cache: cache RRSIGs in packet cache

This will enable caching of RRSIG queries in packet cache.
The RRSIGs are cached as insecure as they don't have a signature.
Bogus RRSIGs won't be cached as they have to first pass the validator.

diff --git a/lib/cache/api.c b/lib/cache/api.c
index cf21d2a84dcd809a5ed776c55d6a8ebaf5988435..9f945202766a05cd7dc8e3e8cfac401b8a2eef7e 100644 (file)
--- a/lib/cache/api.c
+++ b/lib/cache/api.c
@@ -277,8 +277,7 @@ static bool check_dname_for_lf(const knot_dname_t *n, const struct kr_query *qry
 /** Return false on types to be ignored.  Meant both for sname and direct cache requests. */
 static bool check_rrtype(uint16_t type, const struct kr_query *qry/*logging*/)
 {
-       const bool ret = !knot_rrtype_is_metatype(type)
-                       && type != KNOT_RRTYPE_RRSIG;
+       const bool ret = !knot_rrtype_is_metatype(type);
        if (!ret) { WITH_VERBOSE(qry) {
                auto_free char *type_str = kr_rrtype_text(type);
                VERBOSE_MSG(qry, "=> skipping RR type %s\n", type_str);
@@ -339,9 +338,6 @@ knot_db_val_t key_exact_type_maypkt(struct key *k, uint16_t type, const kr_cache
        }
 
        switch (type) {
-       case KNOT_RRTYPE_RRSIG: /* no RRSIG query caching, at least for now */
-               assert(false);
-               return (knot_db_val_t){ NULL, 0 };
        /* xNAME lumped into NS. */
        case KNOT_RRTYPE_CNAME:
        case KNOT_RRTYPE_DNAME:

diff --git a/lib/cache/entry_pkt.c b/lib/cache/entry_pkt.c
index ee9ea2e3725be0ec54ba5e333d45b144f953d295..2e2e5cea26120f59b577fdac3607b5a986331861 100644 (file)
--- a/lib/cache/entry_pkt.c
+++ b/lib/cache/entry_pkt.c
@@ -63,7 +63,7 @@ void stash_pkt(const knot_pkt_t *pkt, const struct kr_query *qry,
        const struct kr_qflags * const qf = &qry->flags;
        const bool want_negative = qf->DNSSEC_INSECURE || !qf->DNSSEC_WANT || has_optout;
        const bool want_pkt = qf->DNSSEC_BOGUS /*< useful for +cd answers */
-                               || (is_negative && want_negative);
+                               || (is_negative && want_negative) || qry->stype == KNOT_RRTYPE_RRSIG;
 
        if (!want_pkt || !knot_wire_get_aa(pkt->wire)
            || pkt->parsed != pkt->size /*< malformed packet; still can't detect KNOT_EFEWDATA */
@@ -91,7 +91,10 @@ void stash_pkt(const knot_pkt_t *pkt, const struct kr_query *qry,
                        /* All bad cases should be filtered above,
                         * at least the same way as pktcache in kresd 1.5.x. */
                        kr_rank_set(&rank, KR_RANK_SECURE);
-               } else assert(false);
+               } else if (qry->stype == KNOT_RRTYPE_RRSIG) {
+                       /* RRSIGs can be at most cached as insecure */
+                       kr_rank_set(&rank, KR_RANK_INSECURE);
+               }
        }
 
        const uint16_t pkt_type = knot_pkt_qtype(pkt);