Skip to content
Snippets Groups Projects
Commit 05d97eff authored by Daniel Salzman's avatar Daniel Salzman
Browse files

Merge branch 'nsec3_optim_proof_no_wildc' into 'master'

NSEC3 optimization

See merge request !906
parents 136f0653 b892de18
No related branches found
No related tags found
1 merge request!906NSEC3 optimization
Pipeline #
......@@ -356,19 +356,6 @@ static int put_wildcard_answer(const zone_node_t *wildcard,
return ret;
}
/*!
* \brief Create a wildcard child of a name as a local variable.
*
* \param out Name of the output wariable.
* \param parent Parent of the wildcard.
*/
#define CREATE_WILDCARD(out, parent) \
int size = knot_dname_size(parent); \
if (size < 0 || size > KNOT_DNAME_MAXLEN - 2) return KNOT_EINVAL; \
uint8_t out[2 + size]; \
memcpy(out, "\x01""*", 2); \
memcpy(out + 2, parent, size);
/*!
* \brief Put NSECs for NXDOMAIN error into the response.
*
......@@ -407,7 +394,14 @@ static int put_nsec_nxdomain(const zone_contents_t *zone,
// NOTE: closest may be empty non-terminal and thus not authoritative.
CREATE_WILDCARD(wildcard, closest->owner)
size_t size = knot_dname_size(closest->owner);
if (size > KNOT_DNAME_MAXLEN - 2) {
return KNOT_EINVAL;
}
assert(size > 0);
uint8_t wildcard[2 + size];
memcpy(wildcard, "\x01""*", 2);
memcpy(wildcard + 2, closest->owner, size);
return put_covering_nsec(zone, wildcard, qdata, resp);
}
......@@ -446,9 +440,11 @@ static int put_nsec3_nxdomain(const knot_dname_t *qname,
// NSEC3 covering the (nonexistent) wildcard at the closest encloser.
CREATE_WILDCARD(wildcard, cpe->owner)
if (cpe->nsec3_wildcard_prev == NULL) {
return KNOT_ERROR;
}
return put_covering_nsec3(zone, wildcard, qdata, resp);
return put_nsec3_from_node(cpe->nsec3_wildcard_prev, qdata, resp);
}
/*!
......
......@@ -236,13 +236,30 @@ static int adjust_nsec3_pointers(zone_node_t **tnode, void *data)
zone_adjust_arg_t *args = (zone_adjust_arg_t *)data;
zone_node_t *node = *tnode;
const zone_node_t *ignored;
// Connect to NSEC3 node (only if NSEC3 tree is not empty)
node->nsec3_wildcard_prev = NULL;
uint8_t nsec3_name[KNOT_DNAME_MAXLEN];
int ret = create_nsec3_name(nsec3_name, sizeof(nsec3_name), args->zone,
node->owner);
if (ret == KNOT_EOK) {
node->nsec3_node = zone_tree_get(args->zone->nsec3_nodes, nsec3_name);
// Connect to NSEC3 node proving nonexistence of wildcard.
size_t wildcard_size = knot_dname_size(node->owner) + 2;
if (wildcard_size <= KNOT_DNAME_MAXLEN) {
assert(wildcard_size > 2);
knot_dname_t wildcard[wildcard_size];
memcpy(wildcard, "\x01""*", 2);
memcpy(wildcard + 2, node->owner, wildcard_size - 2);
ret = zone_contents_find_nsec3_for_name(args->zone, wildcard, &ignored,
(const zone_node_t **)&node->nsec3_wildcard_prev);
if (ret == ZONE_NAME_FOUND) {
node->nsec3_wildcard_prev = NULL;
ret = KNOT_EOK;
}
}
} else if (ret == KNOT_ENSEC3PAR) {
node->nsec3_node = NULL;
ret = KNOT_EOK;
......@@ -998,13 +1015,15 @@ static int contents_adjust(zone_contents_t *contents, bool normal)
contents->size = 0;
contents->dnssec = node_rrtype_is_signed(contents->apex, KNOT_RRTYPE_SOA);
ret = adjust_nodes(contents->nodes, &arg,
normal ? adjust_normal_node : adjust_pointers);
// NSEC3 nodes must be adjusted first, because we already need the NSEC3 chain
// to be closed before we adjust NSEC3 pointers in adjust_normal_node
ret = adjust_nodes(contents->nsec3_nodes, &arg, adjust_nsec3_node);
if (ret != KNOT_EOK) {
return ret;
}
ret = adjust_nodes(contents->nsec3_nodes, &arg, adjust_nsec3_node);
ret = adjust_nodes(contents->nodes, &arg,
normal ? adjust_normal_node : adjust_pointers);
if (ret != KNOT_EOK) {
return ret;
}
......
......@@ -40,6 +40,7 @@ typedef struct zone_node {
*/
struct zone_node *prev;
struct zone_node *nsec3_node; /*! NSEC3 node corresponding to this node. */
struct zone_node *nsec3_wildcard_prev; /*! NSEC3 node for proof of wildcard non-existence. */
uint32_t children; /*!< Count of children nodes in DNS hierarchy. */
uint16_t rrset_count; /*!< Number of RRSets stored in the node. */
uint8_t flags; /*!< \ref node_flags enum. */
......
......@@ -2,7 +2,6 @@
example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200
example.com. 3600 NS dns2.example.com.
example.com. 3600 MX 10 mail.example.com.
example.com. 0 NSEC3PARAM 1 0 250 662455DF6C5AB542
example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt
example.com. 3600 DNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0=
example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs=
......
......@@ -2,7 +2,6 @@
example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200
example.com. 3600 NS dns2.example.com.
example.com. 3600 MX 10 mail.example.com.
example.com. 0 NSEC3PARAM 1 0 250 662455DF6C5AB542
example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt
example.com. 3600 DNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0=
example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs=
......
......@@ -2,7 +2,6 @@
example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200
example.com. 3600 NS dns2.example.com.
example.com. 3600 MX 10 mail.example.com.
example.com. 0 NSEC3PARAM 1 0 250 662455DF6C5AB542
example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt
example.com. 3600 DNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0=
example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs=
......
......@@ -2,7 +2,6 @@
example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200
example.com. 3600 NS dns2.example.com.
example.com. 3600 MX 10 mail.example.com.
example.com. 0 NSEC3PARAM 1 0 250 662455DF6C5AB542
example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt
example.com. 3600 DNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0=
example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs=
......
......@@ -2,7 +2,6 @@
example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200
example.com. 3600 NS dns2.example.com.
example.com. 3600 MX 10 mail.example.com.
example.com. 0 NSEC3PARAM 1 0 250 662455DF6C5AB542
example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt
example.com. 3600 DNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0=
example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs=
......
......@@ -2,7 +2,6 @@
example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200
example.com. 3600 NS dns2.example.com.
example.com. 3600 MX 10 mail.example.com.
example.com. 0 NSEC3PARAM 1 0 250 662455DF6C5AB542
example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt
example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs=
example.com. 3600 CDNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0=
......
......@@ -2,7 +2,6 @@
example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200
example.com. 3600 NS dns2.example.com.
example.com. 3600 MX 10 mail.example.com.
example.com. 0 NSEC3PARAM 1 0 250 662455DF6C5AB542
example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt
example.com. 3600 DNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0=
example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs=
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment