Commit 222dc761 authored by Marek Vavruša's avatar Marek Vavruša

lib/cache:introduced ranks + insecure flag

parent f7a9ec0c
......@@ -28,6 +28,18 @@ enum kr_cache_tag {
KR_CACHE_USER = 0x80
};
/** Cache entry rank */
enum kr_cache_rank {
KR_RANK_BAD = 0, /* BAD cache, do not use. */
KR_RANK_INSECURE = 1, /* Entry is DNSSEC insecure (e.g. RRSIG not exists). */
KR_RANK_SECURE = 2, /* Entry is DNSSEC valid (e.g. RRSIG exists). */
/* <= Lower 3 bits reserved for various flags. */
KR_RANK_NONAUTH = 8, /* Entry from authority section (i.e. parent-side) */
KR_RANK_AUTH = 16, /* Entry from answer (authoritative data) */
};
/* Compare ranks (ignore flags) */
#define kr_cache_rank_cmp(x, y) (((x) >> 2) - ((y) >> 2))
/**
* Serialized form of the RRSet with inception timestamp and maximum TTL.
*/
......
......@@ -176,7 +176,7 @@ static int stash(knot_layer_t *ctx, knot_pkt_t *pkt)
const bool is_any = knot_pkt_qtype(pkt) == KNOT_RRTYPE_ANY;
int pkt_class = kr_response_classify(pkt);
/* Cache only NODATA/NXDOMAIN or ANY answers. */
if (!(pkt_class & (PKT_NODATA|PKT_NXDOMAIN)) || is_any) {
if (!((pkt_class & (PKT_NODATA|PKT_NXDOMAIN)) || is_any)) {
return ctx->state;
}
uint32_t ttl = packet_ttl(pkt);
......@@ -195,6 +195,7 @@ static int stash(knot_layer_t *ctx, knot_pkt_t *pkt)
struct kr_cache_entry header = {
.timestamp = qry->timestamp.tv_sec,
.ttl = ttl,
.rank = (qry->flags & QUERY_DNSSEC_WANT) ? KR_RANK_SECURE : KR_RANK_INSECURE,
.count = data.len
};
......
......@@ -298,6 +298,7 @@ static int update_delegation(struct kr_request *req, struct kr_query *qry, knot_
} else {
DEBUG_MSG(qry, "<= DS doesn't exist, going insecure\n");
qry->flags &= ~QUERY_DNSSEC_WANT;
qry->flags |= QUERY_DNSSEC_INSECURE;
}
return ret;
}
......
......@@ -39,8 +39,9 @@
X(NO_CACHE , 1 << 9) /**< Do not use expiring cache for lookup. */ \
X(EXPIRING , 1 << 10) /**< Query response is cached, but expiring. */ \
X(ALLOW_LOCAL, 1 << 11) /**< Allow queries to local or private address ranges. */ \
X(DNSSEC_WANT , 1 << 12) /**< Want DNSSEC secured answer. */ \
X(DNSSEC_BOGUS , 1 << 13) /**< Query response is DNSSEC bogus. */ \
X(DNSSEC_WANT, 1 << 12) /**< Want DNSSEC secured answer. */ \
X(DNSSEC_BOGUS, 1 << 13) /**< Query response is DNSSEC bogus. */ \
X(DNSSEC_INSECURE, 1 << 14) /**< Query response is DNSSEC insecure. */ \
/** Query flags */
enum kr_query_flag {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment