lib/dnssec/ta: remove trivial kr_ta_covers_qry()

author Vladimír Čunát <vladimir.cunat@nic.cz>

Sat, 15 May 2021 11:33:40 +0000 (13:33 +0200)

committer Vladimír Čunát <vladimir.cunat@nic.cz>

Sat, 15 May 2021 11:33:40 +0000 (13:33 +0200)
author Vladimír Čunát <vladimir.cunat@nic.cz>
Sat, 15 May 2021 11:33:40 +0000 (13:33 +0200)
committer Vladimír Čunát <vladimir.cunat@nic.cz>
Sat, 15 May 2021 11:33:40 +0000 (13:33 +0200)
diff --git a/lib/cache/peek.c b/lib/cache/peek.c

index dc7cd7fe3907466444e187da9aec8621cd210c40..b154450f4c69cdf80ef0f7483e7a03528bb51882 100644 (file)
--- a/lib/cache/peek.c
+++ b/lib/cache/peek.c
@@ -95,7 +95,7 @@ static uint8_t get_lowest_rank(const struct kr_query *qry, const knot_dname_t *n
         } else if (!allow_unverified) {
                 /* Records not present under any TA don't have their security
                  * verified at all, so we also accept low ranks in that case. */
-               const bool ta_covers = kr_ta_covers_qry(qry->request->ctx, name, type);
+               const bool ta_covers = kr_ta_closest(qry->request->ctx, name, type);
                 /* ^ TODO: performance?  TODO: stype - call sites */
                 if (ta_covers) {
                         return KR_RANK_INSECURE | KR_RANK_AUTH;
diff --git a/lib/dnssec/ta.h b/lib/dnssec/ta.h

index d1b1adefa66f959fa404ece28e273f5f73b928b1..d7bace69e67730637b76bf6f262a70421b2b32c5 100644 (file)
--- a/lib/dnssec/ta.h
+++ b/lib/dnssec/ta.h
@@ -43,18 +43,6 @@ KR_PURE
  const knot_dname_t * kr_ta_closest(const struct kr_context *ctx, const knot_dname_t *name,
                                    const uint16_t type);
  
-/**
- * A trivial wrapper around kr_ta_closest
- *
- * TODO: drop it?  The name doesn't feel very suitable either.
- */
-static inline
-bool kr_ta_covers_qry(struct kr_context *ctx, const knot_dname_t *name,
-                     const uint16_t type)
-{
-       return kr_ta_closest(ctx, name, type) != NULL;
-}
-
  /**
   * Remove TA from trust store.
   * @param  trust_anchors trust store
diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c

index cf29f35cd1de7b75b95d5456c61887efabe2a54e..7621b9007ae84920b544aa8aac65d7a0e827b743 100644 (file)
--- a/lib/layer/iterate.c
+++ b/lib/layer/iterate.c
@@ -791,7 +791,7 @@ static int process_answer(knot_pkt_t *pkt, struct kr_request *req)
                 next->cname_parent = query;
                 /* Want DNSSEC if and only if it's posible to secure
                  * this name (i.e. iff it is covered by a TA) */
-               if (kr_ta_covers_qry(req->ctx, cname, query->stype)) {
+               if (kr_ta_closest(req->ctx, cname, query->stype)) {
                         next->flags.DNSSEC_WANT = true;
                 } else {
                         next->flags.DNSSEC_WANT = false;
diff --git a/lib/layer/validate.c b/lib/layer/validate.c

index cdcf97f2343f70c19cb3934dd651eacf687785bc..a99ee5884863b0716d8ad159c900dc8a73b067fe 100644 (file)
--- a/lib/layer/validate.c
+++ b/lib/layer/validate.c
@@ -171,7 +171,7 @@ static int validate_section(kr_rrset_validation_ctx_t *vctx, struct kr_query *qr
                 }
  
                 if (!knot_dname_is_equal(qry->zone_cut.name, rr->owner)/*optim.*/
-                   && !kr_ta_covers_qry(qry->request->ctx, rr->owner, rr->type)) {
+                   && !kr_ta_closest(qry->request->ctx, rr->owner, rr->type)) {
                         /* We have NTA "between" our (perceived) zone cut and the RR. */
                         kr_rank_set(&entry->rank, KR_RANK_INSECURE);
                         continue;
diff --git a/lib/resolve.c b/lib/resolve.c

index 7c4cb9a1b4e5334a03d40f484b1fb5996d00978e..213830a6e3fcb6451e46abf61ea82e21536d1f31 100644 (file)
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -224,7 +224,7 @@ static int ns_fetch_cut(struct kr_query *qry, const knot_dname_t *requested_name
                 qry->flags.DNSSEC_WANT = false;
                 qry->flags.DNSSEC_INSECURE = true;
                 VERBOSE_MSG(qry, "=> going insecure because parent query is insecure\n");
-       } else if (kr_ta_covers_qry(req->ctx, qry->zone_cut.name, KNOT_RRTYPE_NS)) {
+       } else if (kr_ta_closest(req->ctx, qry->zone_cut.name, KNOT_RRTYPE_NS)) {
                 qry->flags.DNSSEC_WANT = true;
         } else {
                 qry->flags.DNSSEC_WANT = false;
@@ -265,7 +265,7 @@ static int ns_fetch_cut(struct kr_query *qry, const knot_dname_t *requested_name
         /* Zonecut name can change, check it again
          * to prevent unnecessary DS & DNSKEY queries */
         if (!(qry->flags.DNSSEC_INSECURE) &&
-           kr_ta_covers_qry(req->ctx, cut_found.name, KNOT_RRTYPE_NS)) {
+           kr_ta_closest(req->ctx, cut_found.name, KNOT_RRTYPE_NS)) {
                 qry->flags.DNSSEC_WANT = true;
         } else {
                 qry->flags.DNSSEC_WANT = false;
@@ -683,7 +683,7 @@ static int resolve_query(struct kr_request *request, const knot_pkt_t *packet)
                 qry->flags.AWAIT_CUT = true;
                 /* Want DNSSEC if it's posible to secure this name (e.g. is covered by any TA) */
                 if ((knot_wire_get_ad(packet->wire) || knot_pkt_has_dnssec(packet)) &&
-                   kr_ta_covers_qry(request->ctx, qry->sname, qtype)) {
+                   kr_ta_closest(request->ctx, qry->sname, qtype)) {
                         qry->flags.DNSSEC_WANT = true;
                 }
         }
author	Vladimír Čunát <vladimir.cunat@nic.cz>
	Sat, 15 May 2021 11:33:40 +0000 (13:33 +0200)
committer	Vladimír Čunát <vladimir.cunat@nic.cz>
	Sat, 15 May 2021 11:33:40 +0000 (13:33 +0200)
lib/cache/peek.c		patch \| blob \| blame \| history
lib/dnssec/ta.h		patch \| blob \| blame \| history
lib/layer/iterate.c		patch \| blob \| blame \| history
lib/layer/validate.c		patch \| blob \| blame \| history
lib/resolve.c		patch \| blob \| blame \| history