Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Knot DNS
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
22
Issues
22
List
Boards
Labels
Service Desk
Milestones
Merge Requests
17
Merge Requests
17
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Knot projects
Knot DNS
Commits
3b0faffd
Commit
3b0faffd
authored
Jul 14, 2016
by
Vitezslav Kriz
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
zone-size-limit: change ixfr limit, move measure function
parent
06318a8c
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
32 additions
and
68 deletions
+32
-68
src/knot/nameserver/axfr.c
src/knot/nameserver/axfr.c
+2
-4
src/knot/nameserver/ixfr.c
src/knot/nameserver/ixfr.c
+13
-34
src/knot/zone/contents.c
src/knot/zone/contents.c
+17
-11
src/knot/zone/semantic-check.c
src/knot/zone/semantic-check.c
+0
-19
No files found.
src/knot/nameserver/axfr.c
View file @
3b0faffd
...
...
@@ -328,7 +328,7 @@ static int axfr_answer_finalize(struct answer_data *adata)
int64_t
size_limit
=
conf_int
(
&
val
);
if
(
proc
->
contents
->
size
>
size_limit
)
{
AXFRIN_LOG
(
LOG_WARNING
,
"zone size exceeded
, limit %ld"
,
size_limit
);
AXFRIN_LOG
(
LOG_WARNING
,
"zone size exceeded
"
);
return
KNOT_STATE_FAIL
;
}
...
...
@@ -393,9 +393,7 @@ static int axfr_answer_packet(knot_pkt_t *pkt, struct answer_data *adata)
}
proc
->
contents
->
size
+=
knot_rrset_size
(
&
answer_rr
[
i
]);
if
(
proc
->
contents
->
size
>
size_limit
)
{
log_zone_warning
(
proc
->
contents
->
apex
->
owner
,
"AXFR, incoming, zone size exceeded, "
"limit %ld"
,
size_limit
);
AXFRIN_LOG
(
LOG_WARNING
,
"zone size exceeded"
);
return
KNOT_STATE_FAIL
;
}
}
...
...
src/knot/nameserver/ixfr.c
View file @
3b0faffd
...
...
@@ -50,8 +50,7 @@ struct ixfr_proc {
knot_rrset_t
*
final_soa
;
/* First SOA received via IXFR. */
list_t
changesets
;
/* Processed changesets. */
size_t
change_count
;
/* Count of changesets received. */
size_t
add_size
;
/* Size of records to add */
size_t
del_size
;
/* Size of records to remove */
size_t
change_size
;
/* Size of records to add and remove */
zone_t
*
zone
;
/* Modified zone - for journal access. */
knot_mm_t
*
mm
;
/* Memory context for RR allocations. */
struct
query_data
*
qdata
;
...
...
@@ -364,10 +363,6 @@ static int ixfrin_answer_init(struct answer_data *data)
data
->
ext
=
proc
;
data
->
ext_cleanup
=
&
ixfrin_cleanup
;
/// \TODO Temporary solution, because not every zone input is checked by
/// semantic checks. And zone size is not set properly.
zone_contents_measure_size
(
proc
->
zone
->
contents
);
return
KNOT_EOK
;
}
...
...
@@ -404,8 +399,8 @@ static int ixfrin_finalize(struct answer_data *adata)
ixfr
->
zone
->
name
);
const
int64_t
size_limit
=
conf_int
(
&
val
);
if
(
new_contents
->
size
>
size_limit
)
{
// secondary check
IXFRIN_LOG
(
LOG_WARNING
,
"zone size exceeded
, limit %ld"
,
size_limit
);
if
(
new_contents
->
size
>
size_limit
)
{
IXFRIN_LOG
(
LOG_WARNING
,
"zone size exceeded
"
);
update_rollback
(
&
a_ctx
);
update_free_zone
(
&
new_contents
);
return
KNOT_STATE_FAIL
;
...
...
@@ -566,33 +561,25 @@ static int ixfrin_step(const knot_rrset_t *rr, struct ixfr_proc *proc)
return
solve_start
(
rr
,
proc
);
case
IXFR_SOA_DEL
:
ret
=
solve_soa_del
(
rr
,
proc
);
if
(
ret
==
KNOT_EOK
)
{
proc
->
del_size
+=
knot_rrset_size
(
rr
);
}
return
ret
;
break
;
case
IXFR_DEL
:
ret
=
solve_del
(
rr
,
change
,
proc
->
mm
);
if
(
ret
==
KNOT_EOK
)
{
proc
->
del_size
+=
knot_rrset_size
(
rr
);
}
return
ret
;
break
;
case
IXFR_SOA_ADD
:
ret
=
solve_soa_add
(
rr
,
change
,
proc
->
mm
);
if
(
ret
==
KNOT_EOK
)
{
proc
->
add_size
+=
knot_rrset_size
(
rr
);
}
return
ret
;
break
;
case
IXFR_ADD
:
ret
=
solve_add
(
rr
,
change
,
proc
->
mm
);
if
(
ret
==
KNOT_EOK
)
{
proc
->
add_size
+=
knot_rrset_size
(
rr
);
}
return
ret
;
break
;
case
IXFR_DONE
:
return
KNOT_EOK
;
default:
return
KNOT_ERROR
;
}
if
(
ret
==
KNOT_EOK
)
{
proc
->
change_size
+=
knot_rrset_size
(
rr
);
}
return
ret
;
}
/*! \brief Checks whether journal node limit has not been exceeded. */
...
...
@@ -626,7 +613,6 @@ static int process_ixfrin_packet(knot_pkt_t *pkt, struct answer_data *adata)
conf_val_t
val
=
conf_zone_get
(
adata
->
param
->
conf
,
C_MAX_ZONE_SIZE
,
ixfr
->
zone
->
name
);
const
int64_t
size_limit
=
conf_int
(
&
val
);
const
size_t
zone_size
=
ixfr
->
zone
->
contents
->
size
;
// Process RRs in the message.
const
knot_pktsection_t
*
answer
=
knot_pkt_section
(
pkt
,
KNOT_ANSWER
);
...
...
@@ -652,17 +638,10 @@ static int process_ixfrin_packet(knot_pkt_t *pkt, struct answer_data *adata)
return
KNOT_STATE_DONE
;
}
if
(
ixfr
->
add_size
+
ixfr
->
del_size
>
2
*
size_limit
)
{
IXFRIN_LOG
(
LOG_WARNING
,
"transfer size exceeded, limit %ld"
,
2
*
size_limit
);
if
(
ixfr
->
change_size
>
2
*
size_limit
)
{
IXFRIN_LOG
(
LOG_WARNING
,
"transfer size exceeded"
);
}
if
(
ixfr
->
add_size
>
ixfr
->
del_size
&&
(
zone_size
+
ixfr
->
add_size
-
ixfr
->
del_size
)
>
size_limit
)
{
IXFRIN_LOG
(
LOG_WARNING
,
"zone size exceeded, limit %ld"
,
size_limit
);
return
KNOT_STATE_FAIL
;
}
}
return
KNOT_STATE_CONSUME
;
...
...
src/knot/zone/contents.c
View file @
3b0faffd
...
...
@@ -220,6 +220,17 @@ static int adjust_nsec3_pointers(zone_node_t **tnode, void *data)
return
ret
;
}
static
int
measure_size
(
zone_node_t
*
node
,
void
*
data
){
size_t
*
size
=
data
;
int
rrset_count
=
node
->
rrset_count
;
for
(
int
i
=
0
;
i
<
rrset_count
;
i
++
)
{
knot_rrset_t
rrset
=
node_rrset_at
(
node
,
i
);
*
size
+=
knot_rrset_size
(
&
rrset
);
}
return
KNOT_EOK
;
}
/*!
* \brief Adjust normal (non NSEC3) node.
*
...
...
@@ -243,6 +254,8 @@ static int adjust_normal_node(zone_node_t **tnode, void *data)
return
ret
;
}
measure_size
(
*
tnode
,
&
((
zone_adjust_arg_t
*
)
data
)
->
zone
->
size
);
// Connect nodes to their NSEC3 nodes
return
adjust_nsec3_pointers
(
tnode
,
data
);
}
...
...
@@ -274,6 +287,8 @@ static int adjust_nsec3_node(zone_node_t **tnode, void *data)
node
->
prev
=
args
->
previous_node
;
args
->
previous_node
=
node
;
measure_size
(
*
tnode
,
&
args
->
zone
->
size
);
return
KNOT_EOK
;
}
...
...
@@ -980,6 +995,8 @@ static int contents_adjust(zone_contents_t *contents, bool normal)
.
zone
=
contents
};
contents
->
size
=
0
;
ret
=
adjust_nodes
(
contents
->
nodes
,
&
arg
,
normal
?
adjust_normal_node
:
adjust_pointers
);
if
(
ret
!=
KNOT_EOK
)
{
...
...
@@ -1130,17 +1147,6 @@ bool zone_contents_is_empty(const zone_contents_t *zone)
return
!
zone
||
!
node_rrtype_exists
(
zone
->
apex
,
KNOT_RRTYPE_SOA
);
}
static
int
measure_size
(
zone_node_t
*
node
,
void
*
data
){
size_t
*
size
=
data
;
int
rrset_count
=
node
->
rrset_count
;
for
(
int
i
=
0
;
i
<
rrset_count
;
i
++
)
{
knot_rrset_t
rrset
=
node_rrset_at
(
node
,
i
);
*
size
+=
knot_rrset_size
(
&
rrset
);
}
return
KNOT_EOK
;
}
size_t
zone_contents_measure_size
(
zone_contents_t
*
zone
)
{
zone
->
size
=
0
;
...
...
src/knot/zone/semantic-check.c
View file @
3b0faffd
...
...
@@ -144,7 +144,6 @@ static int check_rrsig(const zone_node_t *node, semchecks_data_t *data);
static
int
check_signed_rrsig
(
const
zone_node_t
*
node
,
semchecks_data_t
*
data
);
static
int
check_nsec_bitmap
(
const
zone_node_t
*
node
,
semchecks_data_t
*
data
);
static
int
check_nsec3_presence
(
const
zone_node_t
*
node
,
semchecks_data_t
*
data
);
static
int
measure_size
(
const
zone_node_t
*
node
,
semchecks_data_t
*
data
);
struct
check_function
{
int
(
*
function
)(
const
zone_node_t
*
,
semchecks_data_t
*
);
...
...
@@ -163,29 +162,11 @@ static const struct check_function CHECK_FUNCTIONS[] = {
{
check_nsec3_presence
,
NSEC3
},
{
check_nsec3_opt_out
,
NSEC3
},
{
check_nsec_bitmap
,
NSEC
|
NSEC3
},
{
measure_size
,
MANDATORY
}
};
static
const
int
CHECK_FUNCTIONS_LEN
=
sizeof
(
CHECK_FUNCTIONS
)
/
sizeof
(
struct
check_function
);
/*!
* \biref Measure size of zone
*
* Not actual semantic check, but measure size of zone.
* Zone size is saved into zone_contents structure.
*/
static
int
measure_size
(
const
zone_node_t
*
node
,
semchecks_data_t
*
data
){
int
rrset_count
=
node
->
rrset_count
;
for
(
int
i
=
0
;
i
<
rrset_count
;
i
++
)
{
knot_rrset_t
rrset
=
node_rrset_at
(
node
,
i
);
data
->
zone
->
size
+=
knot_rrset_size
(
&
rrset
);
}
return
KNOT_EOK
;
}
/*!
* \brief Check whether DNSKEY rdata are valid.
*
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment