Experiment: 'quick' dns_acl_match

author Witold Kręcicki <wpk@isc.org>

Wed, 21 Nov 2018 15:57:08 +0000 (15:57 +0000)

committer Witold Kręcicki <wpk@isc.org>

Wed, 21 Nov 2018 16:35:15 +0000 (16:35 +0000)
author Witold Kręcicki <wpk@isc.org>
Wed, 21 Nov 2018 15:57:08 +0000 (15:57 +0000)
committer Witold Kręcicki <wpk@isc.org>
Wed, 21 Nov 2018 16:35:15 +0000 (16:35 +0000)
diff --git a/lib/dns/acl.c b/lib/dns/acl.c

index f941512a463baa183f1ca0ca77fc45ea6ae77124..f197e2a5de74b5a7c0ee35dc3e4f14c8028fc648 100644 (file)
--- a/lib/dns/acl.c
+++ b/lib/dns/acl.c
@@ -130,7 +130,7 @@ dns_acl_none(isc_mem_t *mctx, dns_acl_t **target) {
   * If pos is false, test whether acl is set to "{ none; }"
   */
  static bool
-dns_acl_isanyornone(dns_acl_t *acl, bool pos)
+dns_acl_isanyornone(const dns_acl_t *acl, bool pos)
  {
         /* Should never happen but let's be safe */
         if (acl == NULL ||
@@ -157,7 +157,7 @@ dns_acl_isanyornone(dns_acl_t *acl, bool pos)
   * Test whether acl is set to "{ any; }"
   */
  bool
-dns_acl_isany(dns_acl_t *acl)
+dns_acl_isany(const dns_acl_t *acl)
  {
         return (dns_acl_isanyornone(acl, true));
  }
@@ -166,7 +166,7 @@ dns_acl_isany(dns_acl_t *acl)
   * Test whether acl is set to "{ none; }"
   */
  bool
-dns_acl_isnone(dns_acl_t *acl)
+dns_acl_isnone(const dns_acl_t *acl)
  {
         return (dns_acl_isanyornone(acl, false));
  }
@@ -198,6 +198,20 @@ dns_acl_match(const isc_netaddr_t *reqaddr,
         REQUIRE(reqaddr != NULL);
         REQUIRE(matchelt == NULL || *matchelt == NULL);
  
+       /*
+        * We don't care about matchelt, see if maybe that's 'any' or 'none'
+        * ACL to speed things up.
+        */
+       if (matchelt == NULL) {
+               if (dns_acl_isany(acl)) {
+                       *match = 1;
+                       return (ISC_R_SUCCESS);
+               } else if (dns_acl_isnone(acl)) {
+                       *match = -1;
+                       return (ISC_R_SUCCESS);
+               }
+       }
+
         if (env != NULL && env->match_mapped &&
             addr->family == AF_INET6 &&
             IN6_IS_ADDR_V4MAPPED(&addr->type.in6))
diff --git a/lib/dns/include/dns/acl.h b/lib/dns/include/dns/acl.h

index 47e2d85aa19c31c5efbf946149d15b6bcda41b6d..f809bd5b1688ecc2d9ec92f37014fa405d490eee 100644 (file)
--- a/lib/dns/include/dns/acl.h
+++ b/lib/dns/include/dns/acl.h
@@ -130,13 +130,13 @@ dns_acl_none(isc_mem_t *mctx, dns_acl_t **target);
   */
  
  bool
-dns_acl_isany(dns_acl_t *acl);
+dns_acl_isany(const dns_acl_t *acl);
  /*%<
   * Test whether ACL is set to "{ any; }"
   */
  
  bool
-dns_acl_isnone(dns_acl_t *acl);
+dns_acl_isnone(const dns_acl_t *acl);
  /*%<
   * Test whether ACL is set to "{ none; }"
   */
author	Witold Kręcicki <wpk@isc.org>
	Wed, 21 Nov 2018 15:57:08 +0000 (15:57 +0000)
committer	Witold Kręcicki <wpk@isc.org>
	Wed, 21 Nov 2018 16:35:15 +0000 (16:35 +0000)
lib/dns/acl.c		patch \| blob \| blame \| history
lib/dns/include/dns/acl.h		patch \| blob \| blame \| history