Embed algorithm in key tag counter

Key tags are not unique across algorithms.

diff --git a/lib/dns/include/dns/stats.h b/lib/dns/include/dns/stats.h
index 79c3fe70a0011695664cc5a77387b3656f431667..2883a31d389a3eb7bfc1ef20aee9c087e751615d 100644 (file)
--- a/lib/dns/include/dns/stats.h
+++ b/lib/dns/include/dns/stats.h
@@ -684,7 +684,7 @@ dns_rcodestats_increment(dns_stats_t *stats, dns_opcode_t code);
  */
 
 void
-dns_dnssecsignstats_increment(dns_stats_t *stats, dns_keytag_t id,
+dns_dnssecsignstats_increment(dns_stats_t *stats, dns_keytag_t id, uint8_t alg,
                              bool refresh);
 /*%<
  * Increment the statistics counter for the DNSKEY 'id'. If 'refresh' is set

diff --git a/lib/dns/stats.c b/lib/dns/stats.c
index 711cf880b5643690aa82382471c6c11b653d802b..1b3ef4d24d6b2dd583b6f3c1717ecc913ea502d2 100644 (file)
--- a/lib/dns/stats.c
+++ b/lib/dns/stats.c
@@ -104,8 +104,8 @@ typedef enum {
 
 /* Maximum number of keys to keep track of for DNSSEC signing statistics. */
 static int dnssec_max_keys = 4;
-/* Attribute to signal whether a counter is actually a key id. */
-#define DNSSECSIGNSTATS_IS_KEY 0x10000
+/* Key id mask */
+#define DNSSECSIGNSTATS_KEY_ID_MASK 0x0000FFFF
 /* DNSSEC sign operation (sign or refresh) */
 #define DNSSECSIGNSTATS_SIGN   1
 #define DNSSECSIGNSTATS_REFRESH 2
@@ -360,15 +360,15 @@ dns_rcodestats_increment(dns_stats_t *stats, dns_rcode_t code) {
 }
 
 void
-dns_dnssecsignstats_increment(dns_stats_t *stats, dns_keytag_t id,
+dns_dnssecsignstats_increment(dns_stats_t *stats, dns_keytag_t id, uint8_t alg,
                              bool refresh) {
        isc_statscounter_t operation = DNSSECSIGNSTATS_SIGN;
        uint32_t kval;
 
        REQUIRE(DNS_STATS_VALID(stats) && stats->type == dns_statstype_dnssec);
 
-       kval = (uint32_t)id;
-       kval |= DNSSECSIGNSTATS_IS_KEY;
+       /* Shift algorithm in front of key tag, which is 16 bits */
+       kval = (uint32_t)(alg << 16 | id);
 
        /* What operation are we counting? */
        if (refresh) {
@@ -551,8 +551,7 @@ dnssec_statsdump(isc_stats_t *stats, bool refresh, isc_stats_dumper_t dump_fn,
                        continue;
                }
 
-               id = (dns_keytag_t)kval;
-               id &= ~DNSSECSIGNSTATS_IS_KEY;
+               id = (dns_keytag_t)kval & DNSSECSIGNSTATS_KEY_ID_MASK;
 
                dump_fn((isc_statscounter_t)id, val, arg);
        }

diff --git a/lib/dns/update.c b/lib/dns/update.c
index 476c3e4b1725008748fb91aac892562e5dbe6427..657cc777b0e3aa85223e32f3b01dca2241f68b5a 100644 (file)
--- a/lib/dns/update.c
+++ b/lib/dns/update.c
@@ -1117,6 +1117,7 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
 
 #define REVOKE(x) ((dst_key_flags(x) & DNS_KEYFLAG_REVOKE) != 0)
 #define KSK(x)   ((dst_key_flags(x) & DNS_KEYFLAG_KSK) != 0)
+#define ID(x)    dst_key_id(x)
 #define ALG(x)   dst_key_alg(x)
 
        /*
@@ -1260,7 +1261,8 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
                /* Update DNSSEC sign statistics. */
                if (dnssecsignstats != NULL) {
                        dns_dnssecsignstats_increment(
-                               dnssecsignstats, dst_key_id(keys[i]), false);
+                               dnssecsignstats, ID(keys[i]),
+                               (uint8_t)ALG(keys[i]), false);
                }
        }
        if (!added_sig) {

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 23c8a5f92b7c7458663d11528d10dfa4b2ef026f..273aa3c5912dd5f9837bec1896d2a47dcbd7b0a7 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -120,6 +120,7 @@
  */
 #define REVOKE(x) ((dst_key_flags(x) & DNS_KEYFLAG_REVOKE) != 0)
 #define KSK(x)   ((dst_key_flags(x) & DNS_KEYFLAG_KSK) != 0)
+#define ID(x)    dst_key_id(x)
 #define ALG(x)   dst_key_alg(x)
 
 /*
@@ -6923,10 +6924,12 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_zone_t *zone,
                if (dnssecsignstats != NULL) {
                        /* Generated a new signature. */
                        dns_dnssecsignstats_increment(
-                               dnssecsignstats, dst_key_id(keys[i]), false);
+                               dnssecsignstats, ID(keys[i]),
+                               (uint8_t)ALG(keys[i]), false);
                        /* This is a refresh. */
                        dns_dnssecsignstats_increment(
-                               dnssecsignstats, dst_key_id(keys[i]), true);
+                               dnssecsignstats, ID(keys[i]),
+                               (uint8_t)ALG(keys[i]), true);
                }
        }
 
@@ -7507,11 +7510,11 @@ sign_a_node(dns_db_t *db, dns_zone_t *zone, dns_name_t *name,
                dnssecsignstats = dns_zone_getdnssecsignstats(zone);
                if (dnssecsignstats != NULL) {
                        /* Generated a new signature. */
-                       dns_dnssecsignstats_increment(dnssecsignstats,
-                                                     dst_key_id(key), false);
+                       dns_dnssecsignstats_increment(dnssecsignstats, ID(key),
+                                                     ALG(key), false);
                        /* This is a refresh. */
-                       dns_dnssecsignstats_increment(dnssecsignstats,
-                                                     dst_key_id(key), true);
+                       dns_dnssecsignstats_increment(dnssecsignstats, ID(key),
+                                                     ALG(key), true);
                }
 
                (*signatures)--;