From: Remi Gacogne Date: Mon, 31 Dec 2018 10:11:02 +0000 (+0100) Subject: auth: Use a NSECBitmap in NSECXEntry as well X-Git-Tag: rec-4.2.0-alpha1~54^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F7345%2Fhead;p=thirdparty%2Fpdns.git auth: Use a NSECBitmap in NSECXEntry as well --- diff --git a/pdns/dnsrecords.hh b/pdns/dnsrecords.hh index a8d5bb421a..d9f5a18ec4 100644 --- a/pdns/dnsrecords.hh +++ b/pdns/dnsrecords.hh @@ -545,6 +545,28 @@ public: class NSECBitmap { public: + NSECBitmap(): d_bitset(nullptr) + { + } + NSECBitmap(const NSECBitmap& rhs): d_set(rhs.d_set) + { + if (rhs.d_bitset) { + d_bitset = std::unique_ptr>(new std::bitset(*(rhs.d_bitset))); + } + } + NSECBitmap& operator=(const NSECBitmap& rhs) + { + d_set = rhs.d_set; + + if (rhs.d_bitset) { + d_bitset = std::unique_ptr>(new std::bitset(*(rhs.d_bitset))); + } + + return *this; + } + NSECBitmap(NSECBitmap&& rhs): d_bitset(std::move(rhs.d_bitset)), d_set(std::move(rhs.d_set)) + { + } bool isSet(uint16_t type) const { if (d_bitset) { @@ -625,6 +647,10 @@ public: { d_bitmap.set(type); } + void set(const NSECBitmap& bitmap) + { + d_bitmap = bitmap; + } size_t numberOfTypesSet() const { return d_bitmap.count(); @@ -665,6 +691,10 @@ public: { d_bitmap.set(type); } + void set(const NSECBitmap& bitmap) + { + d_bitmap = bitmap; + } size_t numberOfTypesSet() const { return d_bitmap.count(); diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc index e04415c953..7c7fec0aa6 100644 --- a/pdns/tcpreceiver.cc +++ b/pdns/tcpreceiver.cc @@ -532,7 +532,7 @@ bool TCPNameserver::canDoAXFR(shared_ptr q) namespace { struct NSECXEntry { - set d_set; + NSECBitmap d_set; unsigned int d_ttl; bool d_auth; }; @@ -707,7 +707,7 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr q, int ou DNSName keyname = NSEC3Zone ? DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, zrr.dr.d_name))) : zrr.dr.d_name; NSECXEntry& ne = nsecxrepo[keyname]; - ne.d_set.insert(zrr.dr.d_type); + ne.d_set.set(zrr.dr.d_type); ne.d_ttl = sd.default_ttl; csp.submit(zrr); @@ -750,7 +750,7 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr q, int ou DNSName keyname = DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, zrr.dr.d_name))); NSECXEntry& ne = nsecxrepo[keyname]; - ne.d_set.insert(zrr.dr.d_type); + ne.d_set.set(zrr.dr.d_type); csp.submit(zrr); } @@ -914,7 +914,7 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr q, int ou ne.d_ttl = sd.default_ttl; ne.d_auth = (ne.d_auth || loopZRR.auth || (NSEC3Zone && (!ns3pr.d_flags))); if (loopZRR.dr.d_type && loopZRR.dr.d_type != QType::RRSIG) { - ne.d_set.insert(loopZRR.dr.d_type); + ne.d_set.set(loopZRR.dr.d_type); } } } @@ -951,9 +951,7 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr q, int ou for(nsecxrepo_t::const_iterator iter = nsecxrepo.begin(); iter != nsecxrepo.end(); ++iter) { if(iter->second.d_auth) { NSEC3RecordContent n3rc; - for (const auto type : iter->second.d_set) { - n3rc.set(type); - } + n3rc.set(iter->second.d_set); const auto numberOfTypesSet = n3rc.numberOfTypesSet(); if (numberOfTypesSet != 0 && (numberOfTypesSet != 1 || !n3rc.isSet(QType::NS))) { n3rc.set(QType::RRSIG); @@ -999,9 +997,7 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr q, int ou } else for(nsecxrepo_t::const_iterator iter = nsecxrepo.begin(); iter != nsecxrepo.end(); ++iter) { NSECRecordContent nrc; - for (const auto type : iter->second.d_set) { - nrc.set(type); - } + nrc.set(iter->second.d_set); nrc.set(QType::RRSIG); nrc.set(QType::NSEC);