Commit 22abf3ae authored by Libor Peltan's avatar Libor Peltan

nsec: removed no longer needed flag

this also fixes the BUG that sometimes a nsec record is MISSING
parent 77e0cb82
......@@ -132,8 +132,6 @@ static int connect_nsec_nodes(zone_node_t *a, zone_node_t *b,
return KNOT_EOK;
}
// Mark the node so that we do not sign this NSEC
a->flags |= NODE_FLAGS_REMOVED_NSEC;
ret = knot_nsec_changeset_remove(a, data->changeset);
if (ret != KNOT_EOK) {
knot_rdataset_clear(&new_nsec.rrs, NULL);
......
......@@ -511,9 +511,6 @@ static int create_nsec3_nodes(const zone_contents_t *zone,
if (result != KNOT_EOK) {
break;
}
if (node_rrtype_exists(node, KNOT_RRTYPE_NSEC)) {
node->flags |= NODE_FLAGS_REMOVED_NSEC;
}
if (node->flags & NODE_FLAGS_NONAUTH || node->flags & NODE_FLAGS_EMPTY) {
trie_it_next(it);
continue;
......
......@@ -58,58 +58,6 @@ static int delete_nsec3_chain(const zone_contents_t *zone, changeset_t *changese
return ret;
}
/*!
* \brief Finds a node with the same owner as the given NSEC3 RRSet and marks it
* as 'removed'.
*
* \param rrset RRSet whose owner will be sought in the zone tree. non-NSEC3
* RRSets are ignored.
* \param nsec3tree NSEC3 tree to search for the node in.
*/
static int mark_nsec3(knot_rrset_t *rrset, zone_tree_t *nsec3_tree)
{
assert(rrset);
assert(nsec3_tree);
if (rrset->type == KNOT_RRTYPE_NSEC3) {
zone_node_t *node = zone_tree_get(nsec3_tree, rrset->owner);
if (node != NULL) {
node->flags |= NODE_FLAGS_REMOVED_NSEC;
}
}
return KNOT_EOK;
}
/*!
* \brief Marks all NSEC3 nodes in zone from which RRSets are to be removed.
*
* For each NSEC3 RRSet in the changeset finds its node and marks it with the
* 'removed' flag.
*/
static int mark_removed_nsec3(const zone_contents_t *zone, changeset_t *ch)
{
if (zone_tree_is_empty(zone->nsec3_nodes)) {
return KNOT_EOK;
}
changeset_iter_t itt;
changeset_iter_rem(&itt, ch);
knot_rrset_t rr = changeset_iter_next(&itt);
while (!knot_rrset_empty(&rr)) {
int ret = mark_nsec3(&rr, zone->nsec3_nodes);
if (ret != KNOT_EOK) {
changeset_iter_clear(&itt);
return ret;
}
rr = changeset_iter_next(&itt);
}
changeset_iter_clear(&itt);
return KNOT_EOK;
}
int knot_nsec3_hash_to_dname(uint8_t *out, size_t out_size, const uint8_t *hash,
size_t hash_size, const knot_dname_t *zone_apex)
......@@ -371,12 +319,6 @@ int knot_zone_create_nsec_chain(zone_update_t *update,
if (ret != KNOT_EOK) {
goto cleanup;
}
// Mark removed NSEC3 nodes, so that they are not signed later.
ret = mark_removed_nsec3(update->new_cont, &ch);
if (ret != KNOT_EOK) {
goto cleanup;
}
}
if (sign_nsec_chain) {
......
......@@ -548,7 +548,6 @@ static int sign_node(zone_node_t **node, void *data)
int result = sign_node_rrsets(*node, args->zone_keys, args->dnssec_ctx,
args->changeset, &args->expires_at);
(*node)->flags &= ~NODE_FLAGS_REMOVED_NSEC;
return result;
}
......@@ -1178,12 +1177,6 @@ bool knot_zone_sign_rr_should_be_signed(const zone_node_t *node,
}
}
// These RRs have their signatures stored in changeset already
if ((node->flags & NODE_FLAGS_REMOVED_NSEC) &&
(rrset->type == KNOT_RRTYPE_NSEC || rrset->type == KNOT_RRTYPE_NSEC3)) {
return false;
}
return true;
}
......
......@@ -23,9 +23,6 @@
int adjust_cb_flags(zone_node_t *node, const zone_contents_t *zone)
{
// clear Removed NSEC flag so that no relicts remain
node->flags &= ~NODE_FLAGS_REMOVED_NSEC;
// check if this node is not a wildcard child of its parent
if (knot_dname_is_wildcard(node->owner)) {
assert(node->parent != NULL);
......
......@@ -75,8 +75,6 @@ enum node_flags {
NODE_FLAGS_DELEG = 1 << 0,
/*! \brief Node is not authoritative (i.e. below a zone cut). */
NODE_FLAGS_NONAUTH = 1 << 1,
/*! \brief NSEC/NSEC3 was removed from this node. */
NODE_FLAGS_REMOVED_NSEC = 1 << 2,
/*! \brief Node is empty and will be deleted after update. */
NODE_FLAGS_EMPTY = 1 << 3,
/*! \brief Node has a wildcard child. */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment