simplify dns_ncache_add()

there's no longer any reason to have both dns_ncache_add() and
dns_ncache_addoptout().

diff --git a/lib/dns/include/dns/ncache.h b/lib/dns/include/dns/ncache.h
index 979de116219b3a24d822f929a51793b0352d6123..ae187668c8f12a4999c8423cf1a6e78cf907c381 100644 (file)
--- a/lib/dns/include/dns/ncache.h
+++ b/lib/dns/include/dns/ncache.h
@@ -54,26 +54,24 @@
 isc_result_t
 dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
               dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t minttl,
-              dns_ttl_t maxttl, dns_rdataset_t *addedrdataset);
-isc_result_t
-dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache,
-                    dns_dbnode_t *node, dns_rdatatype_t covers,
-                    isc_stdtime_t now, dns_ttl_t minttl, dns_ttl_t maxttl,
-                    bool optout, dns_rdataset_t *addedrdataset);
+              dns_ttl_t maxttl, bool optout, bool secure,
+              dns_rdataset_t *addedrdataset);
 /*%<
  * Convert the authority data from 'message' into a negative cache
  * rdataset, and store it in 'cache' at 'node' with a TTL limited to
  * 'maxttl'.
  *
- * \li dns_ncache_add produces a negative cache entry with a trust of no
- *     more than answer
- * \li dns_ncache_addoptout produces a negative cache entry which will have
- *     a trust of secure if all the records that make up the entry are secure.
+ * \li If 'secure' is true and all the records that make up the entry
+ *     are secure, then dns_ncache_add produces a negative cache entry
+ *     with trust level secure.
+ * \li If 'secure' is false, the negative cache entry's trust level
+ *     will be capped at answer.
  *
  * The 'covers' argument is the RR type whose nonexistence we are caching,
  * or dns_rdatatype_any when caching a NXDOMAIN response.
  *
- * 'optout' parameter indicates if 'optout' attribute should be set.
+ * 'optout' parameter indicates if 'optout' attribute should be set.  This only
+ * applies in secure zones; if 'secure' is false, 'optout' is ignored.
  *
  * Note:
  *\li  If 'addedrdataset' is not NULL, then it will be attached to the added

diff --git a/lib/dns/ncache.c b/lib/dns/ncache.c
index 0fa3e7dac3b791ef43f65b6507afd9c34b8650d5..e3d2ad334185ae1a2253825c41d6cf89810b2c8d 100644 (file)
--- a/lib/dns/ncache.c
+++ b/lib/dns/ncache.c
@@ -50,12 +50,6 @@ atomic_getuint8(isc_buffer_t *b) {
        return ret;
 }
 
-static isc_result_t
-addoptout(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
-         dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t minttl,
-         dns_ttl_t maxttl, bool optout, bool secure,
-         dns_rdataset_t *addedrdataset);
-
 static isc_result_t
 copy_rdataset(dns_rdataset_t *rdataset, isc_buffer_t *buffer) {
        unsigned int count;
@@ -102,25 +96,8 @@ copy_rdataset(dns_rdataset_t *rdataset, isc_buffer_t *buffer) {
 isc_result_t
 dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
               dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t minttl,
-              dns_ttl_t maxttl, dns_rdataset_t *addedrdataset) {
-       return addoptout(message, cache, node, covers, now, minttl, maxttl,
-                        false, false, addedrdataset);
-}
-
-isc_result_t
-dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache,
-                    dns_dbnode_t *node, dns_rdatatype_t covers,
-                    isc_stdtime_t now, dns_ttl_t minttl, dns_ttl_t maxttl,
-                    bool optout, dns_rdataset_t *addedrdataset) {
-       return addoptout(message, cache, node, covers, now, minttl, maxttl,
-                        optout, true, addedrdataset);
-}
-
-static isc_result_t
-addoptout(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
-         dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t minttl,
-         dns_ttl_t maxttl, bool optout, bool secure,
-         dns_rdataset_t *addedrdataset) {
+              dns_ttl_t maxttl, bool optout, bool secure,
+              dns_rdataset_t *addedrdataset) {
        isc_buffer_t buffer;
        isc_region_t r;
        dns_rdatatype_t type;
@@ -135,14 +112,17 @@ addoptout(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
        /*
         * Convert the authority data from 'message' into a negative cache
         * rdataset, and store it in 'cache' at 'node'.
+        *
+        * We assume that all data in the authority section has been
+        * validated by the caller.
         */
 
        REQUIRE(message != NULL);
 
        /*
-        * We assume that all data in the authority section has been
-        * validated by the caller.
+        * If 'secure' is false, ignore 'optout'.
         */
+       optout = optout && secure;
 
        /*
         * Initialize the list.

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index dd61162d9a120c324370f1e9db4a5d1a0810ec38..fdc919c3fc73fe4d58a3e39713a5b75656499d19 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -6341,8 +6341,7 @@ cleanup:
 }
 
 /*
- * Do what dns_ncache_addoptout() does, and then compute an appropriate
- * eresult.
+ * Call dns_ncache_add() and then compute an appropriate eresult.
  */
 static isc_result_t
 ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
@@ -6356,14 +6355,9 @@ ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
                dns_rdataset_init(&rdataset);
                ardataset = &rdataset;
        }
-       if (secure) {
-               result = dns_ncache_addoptout(message, cache, node, covers, now,
-                                             minttl, maxttl, optout,
-                                             ardataset);
-       } else {
-               result = dns_ncache_add(message, cache, node, covers, now,
-                                       minttl, maxttl, ardataset);
-       }
+
+       result = dns_ncache_add(message, cache, node, covers, now, minttl,
+                               maxttl, optout, secure, ardataset);
        if (result == DNS_R_UNCHANGED || result == ISC_R_SUCCESS) {
                /*
                 * If the cache now contains a negative entry and we