From 8c1a6d6d1467c38378f3c8cef58d45027ceb89a2 Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Thu, 16 May 2013 17:19:08 +0200
Subject: [PATCH] NSECx optimizations

---
 pdns/backends/bind/bindbackend2.cc | 95 ++++++++++++++++++------------
 pdns/backends/gsql/gsqlbackend.cc  | 67 +++++++++++----------
 pdns/packethandler.cc              | 21 ++++---
 3 files changed, 105 insertions(+), 78 deletions(-)
 mode change 100755 => 100644 pdns/packethandler.cc

diff --git a/pdns/backends/bind/bindbackend2.cc b/pdns/backends/bind/bindbackend2.cc
index fd4e83991c..a428f38ecc 100644
--- a/pdns/backends/bind/bindbackend2.cc
+++ b/pdns/backends/bind/bindbackend2.cc
@@ -911,18 +911,23 @@ bool Bind2Backend::findBeforeAndAfterUnhashed(BB2DomainInfo& bbd, const std::str
 {
   string domain=toLower(qname);
 
-  //cout<<"starting lower bound for: '"<<domain<<"'"<<endl;
-
   recordstorage_t::const_iterator iter = bbd.d_records->upper_bound(domain);
 
-  while(iter == bbd.d_records->end() || (iter->qname) > domain || (!(iter->auth) && (!(iter->qtype == QType::NS))) || (!(iter->qtype)))
-    iter--;
+  if (before.empty()){
+    //cout<<"starting before for: '"<<domain<<"'"<<endl;
+    iter = bbd.d_records->upper_bound(domain);
 
-  before=iter->qname;
+    while(iter == bbd.d_records->end() || (iter->qname) > domain || (!(iter->auth) && (!(iter->qtype == QType::NS))) || (!(iter->qtype)))
+      iter--;
 
-  //cerr<<"Now upper bound"<<endl;
-  iter = bbd.d_records->upper_bound(domain);
+    before=iter->qname;
+  }
+  else {
+    before=domain;
+  }
 
+  //cerr<<"Now after"<<endl;
+  iter = bbd.d_records->upper_bound(domain);
 
   if(iter == bbd.d_records->end()) {
     //cerr<<"\tFound the end, begin storage: '"<<bbd.d_records->begin()->qname<<"', '"<<bbd.d_name<<"'"<<endl;
@@ -968,39 +973,47 @@ bool Bind2Backend::getBeforeAndAfterNamesAbsolute(uint32_t id, const std::string
 //    BOOST_FOREACH(const Bind2DNSRecord& bdr, hashindex) {
 //      cerr<<"Hash: "<<bdr.nsec3hash<<"\t"<< (lqname < bdr.nsec3hash) <<endl;
 //    }
-    
-    records_by_hashindex_t::const_iterator iter = hashindex.upper_bound(lqname);
 
-    if(iter != hashindex.begin() && (iter == hashindex.end() || iter->nsec3hash > lqname))
-    {
-      iter--;
-    }
+    records_by_hashindex_t::const_iterator iter;
+    bool wraponce;
 
-    if(iter == hashindex.begin() && (iter->nsec3hash > lqname))
-    {
-      iter = hashindex.end();
-    }
+    if (before.empty()) {
+      iter = hashindex.upper_bound(lqname);
 
-    bool wraponce = false;
-    while(iter == hashindex.end() || (!iter->auth && !(iter->qtype == QType::NS && !pdns_iequals(iter->qname, auth) && !ns3pr.d_flags)) || iter->nsec3hash.empty())
-    {
-      iter--;
-      if(iter == hashindex.begin()) {
-        if (!wraponce) {
-          iter = hashindex.end();
-          wraponce = true;
-        }
-        else {
-          before.clear();
-          after.clear();
-          return false;
+      if(iter != hashindex.begin() && (iter == hashindex.end() || iter->nsec3hash > lqname))
+      {
+        iter--;
+      }
+
+      if(iter == hashindex.begin() && (iter->nsec3hash > lqname))
+      {
+        iter = hashindex.end();
+      }
+
+      wraponce = false;
+      while(iter == hashindex.end() || (!iter->auth && !(iter->qtype == QType::NS && !pdns_iequals(iter->qname, auth) && !ns3pr.d_flags)) || iter->nsec3hash.empty())
+      {
+        iter--;
+        if(iter == hashindex.begin()) {
+          if (!wraponce) {
+            iter = hashindex.end();
+            wraponce = true;
+          }
+          else {
+            before.clear();
+            after.clear();
+            return false;
+          }
         }
       }
-    }
 
-    before = iter->nsec3hash;
-    unhashed = dotConcat(labelReverse(iter->qname), auth);
-    // cerr<<"before: "<<(iter->nsec3hash)<<"/"<<(iter->qname)<<endl;
+      before = iter->nsec3hash;
+      unhashed = dotConcat(labelReverse(iter->qname), auth);
+      // cerr<<"before: "<<(iter->nsec3hash)<<"/"<<(iter->qname)<<endl;
+    }
+    else {
+      before = lqname;
+    }
 
 
     iter = hashindex.upper_bound(lqname);
@@ -1009,12 +1022,20 @@ bool Bind2Backend::getBeforeAndAfterNamesAbsolute(uint32_t id, const std::string
       iter = hashindex.begin();
     }
 
+    wraponce = false;
     while((!iter->auth && !(iter->qtype == QType::NS && !pdns_iequals(iter->qname, auth) && !ns3pr.d_flags)) || iter->nsec3hash.empty())
     {
       iter++;
-      if(iter == hashindex.end())
-      {
-        iter = hashindex.begin();
+      if(iter == hashindex.end()) {
+        if (!wraponce) {
+          iter = hashindex.begin();
+          wraponce = true;
+        }
+        else {
+          before.clear();
+          after.clear();
+          return false;
+        }
       }
     }
 
diff --git a/pdns/backends/gsql/gsqlbackend.cc b/pdns/backends/gsql/gsqlbackend.cc
index 918b872c65..8105809691 100644
--- a/pdns/backends/gsql/gsqlbackend.cc
+++ b/pdns/backends/gsql/gsqlbackend.cc
@@ -441,29 +441,26 @@ bool GSQLBackend::getBeforeAndAfterNamesAbsolute(uint32_t id, const std::string&
   if(!d_dnssecQueries)
     return false;
   // cerr<<"gsql before/after called for id="<<id<<", qname='"<<qname<<"'"<<endl;
-  unhashed.clear(); before.clear(); after.clear();
+  after.clear();
   string lcqname=toLower(qname);
-  
+
   SSql::row_t row;
 
   char output[1024];
 
   snprintf(output, sizeof(output)-1, d_afterOrderQuery.c_str(), sqlEscape(lcqname).c_str(), id);
-  
   try {
     d_db->doQuery(output);
   }
   catch(SSqlException &e) {
     throw AhuException("GSQLBackend unable to find before/after (after) for domain_id "+itoa(id)+": "+e.txtReason());
   }
-
   while(d_db->getRow(row)) {
     after=row[0];
   }
 
   if(after.empty() && !lcqname.empty()) {
     snprintf(output, sizeof(output)-1, d_firstOrderQuery.c_str(), id);
-  
     try {
       d_db->doQuery(output);
     }
@@ -475,34 +472,40 @@ bool GSQLBackend::getBeforeAndAfterNamesAbsolute(uint32_t id, const std::string&
     }
   }
 
-  snprintf(output, sizeof(output)-1, d_beforeOrderQuery.c_str(), sqlEscape(lcqname).c_str(), id);
-  try {
-    d_db->doQuery(output);
-  }
-  catch(SSqlException &e) {
-    throw AhuException("GSQLBackend unable to find before/after (before) for domain_id "+itoa(id)+": "+e.txtReason());
-  }
-  while(d_db->getRow(row)) {
-    before=row[0];
-    unhashed=row[1];
-  }
-  
-  if(! unhashed.empty())
-  {
-    // cerr<<"unhashed="<<unhashed<<",before="<<before<<", after="<<after<<endl;
-    return true;
-  }
+  if (before.empty()) {
+    unhashed.clear();
 
-  snprintf(output, sizeof(output)-1, d_lastOrderQuery.c_str(), id);
-  try {
-    d_db->doQuery(output);
-  }
-  catch(SSqlException &e) {
-    throw AhuException("GSQLBackend unable to find before/after (last) for domain_id "+itoa(id)+": "+e.txtReason());
-  }
-  while(d_db->getRow(row)) {
-    before=row[0];
-    unhashed=row[1];
+    snprintf(output, sizeof(output)-1, d_beforeOrderQuery.c_str(), sqlEscape(lcqname).c_str(), id);
+    try {
+      d_db->doQuery(output);
+    }
+    catch(SSqlException &e) {
+      throw AhuException("GSQLBackend unable to find before/after (before) for domain_id "+itoa(id)+": "+e.txtReason());
+    }
+    while(d_db->getRow(row)) {
+      before=row[0];
+      unhashed=row[1];
+    }
+
+    if(! unhashed.empty())
+    {
+      // cerr<<"unhashed="<<unhashed<<",before="<<before<<", after="<<after<<endl;
+      return true;
+    }
+
+    snprintf(output, sizeof(output)-1, d_lastOrderQuery.c_str(), id);
+    try {
+      d_db->doQuery(output);
+    }
+    catch(SSqlException &e) {
+      throw AhuException("GSQLBackend unable to find before/after (last) for domain_id "+itoa(id)+": "+e.txtReason());
+    }
+    while(d_db->getRow(row)) {
+      before=row[0];
+      unhashed=row[1];
+    }
+  } else {
+    before=lcqname;
   }
 
   return true;
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
old mode 100755
new mode 100644
index b095254844..6b2533f532
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -562,6 +562,10 @@ bool getNSEC3Hashes(bool narrow, DNSBackend* db, int id, const std::string& hash
     incrementHash(after);
   }
   else {
+    if (decrement)
+      before.clear();
+    else
+      before=' ';
     ret=db->getBeforeAndAfterNamesAbsolute(id, toLower(toBase32Hex(hashed)), unhashed, before, after);
     before=fromBase32Hex(before);
     after=fromBase32Hex(after);
@@ -659,22 +663,21 @@ void PacketHandler::addNSEC(DNSPacket *p, DNSPacket *r, const string& target, co
   }
 
   string before,after;
-  //cerr<<"Calling getBeforeandAfter! "<<(void*)sd.db<<endl;
+  sd.db->getBeforeAndAfterNames(sd.domain_id, auth, target, before, after);
+  emitNSEC(before, after, target, sd, r, mode);
 
   if (mode == 2) {
     // wildcard NO-DATA
-    sd.db->getBeforeAndAfterNames(sd.domain_id, auth, target, before, after);
-    emitNSEC(before, after, target, sd, r, mode);
+    before='.';
     sd.db->getBeforeAndAfterNames(sd.domain_id, auth, wildcard, before, after);
+    emitNSEC(before, after, target, sd, r, mode);
   }
-  else
-    sd.db->getBeforeAndAfterNames(sd.domain_id, auth, target, before, after);
-  emitNSEC(before, after, target, sd, r, mode);
 
   if (mode == 4) {
-      // this one does wildcard denial, if applicable
-      sd.db->getBeforeAndAfterNames(sd.domain_id, auth, auth, before, after);
-      emitNSEC(auth, after, auth, sd, r, mode);
+    // this one does wildcard denial, if applicable
+    before='.';
+    sd.db->getBeforeAndAfterNames(sd.domain_id, auth, auth, before, after);
+    emitNSEC(auth, after, auth, sd, r, mode);
   }
 
   return;
-- 
2.47.2