auth: Use a NSECBitmap in NSECXEntry as well

diff --git a/pdns/dnsrecords.hh b/pdns/dnsrecords.hh
index a8d5bb421a0220a2ed938e7d4f1814feba0b8f48..d9f5a18ec4740107e7865e93903d19cc8fee8c47 100644 (file)
--- a/pdns/dnsrecords.hh
+++ b/pdns/dnsrecords.hh
@@ -545,6 +545,28 @@ public:
 class NSECBitmap
 {
 public:
+  NSECBitmap(): d_bitset(nullptr)
+  {
+  }
+  NSECBitmap(const NSECBitmap& rhs): d_set(rhs.d_set)
+  {
+    if (rhs.d_bitset) {
+      d_bitset = std::unique_ptr<std::bitset<nbTypes>>(new std::bitset<nbTypes>(*(rhs.d_bitset)));
+    }
+  }
+  NSECBitmap& operator=(const NSECBitmap& rhs)
+  {
+    d_set = rhs.d_set;
+
+    if (rhs.d_bitset) {
+      d_bitset = std::unique_ptr<std::bitset<nbTypes>>(new std::bitset<nbTypes>(*(rhs.d_bitset)));
+    }
+
+    return *this;
+  }
+  NSECBitmap(NSECBitmap&& rhs): d_bitset(std::move(rhs.d_bitset)), d_set(std::move(rhs.d_set))
+  {
+  }
   bool isSet(uint16_t type) const
   {
     if (d_bitset) {
@@ -625,6 +647,10 @@ public:
   {
     d_bitmap.set(type);
   }
+  void set(const NSECBitmap& bitmap)
+  {
+    d_bitmap = bitmap;
+  }
   size_t numberOfTypesSet() const
   {
     return d_bitmap.count();
@@ -665,6 +691,10 @@ public:
   {
     d_bitmap.set(type);
   }
+  void set(const NSECBitmap& bitmap)
+  {
+    d_bitmap = bitmap;
+  }
   size_t numberOfTypesSet() const
   {
     return d_bitmap.count();

diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index e04415c95331d294cae7109b570701cd726b8cec..7c7fec0aa62b9dc993e8e248987ab24b74063977 100644 (file)
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -532,7 +532,7 @@ bool TCPNameserver::canDoAXFR(shared_ptr<DNSPacket> q)
 namespace {
   struct NSECXEntry
   {
-    set<uint16_t> d_set;
+    NSECBitmap d_set;
     unsigned int d_ttl;
     bool d_auth;
   };
@@ -707,7 +707,7 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr<DNSPacket> q, int ou
     DNSName keyname = NSEC3Zone ? DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, zrr.dr.d_name))) : zrr.dr.d_name;
     NSECXEntry& ne = nsecxrepo[keyname];
     
-    ne.d_set.insert(zrr.dr.d_type);
+    ne.d_set.set(zrr.dr.d_type);
     ne.d_ttl = sd.default_ttl;
     csp.submit(zrr);
 
@@ -750,7 +750,7 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr<DNSPacket> q, int ou
     DNSName keyname = DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, zrr.dr.d_name)));
     NSECXEntry& ne = nsecxrepo[keyname];
     
-    ne.d_set.insert(zrr.dr.d_type);
+    ne.d_set.set(zrr.dr.d_type);
     csp.submit(zrr);
   }
   
@@ -914,7 +914,7 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr<DNSPacket> q, int ou
         ne.d_ttl = sd.default_ttl;
         ne.d_auth = (ne.d_auth || loopZRR.auth || (NSEC3Zone && (!ns3pr.d_flags)));
         if (loopZRR.dr.d_type && loopZRR.dr.d_type != QType::RRSIG) {
-          ne.d_set.insert(loopZRR.dr.d_type);
+          ne.d_set.set(loopZRR.dr.d_type);
         }
       }
     }
@@ -951,9 +951,7 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr<DNSPacket> q, int ou
       for(nsecxrepo_t::const_iterator iter = nsecxrepo.begin(); iter != nsecxrepo.end(); ++iter) {
         if(iter->second.d_auth) {
           NSEC3RecordContent n3rc;
-          for (const auto type : iter->second.d_set) {
-            n3rc.set(type);
-          }
+          n3rc.set(iter->second.d_set);
           const auto numberOfTypesSet = n3rc.numberOfTypesSet();
           if (numberOfTypesSet != 0 && (numberOfTypesSet != 1 || !n3rc.isSet(QType::NS))) {
             n3rc.set(QType::RRSIG);
@@ -999,9 +997,7 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr<DNSPacket> q, int ou
     }
     else for(nsecxrepo_t::const_iterator iter = nsecxrepo.begin(); iter != nsecxrepo.end(); ++iter) {
       NSECRecordContent nrc;
-      for (const auto type : iter->second.d_set) {
-        nrc.set(type);
-      }
+      nrc.set(iter->second.d_set);
       nrc.set(QType::RRSIG);
       nrc.set(QType::NSEC);