From 8353cf8f54d910e8bbfeb9e3ce0e173a5d2b1c2d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Marek=20Vavrus=CC=8Ca?= Date: Sat, 4 Aug 2018 19:38:18 -0700 Subject: [PATCH] cache: cache RRSIGs in packet cache This will enable caching of RRSIG queries in packet cache. The RRSIGs are cached as insecure as they don't have a signature. Bogus RRSIGs won't be cached as they have to first pass the validator. --- lib/cache/api.c | 6 +----- lib/cache/entry_pkt.c | 7 +++++-- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/lib/cache/api.c b/lib/cache/api.c index cf21d2a84..9f9452027 100644 --- a/lib/cache/api.c +++ b/lib/cache/api.c @@ -277,8 +277,7 @@ static bool check_dname_for_lf(const knot_dname_t *n, const struct kr_query *qry /** Return false on types to be ignored. Meant both for sname and direct cache requests. */ static bool check_rrtype(uint16_t type, const struct kr_query *qry/*logging*/) { - const bool ret = !knot_rrtype_is_metatype(type) - && type != KNOT_RRTYPE_RRSIG; + const bool ret = !knot_rrtype_is_metatype(type); if (!ret) { WITH_VERBOSE(qry) { auto_free char *type_str = kr_rrtype_text(type); VERBOSE_MSG(qry, "=> skipping RR type %s\n", type_str); @@ -339,9 +338,6 @@ knot_db_val_t key_exact_type_maypkt(struct key *k, uint16_t type, const kr_cache } switch (type) { - case KNOT_RRTYPE_RRSIG: /* no RRSIG query caching, at least for now */ - assert(false); - return (knot_db_val_t){ NULL, 0 }; /* xNAME lumped into NS. */ case KNOT_RRTYPE_CNAME: case KNOT_RRTYPE_DNAME: diff --git a/lib/cache/entry_pkt.c b/lib/cache/entry_pkt.c index ee9ea2e37..2e2e5cea2 100644 --- a/lib/cache/entry_pkt.c +++ b/lib/cache/entry_pkt.c @@ -63,7 +63,7 @@ void stash_pkt(const knot_pkt_t *pkt, const struct kr_query *qry, const struct kr_qflags * const qf = &qry->flags; const bool want_negative = qf->DNSSEC_INSECURE || !qf->DNSSEC_WANT || has_optout; const bool want_pkt = qf->DNSSEC_BOGUS /*< useful for +cd answers */ - || (is_negative && want_negative); + || (is_negative && want_negative) || qry->stype == KNOT_RRTYPE_RRSIG; if (!want_pkt || !knot_wire_get_aa(pkt->wire) || pkt->parsed != pkt->size /*< malformed packet; still can't detect KNOT_EFEWDATA */ @@ -91,7 +91,10 @@ void stash_pkt(const knot_pkt_t *pkt, const struct kr_query *qry, /* All bad cases should be filtered above, * at least the same way as pktcache in kresd 1.5.x. */ kr_rank_set(&rank, KR_RANK_SECURE); - } else assert(false); + } else if (qry->stype == KNOT_RRTYPE_RRSIG) { + /* RRSIGs can be at most cached as insecure */ + kr_rank_set(&rank, KR_RANK_INSECURE); + } } const uint16_t pkt_type = knot_pkt_qtype(pkt); -- 2.47.3