int nmlabs;
size_t nmlen;
struct del_info inf;
- int idx;
if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
return;
/* delete all RRs and key entries from zone */
slabhash_traverse(worker->env.msg_cache, 1, &zone_del_msg, &inf);
/* and validator cache */
- idx = modstack_find(&worker->daemon->mods, "validator");
- if(idx != -1) {
- struct val_env* ve = (struct val_env*)worker->env.modinfo[idx];
- slabhash_traverse(ve->kcache->slab, 1, &zone_del_kcache, &inf);
+ if(worker->env.key_cache) {
+ slabhash_traverse(worker->env.key_cache->slab, 1,
+ &zone_del_kcache, &inf);
}
free(nm);
1 September 2009: Wouter
- testbound variable arithmetic.
- autotrust probe time is randomised.
+ - autotrust: the probe is active and does not fetch from cache.
31 August 2009: Wouter
- testbound variable processing.
time_passes(struct replay_runtime* runtime, struct replay_moment* mom)
{
struct fake_timer *t;
- timeval_add(&runtime->now_tv, &mom->elapse);
+ struct timeval tv = mom->elapse;
+ if(mom->string) {
+ char* xp = macro_process(runtime->vars, runtime, mom->string);
+ double sec;
+ if(!xp) fatal_exit("could not macro expand %s", mom->string);
+ verbose(VERB_ALGO, "EVAL %s", mom->string);
+ sec = atof(xp);
+ tv.tv_sec = (int)sec;
+ tv.tv_usec = (int)((sec - (double)tv.tv_sec) *1000000. + 0.5);
+ }
+ timeval_add(&runtime->now_tv, &tv);
runtime->now_secs = (uint32_t)runtime->now_tv.tv_sec;
#ifndef S_SPLINT_S
log_info("elapsed %d.%6.6d now %d.%6.6d",
- (int)mom->elapse.tv_sec, (int)mom->elapse.tv_usec,
+ (int)tv.tv_sec, (int)tv.tv_usec,
(int)runtime->now_tv.tv_sec, (int)runtime->now_tv.tv_usec);
#endif
/* see if any timers have fired; and run them */
mom->evt_type = repevt_timeout;
} else if(parse_keyword(&remain, "TIME_PASSES")) {
mom->evt_type = repevt_time_passes;
+ while(isspace((int)*remain))
+ remain++;
+ if(parse_keyword(&remain, "EVAL")) {
+ while(isspace((int)*remain))
+ remain++;
+ mom->string = strdup(remain);
+ if(!mom->string) fatal_exit("out of memory");
+ mom->string[strlen(mom->string)-1]=0;
+ remain += strlen(mom->string);
+ }
} else if(parse_keyword(&remain, "CHECK_AUTOTRUST")) {
mom->evt_type = repevt_autotrust_check;
while(isspace((int)*remain))
* o TIMEOUT
* o TIME_PASSES ELAPSE [seconds] - increase 'now' time counter, can be
* a floating point number.
+ * TIME_PASSES EVAL [macro] - expanded for seconds to move time.
* o CHECK_AUTOTRUST [id] - followed by FILE_BEGIN [to match] FILE_END.
* The file contents is macro expanded before match.
* o ERROR
example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1251100000 ;;Mon Aug 24 09:46:40 2009
FILE_END
+; wait and see if autotrust probes (the unchanged) domain again.
+STEP 40 TIME_PASSES EVAL ${$probe}
+
+; do something to make time pass so that processing is performed.
+STEP 50 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+. IN NS
+ENTRY_END
+
+STEP 60 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. 3600 IN NS k.root-servers.net.
+SECTION ADDITIONAL
+k.root-servers.net. 3600 IN A 193.0.14.129
+ENTRY_END
+
+STEP 65 ASSIGN probe2 = ${timeout}
+
+STEP 70 CHECK_AUTOTRUST example.com
+FILE_BEGIN
+; autotrust trust anchor file
+;;id: example.com. 1
+;;last_queried: ${time} ;;${ctime ${time}}
+;;last_success: ${time} ;;${ctime ${time}}
+;;next_probe_time: ${$t0 + $probe + $probe2} ;;${ctime $t0 + $probe + $probe2}
+;;query_failed: 0
+;;query_interval: 5400
+;;retry_time: 3600
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1251100000 ;;Mon Aug 24 09:46:40 2009
+FILE_END
+
SCENARIO_END
#include "util/data/msgparse.h"
struct alloc_cache;
struct rrset_cache;
+struct key_cache;
struct config_file;
struct slabhash;
struct query_info;
struct rrset_cache* rrset_cache;
/** shared infrastructure cache (edns, lameness) */
struct infra_cache* infra_cache;
+ /** shared key cache */
+ struct key_cache* key_cache;
/* --- services --- */
/**
#include "util/random.h"
#include "util/data/msgparse.h"
#include "services/mesh.h"
+#include "services/cache/rrset.h"
+#include "validator/val_kcache.h"
#include "daemon/worker.h"
/** number of times a key must be seen before it can become valid */
return 1; /* trust point unchanged, so exists */
}
+ autr_cleanup_keys(tp);
+ if(!set_next_probe(env, tp, dnskey_rrset))
+ return 0; /* trust point does not exist */
+ verbose(VERB_ALGO, "autotrust: write to disk");
+ autr_write_file(env, tp);
if(changed) {
- autr_cleanup_keys(tp);
- if(!set_next_probe(env, tp, dnskey_rrset))
- return 0; /* trust point does not exist */
- verbose(VERB_ALGO, "autotrust: point changed, write to disk");
- autr_write_file(env, tp);
+ verbose(VERB_ALGO, "autotrust: changed, reassemble");
if(!autr_assemble(tp)) {
log_err("malloc failure assembling autotrust keys");
return 1; /* unchanged */
/* can't hold the lock while mesh_run is processing */
lock_basic_unlock(&tp->lock);
+
+ /* delete the DNSKEY from rrset and key cache so an active probe
+ * is done. First the rrset so another thread does not use it
+ * to recreate the key entry in a race condition. */
+ rrset_cache_remove(env->rrset_cache, qinfo.qname, qinfo.qname_len,
+ qinfo.qtype, qinfo.qclass, 0);
+ key_cache_remove(env->key_cache, qinfo.qname, qinfo.qname_len,
+ qinfo.qclass);
+
if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0,
&probe_answer_cb, env)) {
log_err("out of memory making 5011 probe");
return sizeof(*kcache) + slabhash_get_mem(kcache->slab);
}
+void key_cache_remove(struct key_cache* kcache,
+ uint8_t* name, size_t namelen, uint16_t key_class)
+{
+ struct key_entry_key lookfor;
+ lookfor.entry.key = &lookfor;
+ lookfor.name = name;
+ lookfor.namelen = namelen;
+ lookfor.key_class = key_class;
+ key_entry_hash(&lookfor);
+ slabhash_remove(kcache->slab, lookfor.entry.hash, &lookfor);
+}
*/
void key_cache_insert(struct key_cache* kcache, struct key_entry_key* kkey);
+/**
+ * Remove an entry from the key cache.
+ * @param kcache: the key cache.
+ * @param name: for what name to look; uncompressed wireformat
+ * @param namelen: length of the name.
+ * @param key_class: class of the key.
+ */
+void key_cache_remove(struct key_cache* kcache,
+ uint8_t* name, size_t namelen, uint16_t key_class);
+
/**
* Lookup key entry in the cache. Looks up the closest key entry above the
* given name.
log_err("out of memory");
return 0;
}
+ env->key_cache = val_env->kcache;
if(!anchors_apply_cfg(env->anchors, cfg)) {
log_err("validator: error in trustanchors config");
return 0;
projects / thirdparty / unbound.git / commitdiff
