opt-out nitpicks, eradicate kr_rank_test_noassert

diff --git a/lib/cache/api.c b/lib/cache/api.c
index 64e8704b3cd4bb1e9751e9df462b5d6e7ab472cc..0fa6f577069b2f674f6cef4c306292b95d4de824 100644 (file)
--- a/lib/cache/api.c
+++ b/lib/cache/api.c
@@ -204,16 +204,11 @@ struct entry_h * entry_h_consistent(knot_db_val_t data, uint16_t type)
        }
 
        bool ok = true;
-       ok = ok && (!kr_rank_test_noassert(eh->rank, KR_RANK_BOGUS)
+       ok = ok && kr_rank_check(eh->rank);
+       ok = ok && (!kr_rank_test(eh->rank, KR_RANK_BOGUS)
                    || eh->is_packet);
        ok = ok && (eh->is_packet || !eh->has_optout);
 
-       /* doesn't hold, because of temporary NSEC3 packet caching
-       if (eh->is_packet)
-               ok = ok && !kr_rank_test(eh->rank, KR_RANK_SECURE);
-       */
-
-       //LATER: rank sanity
        return ok ? /*const-cast*/(struct entry_h *)eh : NULL;
 }
 

diff --git a/lib/cache/entry_pkt.c b/lib/cache/entry_pkt.c
index cf72e5a05c177891923124026dc3abea8d3143c3..bfbfce1e2ed176bad4d64b3d41fc8282dc313fbe 100644 (file)
--- a/lib/cache/entry_pkt.c
+++ b/lib/cache/entry_pkt.c
@@ -68,11 +68,12 @@ void stash_pkt(const knot_pkt_t *pkt, const struct kr_query *qry,
        const bool is_negative = kr_response_classify(pkt)
                                & (PKT_NODATA|PKT_NXDOMAIN);
        const struct kr_qflags * const qf = &qry->flags;
-       const bool want_pkt = qf->DNSSEC_BOGUS
-               || (is_negative && (qf->DNSSEC_INSECURE || !qf->DNSSEC_WANT));
+       const bool want_negative = qf->DNSSEC_INSECURE || !qf->DNSSEC_WANT || has_optout;
+       const bool want_pkt = qf->DNSSEC_BOGUS /*< useful for +cd answers */
+                               || (is_negative && want_negative);
 
-       if (!(want_pkt || has_optout) || !knot_wire_get_aa(pkt->wire)
-           || pkt->parsed != pkt->size /* malformed packet; still can't detect KNOT_EFEWDATA */
+       if (!want_pkt || !knot_wire_get_aa(pkt->wire)
+           || pkt->parsed != pkt->size /*< malformed packet; still can't detect KNOT_EFEWDATA */
           ) {
                return;
        }
@@ -94,7 +95,6 @@ void stash_pkt(const knot_pkt_t *pkt, const struct kr_query *qry,
                } else if (!qf->DNSSEC_WANT) {
                        /* no TAs at all, leave _RANK_AUTH */
                } else if (has_optout) {
-                       /* FIXME XXX review OPTOUT in this function again! */
                        /* All bad cases should be filtered above,
                         * at least the same way as pktcache in kresd 1.5.x. */
                        kr_rank_set(&rank, KR_RANK_SECURE);

diff --git a/lib/cache/impl.h b/lib/cache/impl.h
index 0a1aff1deba88763962513ac5c6272ce029f1809..74271315e620d6c5eb11cb7d87750eac4beee6d7 100644 (file)
--- a/lib/cache/impl.h
+++ b/lib/cache/impl.h
@@ -53,7 +53,7 @@ struct entry_h {
        uint32_t ttl;   /**< TTL at inception moment.  Assuming it fits into int32_t ATM. */
        uint8_t  rank : 6;      /**< See enum kr_rank */
        bool is_packet : 1;     /**< Negative-answer packet for insecure/bogus name. */
-       bool has_optout : 1;    /**< Only for packets with NSEC3. */
+       bool has_optout : 1;    /**< Only for packets; persisted DNSSEC_OPTOUT. */
        uint8_t data[];
 };
 struct entry_apex;
@@ -237,7 +237,8 @@ void entry_list_memcpy(struct entry_apex *ea, entry_list_t list);
 
 /* Packet caching; implementation in ./entry_pkt.c */
 
-/** Stash the packet into cache (if suitable, etc.) */
+/** Stash the packet into cache (if suitable, etc.)
+ * \param has_optout whether the packet contains an opt-out NSEC3 */
 void stash_pkt(const knot_pkt_t *pkt, const struct kr_query *qry,
                const struct kr_request *req, bool has_optout);
 

diff --git a/lib/cache/nsec1.c b/lib/cache/nsec1.c
index b7feea7dfb4dd222e141066cc2f6e18565dc2d94..ee225e7c017424e46dbf7bcb55da5a16e014941e 100644 (file)
--- a/lib/cache/nsec1.c
+++ b/lib/cache/nsec1.c
@@ -180,7 +180,7 @@ static const char * find_leq_NSEC1(struct kr_cache *cache, const struct kr_query
         * have it reconstructed at this point. */
        int32_t new_ttl_ = get_new_ttl(eh, qry, k->zname, KNOT_RRTYPE_NSEC,
                                        qry->timestamp.tv_sec);
-       if (new_ttl_ < 0 || !kr_rank_test_noassert(eh->rank, KR_RANK_SECURE)) {
+       if (new_ttl_ < 0 || !kr_rank_test(eh->rank, KR_RANK_SECURE)) {
                return "range search found stale or insecure entry";
                /* TODO: remove the stale record *and* retry,
                 * in case we haven't run off.  Perhaps start by in_zone check. */

diff --git a/lib/cache/nsec3.c b/lib/cache/nsec3.c
index b2077d6f52c28421bd285c082e0d2633b640092a..7d503acb761121cbfc01a395afe749ff7872fd2e 100644 (file)
--- a/lib/cache/nsec3.c
+++ b/lib/cache/nsec3.c
@@ -182,7 +182,7 @@ static const char * find_leq_NSEC3(struct kr_cache *cache, const struct kr_query
        /* Passing just zone name instead of owner. */
        int32_t new_ttl_ = get_new_ttl(eh, qry, k->zname, KNOT_RRTYPE_NSEC3,
                                        qry->timestamp.tv_sec);
-       if (new_ttl_ < 0 || !kr_rank_test_noassert(eh->rank, KR_RANK_SECURE)) {
+       if (new_ttl_ < 0 || !kr_rank_test(eh->rank, KR_RANK_SECURE)) {
                return "range search found stale or insecure entry";
                /* TODO: remove the stale record *and* retry,
                 * in case we haven't run off.  Perhaps start by in_zone check. */

diff --git a/lib/resolve.h b/lib/resolve.h
index dbfbe9759abcdd7dd340ed6c485a7d03e1756e9f..95598e80b11fdc6a396f8604381a4802fb7c9fba 100644 (file)
--- a/lib/resolve.h
+++ b/lib/resolve.h
@@ -121,10 +121,10 @@ enum kr_rank {
 /** Check that a rank value is valid.  Meant for assertions. */
 bool kr_rank_check(uint8_t rank) KR_PURE;
 
-/** kr_rank_test() except that `rank` may be rubbish (don't assert that). */
-static inline bool kr_rank_test_noassert(uint8_t rank, uint8_t kr_flag)
+/** Test the presence of any flag/state in a rank, i.e. including KR_RANK_AUTH. */
+static inline bool kr_rank_test(uint8_t rank, uint8_t kr_flag)
 {
-       assert(kr_rank_check(kr_flag));
+       assert(kr_rank_check(rank) && kr_rank_check(kr_flag));
        if (kr_flag == KR_RANK_AUTH) {
                return rank & KR_RANK_AUTH;
        }
@@ -132,12 +132,6 @@ static inline bool kr_rank_test_noassert(uint8_t rank, uint8_t kr_flag)
        /* The rest are exclusive values - exactly one has to be set. */
        return (rank & ~KR_RANK_AUTH) == kr_flag;
 }
-/** Test the presence of any flag/state in a rank, i.e. including KR_RANK_AUTH. */
-static inline bool kr_rank_test(uint8_t rank, uint8_t kr_flag)
-{
-       assert(kr_rank_check(rank));
-       return kr_rank_test_noassert(rank, kr_flag);
-}
 
 /** Set the rank state. The _AUTH flag is kept as it was. */
 static inline void kr_rank_set(uint8_t *rank, uint8_t kr_flag)