Commit 82a944c1 authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman

adjust/nsec3: only compute dname of wildcard proof, intstead ptr to node

parent eed80ad6
/* Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -35,6 +35,16 @@ inline static bool knot_is_nsec3_enabled(const zone_contents_t *zone)
return zone != NULL && zone->nsec3_params.algorithm != 0;
}
inline static size_t zone_nsec3_hash_len(const zone_contents_t *zone)
{
return knot_is_nsec3_enabled(zone) ? dnssec_nsec3_hash_length(zone->nsec3_params.algorithm) : 0;
}
inline static size_t zone_nsec3_name_len(const zone_contents_t *zone)
{
return 1 + ((zone_nsec3_hash_len(zone) + 4) / 5) * 8 + knot_dname_size(zone->apex->owner);
}
/*!
* \brief Create NSEC3 owner name from hash and zone apex.
*
......
/* Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -439,11 +439,13 @@ static int put_nsec3_nxdomain(const knot_dname_t *qname,
// NSEC3 covering the (nonexistent) wildcard at the closest encloser.
if (cpe->nsec3_wildcard_prev == NULL) {
const zone_node_t *nsec3_wildcard_prev, *ignored;
if (cpe->nsec3_wildcard_name == NULL ||
zone_contents_find_nsec3(zone, cpe->nsec3_wildcard_name, &ignored, &nsec3_wildcard_prev) == ZONE_NAME_FOUND) {
return KNOT_ERROR;
}
return put_nsec3_from_node(cpe->nsec3_wildcard_prev, qdata, resp);
return put_nsec3_from_node(nsec3_wildcard_prev, qdata, resp);
}
/*!
......
/* Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -50,7 +50,6 @@ int adjust_cb_point_to_nsec3(zone_node_t *node, const zone_contents_t *zone)
node->nsec3_node = NULL;
return KNOT_EOK;
}
node->nsec3_wildcard_prev = NULL;
uint8_t nsec3_name[KNOT_DNAME_MAXLEN];
int ret = knot_create_nsec3_owner(nsec3_name, sizeof(nsec3_name), node->owner,
zone->apex->owner, &zone->nsec3_params);
......@@ -62,27 +61,28 @@ int adjust_cb_point_to_nsec3(zone_node_t *node, const zone_contents_t *zone)
int adjust_cb_wildcard_nsec3(zone_node_t *node, const zone_contents_t *zone)
{
free(node->nsec3_wildcard_name);
node->nsec3_wildcard_name = NULL;
if (!knot_is_nsec3_enabled(zone)) {
node->nsec3_wildcard_prev = NULL;
return KNOT_EOK;
}
const zone_node_t *ignored;
int ret = KNOT_EOK;
size_t wildcard_size = knot_dname_size(node->owner) + 2;
size_t wildcard_nsec3 = zone_nsec3_name_len(zone);
if (wildcard_size <= KNOT_DNAME_MAXLEN) {
assert(wildcard_size > 2);
knot_dname_t wildcard[wildcard_size];
memcpy(wildcard, "\x01""*", 2);
memcpy(wildcard + 2, node->owner, wildcard_size - 2);
ret = zone_contents_find_nsec3_for_name(zone, wildcard, &ignored,
(const zone_node_t **)&node->nsec3_wildcard_prev);
if (ret == ZONE_NAME_FOUND) {
node->nsec3_wildcard_prev = NULL;
ret = KNOT_EOK;
}
return KNOT_EOK;
}
return ret;
node->nsec3_wildcard_name = malloc(wildcard_nsec3);
if (node->nsec3_wildcard_name == NULL) {
return KNOT_ENOMEM;
}
assert(wildcard_size > 2);
knot_dname_t wildcard[wildcard_size];
memcpy(wildcard, "\x01""*", 2);
memcpy(wildcard + 2, node->owner, wildcard_size - 2);
return knot_create_nsec3_owner(node->nsec3_wildcard_name, wildcard_nsec3,
wildcard, zone->apex->owner, &zone->nsec3_params);
}
static bool nsec3_params_match(const knot_rdataset_t *rrs,
......
/* Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -579,6 +579,14 @@ int zone_contents_find_nsec3_for_name(const zone_contents_t *zone,
return ret;
}
return zone_contents_find_nsec3(zone, nsec3_name, nsec3_node, nsec3_previous);
}
int zone_contents_find_nsec3(const zone_contents_t *zone,
const knot_dname_t *nsec3_name,
const zone_node_t **nsec3_node,
const zone_node_t **nsec3_previous)
{
zone_node_t *found = NULL, *prev = NULL;
bool match = find_in_tree(zone->nsec3_nodes, nsec3_name, &found, &prev);
......@@ -622,6 +630,19 @@ const zone_node_t *zone_contents_find_wildcard_child(const zone_contents_t *cont
return zone_contents_find_node(contents, wildcard);
}
bool zone_contents_find_node_or_wildcard(const zone_contents_t *contents,
const knot_dname_t *find,
const zone_node_t **found)
{
const zone_node_t *encloser = NULL;
zone_contents_find_dname(contents, find, found, &encloser, NULL);
if (*found == NULL && encloser != NULL && (encloser->flags & NODE_FLAGS_WILDCARD_CHILD)) {
*found = zone_contents_find_wildcard_child(contents, encloser);
assert(*found != NULL);
}
return (*found != NULL);
}
int zone_contents_apply(zone_contents_t *contents,
zone_contents_apply_cb_t function, void *data)
{
......
/* Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -94,6 +94,14 @@ zone_node_t *zone_contents_get_node_for_rr(zone_contents_t *zone, const knot_rrs
*/
const zone_node_t *zone_contents_find_node(const zone_contents_t *contents, const knot_dname_t *name);
/*!
* \brief Find a node in which the given rrset may be inserted,
*
* \param contents Zone contents.
* \param rrset RRSet to be inserted later.
*
* \return Existing node in zone which the RRSet may be inserted in; or NULL if none present.
*/
zone_node_t *zone_contents_find_node_for_rr(zone_contents_t *contents, const knot_rrset_t *rrset);
/*!
......@@ -162,9 +170,47 @@ int zone_contents_find_nsec3_for_name(const zone_contents_t *contents,
const zone_node_t **nsec3_node,
const zone_node_t **nsec3_previous);
/*!
* \brief Finds NSEC3 node and previous NSEC3 node to specified NSEC3 name.
*
* Like previous function, but the NSEC3 hashed-name is already known.
*
* \param zone Zone contents to search in,
* \param nsec3_name NSEC3 name to be searched for.
* \param nsec3_node Out: NSEC3 node found.
* \param nsec3_previous Out: previous NSEC3 node.
*
* \return ZONE_NAME_FOUND, ZONE_NAME_NOT_FOUND, KNOT_E*
*/
int zone_contents_find_nsec3(const zone_contents_t *zone,
const knot_dname_t *nsec3_name,
const zone_node_t **nsec3_node,
const zone_node_t **nsec3_previous);
/*!
* \brief For specified node, give a wildcard child if exists in zone.
*
* \param contents Zone contents.
* \param parent Given parent node.
*
* \return Node being a wildcard child; or NULL.
*/
const zone_node_t *zone_contents_find_wildcard_child(const zone_contents_t *contents,
const zone_node_t *parent);
/*!
* \brief For given name, find either exactly matching node in zone, or a matching wildcard node.
*
* \param contents Zone contents to be searched in.
* \param find Name to be searched for.
* \param found Out: a node that either has owner "find" or is matching wildcard node.
*
* \return true iff found something
*/
bool zone_contents_find_node_or_wildcard(const zone_contents_t *contents,
const knot_dname_t *find,
const zone_node_t **found);
/*!
* \brief Applies the given function to each regular node in the zone.
*
......
/* Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -128,6 +128,7 @@ void node_free(zone_node_t *node, knot_mm_t *mm)
}
knot_dname_free(node->owner, mm);
free(node->nsec3_wildcard_name);
if (node->rrs != NULL) {
mm_free(mm, node->rrs);
......
/* Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -40,7 +40,7 @@ typedef struct zone_node {
*/
struct zone_node *prev;
struct zone_node *nsec3_node; /*! NSEC3 node corresponding to this node. */
struct zone_node *nsec3_wildcard_prev; /*! NSEC3 node for proof of wildcard non-existence. */
knot_dname_t *nsec3_wildcard_name; /*! Name of NSEC3 node proving wildcard nonexistence. */
uint32_t children; /*!< Count of children nodes in DNS hierarchy. */
uint16_t rrset_count; /*!< Number of RRSets stored in the node. */
uint8_t flags; /*!< \ref node_flags enum. */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment