From: Witold Kręcicki <wpk@isc.org>
Date: Wed, 21 Nov 2018 15:57:08 +0000 (+0000)
Subject: Experiment: 'quick' dns_acl_match
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=e22707ebddcd2d3154272c2fab6a160c34568bc9;p=thirdparty%2Fbind9.git

Experiment: 'quick' dns_acl_match
---

diff --git a/lib/dns/acl.c b/lib/dns/acl.c
index f941512a463..f197e2a5de7 100644
--- a/lib/dns/acl.c
+++ b/lib/dns/acl.c
@@ -130,7 +130,7 @@ dns_acl_none(isc_mem_t *mctx, dns_acl_t **target) {
  * If pos is false, test whether acl is set to "{ none; }"
  */
 static bool
-dns_acl_isanyornone(dns_acl_t *acl, bool pos)
+dns_acl_isanyornone(const dns_acl_t *acl, bool pos)
 {
 	/* Should never happen but let's be safe */
 	if (acl == NULL ||
@@ -157,7 +157,7 @@ dns_acl_isanyornone(dns_acl_t *acl, bool pos)
  * Test whether acl is set to "{ any; }"
  */
 bool
-dns_acl_isany(dns_acl_t *acl)
+dns_acl_isany(const dns_acl_t *acl)
 {
 	return (dns_acl_isanyornone(acl, true));
 }
@@ -166,7 +166,7 @@ dns_acl_isany(dns_acl_t *acl)
  * Test whether acl is set to "{ none; }"
  */
 bool
-dns_acl_isnone(dns_acl_t *acl)
+dns_acl_isnone(const dns_acl_t *acl)
 {
 	return (dns_acl_isanyornone(acl, false));
 }
@@ -198,6 +198,20 @@ dns_acl_match(const isc_netaddr_t *reqaddr,
 	REQUIRE(reqaddr != NULL);
 	REQUIRE(matchelt == NULL || *matchelt == NULL);
 
+	/*
+	 * We don't care about matchelt, see if maybe that's 'any' or 'none'
+	 * ACL to speed things up.
+	 */
+	if (matchelt == NULL) {
+		if (dns_acl_isany(acl)) {
+			*match = 1;
+			return (ISC_R_SUCCESS);
+		} else if (dns_acl_isnone(acl)) {
+			*match = -1;
+			return (ISC_R_SUCCESS);
+		}
+	}
+
 	if (env != NULL && env->match_mapped &&
 	    addr->family == AF_INET6 &&
 	    IN6_IS_ADDR_V4MAPPED(&addr->type.in6))
diff --git a/lib/dns/include/dns/acl.h b/lib/dns/include/dns/acl.h
index 47e2d85aa19..f809bd5b168 100644
--- a/lib/dns/include/dns/acl.h
+++ b/lib/dns/include/dns/acl.h
@@ -130,13 +130,13 @@ dns_acl_none(isc_mem_t *mctx, dns_acl_t **target);
  */
 
 bool
-dns_acl_isany(dns_acl_t *acl);
+dns_acl_isany(const dns_acl_t *acl);
 /*%<
  * Test whether ACL is set to "{ any; }"
  */
 
 bool
-dns_acl_isnone(dns_acl_t *acl);
+dns_acl_isnone(const dns_acl_t *acl);
 /*%<
  * Test whether ACL is set to "{ none; }"
  */