset_clear(&update->change);
			return ret;
		}
51 52
	}

53
	uint32_t apply_flags = update->flags & UPDATE_STRICT ? APPLY_STRICT : 0;
Libor Peltan's avatar
Libor Peltan committed
54 55 56 57 58
	ret = apply_init_ctx(update->a_ctx, update->new_cont, apply_flags);
	if (ret != KNOT_EOK) {
		changeset_clear(&update->change);
		return ret;
	}
59

60
	/* Copy base SOA RR. */
61
	update->change.soa_from =
62
		node_create_rrset(old_contents->apex, KNOT_RRTYPE_SOA);
63
	if (update->change.soa_from == NULL) {
64
		zone_contents_free(update->new_cont);
65
		changeset_clear(&update->change);
66 67
		return KNOT_ENOMEM;
	}
68 69 70 71 72 73 74 75 76 77 78

	return KNOT_EOK;
}

static int init_full(zone_update_t *update, zone_t *zone)
{
	update->new_cont = zone_contents_new(zone->name);
	if (update->new_cont == NULL) {
		return KNOT_ENOMEM;
	}

79 80
	update->new_cont_deep_copy = true;

Libor Peltan's avatar
Libor Peltan committed
81 82 83 84 85
	int ret = apply_init_ctx(update->a_ctx, update->new_cont, 0);
	if (ret != KNOT_EOK) {
		zone_contents_free(update->new_cont);
		return ret;
	}
86

87 88 89
	return KNOT_EOK;
}

90 91 92 93 94 95 96 97 98 99 100 101 102 103
static int replace_soa(zone_contents_t *contents, const knot_rrset_t *rr)
{
	/* SOA possible only within apex. */
	if (!knot_dname_is_equal(rr->owner, contents->apex->owner)) {
		return KNOT_EDENIED;
	}

	knot_rrset_t old_soa = node_rrset(contents->apex, KNOT_RRTYPE_SOA);
	zone_node_t *n = contents->apex;
	int ret = zone_contents_remove_rr(contents, &old_soa, &n);
	if (ret != KNOT_EOK && ret != KNOT_EINVAL) {
		return ret;
	}

104 105 106 107 108 109
	ret = zone_contents_add_rr(contents, rr, &n);
	if (ret == KNOT_ETTL) {
		return KNOT_EOK;
	}

	return ret;
110 111
}

112 113
int init_base(zone_update_t *update, zone_t *zone, zone_contents_t *old_contents,
              zone_update_flags_t flags)
114
{
115
	if (update == NULL || zone == NULL || (old_contents == NULL && (flags & UPDATE_INCREMENTAL))) {
116 117 118 119 120 121 122 123 124
		return KNOT_EINVAL;
	}

	memset(update, 0, sizeof(*update));
	update->zone = zone;

	mm_ctx_mempool(&update->mm, MM_DEFAULT_BLKSIZE);
	update->flags = flags;

125 126 127 128 129 130
	update->a_ctx = calloc(1, sizeof(*update->a_ctx));
	if (update->a_ctx == NULL) {
		return KNOT_ENOMEM;
	}

	int ret = KNOT_EINVAL;
131
	if (flags & UPDATE_INCREMENTAL) {
132
		ret = init_incremental(update, zone, old_contents, flags & UPDATE_JOURNAL);
133
	} else if (flags & UPDATE_FULL) {
134 135 136 137
		ret = init_full(update, zone);
	}
	if (ret != KNOT_EOK) {
		free(update->a_ctx);
138
	}
139 140

	return ret;
141 142
}

143 144 145 146 147 148 149
/* ------------------------------- API -------------------------------------- */

int zone_update_init(zone_update_t *update, zone_t *zone, zone_update_flags_t flags)
{
	return init_base(update, zone, zone->contents, flags);
}

150
int zone_update_from_differences(zone_update_t *update, zone_t *zone, zone_contents_t *old_cont,
151
				 zone_contents_t *new_cont, zone_update_flags_t flags, bool ignore_dnssec)
152 153 154 155 156 157
{
	if (update == NULL || zone == NULL || new_cont == NULL ||
	    !(flags & UPDATE_INCREMENTAL) || (flags & UPDATE_FULL)) {
		return KNOT_EINVAL;
	}

158 159 160 161 162
	changeset_t diff;
	int ret = changeset_init(&diff, zone->name);
	if (ret != KNOT_EOK) {
		return ret;
	}
163

164 165 166 167
	ret = zone_contents_diff(old_cont, new_cont, &diff, ignore_dnssec);
	if (ret != KNOT_EOK && ret != KNOT_ENODIFF && ret != KNOT_ESEMCHECK) {
		changeset_clear(&diff);
		return ret;
168 169
	}

170 171 172 173
	// True if nonempty changes were made but the serial
	// remained the same and has to be incremented.
	bool diff_semcheck = (ret == KNOT_ESEMCHECK);

174
	ret = init_base(update, zone, old_cont, flags);
175
	if (ret != KNOT_EOK) {
176
		changeset_clear(&diff);
177 178 179
		return ret;
	}

180 181 182 183
	ret = zone_update_apply_changeset(update, &diff);
	changeset_clear(&diff);
	if (ret != KNOT_EOK) {
		zone_update_clear(update);
184 185 186
		return ret;
	}

187
	if (diff_semcheck) {
188 189 190 191 192 193 194 195
		ret = zone_update_increment_soa(update, conf());
		if (ret != KNOT_EOK) {
			zone_update_clear(update);
			return ret;
		}
		log_zone_info(zone->name, "automatic SOA serial increment");
	}

196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214
	return KNOT_EOK;
}

int zone_update_from_contents(zone_update_t *update, zone_t *zone_without_contents,
                              zone_contents_t *new_cont, zone_update_flags_t flags)
{
	if (update == NULL || zone_without_contents == NULL || new_cont == NULL) {
		return KNOT_EINVAL;
	}

	memset(update, 0, sizeof(*update));
	update->zone = zone_without_contents;

	mm_ctx_mempool(&update->mm, MM_DEFAULT_BLKSIZE);
	update->flags = flags;

	update->new_cont = new_cont;
	update->new_cont_deep_copy = true;

215 216 217 218 219
	update->a_ctx = calloc(1, sizeof(*update->a_ctx));
	if (update->a_ctx == NULL) {
		return KNOT_ENOMEM;
	}

220 221 222
	if (flags & UPDATE_INCREMENTAL) {
		int ret = changeset_init(&update->change, zone_without_contents->name);
		if (ret != KNOT_EOK) {
223
			free(update->a_ctx);
224 225 226 227 228 229
			return ret;
		}

		update->change.soa_from = node_create_rrset(new_cont->apex, KNOT_RRTYPE_SOA);
		if (update->change.soa_from == NULL) {
			changeset_clear(&update->change);
230
			free(update->a_ctx);
231 232 233 234 235
			return KNOT_ENOMEM;
		}
	}

	uint32_t apply_flags = update->flags & UPDATE_STRICT ? APPLY_STRICT : 0;
Libor Peltan's avatar
Libor Peltan committed
236 237 238 239 240 241
	int ret = apply_init_ctx(update->a_ctx, update->new_cont, apply_flags);
	if (ret != KNOT_EOK) {
		changeset_clear(&update->change);
		free(update->a_ctx);
		return ret;
	}
242 243 244 245

	return KNOT_EOK;
}

246 247 248 249 250 251
const zone_node_t *zone_update_get_node(zone_update_t *update, const knot_dname_t *dname)
{
	if (update == NULL || dname == NULL) {
		return NULL;
	}

252
	return zone_contents_find_node(update->new_cont, dname);
253 254
}

255 256
const zone_node_t *zone_update_get_apex(zone_update_t *update)
{
257 258 259 260
	if (update == NULL) {
		return NULL;
	}

261 262 263 264 265 266
	return zone_update_get_node(update, update->zone->name);
}

uint32_t zone_update_current_serial(zone_update_t *update)
{
	const zone_node_t *apex = zone_update_get_apex(update);
267
	if (apex != NULL) {
268
		return knot_soa_serial(node_rdataset(apex, KNOT_RRTYPE_SOA)->rdata);
269 270 271 272 273
	} else {
		return 0;
	}
}

274 275 276 277 278 279 280 281
static bool zone_update_changed_nsec3param(const zone_update_t *update)
{
	if (update->zone->contents == NULL) {
		return true;
	}

	dnssec_nsec3_params_t *orig = &update->zone->contents->nsec3_params;
	dnssec_nsec3_params_t *upd = &update->new_cont->nsec3_params;
282
	return dnssec_nsec3_params_match(orig, upd);
283 284
}

285 286
const knot_rdataset_t *zone_update_from(zone_update_t *update)
{
287 288 289 290
	if (update == NULL) {
		return NULL;
	}

291 292 293 294 295 296
	if (update->flags & UPDATE_INCREMENTAL) {
		const zone_node_t *apex = update->zone->contents->apex;
		return node_rdataset(apex, KNOT_RRTYPE_SOA);
	}

	return NULL;
297 298 299 300
}

const knot_rdataset_t *zone_update_to(zone_update_t *update)
{
301 302 303
	if (update == NULL) {
		return NULL;
	}
304

305 306 307 308 309 310 311 312
	if (update->flags & UPDATE_FULL) {
		const zone_node_t *apex = update->new_cont->apex;
		return node_rdataset(apex, KNOT_RRTYPE_SOA);
	} else if (update->flags & UPDATE_INCREMENTAL) {
		if (update->change.soa_to == NULL) {
			return NULL;
		}
		return &update->change.soa_to->rrs;
313 314
	}

315
	return NULL;
316 317
}

318 319
void zone_update_clear(zone_update_t *update)
{
320 321
	if (update == NULL) {
		return;
322
	}
323 324 325

	if (update->flags & UPDATE_INCREMENTAL) {
		/* Revert any changes on error, do nothing on success. */
326
		if (update->new_cont_deep_copy) {
327
			update_cleanup(update->a_ctx);
328
			zone_contents_deep_free(update->new_cont);
329
		} else {
330
			update_rollback(update->a_ctx);
331
			update_free_zone(update->new_cont);
332
		}
333 334
		changeset_clear(&update->change);
	} else if (update->flags & UPDATE_FULL) {
335
		assert(update->new_cont_deep_copy);
336
		zone_contents_deep_free(update->new_cont);
337
	}
338
	free(update->a_ctx);
339 340
	mp_delete(update->mm.ctx);
	memset(update, 0, sizeof(*update));
341
}
342

343 344
int zone_update_add(zone_update_t *update, const knot_rrset_t *rrset)
{
345
	if (update == NULL || rrset == NULL) {
346 347 348
		return KNOT_EINVAL;
	}

349
	if (update->flags & UPDATE_INCREMENTAL) {
350 351 352 353 354 355 356
		int ret = changeset_add_addition(&update->change, rrset, CHANGESET_CHECK);
		if (ret != KNOT_EOK) {
			return ret;
		}

		if (rrset->type == KNOT_RRTYPE_SOA) {
			/* replace previous SOA */
357
			ret = apply_replace_soa(update->a_ctx, &update->change);
358 359 360 361 362 363
			if (ret != KNOT_EOK) {
				changeset_remove_addition(&update->change, rrset);
			}
			return ret;
		}

364
		ret = apply_add_rr(update->a_ctx, rrset);
365 366 367 368 369 370
		if (ret != KNOT_EOK) {
			changeset_remove_addition(&update->change, rrset);
			return ret;
		}

		return KNOT_EOK;
371
	} else if (update->flags & UPDATE_FULL) {
372 373 374 375 376
		if (rrset->type == KNOT_RRTYPE_SOA) {
			/* replace previous SOA */
			return replace_soa(update->new_cont, rrset);
		}

377
		zone_node_t *n = NULL;
378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393
		int ret = zone_contents_add_rr(update->new_cont, rrset, &n);
		if (ret == KNOT_ETTL) {
			char buff[KNOT_DNAME_TXT_MAXLEN + 1];
			char *owner = knot_dname_to_str(buff, rrset->owner, sizeof(buff));
			if (owner == NULL) {
				owner = "";
			}
			char type[16] = { '\0' };
			knot_rrtype_to_string(rrset->type, type, sizeof(type));
			log_zone_notice(update->new_cont->apex->owner,
			                "TTL mismatch, owner %s, type %s, "
			                "TTL set to %u", owner, type, rrset->ttl);
			return KNOT_EOK;
		}

		return ret;
394 395 396 397 398 399 400
	} else {
		return KNOT_EINVAL;
	}
}

int zone_update_remove(zone_update_t *update, const knot_rrset_t *rrset)
{
401
	if (update == NULL || rrset == NULL) {
402 403 404
		return KNOT_EINVAL;
	}

405
	if (update->flags & UPDATE_INCREMENTAL) {
406 407 408 409 410 411 412 413 414 415
		int ret = changeset_add_removal(&update->change, rrset, CHANGESET_CHECK);
		if (ret != KNOT_EOK) {
			return ret;
		}

		if (rrset->type == KNOT_RRTYPE_SOA) {
			/* SOA is replaced with addition */
			return KNOT_EOK;
		}

416
		ret = apply_remove_rr(update->a_ctx, rrset);
417 418 419 420 421 422
		if (ret != KNOT_EOK) {
			changeset_remove_removal(&update->change, rrset);
			return ret;
		}

		return KNOT_EOK;
423 424
	} else if (update->flags & UPDATE_FULL) {
		zone_node_t *n = NULL;
425 426
		knot_rrset_t *rrs_copy = knot_rrset_copy(rrset, &update->mm);
		int ret = zone_contents_remove_rr(update->new_cont, rrs_copy, &n);
427
		knot_rrset_free(rrs_copy, &update->mm);
428
		return ret;
429
	} else {
430
		return KNOT_EINVAL;
431 432 433
	}
}

434 435 436 437 438 439 440 441
int zone_update_remove_rrset(zone_update_t *update, knot_dname_t *owner, uint16_t type)
{
	if (update == NULL || owner == NULL) {
		return KNOT_EINVAL;
	}

	if (update->flags & UPDATE_INCREMENTAL) {
		/* Remove the RRSet from the original node */
442
		const zone_node_t *node = zone_contents_find_node(update->new_cont, owner);
443 444
		if (node != NULL) {
			knot_rrset_t rrset = node_rrset(node, type);
445 446 447
			if (rrset.owner == NULL) {
				return KNOT_ENOENT;
			}
Daniel Salzman's avatar
Daniel Salzman committed
448 449
			int ret = changeset_add_removal(&update->change, &rrset,
			                                CHANGESET_CHECK);
450 451 452 453
			if (ret != KNOT_EOK) {
				return ret;
			}

454 455 456 457 458
			if (type == KNOT_RRTYPE_SOA) {
				/* SOA is replaced with addition */
				return KNOT_EOK;
			}

459
			ret = apply_remove_rr(update->a_ctx, &rrset);
460 461 462
			if (ret != KNOT_EOK) {
				return ret;
			}
463
		} else {
464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489
			return KNOT_ENONODE;
		}
	} else if (update->flags & UPDATE_FULL) {
		/* Remove the RRSet from the non-synthesized new node */
		const zone_node_t *node = zone_contents_find_node(update->new_cont, owner);
		if (node == NULL) {
			return KNOT_ENONODE;
		}

		knot_rrset_t rrset = node_rrset(node, type);
		int ret = zone_update_remove(update, &rrset);
		if (ret != KNOT_EOK) {
			return ret;
		}
	}

	return KNOT_EOK;
}

int zone_update_remove_node(zone_update_t *update, const knot_dname_t *owner)
{
	if (update == NULL || owner == NULL) {
		return KNOT_EINVAL;
	}

	if (update->flags & UPDATE_INCREMENTAL) {
490 491
		/* Remove all RRSets from the new node */
		const zone_node_t *node = zone_contents_find_node(update->new_cont, owner);
492 493 494 495
		if (node != NULL) {
			size_t rrset_count = node->rrset_count;
			for (int i = 0; i < rrset_count; ++i) {
				knot_rrset_t rrset = node_rrset_at(node, rrset_count - 1 - i);
Daniel Salzman's avatar
Daniel Salzman committed
496 497
				int ret = changeset_add_removal(&update->change, &rrset,
				                                CHANGESET_CHECK);
498 499 500 501
				if (ret != KNOT_EOK) {
					return ret;
				}

502 503
				if (rrset.type == KNOT_RRTYPE_SOA) {
					/* SOA is replaced with addition */
504
					continue;
505 506
				}

507
				ret = apply_remove_rr(update->a_ctx, &rrset);
508 509 510 511
				if (ret != KNOT_EOK) {
					return ret;
				}
			}
512
		} else {
513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534
			return KNOT_ENONODE;
		}
	} else if (update->flags & UPDATE_FULL) {
		/* Remove all RRSets from the non-synthesized new node */
		const zone_node_t *node = zone_contents_find_node(update->new_cont, owner);
		if (node == NULL) {
			return KNOT_ENONODE;
		}

		size_t rrset_count = node->rrset_count;
		for (int i = 0; i < rrset_count; ++i) {
			knot_rrset_t rrset = node_rrset_at(node, rrset_count - 1 - i);
			int ret = zone_update_remove(update, &rrset);
			if (ret != KNOT_EOK) {
				return ret;
			}
		}
	}

	return KNOT_EOK;
}

535 536 537 538
int zone_update_apply_changeset(zone_update_t *update, const changeset_t *changes)
{
	int ret = KNOT_EOK;
	if (update->flags & UPDATE_INCREMENTAL) {
539
		ret = changeset_merge(&update->change, changes, CHANGESET_CHECK_CANCELOUT);
540 541
	}
	if (ret == KNOT_EOK) {
542
		ret = apply_changeset_directly(update->a_ctx, changes);
543 544 545 546 547 548 549 550 551 552
	}
	return ret;
}

int zone_update_apply_changeset_fix(zone_update_t *update, changeset_t *changes)
{
	int ret = changeset_cancelout(changes);
	if (ret == KNOT_EOK) {
		ret = changeset_preapply_fix(update->new_cont, changes);
	}
553 554
	if (ret == KNOT_EOK) {
		ret = zone_update_apply_changeset(update, changes);
555
	}
556
	return ret;
557 558
}

559 560 561 562 563 564 565 566 567 568
int zone_update_apply_changeset_reverse(zone_update_t *update, const changeset_t *changes)
{
	changeset_t reverse;
	reverse.remove = changes->add;
	reverse.add = changes->remove;
	reverse.soa_from = changes->soa_to;
	reverse.soa_to = changes->soa_from;
	return zone_update_apply_changeset(update, &reverse);
}

569
static int set_new_soa(zone_update_t *update, unsigned serial_policy)
570
{
571 572
	assert(update);

Daniel Salzman's avatar
Daniel Salzman committed
573 574
	knot_rrset_t *soa_cpy = node_create_rrset(zone_update_get_apex(update),
	                                          KNOT_RRTYPE_SOA);
575 576 577 578
	if (soa_cpy == NULL) {
		return KNOT_ENOMEM;
	}

579 580
	int ret = zone_update_remove(update, soa_cpy);
	if (ret != KNOT_EOK) {
581
		knot_rrset_free(soa_cpy, NULL);
582
		return ret;
583 584
	}

585
	uint32_t old_serial = knot_soa_serial(soa_cpy->rrs.rdata);
586
	uint32_t new_serial = serial_next(old_serial, serial_policy);
587
	if (serial_compare(old_serial, new_serial) != SERIAL_LOWER) {
588
		log_zone_warning(update->zone->name, "updated SOA serial is lower "
589
		                 "than current, serial %u -> %u",
590
		                 old_serial, new_serial);
591 592
		ret = KNOT_ESOAINVAL;
	} else {
593
		knot_soa_serial_set(soa_cpy->rrs.rdata, new_serial);
594

595 596
		ret = zone_update_add(update, soa_cpy);
	}
597
	knot_rrset_free(soa_cpy, NULL);
598 599 600 601 602 603 604 605 606 607 608 609

	return ret;
}

int zone_update_increment_soa(zone_update_t *update, conf_t *conf)
{
	if (update == NULL || conf == NULL) {
		return KNOT_EINVAL;
	}

	conf_val_t val = conf_zone_get(conf, C_SERIAL_POLICY, update->zone->name);
	return set_new_soa(update, conf_opt(&val));
610 611
}

Libor Peltan's avatar
Libor Peltan committed
612
static int commit_incremental(conf_t *conf, zone_update_t *update)
613
{
614
	assert(update);
615

616
	int ret = KNOT_EOK;
Libor Peltan's avatar
Libor Peltan committed
617
	if (zone_update_to(update) == NULL && !changeset_empty(&update->change)) {
618
		/* No SOA in the update, create one according to the current policy */
619
		ret = zone_update_increment_soa(update, conf);
620
		if (ret != KNOT_EOK) {
621
			zone_update_clear(update);
622 623
			return ret;
		}
624
	}
625

626 627 628 629 630
	if (zone_update_changed_nsec3param(update)) {
		ret = zone_adjust_full(update->new_cont);
	} else {
		ret = zone_adjust_incremental_update(update);
	}
631 632 633 634
	if (ret != KNOT_EOK) {
		zone_update_clear(update);
		return ret;
	}
635

636
	/* Write changes to journal if all went well. */
637
	conf_val_t val = conf_zone_get(conf, C_JOURNAL_CONTENT, update->zone->name);
Libor Peltan's avatar
Libor Peltan committed
638
	if (conf_opt(&val) != JOURNAL_CONTENT_NONE && !changeset_empty(&update->change)) {
639
		ret = zone_change_store(conf, update->zone, &update->change);
640
		if (ret != KNOT_EOK) {
641 642
			return ret;
		}
643
	}
644 645 646 647

	return KNOT_EOK;
}

Libor Peltan's avatar
Libor Peltan committed
648
static int commit_full(conf_t *conf, zone_update_t *update)
649
{
650 651 652 653 654 655 656 657
	assert(update);

	/* Check if we have SOA. We might consider adding full semantic check here.
	 * But if we wanted full sem-check I'd consider being it controlled by a flag
	 * - to enable/disable it on demand. */
	if (!node_rrtype_exists(update->new_cont->apex, KNOT_RRTYPE_SOA)) {
		return KNOT_ESEMCHECK;
	}
658

Libor Peltan's avatar
Libor Peltan committed
659
	int ret = zone_adjust_full(update->new_cont);
660 661 662 663
	if (ret != KNOT_EOK) {
		zone_update_clear(update);
		return ret;
	}
664

665 666
	/* Store new zone contents in journal. */
	conf_val_t val = conf_zone_get(conf, C_JOURNAL_CONTENT, update->zone->name);
667 668
	unsigned content = conf_opt(&val);
	if (content == JOURNAL_CONTENT_ALL) {
669
		ret = zone_in_journal_store(conf, update->zone, update->new_cont);
670
	} else if (content != JOURNAL_CONTENT_NONE) { // zone_in_journal_store does this automatically
671
		ret = zone_changes_clear(conf, update->zone);
672 673
	}

674
	return ret;
675 676
}

677 678
/*! \brief Routine for calling call_rcu() easier way.
 *
679
 * Consider moving elsewhere, as it has no direct relation to zone-update.
680 681 682
 */
typedef struct {
	struct rcu_head rcuhead;
683 684
	void (*callback)(void *);
	void *ctx;
685
	bool free_ctx;
686 687 688 689
} callrcu_wrapper_t;

static void callrcu_wrapper_cb(struct rcu_head *param)
{
690
	callrcu_wrapper_t *wrap = (callrcu_wrapper_t *)param;
691 692
	wrap->callback(wrap->ctx);
	if (wrap->free_ctx) {
693 694
		free(wrap->ctx);
	}
695
	free(wrap);
696 697 698

	// Trim extra heap.
	mem_trim();
699 700
}

701
/* NOTE: Does nothing if not enough memory. */
702
static void callrcu_wrapper(void *ctx, void *callback, bool free_ctx)
703
{
704
	callrcu_wrapper_t *wrap = calloc(1, sizeof(callrcu_wrapper_t));
705
	if (wrap != NULL) {
706 707
		wrap->callback = callback;
		wrap->ctx = ctx;
708
		wrap->free_ctx = free_ctx;
709 710 711 712
		call_rcu((struct rcu_head *)wrap, callrcu_wrapper_cb);
	}
}

713
int zone_update_commit(conf_t *conf, zone_update_t *update)
714
{
715
	if (conf == NULL || update == NULL) {
716 717 718 719
		return KNOT_EINVAL;
	}

	int ret = KNOT_EOK;
720
	if (update->flags & UPDATE_INCREMENTAL) {
Libor Peltan's avatar
Libor Peltan committed
721 722 723 724 725 726
		if (changeset_empty(&update->change) &&
		    update->zone->contents != NULL && !update->new_cont_deep_copy) {
			changeset_clear(&update->change);
			return KNOT_EOK;
		}
		ret = commit_incremental(conf, update);
727
	} else {
Libor Peltan's avatar
Libor Peltan committed
728
		ret = commit_full(conf, update);
729 730 731
	}
	if (ret != KNOT_EOK) {
		return ret;
732 733
	}

734
	/* Check the zone size. */
735
	conf_val_t val = conf_zone_get(conf, C_MAX_ZONE_SIZE, update->zone->name);
736
	size_t size_limit = conf_int(&val);
737

Libor Peltan's avatar
Libor Peltan committed
738
	if (update->new_cont->size > size_limit) {
739
		/* Recoverable error. */
740 741 742
		return KNOT_EZONESIZE;
	}

743 744 745 746 747 748 749 750
	/* Check if the zone was re-signed upon zone load to ensure proper flush
	 * even if the SOA serial wasn't incremented by re-signing. */
	val = conf_zone_get(conf, C_DNSSEC_SIGNING, update->zone->name);
	bool dnssec = conf_bool(&val);
	if (!changeset_empty(&update->change) && dnssec) {
		update->zone->zonefile.resigned = true;
	}

751
	/* Switch zone contents. */
752
	zone_contents_t *old_contents;
Libor Peltan's avatar
Libor Peltan committed
753
	old_contents = zone_switch_contents(update->zone, update->new_cont);
754 755 756

	/* Sync RCU. */
	if (update->flags & UPDATE_FULL) {
757
		assert(update->new_cont_deep_copy);
758
		callrcu_wrapper(old_contents, zone_contents_deep_free, false);
759
	} else if (update->flags & UPDATE_INCREMENTAL) {
760
		if (update->new_cont_deep_copy) {
761
			callrcu_wrapper(old_contents, zone_contents_deep_free, false);
762
		} else {
763
			callrcu_wrapper(old_contents, update_free_zone, false);
764
		}
765
		changeset_clear(&update->change);
766
	}
767
	callrcu_wrapper(update->a_ctx, update_cleanup, true);
768
	update->a_ctx = NULL;
769
	update->new_cont = NULL;
770

771 772 773 774 775 776
	/* Sync zonefile immediately if configured. */
	val = conf_zone_get(conf, C_ZONEFILE_SYNC, update->zone->name);
	if (conf_int(&val) == 0) {
		zone_events_schedule_now(update->zone, ZONE_EVENT_FLUSH);
	}

777
	return KNOT_EOK;
778 779
}

780 781 782 783
static int iter_init_tree_iters(zone_update_iter_t *it, zone_update_t *update,
                                bool nsec3)
{
	/* Set zone iterator. */
784
	zone_contents_t *_contents = update->new_cont;
785 786

	/* Begin iteration. We can safely assume _contents is a valid pointer. */
787
	zone_tree_t *tree = nsec3 ? _contents->nsec3_nodes : _contents->nodes;
788
	it->tree_it = trie_it_begin(tree);
789
	if (it->tree_it == NULL) {
790 791 792
		return KNOT_ENOMEM;
	}

793
	it->cur_node = (zone_node_t *)(*trie_it_val(it->tree_it));
794

795 796 797
	return KNOT_EOK;
}

798
static int iter_get_next_node(zone_update_iter_t *it)
799
{
800 801 802
	trie_it_next(it->tree_it);
	if (trie_it_finished(it->tree_it)) {
		trie_it_free(it->tree_it);
803 804
		it->tree_it = NULL;
		it->cur_node = NULL;
805 806 807
		return KNOT_ENOENT;
	}

808
	it->cur_node = (zone_node_t *)(*trie_it_val(it->tree_it));
809 810 811 812 813 814 815 816 817 818 819 820 821 822 823

	return KNOT_EOK;
}

static int iter_init(zone_update_iter_t *it, zone_update_t *update, const bool nsec3)
{
	memset(it, 0, sizeof(*it));

	it->update = update;
	it->nsec3 = nsec3;
	int ret = iter_init_tree_iters(it, update, nsec3);
	if (ret != KNOT_EOK) {
		return ret;
	}

824
	it->cur_node = (zone_node_t *)(*trie_it_val(it->tree_it));
825 826 827 828 829 830

	return KNOT_EOK;
}

int zone_update_iter(zone_update_iter_t *it, zone_update_t *update)
{
831 832 833 834
	if (it == NULL || update == NULL) {
		return KNOT_EINVAL;
	}

835 836 837 838 839
	return iter_init(it, update, false);
}

int zone_update_iter_nsec3(zone_update_iter_t *it, zone_update_t *update)
{
840 841 842 843
	if (it == NULL || update == NULL) {
		return KNOT_EINVAL;
	}

844 845
	if (update->flags & UPDATE_FULL) {
		if (update->new_cont->nsec3_nodes == NULL) {
846
			/* No NSEC3 tree. */
847 848 849 850 851
			return KNOT_ENOENT;
		}
	} else {
		if (update->change.add->nsec3_nodes == NULL &&
		    update->change.remove->nsec3_nodes == NULL) {
852
			/* No NSEC3 changes. */
853 854 855 856 857 858 859 860 861 862 863 864 865
			return KNOT_ENOENT;
		}
	}

	return iter_init(it, update, true);
}

int zone_update_iter_next(zone_update_iter_t *it)
{
	if (it == NULL) {
		return KNOT_EINVAL;
	}

866 867
	if (it->tree_it != NULL) {
		int ret = iter_get_next_node(it);
868 869 870 871 872 873 874 875 876 877
		if (ret != KNOT_EOK && ret != KNOT_ENOENT) {
			return ret;
		}
	}

	return KNOT_EOK;
}

const zone_node_t *zone_update_iter_val(zone_update_iter_t *it)
{
878
	if (it != NULL) {
879
		return it->cur_node;
880 881 882 883 884
	} else {
		return NULL;
	}
}

885
void zone_update_iter_finish(zone_update_iter_t *it)
886
{
887
	if (it == NULL) {
888
		return;
889 890
	}

891
	trie_it_free(it->tree_it);
892 893
}

894
bool zone_update_no_change(zone_update_t *update)
895
{
896 897 898 899
	if (update == NULL) {
		return true;
	}

900 901 902
	if (update->flags & UPDATE_INCREMENTAL) {
		return changeset_empty(&update->change);
	} else {
903 904 905
		/* This branch does not make much sense and FULL update will most likely
		 * be a change every time anyway, just return false. */
		return false;
906
	}
907
}