Commit 98451f56 authored by Marek Vavruša's avatar Marek Vavruša

Merge branch 'rr_refactor' into 'master'

RRSet refactoring - remove RRSIGs, custom memory allocator

- `rrset->rrsigs` removed + code removal where applicable
- mem_ctx_t added to RRSet API, only used in pkt.c now

## State of the review

Up to `nsec_proofs.c`
parents 8ab8b439 78571df0
......@@ -154,8 +154,8 @@ src/knot/zone/zone-diff.c
src/knot/zone/zone-diff.h
src/knot/zone/zone-dump.c
src/knot/zone/zone-dump.h
src/knot/zone/zone-load.c
src/knot/zone/zone-load.h
src/knot/zone/zone-create.c
src/knot/zone/zone-create.h
src/knot/zone/zone-tree.c
src/knot/zone/zone-tree.h
src/knot/zone/zone.c
......
......@@ -264,8 +264,8 @@ libknotd_la_SOURCES = \
knot/zone/zone-diff.h \
knot/zone/zone-dump.c \
knot/zone/zone-dump.h \
knot/zone/zone-load.c \
knot/zone/zone-load.h \
knot/zone/zone-create.c \
knot/zone/zone-create.h \
knot/zone/zone-tree.c \
knot/zone/zone-tree.h \
knot/zone/zone.c \
......
......@@ -35,6 +35,47 @@ static void *mm_malloc(void *ctx, size_t n)
return malloc(n);
}
void *mm_alloc(mm_ctx_t *mm, size_t size)
{
if (mm) {
return mm->alloc(mm->ctx, size);
} else {
return malloc(size);
}
}
void *mm_realloc(mm_ctx_t *mm, void *what, size_t size, size_t prev_size)
{
if (mm) {
void *p = mm->alloc(mm->ctx, size);
if (knot_unlikely(p == NULL)) {
return NULL;
} else {
if (what) {
memcpy(p, what,
prev_size < size ? prev_size : size);
}
if (mm->free) {
mm->free(what);
}
return p;
}
} else {
return realloc(what, size);
}
}
void mm_free(mm_ctx_t *mm, void *what)
{
if (mm) {
if (mm->free) {
mm->free(what);
}
} else {
free(what);
}
}
void mm_ctx_init(mm_ctx_t *mm)
{
mm->ctx = NULL;
......
......@@ -43,6 +43,12 @@ typedef struct mm_ctx {
mm_alloc_t alloc;
mm_free_t free;
} mm_ctx_t;
/*! \brief Allocs using 'mm' if any, uses system malloc() otherwise. */
void *mm_alloc(mm_ctx_t *mm, size_t size);
/*! \brief Reallocs using 'mm' if any, uses system realloc() otherwise. */
void *mm_realloc(mm_ctx_t *mm, void *what, size_t size, size_t prev_size);
/*! \brief Frees using 'mm' if any, uses system free() otherwise. */
void mm_free(mm_ctx_t *mm, void *what);
/*! \brief Initialize default memory allocation context. */
void mm_ctx_init(mm_ctx_t *mm);
......
......@@ -31,7 +31,7 @@
#include "knot/ctl/process.h"
#include "knot/ctl/remote.h"
#include "knot/conf/conf.h"
#include "knot/zone/zone-load.h"
#include "knot/zone/zone-create.h"
#include "knot/server/tcp-handler.h"
#include "libknot/packet/wire.h"
#include "knot/server/zone-load.h"
......@@ -124,7 +124,8 @@ static int cmd_remote_print_reply(const knot_rrset_t *rr)
return KNOT_EMALF;
}
for (uint16_t i = 0; i < knot_rrset_rdata_rr_count(rr); i++) {
uint16_t rr_count = knot_rrset_rr_count(rr);
for (uint16_t i = 0; i < rr_count; i++) {
/* Parse TXT. */
remote_print_txt(rr, i);
}
......@@ -216,7 +217,7 @@ static int cmd_remote(const char *cmd, uint16_t rrt, int argc, char *argv[])
int res = knot_pkt_put(pkt, 0, rr, KNOT_PF_FREE);
if (res != KNOT_EOK) {
log_server_error("Couldn't create the query.\n");
knot_rrset_deep_free(&rr, 1);
knot_rrset_deep_free(&rr, 1, NULL);
knot_pkt_free(&pkt);
return 1;
}
......
......@@ -98,7 +98,8 @@ static int remote_rdata_apply(server_t *s, remote_cmdargs_t* a, remote_zonef_t *
continue;
}
for (uint16_t i = 0; i < knot_rrset_rdata_rr_count(rr); i++) {
uint16_t rr_count = knot_rrset_rr_count(rr);
for (uint16_t i = 0; i < rr_count; i++) {
const knot_dname_t *dn = knot_rdata_ns_name(rr, i);
rcu_read_lock();
zone = knot_zonedb_find(s->zone_db, dn);
......@@ -510,7 +511,7 @@ static int remote_send_chunk(int c, knot_pkt_t *query, const char* d, uint16_t l
ret = knot_pkt_put(resp, 0, rr, KNOT_PF_FREE);
if (ret != KNOT_EOK) {
knot_rrset_deep_free(&rr, 1);
knot_rrset_deep_free(&rr, 1, NULL);
goto failed;
}
......@@ -719,25 +720,6 @@ knot_pkt_t* remote_query(const char *query, const knot_tsig_key_t *key)
return pkt;
}
int remote_query_append(knot_pkt_t *qry, knot_rrset_t *data)
{
if (!qry || !data) {
return KNOT_EINVAL;
}
uint8_t *sp = qry->wire + qry->size;
uint16_t rrs = 0;
size_t bsize = 0;
int ret = knot_rrset_to_wire(data, sp, &bsize, qry->max_size, &rrs, 0);
if (ret == KNOT_EOK) {
knot_wire_add_nscount(qry->wire, rrs);
}
/* Finalize packet size. */
qry->size += bsize;
return KNOT_EOK;
}
int remote_query_sign(uint8_t *wire, size_t *size, size_t maxlen,
const knot_tsig_key_t *key)
{
......@@ -771,7 +753,7 @@ knot_rrset_t* remote_build_rr(const char *k, uint16_t t)
}
/* Create RRSet. */
knot_rrset_t *rr = knot_rrset_new(key, t, KNOT_CLASS_CH, 0);
knot_rrset_t *rr = knot_rrset_new(key, t, KNOT_CLASS_CH, NULL);
if (rr == NULL)
knot_dname_free(&key);
......@@ -787,7 +769,7 @@ int remote_create_txt(knot_rrset_t *rr, const char *v, size_t v_len)
/* Number of chunks. */
const size_t K = 255;
unsigned chunks = v_len / K + 1;
uint8_t *raw = knot_rrset_create_rdata(rr, v_len + chunks);
uint8_t *raw = knot_rrset_create_rr(rr, v_len + chunks, 0, NULL);
/* Write TXT item. */
unsigned p = 0;
......@@ -821,7 +803,7 @@ int remote_create_ns(knot_rrset_t *rr, const char *d)
/* Build RDATA. */
int dn_size = knot_dname_size(dn);
int result = knot_rrset_add_rdata(rr, dn, dn_size);
int result = knot_rrset_add_rr(rr, dn, dn_size, 0, NULL);
knot_dname_free(&dn);
return result;
......@@ -829,15 +811,15 @@ int remote_create_ns(knot_rrset_t *rr, const char *d)
int remote_print_txt(const knot_rrset_t *rr, uint16_t i)
{
if (!rr || knot_rrset_rdata_rr_count(rr) < 1) {
if (!rr || knot_rrset_rr_count(rr) < 1) {
return -1;
}
/* Packet parser should have already checked the packet validity. */
char buf[256];
uint16_t parsed = 0;
uint16_t rlen = rrset_rdata_item_size(rr, i);
uint8_t *p = knot_rrset_get_rdata(rr, i);
uint16_t rlen = knot_rrset_rr_size(rr, i);
uint8_t *p = knot_rrset_rr_rdata(rr, i);
while (parsed < rlen) {
memcpy(buf, (const char*)(p+1), *p);
buf[*p] = '\0';
......
......@@ -33,17 +33,12 @@ static knot_rrset_t *create_nsec_rrset(const knot_node_t *,
/*!
* \brief Returns true if NSEC is only RRSet in node.
*
* To be totally correct, we should also check for standalone RRSIGs, but this
* function is only used when fixing NSEC chain after DDNS and thus no
* standalone RRSIGs should be present, as they are removed automatically with
* the RRSets that they cover. \see knot_nsec_only_nsec_and_rrsigs_in_node().
*/
static bool only_nsec_in_node(const knot_node_t *n)
{
assert(n);
return n->rrset_count == 1 && knot_node_rrset(n, KNOT_RRTYPE_NSEC);
return n->rrset_count <= 2 && (knot_node_rrset(n, KNOT_RRTYPE_NSEC)
&& knot_node_rrset(n, KNOT_RRTYPE_RRSIG));
}
/*!
......@@ -96,22 +91,21 @@ static int update_nsec(const knot_node_t *from, const knot_node_t *to,
dbg_dnssec_detail("Creating new NSEC for %s\n",
knot_dname_to_str(new_nsec->owner));
// Drop old
int ret = knot_nsec_changeset_remove(nsec_rrset,
out_ch);
int ret = knot_nsec_changeset_remove(from, out_ch);
if (ret != KNOT_EOK) {
knot_rrset_deep_free(&new_nsec, 1);
knot_rrset_deep_free(&new_nsec, 1, NULL);
return ret;
}
// Add new
ret = knot_changeset_add_rrset(out_ch, new_nsec,
KNOT_CHANGESET_ADD);
if (ret != KNOT_EOK) {
knot_rrset_deep_free(&new_nsec, 1);
knot_rrset_deep_free(&new_nsec, 1, NULL);
return ret;
}
} else {
// All good, no need to update
knot_rrset_deep_free(&new_nsec, 1);
knot_rrset_deep_free(&new_nsec, 1, NULL);
return KNOT_EOK;
}
} else if (new_nsec) {
......@@ -119,15 +113,14 @@ static int update_nsec(const knot_node_t *from, const knot_node_t *to,
int ret = knot_changeset_add_rrset(out_ch, new_nsec,
KNOT_CHANGESET_ADD);
if (ret != KNOT_EOK) {
knot_rrset_deep_free(&new_nsec, 1);
knot_rrset_deep_free(&new_nsec, 1, NULL);
return ret;
}
} else {
// Drop old, no longer needed
int ret = knot_nsec_changeset_remove(nsec_rrset,
out_ch);
int ret = knot_nsec_changeset_remove(from, out_ch);
if (ret != KNOT_EOK) {
knot_rrset_deep_free(&new_nsec, 1);
knot_rrset_deep_free(&new_nsec, 1, NULL);
return ret;
}
}
......@@ -156,7 +149,7 @@ static knot_rrset_t *create_nsec_rrset(const knot_node_t *from,
knot_dname_t *owner_cpy = knot_dname_copy(from->owner);
knot_rrset_t *rrset = knot_rrset_new(owner_cpy,
KNOT_RRTYPE_NSEC, KNOT_CLASS_IN,
ttl);
NULL);
if (!rrset) {
return NULL;
}
......@@ -174,7 +167,7 @@ static knot_rrset_t *create_nsec_rrset(const knot_node_t *from,
assert(to->owner);
size_t next_owner_size = knot_dname_size(to->owner);
size_t rdata_size = next_owner_size + bitmap_size(&rr_types);
uint8_t *rdata = knot_rrset_create_rdata(rrset, rdata_size);
uint8_t *rdata = knot_rrset_create_rr(rrset, rdata_size, ttl, NULL);
if (!rdata) {
knot_rrset_free(&rrset);
return NULL;
......@@ -219,8 +212,7 @@ static int connect_nsec_nodes(knot_node_t *a, knot_node_t *b,
*/
if (old_next_nsec != NULL
&& knot_nsec_only_nsec_and_rrsigs_in_node(b)) {
ret = knot_nsec_changeset_remove(old_next_nsec,
data->changeset);
ret = knot_nsec_changeset_remove(b, data->changeset);
if (ret != KNOT_EOK) {
return ret;
}
......@@ -241,7 +233,7 @@ static int connect_nsec_nodes(knot_node_t *a, knot_node_t *b,
KNOT_RRSET_COMPARE_WHOLE)) {
// current NSEC is valid, do nothing
dbg_dnssec_detail("NSECs equal.\n");
knot_rrset_deep_free(&new_nsec, 1);
knot_rrset_deep_free(&new_nsec, 1, NULL);
return KNOT_EOK;
}
......@@ -249,9 +241,9 @@ static int connect_nsec_nodes(knot_node_t *a, knot_node_t *b,
// current NSEC is invalid, replace it and drop RRSIG
// mark the node, so later we know this NSEC needs new RRSIGs
knot_node_set_replaced_nsec(a);
ret = knot_nsec_changeset_remove(old_nsec, data->changeset);
ret = knot_nsec_changeset_remove(a, data->changeset);
if (ret != KNOT_EOK) {
knot_rrset_deep_free(&new_nsec, 1);
knot_rrset_deep_free(&new_nsec, 1, NULL);
return ret;
}
}
......@@ -280,9 +272,8 @@ static int handle_deleted_node(const knot_node_t *node,
assert(knot_node_is_non_auth(node));
return NSEC_NODE_SKIP;
}
const knot_rrset_t *old_nsec = knot_node_rrset(node, KNOT_RRTYPE_NSEC);
assert(old_nsec);
int ret = knot_nsec_changeset_remove(old_nsec, fix_data->out_ch);
int ret = knot_nsec_changeset_remove(node, fix_data->out_ch);
if (ret != KNOT_EOK) {
return ret;
}
......@@ -292,6 +283,9 @@ static int handle_deleted_node(const knot_node_t *node,
* previous node.
*/
if (fix_data->next_dname == NULL) {
const knot_rrset_t *old_nsec =
knot_node_rrset(node, KNOT_RRTYPE_NSEC);
assert(old_nsec);
fix_data->next_dname =
(knot_dname_t *)knot_rdata_nsec_next(old_nsec);
assert(fix_data->next_dname);
......@@ -619,46 +613,56 @@ int knot_nsec_chain_iterate_fix(hattrie_t *nodes, chain_iterate_fix_cb callback,
/*!
* \brief Add entry for removed NSEC to the changeset.
*/
int knot_nsec_changeset_remove(const knot_rrset_t *oldrr,
int knot_nsec_changeset_remove(const knot_node_t *n,
knot_changeset_t *changeset)
{
if (oldrr == NULL) {
return KNOT_EOK;
}
if (changeset == NULL) {
return KNOT_EINVAL;
}
int result;
// extract copy of NSEC and RRSIG
knot_rrset_t *old_nsec = NULL;
knot_rrset_t *old_rrsigs = NULL;
int result = KNOT_EOK;
result = knot_rrset_deep_copy(oldrr, &old_nsec);
if (result != KNOT_EOK) {
return result;
const knot_rrset_t *nsec = knot_node_rrset(n, KNOT_RRTYPE_NSEC);
if (nsec == NULL) {
nsec = knot_node_rrset(n, KNOT_RRTYPE_NSEC3);
}
const knot_rrset_t *rrsigs = knot_node_rrset(n, KNOT_RRTYPE_RRSIG);
old_rrsigs = old_nsec->rrsigs;
old_nsec->rrsigs = NULL;
// extract copy of NSEC
knot_rrset_t *old_nsec = NULL;
if (nsec) {
result = knot_rrset_deep_copy(nsec, &old_nsec, NULL);
if (result != KNOT_EOK) {
return result;
}
// update changeset
// update changeset
result = knot_changeset_add_rrset(changeset, old_nsec,
KNOT_CHANGESET_REMOVE);
if (result != KNOT_EOK) {
knot_rrset_deep_free(&old_nsec, 1);
knot_rrset_deep_free(&old_rrsigs, 1);
return result;
result = knot_changeset_add_rrset(changeset, old_nsec,
KNOT_CHANGESET_REMOVE);
if (result != KNOT_EOK) {
knot_rrset_deep_free(&old_nsec, 1, NULL);
return result;
}
}
if (old_rrsigs) {
result = knot_changeset_add_rrset(changeset, old_rrsigs,
if (rrsigs) {
// Sythesize RRSets' RRSIG
knot_rrset_t *synth_rrsigs = NULL;
result = knot_rrset_synth_rrsig(rrsigs->owner, KNOT_RRTYPE_NSEC,
rrsigs, &synth_rrsigs, NULL);
if (result != KNOT_EOK) {
if (result != KNOT_ENOENT) {
return result;
}
return KNOT_EOK;
}
// store RRSIG
result = knot_changeset_add_rrset(changeset, synth_rrsigs,
KNOT_CHANGESET_REMOVE);
if (result != KNOT_EOK) {
knot_rrset_deep_free(&old_rrsigs, 1);
knot_rrset_deep_free(&synth_rrsigs, 1, NULL);
return result;
}
}
......@@ -673,12 +677,10 @@ int knot_nsec_changeset_remove(const knot_rrset_t *oldrr,
bool knot_nsec_only_nsec_and_rrsigs_in_node(const knot_node_t *n)
{
assert(n);
const knot_rrset_t **rrsets = knot_node_rrsets_no_copy(n);
for (int i = 0; i < knot_node_rrset_count(n); ++i) {
if (knot_rrset_type(rrsets[i]) != KNOT_RRTYPE_NSEC
&& knot_rrset_rdata_rr_count(rrsets[i]) > 0) {
for (int i = 0; i < n->rrset_count; ++i) {
if (rrsets[i]->type != KNOT_RRTYPE_NSEC &&
rrsets[i]->type != KNOT_RRTYPE_RRSIG) {
return false;
}
}
......
......@@ -93,8 +93,9 @@ inline static void bitmap_add_node_rrsets(bitmap_t *bitmap,
const knot_rrset_t **node_rrsets = knot_node_rrsets_no_copy(node);
for (int i = 0; i < node->rrset_count; i++) {
const knot_rrset_t *rr = node_rrsets[i];
if (rr->type != KNOT_RRTYPE_NSEC && rr->rdata_count > 0) {
bitmap_add_type(bitmap, node_rrsets[i]->type);
if (rr->type != KNOT_RRTYPE_NSEC &&
rr->type != KNOT_RRTYPE_RRSIG) {
bitmap_add_type(bitmap, rr->type);
}
}
}
......@@ -135,14 +136,14 @@ int knot_nsec_chain_iterate_fix(hattrie_t *nodes,
chain_fix_data_t *data);
/*!
* \brief Add entry for removed NSEC to the changeset.
* \brief Add entry for removed NSEC(3) and its RRSIG to the changeset.
*
* \param oldrr Old NSEC RR set to be removed (including RRSIG).
* \param n Node to extract NSEC(3) from.
* \param changeset Changeset to add the old RR into.
*
* \return Error code, KNOT_EOK if successful.
*/
int knot_nsec_changeset_remove(const knot_rrset_t *oldrr,
int knot_nsec_changeset_remove(const knot_node_t *n,
knot_changeset_t *changeset);
/*!
......
......@@ -47,15 +47,16 @@ inline static bool valid_nsec3_node(const knot_node_t *node)
{
assert(node);
if (node->rrset_count != 1) {
if (node->rrset_count > 2) {
return false;
}
if (node->rrset_tree[0]->type != KNOT_RRTYPE_NSEC3) {
const knot_rrset_t *nsec3 = knot_node_rrset(node, KNOT_RRTYPE_NSEC3);
if (nsec3 == NULL) {
return false;
}
if (node->rrset_tree[0]->rdata_count != 1) {
if (knot_rrset_rr_count(nsec3) != 1) {
return false;
}
......@@ -71,8 +72,8 @@ static bool are_nsec3_nodes_equal(const knot_node_t *a, const knot_node_t *b)
return false;
}
knot_rrset_t *a_rrset = a->rrset_tree[0];
knot_rrset_t *b_rrset = b->rrset_tree[0];
const knot_rrset_t *a_rrset = knot_node_rrset(a, KNOT_RRTYPE_NSEC3);
const knot_rrset_t *b_rrset = knot_node_rrset(b, KNOT_RRTYPE_NSEC3);
return knot_rrset_equal(a_rrset, b_rrset, KNOT_RRSET_COMPARE_WHOLE);
}
......@@ -231,7 +232,8 @@ static bool node_should_be_signed_nsec3(const knot_node_t *n)
{
knot_rrset_t **node_rrsets = knot_node_get_rrsets_no_copy(n);
for (int i = 0; i < n->rrset_count; i++) {
if (node_rrsets[i]->type == KNOT_RRTYPE_NSEC) {
if (node_rrsets[i]->type == KNOT_RRTYPE_NSEC ||
node_rrsets[i]->type == KNOT_RRTYPE_RRSIG) {
continue;
}
bool should_sign = false;
......@@ -316,7 +318,8 @@ static int update_nsec3(const knot_dname_t *from, const knot_dname_t *to,
} else {
assert(old_nsec3);
// Reuse bitmap and data from old NSEC3
int ret = knot_rrset_deep_copy_no_sig(old_nsec3, &gen_nsec3);
int ret = knot_rrset_deep_copy(old_nsec3, &gen_nsec3,
NULL);
if (ret != KNOT_EOK) {
free(binary_next);
return ret;
......@@ -329,7 +332,7 @@ static int update_nsec3(const knot_dname_t *from, const knot_dname_t *to,
if (next_hashed_size != written) {
// Possible algo mismatch
free(binary_next);
knot_rrset_deep_free(&gen_nsec3, 1);
knot_rrset_deep_free(&gen_nsec3, 1, NULL);
return KNOT_ERROR;
}
memcpy(next_hashed, binary_next, next_hashed_size);
......@@ -339,15 +342,15 @@ static int update_nsec3(const knot_dname_t *from, const knot_dname_t *to,
if (old_nsec3 && knot_rrset_equal(old_nsec3, gen_nsec3,
KNOT_RRSET_COMPARE_WHOLE)) {
// Nothing to update
knot_rrset_deep_free(&gen_nsec3, 1);
knot_rrset_deep_free(&gen_nsec3, 1, NULL);
return KNOT_EOK;
} else {
// Drop old
int ret = KNOT_EOK;
if (old_nsec3) {
ret = knot_nsec_changeset_remove(old_nsec3, out_ch);
ret = knot_nsec_changeset_remove(from_node, out_ch);
if (ret != KNOT_EOK) {
knot_rrset_deep_free(&gen_nsec3, 1);
knot_rrset_deep_free(&gen_nsec3, 1, NULL);
return ret;
}
}
......@@ -356,7 +359,7 @@ static int update_nsec3(const knot_dname_t *from, const knot_dname_t *to,
ret = knot_changeset_add_rrset(out_ch, gen_nsec3,
KNOT_CHANGESET_ADD);
if (ret != KNOT_EOK) {
knot_rrset_deep_free(&gen_nsec3, 1);
knot_rrset_deep_free(&gen_nsec3, 1, NULL);
return ret;
}
}
......@@ -408,23 +411,22 @@ static const knot_node_t *zone_last_nsec3_node(const knot_zone_contents_t *z)
* \brief Shallow copy NSEC3 signatures from the one node to the second one.
* Just sets the pointer, needed only for comparison.
*/
static void shallow_copy_signature(const knot_node_t *from, knot_node_t *to)
static int shallow_copy_signature(const knot_node_t *from, knot_node_t *to)
{
assert(valid_nsec3_node(from));
assert(valid_nsec3_node(to));
knot_rrset_t *from_rrset = from->rrset_tree[0];
knot_rrset_t *to_rrset = to->rrset_tree[0];
assert(to_rrset->rrsigs == NULL);
to_rrset->rrsigs = from_rrset->rrsigs;
knot_rrset_t *from_sig = knot_node_get_rrset(from, KNOT_RRTYPE_RRSIG);
if (from_sig == NULL) {
return KNOT_EOK;
}
return knot_node_add_rrset(to, from_sig, NULL);
}
/*!
* \brief Reuse signatatures by shallow copying them from one tree to another.
*/
static void copy_signatures(const knot_zone_tree_t *from, knot_zone_tree_t *to)
static int copy_signatures(const knot_zone_tree_t *from, knot_zone_tree_t *to)
{
assert(from);
assert(to);
......@@ -445,10 +447,14 @@ static void copy_signatures(const knot_zone_tree_t *from, knot_zone_tree_t *to)
continue;
}
shallow_copy_signature(node_from, node_to);
int ret = shallow_copy_signature(node_from, node_to);
if (ret != KNOT_EOK) {
return ret;
}
}
hattrie_iter_free(it);
return KNOT_EOK;
}
/*!
......@@ -466,14 +472,10 @@ static void free_nsec3_tree(knot_zone_tree_t *nodes)
hattrie_iter_t *it = hattrie_iter_begin(nodes, sorted);
for (/* NOP */; !hattrie_iter_finished(it); hattrie_iter_next(it)) {
knot_node_t *node = (knot_node_t *)*hattrie_iter_val(it);
for (int i = 0; i < node->rrset_count; i++) {
// referenced RRSIGs from old NSEC3 tree
node->rrset_tree[i]->rrsigs = NULL;
// newly allocated NSEC3 nodes
knot_rrset_deep_free(&node->rrset_tree[i], 1);
}
// newly allocated NSEC3 nodes
knot_rrset_t *nsec3 = knot_node_get_rrset(node,
KNOT_RRTYPE_NSEC3);
knot_rrset_deep_free(&nsec3, 1, NULL);
knot_node_free(&node);
}
......@@ -554,13 +556,13 @@ static knot_rrset_t *create_nsec3_rrset(knot_dname_t *owner,
assert(rr_types);
knot_rrset_t *rrset;
rrset = knot_rrset_new(owner, KNOT_RRTYPE_NSEC3, KNOT_CLASS_IN, ttl);
rrset = knot_rrset_new(owner, KNOT_RRTYPE_NSEC3, KNOT_CLASS_IN, NULL);
if (!rrset) {
return NULL;
}
size_t rdata_size = nsec3_rdata_size(params, rr_types);
uint8_t *rdata = knot_rrset_create_rdata(rrset, rdata_size);
uint8_t *rdata = knot_rrset_create_rr(rrset, rdata_size, ttl, NULL);
if (!rdata) {
knot_rrset_free(&rrset);
return NULL;
......@@ -732,7 +734,19 @@ static int create_nsec3_nodes(const knot_zone_contents_t *zone, uint32_t ttl,
while (!hattrie_iter_finished(it)) {
knot_node_t *node = (knot_node_t *)*hattrie_iter_val(it);
if (knot_node_is_non_auth(node) || knot_node_is_empty(node)) {
/*!
* Remove possible NSEC from the node. (Do not allow both NSEC
* and NSEC3 in the zone at once.)
*/
result = knot_nsec_changeset_remove(node, chgset);
if (result != KNOT_EOK) {
break;
}
if (knot_node_rrset(node, KNOT_RRTYPE_NSEC)) {
knot_node_set_replaced_nsec(node);
}
if (knot_node_is_non_auth(node)) {
hattrie_iter_next(it);
continue;
}
......@@ -750,16 +764,6 @@ static int create_nsec3_nodes(const knot_zone_contents_t *zone, uint32_t ttl,
break;
}
/*!
* Remove possible NSEC from the node. (Do not allow both NSEC
* and NSEC3 in the zone at once.)
*/
result = knot_nsec_changeset_remove(knot_node_rrset(node,
KNOT_RRTYPE_NSEC), chgset);
if (result != KNOT_EOK) {
break;
}
hattrie_iter_next(it);
}
......@@ -1052,9 +1056,7 @@ static int handle_deleted_node(const knot_node_t *node,
assert(knot_node_is_non_auth(node));
return NSEC_NODE_SKIP;
}
const knot_rrset_t *old_nsec3 = knot_node_rrset(node, KNOT_RRTYPE_NSEC3);
assert(old_nsec3);
int ret = knot_nsec_changeset_remove(old_nsec3, fix_data->out_ch);
int ret = knot_nsec_changeset_remove(node, fix_data->out_ch);
if (ret != KNOT_EOK) {
return ret;
}
......@@ -1064,6 +1066,9 @@ static int handle_deleted_node(const knot_node_t *node,
* previous node.
*/
if (fix_data->next_dname == NULL) {
const knot_rrset_t *old_nsec3 =
knot_node_rrset(node, KNOT_RRTYPE_NSEC3);
assert(old_nsec3);
fix_data->next_dname =
next_dname_from_nsec3_rrset(old_nsec3,
fix_data->zone->apex->owner);
......
......@@ -131,8 +131,10 @@ static int zone_sign(knot_zone_contents_t *zone, conf_zone_t *zone_config,
// update SOA if there were any changes
const knot_rrset_t *soa = knot_node_rrset(zone->apex,
KNOT_RRTYPE_SOA);
const knot_rrset_t *rrsigs = knot_node_rrset(zone->apex,
KNOT_RRTYPE_RRSIG);
assert(soa);
result = knot_zone_sign_update_soa(soa, &zone_keys, &policy,
result = knot_zone_sign_update_soa(soa, rrsigs, &zone_keys, &policy,
new_serial, out_ch);
if (result != KNOT_EOK) {
log_zone_error("%s Cannot update SOA record (%s). Not signing"
......@@ -245,6 +247,8 @@ int knot_dnssec_sign_changeset(const knot_zone_contents_t *zone,
// Update SOA RRSIGs
ret = knot_zone_sign_update_soa(knot_node_rrset(zone->apex,
KNOT_RRTYPE_SOA),
knot_node_rrset(zone->apex,
KNOT_RRTYPE_RRSIG),
&zone_keys, &policy, new_serial,
out_ch);
if (ret != KNOT_EOK) {
......
This diff is collapsed.
......@@ -74,7 +74,7 @@ int knot_zone_sign(const knot_zone_contents_t *zone,
*