From: Evan Hunt Date: Wed, 26 Feb 2025 21:47:40 +0000 (-0800) Subject: simplify dns_ncache_add() X-Git-Tag: v9.21.11~6^2~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e1df53d05e2142464e0bb5fa81ab0034d1a1864;p=thirdparty%2Fbind9.git simplify dns_ncache_add() there's no longer any reason to have both dns_ncache_add() and dns_ncache_addoptout(). --- diff --git a/lib/dns/include/dns/ncache.h b/lib/dns/include/dns/ncache.h index 979de116219..ae187668c8f 100644 --- a/lib/dns/include/dns/ncache.h +++ b/lib/dns/include/dns/ncache.h @@ -54,26 +54,24 @@ isc_result_t dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t minttl, - dns_ttl_t maxttl, dns_rdataset_t *addedrdataset); -isc_result_t -dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache, - dns_dbnode_t *node, dns_rdatatype_t covers, - isc_stdtime_t now, dns_ttl_t minttl, dns_ttl_t maxttl, - bool optout, dns_rdataset_t *addedrdataset); + dns_ttl_t maxttl, bool optout, bool secure, + dns_rdataset_t *addedrdataset); /*%< * Convert the authority data from 'message' into a negative cache * rdataset, and store it in 'cache' at 'node' with a TTL limited to * 'maxttl'. * - * \li dns_ncache_add produces a negative cache entry with a trust of no - * more than answer - * \li dns_ncache_addoptout produces a negative cache entry which will have - * a trust of secure if all the records that make up the entry are secure. + * \li If 'secure' is true and all the records that make up the entry + * are secure, then dns_ncache_add produces a negative cache entry + * with trust level secure. + * \li If 'secure' is false, the negative cache entry's trust level + * will be capped at answer. * * The 'covers' argument is the RR type whose nonexistence we are caching, * or dns_rdatatype_any when caching a NXDOMAIN response. * - * 'optout' parameter indicates if 'optout' attribute should be set. + * 'optout' parameter indicates if 'optout' attribute should be set. This only + * applies in secure zones; if 'secure' is false, 'optout' is ignored. * * Note: *\li If 'addedrdataset' is not NULL, then it will be attached to the added diff --git a/lib/dns/ncache.c b/lib/dns/ncache.c index 0fa3e7dac3b..e3d2ad33418 100644 --- a/lib/dns/ncache.c +++ b/lib/dns/ncache.c @@ -50,12 +50,6 @@ atomic_getuint8(isc_buffer_t *b) { return ret; } -static isc_result_t -addoptout(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, - dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t minttl, - dns_ttl_t maxttl, bool optout, bool secure, - dns_rdataset_t *addedrdataset); - static isc_result_t copy_rdataset(dns_rdataset_t *rdataset, isc_buffer_t *buffer) { unsigned int count; @@ -102,25 +96,8 @@ copy_rdataset(dns_rdataset_t *rdataset, isc_buffer_t *buffer) { isc_result_t dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t minttl, - dns_ttl_t maxttl, dns_rdataset_t *addedrdataset) { - return addoptout(message, cache, node, covers, now, minttl, maxttl, - false, false, addedrdataset); -} - -isc_result_t -dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache, - dns_dbnode_t *node, dns_rdatatype_t covers, - isc_stdtime_t now, dns_ttl_t minttl, dns_ttl_t maxttl, - bool optout, dns_rdataset_t *addedrdataset) { - return addoptout(message, cache, node, covers, now, minttl, maxttl, - optout, true, addedrdataset); -} - -static isc_result_t -addoptout(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, - dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t minttl, - dns_ttl_t maxttl, bool optout, bool secure, - dns_rdataset_t *addedrdataset) { + dns_ttl_t maxttl, bool optout, bool secure, + dns_rdataset_t *addedrdataset) { isc_buffer_t buffer; isc_region_t r; dns_rdatatype_t type; @@ -135,14 +112,17 @@ addoptout(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, /* * Convert the authority data from 'message' into a negative cache * rdataset, and store it in 'cache' at 'node'. + * + * We assume that all data in the authority section has been + * validated by the caller. */ REQUIRE(message != NULL); /* - * We assume that all data in the authority section has been - * validated by the caller. + * If 'secure' is false, ignore 'optout'. */ + optout = optout && secure; /* * Initialize the list. diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index dd61162d9a1..fdc919c3fc7 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -6341,8 +6341,7 @@ cleanup: } /* - * Do what dns_ncache_addoptout() does, and then compute an appropriate - * eresult. + * Call dns_ncache_add() and then compute an appropriate eresult. */ static isc_result_t ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, @@ -6356,14 +6355,9 @@ ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, dns_rdataset_init(&rdataset); ardataset = &rdataset; } - if (secure) { - result = dns_ncache_addoptout(message, cache, node, covers, now, - minttl, maxttl, optout, - ardataset); - } else { - result = dns_ncache_add(message, cache, node, covers, now, - minttl, maxttl, ardataset); - } + + result = dns_ncache_add(message, cache, node, covers, now, minttl, + maxttl, optout, secure, ardataset); if (result == DNS_R_UNCHANGED || result == ISC_R_SUCCESS) { /* * If the cache now contains a negative entry and we