From 7f9aa6734a133cf0014062853ad2be3e82945e68 Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Mon, 2 Sep 2019 15:17:25 +0200
Subject: [PATCH] - ipset: refactor long routine into three smaller ones.

---
 doc/Changelog |   1 +
 ipset/ipset.c | 137 ++++++++++++++++++++++++++++----------------------
 2 files changed, 79 insertions(+), 59 deletions(-)

diff --git a/doc/Changelog b/doc/Changelog
index 33ab8096a..a3005b91e 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,5 +1,6 @@
 2 September 2019: Wouter
 	- ipset module #28: log that an address is added, when verbosity high.
+	- ipset: refactor long routine into three smaller ones.
 
 23 August 2019: Wouter
 	- Fix contrib/fastrpz.patch asprintf return value checks.
diff --git a/ipset/ipset.c b/ipset/ipset.c
index ec62cc356..f6e2c4a9d 100755
--- a/ipset/ipset.c
+++ b/ipset/ipset.c
@@ -97,29 +97,93 @@ static int add_to_ipset(struct mnl_socket *mnl, const char *setname, const void
 	return 0;
 }
 
-static int ipset_update(struct module_env *env, struct dns_msg *return_msg, struct ipset_env *ie) {
+static void
+ipset_add_rrset_data(struct ipset_env *ie, struct mnl_socket *mnl,
+	struct packed_rrset_data *d, const char* setname, int af,
+	const char* dname)
+{
 	int ret;
+	size_t j, rr_len, rd_len;
+	uint8_t *rr_data;
 
-	struct mnl_socket *mnl;
-
-	size_t i, j;
-
-	const char *setname;
-
-	struct ub_packed_rrset_key *rrset;
-	struct packed_rrset_data *d;
+	/* to d->count, not d->rrsig_count, because we do not want to add the RRSIGs, only the addresses */
+	for (j = 0; j < d->count; j++) {
+		rr_len = d->rr_len[j];
+		rr_data = d->rr_data[j];
+
+		rd_len = sldns_read_uint16(rr_data);
+		if(af == AF_INET && rd_len != INET_SIZE)
+			continue;
+		if(af == AF_INET6 && rd_len != INET6_SIZE)
+			continue;
+		if (rr_len - 2 >= rd_len) {
+			if(verbosity >= VERB_QUERY) {
+				char ip[128];
+				if(inet_ntop(af, rr_data+2, ip, (socklen_t)sizeof(ip)) == 0)
+					snprintf(ip, sizeof(ip), "(inet_ntop_error)");
+				verbose(VERB_QUERY, "ipset: add %s to %s for %s", ip, setname, dname);
+			}
+			ret = add_to_ipset(mnl, setname, rr_data + 2, af);
+			if (ret < 0) {
+				log_err("ipset: could not add %s into %s", dname, setname);
 
-	int af;
+				mnl_socket_close(mnl);
+				ie->mnl = NULL;
+				break;
+			}
+		}
+	}
+}
 
+static int
+ipset_check_zones_for_rrset(struct module_env *env, struct ipset_env *ie,
+	struct mnl_socket *mnl, struct ub_packed_rrset_key *rrset,
+	const char *setname, int af)
+{
 	static char dname[BUFF_LEN];
 	const char *s;
 	int dlen, plen;
 
 	struct config_strlist *p;
+	struct packed_rrset_data *d;
 
-	size_t rr_len, rd_len;
+	dlen = sldns_wire2str_dname_buf(rrset->rk.dname, rrset->rk.dname_len, dname, BUFF_LEN);
+	if (dlen == 0) {
+		log_err("bad domain name");
+		return -1;
+	}
+	if (dname[dlen - 1] == '.') {
+		dlen--;
+	}
+
+	for (p = env->cfg->local_zones_ipset; p; p = p->next) {
+		plen = strlen(p->str);
+
+		if (dlen >= plen) {
+			s = dname + (dlen - plen);
+
+			if (strncasecmp(p->str, s, plen) == 0) {
+				d = (struct packed_rrset_data*)rrset->entry.data;
+				ipset_add_rrset_data(ie, mnl, d, setname,
+					af, dname);
+				break;
+			}
+		}
+	}
+	return 0;
+}
+
+static int ipset_update(struct module_env *env, struct dns_msg *return_msg, struct ipset_env *ie) {
+	struct mnl_socket *mnl;
+
+	size_t i;
+
+	const char *setname;
+
+	struct ub_packed_rrset_key *rrset;
+
+	int af;
 
-	uint8_t *rr_data;
 
 	mnl = (struct mnl_socket *)ie->mnl;
 	if (!mnl) {
@@ -150,54 +214,9 @@ static int ipset_update(struct module_env *env, struct dns_msg *return_msg, stru
 		}
 
 		if (setname) {
-			dlen = sldns_wire2str_dname_buf(rrset->rk.dname, rrset->rk.dname_len, dname, BUFF_LEN);
-			if (dlen == 0) {
-				log_err("bad domain name");
+			if(ipset_check_zones_for_rrset(env, ie, mnl, rrset,
+				setname, af) == -1)
 				return -1;
-			}
-			if (dname[dlen - 1] == '.') {
-				dlen--;
-			}
-
-			for (p = env->cfg->local_zones_ipset; p; p = p->next) {
-				plen = strlen(p->str);
-
-				if (dlen >= plen) {
-					s = dname + (dlen - plen);
-
-					if (strncasecmp(p->str, s, plen) == 0) {
-						d = (struct packed_rrset_data*)rrset->entry.data;
-						/* to d->count, not d->rrsig_count, because we do not want to add the RRSIGs, only the addresses */
-						for (j = 0; j < d->count; j++) {
-							rr_len = d->rr_len[j];
-							rr_data = d->rr_data[j];
-
-							rd_len = sldns_read_uint16(rr_data);
-							if(af == AF_INET && rd_len != INET_SIZE)
-								continue;
-							if(af == AF_INET6 && rd_len != INET6_SIZE)
-								continue;
-							if (rr_len - 2 >= rd_len) {
-								if(verbosity >= VERB_QUERY) {
-									char ip[128];
-									if(inet_ntop(af, rr_data+2, ip, (socklen_t)sizeof(ip)) == 0)
-										snprintf(ip, sizeof(ip), "(inet_ntop_error)");
-									verbose(VERB_QUERY, "ipset: add %s to %s for %s", ip, setname, dname);
-								}
-								ret = add_to_ipset(mnl, setname, rr_data + 2, af);
-								if (ret < 0) {
-									log_err("ipset: could not add %s into %s", dname, setname);
-
-									mnl_socket_close(mnl);
-									ie->mnl = NULL;
-									break;
-								}
-							}
-						}
-						break;
-					}
-				}
-			}
 		}
 	}
 
-- 
2.47.3