From: Oto Šťáva Date: Wed, 4 May 2022 09:00:46 +0000 (+0200) Subject: lib/dnssec/ta: use trie_t instead of map_t X-Git-Tag: v5.5.1~17^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d034a76d5ebd65683d345c457ee247c131dac314;p=thirdparty%2Fknot-resolver.git lib/dnssec/ta: use trie_t instead of map_t --- diff --git a/daemon/engine.c b/daemon/engine.c index 2c86a1833..d18ed11d7 100644 --- a/daemon/engine.c +++ b/daemon/engine.c @@ -490,8 +490,8 @@ static int init_resolver(struct engine *engine) ctx->options.REORDER_RR = true; /* Open resolution context */ - ctx->trust_anchors = map_make(NULL); - ctx->negative_anchors = map_make(NULL); + ctx->trust_anchors = trie_create(NULL); + ctx->negative_anchors = trie_create(NULL); ctx->pool = engine->pool; ctx->modules = &engine->modules; ctx->cache_rtt_tout_retry_interval = KR_NS_TIMEOUT_RETRY_INTERVAL; @@ -699,8 +699,10 @@ void engine_deinit(struct engine *engine) /* Free data structures */ array_clear(engine->modules); array_clear(engine->backends); - kr_ta_clear(&engine->resolver.trust_anchors); - kr_ta_clear(&engine->resolver.negative_anchors); + kr_ta_clear(engine->resolver.trust_anchors); + trie_free(engine->resolver.trust_anchors); + kr_ta_clear(engine->resolver.negative_anchors); + trie_free(engine->resolver.negative_anchors); free(engine->hostname); } diff --git a/daemon/lua/kres-gen-30.lua b/daemon/lua/kres-gen-30.lua index b2164652f..f490ef3cd 100644 --- a/daemon/lua/kres-gen-30.lua +++ b/daemon/lua/kres-gen-30.lua @@ -354,8 +354,8 @@ struct kr_context { struct kr_qflags options; knot_rrset_t *downstream_opt_rr; knot_rrset_t *upstream_opt_rr; - map_t trust_anchors; - map_t negative_anchors; + trie_t *trust_anchors; + trie_t *negative_anchors; struct kr_zonecut root_hints; struct kr_cache cache; unsigned int cache_rtt_tout_retry_interval; @@ -446,10 +446,10 @@ void lru_free_items_impl(struct lru *); struct lru *lru_create_impl(unsigned int, unsigned int, knot_mm_t *, knot_mm_t *); void *lru_get_impl(struct lru *, const char *, unsigned int, unsigned int, _Bool, _Bool *); void *mm_realloc(knot_mm_t *, void *, size_t, size_t); -knot_rrset_t *kr_ta_get(map_t *, const knot_dname_t *); -int kr_ta_add(map_t *, const knot_dname_t *, uint16_t, uint32_t, const uint8_t *, uint16_t); -int kr_ta_del(map_t *, const knot_dname_t *); -void kr_ta_clear(map_t *); +knot_rrset_t *kr_ta_get(trie_t *, const knot_dname_t *); +int kr_ta_add(trie_t *, const knot_dname_t *, uint16_t, uint32_t, const uint8_t *, uint16_t); +int kr_ta_del(trie_t *, const knot_dname_t *); +void kr_ta_clear(trie_t *); _Bool kr_dnssec_key_ksk(const uint8_t *); _Bool kr_dnssec_key_revoked(const uint8_t *); int kr_dnssec_key_tag(uint16_t, const uint8_t *, size_t); diff --git a/daemon/lua/kres-gen-31.lua b/daemon/lua/kres-gen-31.lua index bcbd4a99c..9e864ccc4 100644 --- a/daemon/lua/kres-gen-31.lua +++ b/daemon/lua/kres-gen-31.lua @@ -354,8 +354,8 @@ struct kr_context { struct kr_qflags options; knot_rrset_t *downstream_opt_rr; knot_rrset_t *upstream_opt_rr; - map_t trust_anchors; - map_t negative_anchors; + trie_t *trust_anchors; + trie_t *negative_anchors; struct kr_zonecut root_hints; struct kr_cache cache; unsigned int cache_rtt_tout_retry_interval; @@ -446,10 +446,10 @@ void lru_free_items_impl(struct lru *); struct lru *lru_create_impl(unsigned int, unsigned int, knot_mm_t *, knot_mm_t *); void *lru_get_impl(struct lru *, const char *, unsigned int, unsigned int, _Bool, _Bool *); void *mm_realloc(knot_mm_t *, void *, size_t, size_t); -knot_rrset_t *kr_ta_get(map_t *, const knot_dname_t *); -int kr_ta_add(map_t *, const knot_dname_t *, uint16_t, uint32_t, const uint8_t *, uint16_t); -int kr_ta_del(map_t *, const knot_dname_t *); -void kr_ta_clear(map_t *); +knot_rrset_t *kr_ta_get(trie_t *, const knot_dname_t *); +int kr_ta_add(trie_t *, const knot_dname_t *, uint16_t, uint32_t, const uint8_t *, uint16_t); +int kr_ta_del(trie_t *, const knot_dname_t *); +void kr_ta_clear(trie_t *); _Bool kr_dnssec_key_ksk(const uint8_t *); _Bool kr_dnssec_key_revoked(const uint8_t *); int kr_dnssec_key_tag(uint16_t, const uint8_t *, size_t); diff --git a/daemon/zimport.c b/daemon/zimport.c index a523a64f9..83165a82c 100644 --- a/daemon/zimport.c +++ b/daemon/zimport.c @@ -654,7 +654,7 @@ int zi_zone_import(const zi_config_t config) goto zonemd; struct kr_context *resolver = &the_worker->engine->resolver; const knot_rrset_t * const ds = c->ds ? c->ds : - kr_ta_get(&resolver->trust_anchors, z_import->origin); + kr_ta_get(resolver->trust_anchors, z_import->origin); if (!ds) { if (!kr_ta_closest(resolver, z_import->origin, KNOT_RRTYPE_DNSKEY)) goto zonemd; // our TAs say we're insecure diff --git a/lib/dnssec/ta.c b/lib/dnssec/ta.c index 98dca5a5c..574563bec 100644 --- a/lib/dnssec/ta.c +++ b/lib/dnssec/ta.c @@ -16,9 +16,10 @@ #include "lib/resolve.h" #include "lib/utils.h" -knot_rrset_t *kr_ta_get(map_t *trust_anchors, const knot_dname_t *name) +knot_rrset_t *kr_ta_get(trie_t *trust_anchors, const knot_dname_t *name) { - return map_get(trust_anchors, (const char *)name); + trie_val_t *val = trie_get_try(trust_anchors, (const char *)name, strlen((const char *)name)); + return (val) ? *val : NULL; } const knot_dname_t * kr_ta_closest(const struct kr_context *ctx, const knot_dname_t *name, @@ -31,10 +32,10 @@ const knot_dname_t * kr_ta_closest(const struct kr_context *ctx, const knot_dnam } while (name) { struct kr_context *ctx_nc = (struct kr_context *)/*const-cast*/ctx; - if (kr_ta_get(&ctx_nc->trust_anchors, name)) { + if (kr_ta_get(ctx_nc->trust_anchors, name)) { return name; } - if (kr_ta_get(&ctx_nc->negative_anchors, name)) { + if (kr_ta_get(ctx_nc->negative_anchors, name)) { return NULL; } name = knot_wire_next_label(name, NULL); @@ -78,7 +79,7 @@ cleanup: } /* @internal Insert new TA to trust anchor set, rdata MUST be of DS type. */ -static int insert_ta(map_t *trust_anchors, const knot_dname_t *name, +static int insert_ta(trie_t *trust_anchors, const knot_dname_t *name, uint32_t ttl, const uint8_t *rdata, uint16_t rdlen) { bool is_new_key = false; @@ -93,12 +94,15 @@ static int insert_ta(map_t *trust_anchors, const knot_dname_t *name, return kr_error(ENOMEM); } if (is_new_key) { - return map_set(trust_anchors, (const char *)name, ta_rr); + trie_val_t *val = trie_get_ins(trust_anchors, (const char *)name, strlen((const char *)name)); + if (kr_fails_assert(val)) + return kr_error(EINVAL); + *val = ta_rr; } return kr_ok(); } -int kr_ta_add(map_t *trust_anchors, const knot_dname_t *name, uint16_t type, +int kr_ta_add(trie_t *trust_anchors, const knot_dname_t *name, uint16_t type, uint32_t ttl, const uint8_t *rdata, uint16_t rdlen) { if (!trust_anchors || !name) { @@ -124,27 +128,27 @@ int kr_ta_add(map_t *trust_anchors, const knot_dname_t *name, uint16_t type, } /* Delete record data */ -static int del_record(const char *k, void *v, void *ext) +static int del_record(trie_val_t *v, void *ext) { - knot_rrset_t *ta_rr = v; + knot_rrset_t *ta_rr = *v; if (ta_rr) { knot_rrset_free(ta_rr, NULL); } return 0; } -int kr_ta_del(map_t *trust_anchors, const knot_dname_t *name) +int kr_ta_del(trie_t *trust_anchors, const knot_dname_t *name) { - knot_rrset_t *ta_rr = kr_ta_get(trust_anchors, name); - if (ta_rr) { - del_record(NULL, ta_rr, NULL); - map_del(trust_anchors, (const char *)name); - } + knot_rrset_t *ta_rr; + int ret = trie_del(trust_anchors, (const char *)name, strlen((const char *)name), + (trie_val_t *) &ta_rr); + if (ret == KNOT_EOK && ta_rr) + knot_rrset_free(ta_rr, NULL); return kr_ok(); } -void kr_ta_clear(map_t *trust_anchors) +void kr_ta_clear(trie_t *trust_anchors) { - map_walk(trust_anchors, del_record, NULL); - map_clear(trust_anchors); + trie_apply(trust_anchors, del_record, NULL); + trie_clear(trust_anchors); } diff --git a/lib/dnssec/ta.h b/lib/dnssec/ta.h index f508e7c46..73292162d 100644 --- a/lib/dnssec/ta.h +++ b/lib/dnssec/ta.h @@ -5,7 +5,7 @@ #pragma once #include "lib/defines.h" -#include "lib/generic/map.h" +#include "lib/generic/trie.h" #include /** @@ -15,20 +15,20 @@ * @return non-empty RRSet or NULL */ KR_EXPORT -knot_rrset_t *kr_ta_get(map_t *trust_anchors, const knot_dname_t *name); +knot_rrset_t *kr_ta_get(trie_t *trust_anchors, const knot_dname_t *name); /** * Add TA to trust store. DS or DNSKEY types are supported. * @param trust_anchors trust store * @param name name of the TA * @param type RR type of the TA (DS or DNSKEY) - * @param ttl - * @param rdata - * @param rdlen + * @param ttl + * @param rdata + * @param rdlen * @return 0 or an error */ KR_EXPORT -int kr_ta_add(map_t *trust_anchors, const knot_dname_t *name, uint16_t type, +int kr_ta_add(trie_t *trust_anchors, const knot_dname_t *name, uint16_t type, uint32_t ttl, const uint8_t *rdata, uint16_t rdlen); struct kr_context; @@ -50,12 +50,12 @@ const knot_dname_t * kr_ta_closest(const struct kr_context *ctx, const knot_dnam * @return 0 or an error */ KR_EXPORT -int kr_ta_del(map_t *trust_anchors, const knot_dname_t *name); +int kr_ta_del(trie_t *trust_anchors, const knot_dname_t *name); /** * Clear trust store. * @param trust_anchors trust store */ KR_EXPORT -void kr_ta_clear(map_t *trust_anchors); +void kr_ta_clear(trie_t *trust_anchors); diff --git a/lib/resolve.c b/lib/resolve.c index 45030fb0c..7e18df3d1 100644 --- a/lib/resolve.c +++ b/lib/resolve.c @@ -918,8 +918,8 @@ static struct kr_query *zone_cut_subreq(struct kr_rplan *rplan, struct kr_query static int forward_trust_chain_check(struct kr_request *request, struct kr_query *qry, bool resume) { struct kr_rplan *rplan = &request->rplan; - map_t *trust_anchors = &request->ctx->trust_anchors; - map_t *negative_anchors = &request->ctx->negative_anchors; + trie_t *trust_anchors = request->ctx->trust_anchors; + trie_t *negative_anchors = request->ctx->negative_anchors; if (qry->parent != NULL && !(qry->forward_flags.CNAME) && @@ -1104,8 +1104,8 @@ static int forward_trust_chain_check(struct kr_request *request, struct kr_query static int trust_chain_check(struct kr_request *request, struct kr_query *qry) { struct kr_rplan *rplan = &request->rplan; - map_t *trust_anchors = &request->ctx->trust_anchors; - map_t *negative_anchors = &request->ctx->negative_anchors; + trie_t *trust_anchors = request->ctx->trust_anchors; + trie_t *negative_anchors = request->ctx->negative_anchors; /* Disable DNSSEC if it enters NTA. */ if (kr_ta_get(negative_anchors, qry->zone_cut.name)){ diff --git a/lib/resolve.h b/lib/resolve.h index f14e1430e..2a4a7ed75 100644 --- a/lib/resolve.h +++ b/lib/resolve.h @@ -161,8 +161,8 @@ struct kr_context knot_rrset_t *downstream_opt_rr; knot_rrset_t *upstream_opt_rr; - map_t trust_anchors; - map_t negative_anchors; + trie_t *trust_anchors; + trie_t *negative_anchors; struct kr_zonecut root_hints; struct kr_cache cache; unsigned cache_rtt_tout_retry_interval;