]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
Dump the signed zone in the text format at the end of dnssec-signzone
authorOndřej Surý <ondrej@isc.org>
Thu, 12 Jan 2023 15:36:43 +0000 (16:36 +0100)
committerOndřej Surý <ondrej@isc.org>
Sun, 22 Jan 2023 19:44:07 +0000 (20:44 +0100)
Instead of dumping the signed zone contents node by node during the
signing, dump the entire zone at the end.  This was already done for the
raw zone format, but it shows that the IO is better utilized when the
zone dump is done in one single write rather than in small chunks.

A side effect of dumping node by node was that all names were printed
relative to the zone origin rather than being grouped under different
$ORIGINs as would normally be the case when dumping a zone. Also, state
was not maintained from one node to the next regarding whether the CLASS
has already been printed, so it was always included with the first
record of each node.

Since dnssec-signzone uses the dns_master_style_explicittl text format
style, and is the only application that does so, we can revise that
style and add a new DNS_STYLEFLAG_CLASS_PERNAME flag to get the output
back to what it was before this change.

bin/dnssec/dnssec-signzone.c
lib/dns/include/dns/masterdump.h
lib/dns/masterdump.c

index b82b39342b3877a57416bb41b1875ff3feec376c..3f8367c4779569e81ba608554c3621db19d970a6 100644 (file)
@@ -117,12 +117,6 @@ static int nsec_datatype = dns_rdatatype_nsec;
 #define SOA_SERIAL_UNIXTIME  2
 #define SOA_SERIAL_DATE             3
 
-typedef struct signer_work swork_t;
-struct signer_work {
-       dns_fixedname_t *fname;
-       dns_dbnode_t *node;
-};
-
 static dns_dnsseckeylist_t keylist;
 static unsigned int keycount = 0;
 static isc_rwlock_t keylist_lock;
@@ -190,9 +184,6 @@ static bool no_max_check = false;
                UNLOCK(&statslock); \
        }
 
-static void
-sign(void *arg);
-
 /*%
  * Store a copy of 'name' in 'fzonecut' and return a pointer to that copy.
  */
@@ -215,14 +206,7 @@ dumpnode(dns_name_t *name, dns_dbnode_t *node) {
        isc_result_t result;
        unsigned int bufsize = 4096;
 
-       if (outputformat != dns_masterformat_text) {
-               return;
-       }
-
        if (!output_dnssec_only) {
-               result = dns_master_dumpnodetostream(mctx, gdb, gversion, node,
-                                                    name, masterstyle, outfp);
-               check_result(result, "dns_master_dumpnodetostream");
                return;
        }
 
@@ -273,6 +257,17 @@ dumpnode(dns_name_t *name, dns_dbnode_t *node) {
        dns_rdatasetiter_destroy(&iter);
 }
 
+static void
+lock_and_dumpnode(dns_name_t *name, dns_dbnode_t *node) {
+       if (!output_dnssec_only) {
+               return;
+       }
+
+       LOCK(&namelock);
+       dumpnode(name, node);
+       UNLOCK(&namelock);
+}
+
 /*%
  * Sign the given RRset with given key, and add the signature record to the
  * given tuple.
@@ -1500,47 +1495,6 @@ cleanup:
        return (result);
 }
 
-/*%
- * Delete any RRSIG records at a node.
- */
-static void
-cleannode(dns_db_t *db, dns_dbversion_t *dbversion, dns_dbnode_t *node) {
-       dns_rdatasetiter_t *rdsiter = NULL;
-       dns_rdataset_t set;
-       isc_result_t result, dresult;
-
-       if (outputformat != dns_masterformat_text || !disable_zone_check) {
-               return;
-       }
-
-       dns_rdataset_init(&set);
-       result = dns_db_allrdatasets(db, node, dbversion, 0, 0, &rdsiter);
-       check_result(result, "dns_db_allrdatasets");
-       result = dns_rdatasetiter_first(rdsiter);
-       while (result == ISC_R_SUCCESS) {
-               bool destroy = false;
-               dns_rdatatype_t covers = 0;
-               dns_rdatasetiter_current(rdsiter, &set);
-               if (set.type == dns_rdatatype_rrsig) {
-                       covers = set.covers;
-                       destroy = true;
-               }
-               dns_rdataset_disassociate(&set);
-               result = dns_rdatasetiter_next(rdsiter);
-               if (destroy) {
-                       dresult = dns_db_deleterdataset(db, node, dbversion,
-                                                       dns_rdatatype_rrsig,
-                                                       covers);
-                       check_result(dresult, "dns_db_deleterdataset");
-               }
-       }
-       if (result != ISC_R_NOMORE) {
-               fatal("rdataset iteration failed: %s",
-                     isc_result_totext(result));
-       }
-       dns_rdatasetiter_destroy(&rdsiter);
-}
-
 /*%
  * Set up the iterator and global state before starting the tasks.
  */
@@ -1579,10 +1533,7 @@ signapex(void) {
        result = dns_dbiterator_current(gdbiter, &node, name);
        check_dns_dbiterator_current(result);
        signname(node, name);
-       LOCK(&namelock);
        dumpnode(name, node);
-       UNLOCK(&namelock);
-       cleannode(gdb, gversion, node);
        dns_db_detachnode(gdb, &node);
        result = dns_dbiterator_first(gdbiter);
        if (result == ISC_R_NOMORE) {
@@ -1599,7 +1550,7 @@ signapex(void) {
  */
 static void
 assignwork(void *arg) {
-       dns_fixedname_t *fname = NULL;
+       dns_fixedname_t fname;
        dns_name_t *name = NULL;
        dns_dbnode_t *node = NULL;
        dns_rdataset_t nsec;
@@ -1608,7 +1559,6 @@ assignwork(void *arg) {
        static dns_name_t *zonecut = NULL; /* Protected by namelock. */
        static dns_fixedname_t fzonecut;   /* Protected by namelock. */
        static unsigned int ended = 0;     /* Protected by namelock. */
-       swork_t *swork = NULL;
 
        UNUSED(arg);
 
@@ -1622,11 +1572,11 @@ assignwork(void *arg) {
                if (ended == nloops) {
                        isc_loopmgr_shutdown(loopmgr);
                }
-               goto unlock;
+               UNLOCK(&namelock);
+               return;
        }
 
-       fname = isc_mem_get(mctx, sizeof(dns_fixedname_t));
-       name = dns_fixedname_initname(fname);
+       name = dns_fixedname_initname(&fname);
        node = NULL;
        found = false;
        while (!found) {
@@ -1698,50 +1648,21 @@ assignwork(void *arg) {
                if (ended == nloops) {
                        isc_loopmgr_shutdown(loopmgr);
                }
-               isc_mem_put(mctx, fname, sizeof(dns_fixedname_t));
-               goto unlock;
+               UNLOCK(&namelock);
+               return;
        }
 
-       swork = isc_mem_get(mctx, sizeof(*swork));
-       *swork = (swork_t){
-               .node = node,
-               .fname = fname,
-       };
-unlock:
        UNLOCK(&namelock);
-       if (swork != NULL) {
-               sign(swork);
-       }
-}
 
-/*%
- * Write a node to the output file, and restart the worker task.
- */
-static void
-writenode(swork_t *swork) {
-       LOCK(&namelock);
-       dumpnode(dns_fixedname_name(swork->fname), swork->node);
-       UNLOCK(&namelock);
-       cleannode(gdb, gversion, swork->node);
-       dns_db_detachnode(gdb, &swork->node);
-       isc_mem_put(mctx, swork->fname, sizeof(dns_fixedname_t));
-       isc_mem_put(mctx, swork, sizeof(*swork));
-       isc_job_run(loopmgr, assignwork, NULL);
-}
+       signname(node, dns_fixedname_name(&fname));
 
-/*%
- *  Sign a database node.
- */
-static void
-sign(void *arg) {
-       swork_t *swork = (swork_t *)arg;
-       dns_fixedname_t *fname = swork->fname;
-       dns_dbnode_t *node = swork->node;
-
-       signname(node, dns_fixedname_name(fname));
-       swork->node = node;
-       swork->fname = fname;
-       writenode(swork);
+       /*%
+        * Write a node to the output file, and restart the worker task.
+        */
+       lock_and_dumpnode(dns_fixedname_name(&fname), node);
+       dns_db_detachnode(gdb, &node);
+
+       isc_job_run(loopmgr, assignwork, NULL);
 }
 
 /*%
@@ -4039,7 +3960,7 @@ main(int argc, char *argv[]) {
                }
        }
 
-       if (outputformat != dns_masterformat_text) {
+       if (!output_dnssec_only) {
                dns_masterrawheader_t header;
                dns_master_initrawheader(&header);
                if (rawversion == 0U) {
@@ -4051,7 +3972,7 @@ main(int argc, char *argv[]) {
                result = dns_master_dumptostream(mctx, gdb, gversion,
                                                 masterstyle, outputformat,
                                                 &header, outfp);
-               check_result(result, "dns_master_dumptostream3");
+               check_result(result, "dns_master_dumptostream");
        }
 
        if (!output_stdout) {
index e20816e87d7970ff813f20247f7858e1d00601ef..973f31fafd8c82dfac25afa88c70ba492980bd1a 100644 (file)
@@ -114,6 +114,12 @@ typedef struct dns_master_style dns_master_style_t;
 /*% Print expired cache entries. */
 #define DNS_STYLEFLAG_EXPIRED 0x200000000ULL
 
+/*%
+ * If set concurrently with DNS_STYLEFLAG_OMIT_CLASS, the class will
+ * be included when printing a new name.
+ */
+#define DNS_STYLEFLAG_CLASS_PERNAME 0x400000000ULL
+
 ISC_LANG_BEGINDECLS
 
 /***
index 0c6aeb18d6a90969fb921d3209caf9abadf11a1b..d07919c41f1a14e391b77cd9dc706c71513c554b 100644 (file)
@@ -151,9 +151,8 @@ const dns_master_style_t dns_master_style_full = {
 
 const dns_master_style_t dns_master_style_explicitttl = {
        DNS_STYLEFLAG_OMIT_OWNER | DNS_STYLEFLAG_OMIT_CLASS |
-               DNS_STYLEFLAG_REL_OWNER | DNS_STYLEFLAG_REL_DATA |
-               DNS_STYLEFLAG_COMMENT | DNS_STYLEFLAG_RRCOMMENT |
-               DNS_STYLEFLAG_MULTILINE,
+               DNS_STYLEFLAG_CLASS_PERNAME | DNS_STYLEFLAG_COMMENT |
+               DNS_STYLEFLAG_RRCOMMENT | DNS_STYLEFLAG_MULTILINE,
        24,
        32,
        32,
@@ -1066,6 +1065,10 @@ dump_rdatasets_text(isc_mem_t *mctx, const dns_name_t *name,
                ctx->neworigin = NULL;
        }
 
+       if ((ctx->style.flags & DNS_STYLEFLAG_CLASS_PERNAME) != 0) {
+               ctx->class_printed = false;
+       }
+
 again:
        for (i = 0; itresult == ISC_R_SUCCESS && i < MAXSORT;
             itresult = dns_rdatasetiter_next(rdsiter), i++)