File: negcache.cc

package info (click to toggle)
pdns-recursor 4.1.11-1+deb10u1
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 7,936 kB
  • sloc: cpp: 54,211; javascript: 26,587; sh: 11,872; makefile: 453; xml: 37
file content (198 lines) | stat: -rw-r--r-- 6,543 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
/*
 * This file is part of PowerDNS or dnsdist.
 * Copyright -- PowerDNS.COM B.V. and its contributors
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * In addition, for the avoidance of any doubt, permission is granted to
 * link this program with OpenSSL and to (re)distribute the binaries
 * produced as the result of such linking.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
#include <cinttypes>

#include "negcache.hh"
#include "misc.hh"
#include "cachecleaner.hh"

/*!
 * Set ne to the NegCacheEntry for the last label in qname and return true if there
 * was one.
 *
 * \param qname    The name to look up (only the last label is used)
 * \param now      A timeval with the current time, to check if an entry is expired
 * \param ne       A NegCacheEntry that is filled when there is a cache entry
 * \return         true if ne was filled out, false otherwise
 */
bool NegCache::getRootNXTrust(const DNSName& qname, const struct timeval& now, NegCacheEntry& ne) {
  // Never deny the root.
  if (qname.isRoot())
    return false;

  // An 'ENT' QType entry, used as "whole name" in the neg-cache context.
  static const QType qtnull(0);
  DNSName lastLabel = qname.getLastLabel();
  negcache_t::const_iterator ni = d_negcache.find(tie(lastLabel, qtnull));

  while (ni != d_negcache.end() &&
         ni->d_name == lastLabel &&
         ni->d_auth.isRoot() &&
         ni->d_qtype == qtnull) {
    // We have something
    if ((uint32_t)now.tv_sec < ni->d_ttd) {
      ne = *ni;
      moveCacheItemToBack(d_negcache, ni);
      return true;
    }
    moveCacheItemToFront(d_negcache, ni);
    ni++;
  }
  return false;
}

/*!
 * Set ne to the NegCacheEntry for the qname|qtype tuple and return true
 *
 * \param qname    The name to look up
 * \param qtype    The qtype to look up
 * \param now      A timeval with the current time, to check if an entry is expired
 * \param ne       A NegCacheEntry that is filled when there is a cache entry
 * \return         true if ne was filled out, false otherwise
 */
bool NegCache::get(const DNSName& qname, const QType& qtype, const struct timeval& now, NegCacheEntry& ne, bool typeMustMatch) {
  auto range = d_negcache.equal_range(tie(qname));
  negcache_t::iterator ni = range.first;

  while (ni != range.second) {
    // We have an entry
    if ((!typeMustMatch && ni->d_qtype.getCode() == 0) || ni->d_qtype == qtype) {
      // We match the QType or the whole name is denied
      if((uint32_t) now.tv_sec < ni->d_ttd) {
        // Not expired
        ne = *ni;
        moveCacheItemToBack(d_negcache, ni);
        return true;
      }
      // expired
      moveCacheItemToFront(d_negcache, ni);
    }
    ni++;
  }
  return false;
}

/*!
 * Places ne into the negative cache, possibly overriding an existing entry.
 *
 * \param ne The NegCacheEntry to add to the cache
 */
void NegCache::add(const NegCacheEntry& ne) {
  replacing_insert(d_negcache, ne);
}

/*!
 * Update the validation state of an existing entry with the provided state.
 *
 * \param qname The name of the entry to replace
 * \param qtype The type of the entry to replace
 * \param newState The new validation state
 */
void NegCache::updateValidationStatus(const DNSName& qname, const QType& qtype, const vState newState) {
  auto range = d_negcache.equal_range(tie(qname, qtype));

  if (range.first != range.second) {
    range.first->d_validationState = newState;
  }
}

/*!
 * Returns the amount of entries in the cache
 *
 * \param qname The name of the entries to be counted
 */
uint64_t NegCache::count(const DNSName& qname) const {
  return d_negcache.count(tie(qname));
}

/*!
 * Returns the amount of entries in the cache for qname+qtype
 *
 * \param qname The name of the entries to be counted
 * \param qtype The type of the entries to be counted
 */
uint64_t NegCache::count(const DNSName& qname, const QType qtype) const {
  return d_negcache.count(tie(qname, qtype));
}

/*!
 * Remove all entries for name from the cache. If subtree is true, wipe all names
 * underneath it.
 *
 * \param name    The DNSName of the entries to wipe
 * \param subtree Should all entries under name be removed?
 */
uint64_t NegCache::wipe(const DNSName& name, bool subtree) {
  uint64_t ret(0);
  if (subtree) {
    for (auto i = d_negcache.lower_bound(tie(name)); i != d_negcache.end();) {
      if(!i->d_name.isPartOf(name))
        break;
      i = d_negcache.erase(i);
      ret++;
    }
    return ret;
  }

  ret = count(name);
  auto range = d_negcache.equal_range(tie(name));
  d_negcache.erase(range.first, range.second);
  return ret;
}

/*!
 * Clear the negative cache
 */
void NegCache::clear() {
  d_negcache.clear();
}

/*!
 * Perform some cleanup in the cache, removing stale entries
 *
 * \param maxEntries The maximum number of entries that may exist in the cache.
 */
void NegCache::prune(unsigned int maxEntries) {
  pruneCollection(*this, d_negcache, maxEntries, 200);
}

/*!
 * Writes the whole negative cache to fp
 *
 * \param fp A pointer to an open FILE object
 */
uint64_t NegCache::dumpToFile(FILE* fp) {
  uint64_t ret(0);
  time_t now = time(0);
  negcache_sequence_t& sidx = d_negcache.get<1>();
  for(const NegCacheEntry& ne : sidx) {
    ret++;
    fprintf(fp, "%s %d IN %s VIA %s ; (%s)\n", ne.d_name.toString().c_str(), (unsigned int) (ne.d_ttd - now), ne.d_qtype.getName().c_str(), ne.d_auth.toString().c_str(), vStates[ne.d_validationState]);
    for (const auto& rec : ne.DNSSECRecords.records) {
      fprintf(fp, "%s %" PRId64 " IN %s %s ; (%s)\n", ne.d_name.toString().c_str(), static_cast<int64_t>(ne.d_ttd - now), DNSRecordContent::NumberToType(rec.d_type).c_str(), rec.d_content->getZoneRepresentation().c_str(), vStates[ne.d_validationState]);
    }
    for (const auto& sig : ne.DNSSECRecords.signatures) {
      fprintf(fp, "%s %" PRId64 " IN RRSIG %s ;\n", ne.d_name.toString().c_str(), static_cast<int64_t>(ne.d_ttd - now), sig.d_content->getZoneRepresentation().c_str());
    }
  }
  return ret;
}