From: Matthijs Mekking Date: Tue, 28 Oct 2025 07:30:05 +0000 (+0100) Subject: Maintain separate notify contexts for SOA and CDS X-Git-Tag: v9.21.17~21^2~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d83fbaf85ae9131e8cdb95ad385bcae8b263f43;p=thirdparty%2Fbind9.git Maintain separate notify contexts for SOA and CDS With Generalized DNS Notifications, a zone may need to send different NOTIFY messages for different reasons. Introduce a method to initialize a notify context and maintain a notify contexts per RRtype. --- diff --git a/lib/dns/include/dns/notify.h b/lib/dns/include/dns/notify.h index 11aaffc66ab..02a518d4986 100644 --- a/lib/dns/include/dns/notify.h +++ b/lib/dns/include/dns/notify.h @@ -29,6 +29,8 @@ struct dns_notifyctx { dns_acl_t *notify_acl; + dns_rdatatype_t type; + isc_sockaddr_t notifyfrom; dns_notifylist_t notifies; @@ -63,6 +65,16 @@ typedef enum dns_notify_flags { DNS_NOTIFY_TCP = 1 << 2, } dns_notify_flags_t; +void +dns_notifyctx_init(dns_notifyctx_t *nctx, dns_rdatatype_t type); +/*% + * Initializes a notify context for the RRtype 'type'. + * + * Requires: + * 'nctx' is not NULL. + * + */ + void dns_notify_create(isc_mem_t *mctx, unsigned int flags, dns_notify_t **notifyp); /*%< diff --git a/lib/dns/notify.c b/lib/dns/notify.c index da062763933..cdb0abcc1ef 100644 --- a/lib/dns/notify.c +++ b/lib/dns/notify.c @@ -39,6 +39,19 @@ notify_log(dns_notify_t *notify, int level, const char *fmt, ...) { va_end(ap); } +void +dns_notifyctx_init(dns_notifyctx_t *nctx, dns_rdatatype_t type) { + dns_notifyctx_t ctx = { + .type = type, + .notifytype = dns_notifytype_yes, + .notifies = ISC_LIST_INITIALIZER, + }; + isc_sockaddr_any(&ctx.notifysrc4); + isc_sockaddr_any6(&ctx.notifysrc6); + + *nctx = ctx; +} + void dns_notify_create(isc_mem_t *mctx, unsigned int flags, dns_notify_t **notifyp) { dns_notify_t *notify; diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 0aeaed0b05c..f555d0d9d2d 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -340,7 +340,8 @@ struct dns_zone { uint32_t fetchcount[ZONEFETCHTYPE_COUNT]; dns_remote_t alsonotify; - dns_notifyctx_t notifyctx; + dns_notifyctx_t notifysoa; + dns_notifyctx_t notifycds; isc_sockaddr_t parentalsrc4; isc_sockaddr_t parentalsrc6; @@ -1085,13 +1086,6 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx, isc_tid_t tid) { dns_remote_t r = { .magic = DNS_REMOTE_MAGIC, }; - dns_notifyctx_t nc = { - .notifytype = dns_notifytype_yes, - .notifies = ISC_LIST_INITIALIZER, - }; - isc_sockaddr_any(&nc.notifysrc4); - isc_sockaddr_any6(&nc.notifysrc6); - zone->notifyctx = nc; isc_mem_attach(mctx, &zone->mctx); isc_mutex_init(&zone->lock); @@ -1111,6 +1105,9 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx, isc_tid_t tid) { zone->defaultkasp = NULL; ISC_LIST_INIT(zone->keyring); + dns_notifyctx_init(&zone->notifysoa, dns_rdatatype_soa); + dns_notifyctx_init(&zone->notifycds, dns_rdatatype_cds); + isc_stats_create(mctx, &zone->gluecachestats, dns_gluecachestatscounter_max); @@ -1251,8 +1248,8 @@ dns__zone_free(dns_zone_t *zone) { if (zone->forward_acl != NULL) { dns_acl_detach(&zone->forward_acl); } - if (zone->notifyctx.notify_acl != NULL) { - dns_acl_detach(&zone->notifyctx.notify_acl); + if (zone->notifysoa.notify_acl != NULL) { + dns_acl_detach(&zone->notifysoa.notify_acl); } if (zone->query_acl != NULL) { dns_acl_detach(&zone->query_acl); @@ -1370,7 +1367,7 @@ dns_zone_setnotifytype(dns_zone_t *zone, dns_notifytype_t notifytype) { REQUIRE(DNS_ZONE_VALID(zone)); LOCK_ZONE(zone); - zone->notifyctx.notifytype = notifytype; + zone->notifysoa.notifytype = notifytype; UNLOCK_ZONE(zone); } @@ -6339,7 +6336,7 @@ dns_zone_setnotifysrc4(dns_zone_t *zone, const isc_sockaddr_t *notifysrc) { REQUIRE(notifysrc != NULL); LOCK_ZONE(zone); - zone->notifyctx.notifysrc4 = *notifysrc; + zone->notifysoa.notifysrc4 = *notifysrc; UNLOCK_ZONE(zone); } @@ -6349,7 +6346,7 @@ dns_zone_getnotifysrc4(dns_zone_t *zone, isc_sockaddr_t *notifysrc) { REQUIRE(notifysrc != NULL); LOCK_ZONE(zone); - *notifysrc = zone->notifyctx.notifysrc4; + *notifysrc = zone->notifysoa.notifysrc4; UNLOCK_ZONE(zone); } @@ -6359,7 +6356,7 @@ dns_zone_setnotifysrc6(dns_zone_t *zone, const isc_sockaddr_t *notifysrc) { REQUIRE(notifysrc != NULL); LOCK_ZONE(zone); - zone->notifyctx.notifysrc6 = *notifysrc; + zone->notifysoa.notifysrc6 = *notifysrc; UNLOCK_ZONE(zone); } @@ -6369,7 +6366,7 @@ dns_zone_getnotifysrc6(dns_zone_t *zone, isc_sockaddr_t *notifysrc) { REQUIRE(notifysrc != NULL); LOCK_ZONE(zone); - *notifysrc = zone->notifyctx.notifysrc6; + *notifysrc = zone->notifysoa.notifysrc6; UNLOCK_ZONE(zone); } @@ -12463,7 +12460,7 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) { DNS_ZONEFLG_NEEDSTARTUPNOTIFY | DNS_ZONEFLG_NOTIFYNODEFER | DNS_ZONEFLG_NOTIFYDEFERRED); - notifytype = zone->notifyctx.notifytype; + notifytype = zone->notifysoa.notifytype; DNS_ZONE_TIME_ADD(now, zone->notifydelay, &zone->notifytime); UNLOCK_ZONE(zone); @@ -12582,7 +12579,7 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) { goto next; } - if (dns_notify_isqueued(&zone->notifyctx, flags, NULL, &dst, + if (dns_notify_isqueued(&zone->notifysoa, flags, NULL, &dst, key, transport)) { if (key != NULL) { @@ -12612,7 +12609,7 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) { transport = NULL; } - ISC_LIST_APPEND(zone->notifyctx.notifies, notify, link); + ISC_LIST_APPEND(zone->notifysoa.notifies, notify, link); result = dns_notify_queue(notify, startup); if (result != ISC_R_SUCCESS) { dns_notify_destroy(notify, true); @@ -12671,7 +12668,7 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) { } LOCK_ZONE(zone); - isqueued = dns_notify_isqueued(&zone->notifyctx, flags, + isqueued = dns_notify_isqueued(&zone->notifysoa, flags, &ns.name, NULL, NULL, NULL); UNLOCK_ZONE(zone); if (isqueued) { @@ -12681,7 +12678,7 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) { dns_zone_iattach(zone, ¬ify->zone); dns_name_dup(&ns.name, zone->mctx, ¬ify->ns); LOCK_ZONE(zone); - ISC_LIST_APPEND(zone->notifyctx.notifies, notify, link); + ISC_LIST_APPEND(zone->notifysoa.notifies, notify, link); UNLOCK_ZONE(zone); dns_notify_find_address(notify); } @@ -14609,7 +14606,7 @@ zone_shutdown(void *arg) { checkds_cancel(zone); - dns_notify_cancel(&zone->notifyctx); + dns_notify_cancel(&zone->notifysoa); forward_cancel(zone); @@ -15000,13 +14997,13 @@ dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from, /* * Accept notify requests from non primaries if they are on - * 'zone->notifyctx.notify_acl'. + * 'zone->notifysoa.notify_acl'. */ tsigkey = dns_message_gettsigkey(msg); tsig = dns_tsigkey_identity(tsigkey); if (i >= dns_remote_count(&zone->primaries) && - zone->notifyctx.notify_acl != NULL && - (dns_acl_match(&netaddr, tsig, zone->notifyctx.notify_acl, + zone->notifysoa.notify_acl != NULL && + (dns_acl_match(&netaddr, tsig, zone->notifysoa.notify_acl, zone->view->aclenv, &match, NULL) == ISC_R_SUCCESS) && match > 0) @@ -15070,7 +15067,7 @@ dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from, */ if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_REFRESH)) { DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDREFRESH); - zone->notifyctx.notifyfrom = *from; + zone->notifysoa.notifyfrom = *from; UNLOCK_ZONE(zone); if (have_serial) { dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN, @@ -15096,7 +15093,7 @@ dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from, dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN, ISC_LOG_INFO, "notify from %s: no serial", fromtext); } - zone->notifyctx.notifyfrom = *from; + zone->notifysoa.notifyfrom = *from; UNLOCK_ZONE(zone); if (to != NULL) { @@ -15111,10 +15108,10 @@ dns_zone_setnotifyacl(dns_zone_t *zone, dns_acl_t *acl) { REQUIRE(DNS_ZONE_VALID(zone)); LOCK_ZONE(zone); - if (zone->notifyctx.notify_acl != NULL) { - dns_acl_detach(&zone->notifyctx.notify_acl); + if (zone->notifysoa.notify_acl != NULL) { + dns_acl_detach(&zone->notifysoa.notify_acl); } - dns_acl_attach(acl, &zone->notifyctx.notify_acl); + dns_acl_attach(acl, &zone->notifysoa.notify_acl); UNLOCK_ZONE(zone); } @@ -15240,8 +15237,8 @@ dns_zone_clearnotifyacl(dns_zone_t *zone) { REQUIRE(DNS_ZONE_VALID(zone)); LOCK_ZONE(zone); - if (zone->notifyctx.notify_acl != NULL) { - dns_acl_detach(&zone->notifyctx.notify_acl); + if (zone->notifysoa.notify_acl != NULL) { + dns_acl_detach(&zone->notifysoa.notify_acl); } UNLOCK_ZONE(zone); } @@ -15666,7 +15663,7 @@ dns_notifyctx_t * dns__zone_getnotifyctx(dns_zone_t *zone) { REQUIRE(DNS_ZONE_VALID(zone)); - return &zone->notifyctx; + return &zone->notifysoa; } void