zone-size-limit: change ixfr limit, move measure function

3b0faffd · Vitezslav Kriz · 06318a8c · 3b0faffd · 3b0faffd · 3b0faffd
Commit 3b0faffd authored Jul 14, 2016 by Vitezslav Kriz
4 changed files
--- a/src/knot/nameserver/axfr.c
+++ b/src/knot/nameserver/axfr.c
@@ -328,7 +328,7 @@ static int axfr_answer_finalize(struct answer_data *adata)
 	int64_t size_limit = conf_int(&val);

 	if (proc->contents->size > size_limit) {
-		AXFRIN_LOG(LOG_WARNING, "zone size exceeded, limit %ld", size_limit);
+		AXFRIN_LOG(LOG_WARNING, "zone size exceeded");
 		return KNOT_STATE_FAIL;
 	}

@@ -393,9 +393,7 @@ static int axfr_answer_packet(knot_pkt_t *pkt, struct answer_data *adata)
 		}
 		proc->contents->size += knot_rrset_size(&answer_rr[i]);
 		if (proc->contents->size > size_limit) {
-			log_zone_warning(proc->contents->apex->owner,
-			                 "AXFR, incoming, zone size exceeded, "
-			                 "limit %ld", size_limit);
+			AXFRIN_LOG(LOG_WARNING, "zone size exceeded");
 			return KNOT_STATE_FAIL;
 		}
 	}

--- a/src/knot/nameserver/ixfr.c
+++ b/src/knot/nameserver/ixfr.c
@@ -50,8 +50,7 @@ struct ixfr_proc {
 	knot_rrset_t *final_soa;       /* First SOA received via IXFR. */
 	list_t changesets;             /* Processed changesets. */
 	size_t change_count;           /* Count of changesets received. */
-	size_t add_size;               /* Size of records to add */
-	size_t del_size;               /* Size of records to remove */
+	size_t change_size;            /* Size of records to add and remove */
 	zone_t *zone;                  /* Modified zone - for journal access. */
 	knot_mm_t *mm;                 /* Memory context for RR allocations. */
 	struct query_data *qdata;
@@ -364,10 +363,6 @@ static int ixfrin_answer_init(struct answer_data *data)
 	data->ext = proc;
 	data->ext_cleanup = &ixfrin_cleanup;

-	/// \TODO Temporary solution, because not every zone input is checked by
-	/// semantic checks. And zone size is not set properly.
-	zone_contents_measure_size(proc->zone->contents);
-
 	return KNOT_EOK;
 }

@@ -404,8 +399,8 @@ static int ixfrin_finalize(struct answer_data *adata)
 	                               ixfr->zone->name);
 	const int64_t size_limit = conf_int(&val);

-	if (new_contents->size > size_limit) { // secondary check
-		IXFRIN_LOG(LOG_WARNING, "zone size exceeded, limit %ld", size_limit);
+	if (new_contents->size > size_limit) {
+		IXFRIN_LOG(LOG_WARNING, "zone size exceeded");
 		update_rollback(&a_ctx);
 		update_free_zone(&new_contents);
 		return KNOT_STATE_FAIL;
@@ -566,33 +561,25 @@ static int ixfrin_step(const knot_rrset_t *rr, struct ixfr_proc *proc)
 		return solve_start(rr, proc);
 	case IXFR_SOA_DEL:
 		ret = solve_soa_del(rr, proc);
-		if (ret == KNOT_EOK) {
-			proc->del_size += knot_rrset_size(rr);
-		}
-		return ret;
+		break;
 	case IXFR_DEL:
 		ret = solve_del(rr, change, proc->mm);
-		if (ret == KNOT_EOK) {
-			proc->del_size += knot_rrset_size(rr);
-		}
-		return ret;
+		break;
 	case IXFR_SOA_ADD:
 		ret = solve_soa_add(rr, change, proc->mm);
-		if (ret == KNOT_EOK) {
-			proc->add_size += knot_rrset_size(rr);
-		}
-		return ret;
+		break;
 	case IXFR_ADD:
 		ret = solve_add(rr, change, proc->mm);
-		if (ret == KNOT_EOK) {
-			proc->add_size += knot_rrset_size(rr);
-		}
-		return ret;
+		break;
 	case IXFR_DONE:
 		return KNOT_EOK;
 	default:
 		return KNOT_ERROR;
 	}
+	if (ret == KNOT_EOK) {
+		proc->change_size += knot_rrset_size(rr);
+	}
+	return ret;
 }

 /*! \brief Checks whether journal node limit has not been exceeded. */
@@ -626,7 +613,6 @@ static int process_ixfrin_packet(knot_pkt_t *pkt, struct answer_data *adata)
 	conf_val_t val = conf_zone_get(adata->param->conf, C_MAX_ZONE_SIZE,
 	                               ixfr->zone->name);
 	const int64_t size_limit = conf_int(&val);
-	const size_t zone_size = ixfr->zone->contents->size;

 	// Process RRs in the message.
 	const knot_pktsection_t *answer = knot_pkt_section(pkt, KNOT_ANSWER);
@@ -652,17 +638,10 @@ static int process_ixfrin_packet(knot_pkt_t *pkt, struct answer_data *adata)
 			return KNOT_STATE_DONE;
 		}

-		if (ixfr->add_size + ixfr->del_size > 2 * size_limit) {
-			IXFRIN_LOG(LOG_WARNING, "transfer size exceeded, limit %ld",
-			           2 * size_limit);
+		if (ixfr->change_size > 2 * size_limit) {
+			IXFRIN_LOG(LOG_WARNING, "transfer size exceeded");
 		}

-		if (ixfr->add_size > ixfr->del_size &&
-		    (zone_size + ixfr->add_size - ixfr->del_size) > size_limit) {
-			IXFRIN_LOG(LOG_WARNING, "zone size exceeded, limit %ld",
-			           size_limit);
-			return KNOT_STATE_FAIL;
-		}
 	}

 	return KNOT_STATE_CONSUME;

--- a/src/knot/zone/contents.c
+++ b/src/knot/zone/contents.c
@@ -220,6 +220,17 @@ static int adjust_nsec3_pointers(zone_node_t **tnode, void *data)
 	return ret;
 }

+static int measure_size(zone_node_t *node, void *data){
+
+	size_t *size = data;
+	int rrset_count = node->rrset_count;
+	for (int i = 0; i < rrset_count; i++) {
+		knot_rrset_t rrset = node_rrset_at(node, i);
+		*size += knot_rrset_size(&rrset);
+	}
+	return KNOT_EOK;
+}
+
 /*!
 * \brief Adjust normal (non NSEC3) node.
 *
@@ -243,6 +254,8 @@ static int adjust_normal_node(zone_node_t **tnode, void *data)
 		return ret;
 	}

+	measure_size(*tnode, &((zone_adjust_arg_t *)data)->zone->size);
+
 	// Connect nodes to their NSEC3 nodes
 	return adjust_nsec3_pointers(tnode, data);
 }
@@ -274,6 +287,8 @@ static int adjust_nsec3_node(zone_node_t **tnode, void *data)
 	node->prev = args->previous_node;
 	args->previous_node = node;

+	measure_size(*tnode, &args->zone->size);
+
 	return KNOT_EOK;
 }

@@ -980,6 +995,8 @@ static int contents_adjust(zone_contents_t *contents, bool normal)
 		.zone = contents
 	};

+	contents->size = 0;
+
 	ret = adjust_nodes(contents->nodes, &arg,
 	                   normal ? adjust_normal_node : adjust_pointers);
 	if (ret != KNOT_EOK) {
@@ -1130,17 +1147,6 @@ bool zone_contents_is_empty(const zone_contents_t *zone)
 	return !zone || !node_rrtype_exists(zone->apex, KNOT_RRTYPE_SOA);
 }

-static int measure_size(zone_node_t *node, void *data){
-
-	size_t *size = data;
-	int rrset_count = node->rrset_count;
-	for (int i = 0; i < rrset_count; i++) {
-		knot_rrset_t rrset = node_rrset_at(node, i);
-		*size += knot_rrset_size(&rrset);
-	}
-	return KNOT_EOK;
-}
-
 size_t zone_contents_measure_size(zone_contents_t *zone)
 {
 	zone->size = 0;

--- a/src/knot/zone/semantic-check.c
+++ b/src/knot/zone/semantic-check.c
@@ -144,7 +144,6 @@ static int check_rrsig(const zone_node_t *node, semchecks_data_t *data);
 static int check_signed_rrsig(const zone_node_t *node, semchecks_data_t *data);
 static int check_nsec_bitmap(const zone_node_t *node, semchecks_data_t *data);
 static int check_nsec3_presence(const zone_node_t *node, semchecks_data_t *data);
-static int measure_size(const zone_node_t *node, semchecks_data_t *data);

 struct check_function {
 	int (*function)(const zone_node_t *, semchecks_data_t *);
@@ -163,29 +162,11 @@ static const struct check_function CHECK_FUNCTIONS[] = {
 	{check_nsec3_presence, NSEC3},
 	{check_nsec3_opt_out,  NSEC3},
 	{check_nsec_bitmap,    NSEC | NSEC3},
-	{measure_size,         MANDATORY}
 };

 static const int CHECK_FUNCTIONS_LEN = sizeof(CHECK_FUNCTIONS)
                                     / sizeof(struct check_function);

-/*!
- * \biref Measure size of zone
- *
- * Not actual semantic check, but measure size of zone.
- * Zone size is saved into zone_contents structure.
- */
-static int measure_size(const zone_node_t *node, semchecks_data_t *data){
-
-	int rrset_count = node->rrset_count;
-	for (int i = 0; i < rrset_count; i++) {
-		knot_rrset_t rrset = node_rrset_at(node, i);
-
-		data->zone->size += knot_rrset_size(&rrset);
-	}
-	return KNOT_EOK;
-}
-
 /*!
 * \brief Check whether DNSKEY rdata are valid.
 *