temporarily enable packet caching for NSEC3 answers

Work up to this commit was squashed into cache-aggr 36302052.

diff --git a/lib/cache.c b/lib/cache.c
index fdda9da6076c02160352a72daf9277ee566807d3..b74446ed302ecde89744bc3f2ecd888a7bb029f3 100644 (file)
--- a/lib/cache.c
+++ b/lib/cache.c
@@ -190,8 +190,11 @@ struct entry_h * entry_h_consistent(knot_db_val_t data, uint16_t ktype)
                                || eh->has_dname);
                break;
        default:
+               /* doesn't hold, because of temporary NSEC3 packet caching
                if (eh->is_packet)
                        ok = ok && !kr_rank_test(eh->rank, KR_RANK_SECURE);
+               */
+               break;
        }
 
        //LATER: rank sanity

diff --git a/lib/cache/entry_pkt.c b/lib/cache/entry_pkt.c
index c33ca7ba0108c24f868c15e7ffb2f38ebaab0b7f..cf8777e57e26aa8294b5e1be1036e433e20b2aa1 100644 (file)
--- a/lib/cache/entry_pkt.c
+++ b/lib/cache/entry_pkt.c
@@ -70,7 +70,23 @@ void stash_pkt(const knot_pkt_t *pkt, const struct kr_query *qry,
                                & (PKT_NODATA|PKT_NXDOMAIN);
        const bool want_pkt = qry->flags.DNSSEC_BOGUS
                || (is_negative && (qry->flags.DNSSEC_INSECURE || !qry->flags.DNSSEC_WANT));
-       if (!want_pkt || !knot_wire_get_aa(pkt->wire)) {
+
+       /* TMP: also stash packets that contain an NSEC3.
+        * To be removed when aggressive NSEC3 works. */
+       bool with_nsec3 = false;
+       if (!want_pkt && qry->flags.DNSSEC_WANT && !qry->flags.DNSSEC_BOGUS
+           && !qry->flags.DNSSEC_INSECURE) {
+               const knot_pktsection_t *sec = knot_pkt_section(pkt, KNOT_AUTHORITY);
+               for (unsigned k = 0; k < sec->count; ++k) {
+                       if (knot_pkt_rr(sec, k)->type == KNOT_RRTYPE_NSEC3) {
+                               with_nsec3 = true;
+                               VERBOSE_MSG(qry, "NSEC3 found\n");
+                               break;
+                       }
+               }
+       }
+
+       if (!(want_pkt || with_nsec3) || !knot_wire_get_aa(pkt->wire)) {
                return;
        }
 
@@ -90,6 +106,8 @@ void stash_pkt(const knot_pkt_t *pkt, const struct kr_query *qry,
                        kr_rank_set(&rank, KR_RANK_INSECURE);
                } else if (!qry->flags.DNSSEC_WANT) {
                        /* no TAs at all, leave _RANK_AUTH */
+               } else if (with_nsec3) {
+                       // FIXME: not optimal, but safer choice and possibly OK for now.
                } else assert(false);
        }