From 4f8d428861604bf32a48ab255e7d1b2991c0e87c Mon Sep 17 00:00:00 2001
From: Libor Peltan <libor.peltan@nic.cz>
Date: Thu, 6 Jan 2022 12:12:11 +0100
Subject: [PATCH] timers: remove unneeded last nsec3 resalt
---
scripts/timerdb-info.py | 2 +-
src/knot/dnssec/kasp/kasp_db.c | 24 ++++++++++++-----------
src/knot/events/handlers/dnssec.c | 4 ----
src/knot/events/handlers/nsec3resalt.c | 1 -
src/knot/events/replan.c | 9 +++++++--
src/knot/zone/timers.c | 27 ++++++++++++--------------
src/knot/zone/timers.h | 3 +--
tests/knot/test_zone_timers.c | 4 +---
8 files changed, 35 insertions(+), 39 deletions(-)
diff --git a/scripts/timerdb-info.py b/scripts/timerdb-info.py
index cc503fddb6..419c850d08 100755
--- a/scripts/timerdb-info.py
+++ b/scripts/timerdb-info.py
@@ -48,7 +48,7 @@ class TimerDBInfo:
0x82: ("last_refresh", cls.format_timestamp),
0x83: ("next_refresh", cls.format_timestamp),
# knot >= 2.6
- 0x84: ("last_resalt", cls.format_timestamp),
+ 0x84: ("legacy_resalt", cls.format_timestamp),
0x85: ("next_ds_check", cls.format_timestamp),
# knot >= 2.8
0x86: ("next_ds_push", cls.format_timestamp),
diff --git a/src/knot/dnssec/kasp/kasp_db.c b/src/knot/dnssec/kasp/kasp_db.c
index e8877fc723..c39f503e14 100644
--- a/src/knot/dnssec/kasp/kasp_db.c
+++ b/src/knot/dnssec/kasp/kasp_db.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -376,24 +376,26 @@ int kasp_db_load_nsec3salt(knot_lmdb_db_t *db, const knot_dname_t *zone_name,
{
MDB_val key = make_key_str(KASPDBKEY_NSEC3SALT, zone_name, NULL);
knot_lmdb_txn_t txn = { 0 };
- memset(nsec3salt, 0, sizeof(*nsec3salt));
knot_lmdb_begin(db, &txn, false);
- if (knot_lmdb_find(&txn, &key, KNOT_LMDB_EXACT | KNOT_LMDB_FORCE)) {
- nsec3salt->size = txn.cur_val.mv_size;
- nsec3salt->data = malloc(txn.cur_val.mv_size + 1); // +1 because it can be zero
- if (nsec3salt->data == NULL) {
- txn.ret = KNOT_ENOMEM;
- } else {
- memcpy(nsec3salt->data, txn.cur_val.mv_data, txn.cur_val.mv_size);
+ if (nsec3salt != NULL) {
+ memset(nsec3salt, 0, sizeof(*nsec3salt));
+ if (knot_lmdb_find(&txn, &key, KNOT_LMDB_EXACT | KNOT_LMDB_FORCE)) {
+ nsec3salt->size = txn.cur_val.mv_size;
+ nsec3salt->data = malloc(txn.cur_val.mv_size + 1); // +1 because it can be zero
+ if (nsec3salt->data == NULL) {
+ txn.ret = KNOT_ENOMEM;
+ } else {
+ memcpy(nsec3salt->data, txn.cur_val.mv_data, txn.cur_val.mv_size);
+ }
}
- *(uint8_t *)key.mv_data = KASPDBKEY_NSEC3TIME;
}
+ *(uint8_t *)key.mv_data = KASPDBKEY_NSEC3TIME;
if (knot_lmdb_find(&txn, &key, KNOT_LMDB_EXACT | KNOT_LMDB_FORCE)) {
knot_lmdb_unmake_curval(&txn, "L", salt_created);
}
knot_lmdb_abort(&txn);
free(key.mv_data);
- if (txn.ret != KNOT_EOK) {
+ if (txn.ret != KNOT_EOK && nsec3salt != NULL) {
free(nsec3salt->data);
}
return txn.ret;
diff --git a/src/knot/events/handlers/dnssec.c b/src/knot/events/handlers/dnssec.c
index 4b2d9e3fc2..68df1be4f7 100644
--- a/src/knot/events/handlers/dnssec.c
+++ b/src/knot/events/handlers/dnssec.c
@@ -54,10 +54,6 @@ void event_dnssec_reschedule(conf_t *conf, zone_t *zone,
zone->timers.next_ds_check = now;
}
- if (refresh->last_nsec3resalt) {
- zone->timers.last_resalt = refresh->last_nsec3resalt;
- }
-
zone_events_schedule_at(zone,
ZONE_EVENT_DNSSEC, refresh_at ? (time_t)refresh_at : ignore,
ZONE_EVENT_DS_CHECK, refresh->plan_ds_check ? now : ignore,
diff --git a/src/knot/events/handlers/nsec3resalt.c b/src/knot/events/handlers/nsec3resalt.c
index 6375ad0174..5c01d2edfd 100644
--- a/src/knot/events/handlers/nsec3resalt.c
+++ b/src/knot/events/handlers/nsec3resalt.c
@@ -32,7 +32,6 @@ int event_nsec3resalt(conf_t *conf, zone_t *zone)
ret = knot_dnssec_nsec3resalt(&kctx, true, &salt_changed, &next_resalt);
if (ret == KNOT_EOK && salt_changed != 0) {
zone_events_schedule_now(zone, ZONE_EVENT_DNSSEC);
- zone->timers.last_resalt = kctx.now;
}
kdnssec_ctx_deinit(&kctx);
diff --git a/src/knot/events/replan.c b/src/knot/events/replan.c
index 4c562e1952..7211e2ec5f 100644
--- a/src/knot/events/replan.c
+++ b/src/knot/events/replan.c
@@ -16,6 +16,7 @@
#include <assert.h>
+#include "knot/dnssec/kasp/kasp_db.h"
#include "knot/events/replan.h"
#define TIME_CANCEL 0
@@ -126,12 +127,16 @@ void replan_from_timers(conf_t *conf, zone_t *zone)
conf_id_fix_default(&policy);
val = conf_id_get(conf, C_POLICY, C_NSEC3, &policy);
if (conf_bool(&val)) {
- if (zone->timers.last_resalt == 0) {
+ knot_time_t last_resalt = 0;
+ if (knot_lmdb_open(zone_kaspdb(zone)) == KNOT_EOK) {
+ (void)kasp_db_load_nsec3salt(zone_kaspdb(zone), zone->name, NULL, &last_resalt);
+ }
+ if (last_resalt == 0) {
resalt = now;
} else {
val = conf_id_get(conf, C_POLICY, C_NSEC3_SALT_LIFETIME, &policy);
if (conf_int(&val) > 0) {
- resalt = zone->timers.last_resalt + conf_int(&val);
+ resalt = last_resalt + conf_int(&val);
}
}
}
diff --git a/src/knot/zone/timers.c b/src/knot/zone/timers.c
index 3c46d78f30..38f6d4e913 100644
--- a/src/knot/zone/timers.c
+++ b/src/knot/zone/timers.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -48,17 +48,16 @@
* Valid ID starts with '1' in MSB to avoid conflicts with "old timers".
*/
enum timer_id {
- TIMER_INVALID = 0,
- TIMER_SOA_EXPIRE = 0x80,
- TIMER_LAST_FLUSH,
- TIMER_LAST_REFRESH,
- TIMER_NEXT_REFRESH,
- TIMER_LAST_RESALT,
- TIMER_NEXT_DS_CHECK,
- TIMER_NEXT_DS_PUSH,
- TIMER_CATALOG_MEMBER,
- TIMER_LAST_NOTIFIED,
- TIMER_LAST_REFR_OK,
+ TIMER_INVALID = 0,
+ TIMER_SOA_EXPIRE = 0x80,
+ TIMER_LAST_FLUSH = 0x81,
+ TIMER_LAST_REFRESH = 0x82,
+ TIMER_NEXT_REFRESH = 0x83,
+ TIMER_NEXT_DS_CHECK = 0x85,
+ TIMER_NEXT_DS_PUSH = 0x86,
+ TIMER_CATALOG_MEMBER = 0x87,
+ TIMER_LAST_NOTIFIED = 0x88,
+ TIMER_LAST_REFR_OK = 0x89,
};
#define TIMER_SIZE (sizeof(uint8_t) + sizeof(uint64_t))
@@ -88,7 +87,6 @@ static int deserialize_timers(zone_timers_t *timers_ptr,
case TIMER_NEXT_REFRESH: timers.next_refresh = value; break;
case TIMER_LAST_REFR_OK: timers.last_refresh_ok = value; break;
case TIMER_LAST_NOTIFIED: timers.last_notified_serial = value; break;
- case TIMER_LAST_RESALT: timers.last_resalt = value; break;
case TIMER_NEXT_DS_CHECK: timers.next_ds_check = value; break;
case TIMER_NEXT_DS_PUSH: timers.next_ds_push = value; break;
case TIMER_CATALOG_MEMBER: timers.catalog_member = value; break;
@@ -110,14 +108,13 @@ static void txn_write_timers(knot_lmdb_txn_t *txn, const knot_dname_t *zone,
const zone_timers_t *timers)
{
MDB_val k = { knot_dname_size(zone), (void *)zone };
- MDB_val v = knot_lmdb_make_key("BLBLBLBLBLBLBLBLBLBL",
+ MDB_val v = knot_lmdb_make_key("BLBLBLBLBLBLBLBLBL",
TIMER_SOA_EXPIRE, (uint64_t)timers->soa_expire,
TIMER_LAST_FLUSH, (uint64_t)timers->last_flush,
TIMER_LAST_REFRESH, (uint64_t)timers->last_refresh,
TIMER_NEXT_REFRESH, (uint64_t)timers->next_refresh,
TIMER_LAST_REFR_OK, (uint64_t)timers->last_refresh_ok,
TIMER_LAST_NOTIFIED, timers->last_notified_serial,
- TIMER_LAST_RESALT, (uint64_t)timers->last_resalt,
TIMER_NEXT_DS_CHECK, (uint64_t)timers->next_ds_check,
TIMER_NEXT_DS_PUSH, (uint64_t)timers->next_ds_push,
TIMER_CATALOG_MEMBER,(uint64_t)timers->catalog_member);
diff --git a/src/knot/zone/timers.h b/src/knot/zone/timers.h
index 0fb619fcb2..aff31959f4 100644
--- a/src/knot/zone/timers.h
+++ b/src/knot/zone/timers.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -33,7 +33,6 @@ struct zone_timers {
time_t next_refresh; //!< Next zone refresh attempt.
bool last_refresh_ok; //!< Last zone refresh attempt was successful.
uint64_t last_notified_serial; //!< SOA serial of last successful NOTIFY; (1<<32) if none.
- time_t last_resalt; //!< Last NSEC3 resalt.
time_t next_ds_check; //!< Next parent DS check.
time_t next_ds_push; //!< Next DDNS to parent zone with updated DS record.
time_t catalog_member; //!< This catalog member zone created.
diff --git a/tests/knot/test_zone_timers.c b/tests/knot/test_zone_timers.c
index 0c137ac6d8..06637757fd 100644
--- a/tests/knot/test_zone_timers.c
+++ b/tests/knot/test_zone_timers.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -31,7 +31,6 @@ static const zone_timers_t MOCK_TIMERS = {
.next_refresh = 1474559960,
.last_notified_serial = 0,
.last_flush = 1,
- .last_resalt = 2,
.next_ds_check = 1474559961,
.next_ds_push = 1474559962,
.catalog_member = 1474559963,
@@ -44,7 +43,6 @@ static bool timers_eq(const zone_timers_t *a, const zone_timers_t *b)
a->next_refresh == b->next_refresh &&
a->last_notified_serial == b->last_notified_serial &&
a->last_flush == b->last_flush &&
- a->last_resalt == b->last_resalt &&
a->next_ds_check == b->next_ds_check &&
a->next_ds_push == b->next_ds_push &&
a->catalog_member == b->catalog_member;
--
GitLab