nta.c 16.4 KB
Newer Older
Evan Hunt's avatar
Evan Hunt committed
1
/*
2
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
Evan Hunt's avatar
Evan Hunt committed
3
 *
4
5
6
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
7
8
9
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
Evan Hunt's avatar
Evan Hunt committed
10
11
12
13
14
15
 */

/*! \file */

#include <config.h>

16
#include <inttypes.h>
17
#include <stdbool.h>
18

Evan Hunt's avatar
Evan Hunt committed
19
#include <isc/buffer.h>
Evan Hunt's avatar
Evan Hunt committed
20
21
#include <isc/log.h>
#include <isc/mem.h>
Mark Andrews's avatar
Mark Andrews committed
22
#include <isc/print.h>
Evan Hunt's avatar
Evan Hunt committed
23
24
#include <isc/rwlock.h>
#include <isc/string.h>
Evan Hunt's avatar
Evan Hunt committed
25
#include <isc/task.h>
Evan Hunt's avatar
Evan Hunt committed
26
#include <isc/time.h>
Evan Hunt's avatar
Evan Hunt committed
27
#include <isc/timer.h>
Evan Hunt's avatar
Evan Hunt committed
28
29
#include <isc/util.h>

Evan Hunt's avatar
Evan Hunt committed
30
#include <dns/db.h>
Evan Hunt's avatar
Evan Hunt committed
31
32
33
34
35
#include <dns/log.h>
#include <dns/nta.h>
#include <dns/fixedname.h>
#include <dns/name.h>
#include <dns/rbt.h>
Evan Hunt's avatar
Evan Hunt committed
36
37
#include <dns/rdataset.h>
#include <dns/resolver.h>
Evan Hunt's avatar
Evan Hunt committed
38
#include <dns/result.h>
39
#include <dns/time.h>
Evan Hunt's avatar
Evan Hunt committed
40

Evan Hunt's avatar
Evan Hunt committed
41
42
43
44
struct dns_nta {
	unsigned int		magic;
	isc_refcount_t		refcount;
	dns_ntatable_t		*ntatable;
45
	bool		forced;
Evan Hunt's avatar
Evan Hunt committed
46
47
48
49
50
51
52
53
54
55
56
57
	isc_timer_t		*timer;
	dns_fetch_t		*fetch;
	dns_rdataset_t		rdataset;
	dns_rdataset_t		sigrdataset;
	dns_fixedname_t		fn;
	dns_name_t		*name;
	isc_stdtime_t		expiry;
};

#define NTA_MAGIC		ISC_MAGIC('N', 'T', 'A', 'n')
#define VALID_NTA(nn)	 	ISC_MAGIC_VALID(nn, NTA_MAGIC)

58
59
60
61
62
63
/*
 * Obtain a reference to the nta object.  Released by
 * nta_detach.
 */
static void
nta_ref(dns_nta_t *nta) {
64
	isc_refcount_increment(&nta->refcount);
65
66
}

Evan Hunt's avatar
Evan Hunt committed
67
68
static void
nta_detach(isc_mem_t *mctx, dns_nta_t **ntap) {
69
	REQUIRE(ntap != NULL && VALID_NTA(*ntap));
Evan Hunt's avatar
Evan Hunt committed
70
	dns_nta_t *nta = *ntap;
71
	*ntap = NULL;
Evan Hunt's avatar
Evan Hunt committed
72

73
	if (isc_refcount_decrement(&nta->refcount) == 1) {
74
		isc_refcount_destroy(&nta->refcount);
Evan Hunt's avatar
Evan Hunt committed
75
76
		nta->magic = 0;
		if (nta->timer != NULL) {
77
78
79
			(void)isc_timer_reset(nta->timer,
					      isc_timertype_inactive,
					      NULL, NULL, true);
Evan Hunt's avatar
Evan Hunt committed
80
81
			isc_timer_detach(&nta->timer);
		}
82
		if (dns_rdataset_isassociated(&nta->rdataset)) {
Evan Hunt's avatar
Evan Hunt committed
83
			dns_rdataset_disassociate(&nta->rdataset);
84
85
		}
		if (dns_rdataset_isassociated(&nta->sigrdataset)) {
Evan Hunt's avatar
Evan Hunt committed
86
			dns_rdataset_disassociate(&nta->sigrdataset);
87
		}
Evan Hunt's avatar
Evan Hunt committed
88
89
90
91
		if (nta->fetch != NULL) {
			dns_resolver_cancelfetch(nta->fetch);
			dns_resolver_destroyfetch(&nta->fetch);
		}
Evan Hunt's avatar
Evan Hunt committed
92
93
94
95
96
97
98
99
100
101
102
103
104
		isc_mem_put(mctx, nta, sizeof(dns_nta_t));
	}
}

static void
free_nta(void *data, void *arg) {
	dns_nta_t *nta = (dns_nta_t *) data;
	isc_mem_t *mctx = (isc_mem_t *) arg;

	nta_detach(mctx, &nta);
}

isc_result_t
Evan Hunt's avatar
Evan Hunt committed
105
106
107
108
dns_ntatable_create(dns_view_t *view,
		    isc_taskmgr_t *taskmgr, isc_timermgr_t *timermgr,
		    dns_ntatable_t **ntatablep)
{
Evan Hunt's avatar
Evan Hunt committed
109
110
111
112
113
	dns_ntatable_t *ntatable;
	isc_result_t result;

	REQUIRE(ntatablep != NULL && *ntatablep == NULL);

Evan Hunt's avatar
Evan Hunt committed
114
	ntatable = isc_mem_get(view->mctx, sizeof(*ntatable));
Evan Hunt's avatar
Evan Hunt committed
115
116
117
	if (ntatable == NULL)
		return (ISC_R_NOMEMORY);

Evan Hunt's avatar
Evan Hunt committed
118
119
	ntatable->task = NULL;
	result = isc_task_create(taskmgr, 0, &ntatable->task);
Evan Hunt's avatar
Evan Hunt committed
120
121
	if (result != ISC_R_SUCCESS)
		goto cleanup_ntatable;
Evan Hunt's avatar
Evan Hunt committed
122
123
124
125
126
127
128
	isc_task_setname(ntatable->task, "ntatable", ntatable);

	ntatable->table = NULL;
	result = dns_rbt_create(view->mctx, free_nta, view->mctx,
				&ntatable->table);
	if (result != ISC_R_SUCCESS)
		goto cleanup_task;
Evan Hunt's avatar
Evan Hunt committed
129
130
131
132
133

	result = isc_rwlock_init(&ntatable->rwlock, 0, 0);
	if (result != ISC_R_SUCCESS)
		goto cleanup_rbt;

Evan Hunt's avatar
Evan Hunt committed
134
135
136
137
	ntatable->timermgr = timermgr;
	ntatable->taskmgr = taskmgr;

	ntatable->view = view;
Evan Hunt's avatar
Evan Hunt committed
138
	ntatable->references = 1;
Evan Hunt's avatar
Evan Hunt committed
139

Evan Hunt's avatar
Evan Hunt committed
140
141
142
143
144
145
146
147
	ntatable->magic = NTATABLE_MAGIC;
	*ntatablep = ntatable;

	return (ISC_R_SUCCESS);

   cleanup_rbt:
	dns_rbt_destroy(&ntatable->table);

Evan Hunt's avatar
Evan Hunt committed
148
149
150
   cleanup_task:
	isc_task_detach(&ntatable->task);

Evan Hunt's avatar
Evan Hunt committed
151
   cleanup_ntatable:
152
	isc_mem_put(view->mctx, ntatable, sizeof(*ntatable));
Evan Hunt's avatar
Evan Hunt committed
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

	return (result);
}

void
dns_ntatable_attach(dns_ntatable_t *source, dns_ntatable_t **targetp) {
	REQUIRE(VALID_NTATABLE(source));
	REQUIRE(targetp != NULL && *targetp == NULL);

	RWLOCK(&source->rwlock, isc_rwlocktype_write);

	INSIST(source->references > 0);
	source->references++;
	INSIST(source->references != 0);

	RWUNLOCK(&source->rwlock, isc_rwlocktype_write);

	*targetp = source;
}

void
dns_ntatable_detach(dns_ntatable_t **ntatablep) {
175
	bool destroy = false;
Evan Hunt's avatar
Evan Hunt committed
176
177
178
179
180
181
182
183
184
185
186
	dns_ntatable_t *ntatable;

	REQUIRE(ntatablep != NULL && VALID_NTATABLE(*ntatablep));

	ntatable = *ntatablep;
	*ntatablep = NULL;

	RWLOCK(&ntatable->rwlock, isc_rwlocktype_write);
	INSIST(ntatable->references > 0);
	ntatable->references--;
	if (ntatable->references == 0)
187
		destroy = true;
Evan Hunt's avatar
Evan Hunt committed
188
189
190
191
192
	RWUNLOCK(&ntatable->rwlock, isc_rwlocktype_write);

	if (destroy) {
		dns_rbt_destroy(&ntatable->table);
		isc_rwlock_destroy(&ntatable->rwlock);
Evan Hunt's avatar
Evan Hunt committed
193
194
195
196
		if (ntatable->task != NULL)
			isc_task_detach(&ntatable->task);
		ntatable->timermgr = NULL;
		ntatable->taskmgr = NULL;
Evan Hunt's avatar
Evan Hunt committed
197
		ntatable->magic = 0;
Evan Hunt's avatar
Evan Hunt committed
198
199
200
201
202
203
204
205
206
207
		isc_mem_put(ntatable->view->mctx, ntatable, sizeof(*ntatable));
	}
}

static void
fetch_done(isc_task_t *task, isc_event_t *event) {
	dns_fetchevent_t *devent = (dns_fetchevent_t *)event;
	dns_nta_t *nta = devent->ev_arg;
	isc_result_t eresult = devent->result;
	dns_ntatable_t *ntatable = nta->ntatable;
208
	dns_view_t *view = ntatable->view;
Evan Hunt's avatar
Evan Hunt committed
209
210
211
212
213
214
215
216
	isc_stdtime_t now;

	UNUSED(task);

	if (dns_rdataset_isassociated(&nta->rdataset))
		dns_rdataset_disassociate(&nta->rdataset);
	if (dns_rdataset_isassociated(&nta->sigrdataset))
		dns_rdataset_disassociate(&nta->sigrdataset);
217
218
219
	if (nta->fetch == devent->fetch)
		nta->fetch = NULL;
	dns_resolver_destroyfetch(&devent->fetch);
Evan Hunt's avatar
Evan Hunt committed
220
221
222
223
224
225
226

	if (devent->node != NULL)
		dns_db_detachnode(devent->db, &devent->node);
	if (devent->db != NULL)
		dns_db_detach(&devent->db);

	isc_event_free(&event);
Mark Andrews's avatar
Mark Andrews committed
227
	isc_stdtime_get(&now);
Evan Hunt's avatar
Evan Hunt committed
228
229
230
231
232
233
234

	switch (eresult) {
	case ISC_R_SUCCESS:
	case DNS_R_NCACHENXDOMAIN:
	case DNS_R_NXDOMAIN:
	case DNS_R_NCACHENXRRSET:
	case DNS_R_NXRRSET:
235
236
		if (nta->expiry > now)
			nta->expiry = now;
Evan Hunt's avatar
Evan Hunt committed
237
238
239
240
241
242
243
244
245
		break;
	default:
		break;
	}

	/*
	 * If we're expiring before the next recheck, we might
	 * as well stop the timer now.
	 */
246
	if (nta->timer != NULL && nta->expiry - now < view->nta_recheck)
Evan Hunt's avatar
Evan Hunt committed
247
		(void) isc_timer_reset(nta->timer, isc_timertype_inactive,
248
				       NULL, NULL, true);
249
	nta_detach(view->mctx, &nta);
Evan Hunt's avatar
Evan Hunt committed
250
251
252
253
254
255
256
}

static void
checkbogus(isc_task_t *task, isc_event_t *event) {
	dns_nta_t *nta = event->ev_arg;
	dns_ntatable_t *ntatable = nta->ntatable;
	dns_view_t *view = ntatable->view;
257
	isc_result_t result;
Evan Hunt's avatar
Evan Hunt committed
258
259
260

	if (nta->fetch != NULL) {
		dns_resolver_cancelfetch(nta->fetch);
261
		nta->fetch = NULL;
Evan Hunt's avatar
Evan Hunt committed
262
263
264
265
266
267
268
269
	}
	if (dns_rdataset_isassociated(&nta->rdataset))
		dns_rdataset_disassociate(&nta->rdataset);
	if (dns_rdataset_isassociated(&nta->sigrdataset))
		dns_rdataset_disassociate(&nta->sigrdataset);

	isc_event_free(&event);

270
271
	nta_ref(nta);
	result = dns_resolver_createfetch(view->resolver, nta->name,
Tinderbox User's avatar
Tinderbox User committed
272
					  dns_rdatatype_nsec,
273
274
					  NULL, NULL, NULL, NULL, 0,
					  DNS_FETCHOPT_NONTA, 0, NULL,
Tinderbox User's avatar
Tinderbox User committed
275
276
277
278
					  task, fetch_done, nta,
					  &nta->rdataset,
					  &nta->sigrdataset,
					  &nta->fetch);
279
280
	if (result != ISC_R_SUCCESS)
		nta_detach(view->mctx, &nta);
Evan Hunt's avatar
Evan Hunt committed
281
282
283
}

static isc_result_t
284
settimer(dns_ntatable_t *ntatable, dns_nta_t *nta, uint32_t lifetime) {
Evan Hunt's avatar
Evan Hunt committed
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
	isc_result_t result;
	isc_interval_t interval;
	dns_view_t *view;

	REQUIRE(VALID_NTATABLE(ntatable));
	REQUIRE(VALID_NTA(nta));

	if (ntatable->timermgr == NULL)
		return (ISC_R_SUCCESS);

	view = ntatable->view;
	if (view->nta_recheck == 0 || lifetime <= view->nta_recheck)
		return (ISC_R_SUCCESS);

	isc_interval_set(&interval, view->nta_recheck, 0);
	result = isc_timer_create(ntatable->timermgr, isc_timertype_ticker,
				  NULL, &interval, ntatable->task,
				  checkbogus, nta, &nta->timer);
	return (result);
}

static isc_result_t
307
308
309
nta_create(dns_ntatable_t *ntatable, const dns_name_t *name,
	   dns_nta_t **target)
{
Evan Hunt's avatar
Evan Hunt committed
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
	dns_nta_t *nta = NULL;
	dns_view_t *view;

	REQUIRE(VALID_NTATABLE(ntatable));
	REQUIRE(target != NULL && *target == NULL);

	view = ntatable->view;

	nta = isc_mem_get(view->mctx, sizeof(dns_nta_t));
	if (nta == NULL)
		return (ISC_R_NOMEMORY);

	nta->ntatable = ntatable;
	nta->expiry = 0;
	nta->timer = NULL;
	nta->fetch = NULL;
	dns_rdataset_init(&nta->rdataset);
	dns_rdataset_init(&nta->sigrdataset);

329
	isc_refcount_init(&nta->refcount, 1);
Evan Hunt's avatar
Evan Hunt committed
330

331
	nta->name = dns_fixedname_initname(&nta->fn);
Evan Hunt's avatar
Evan Hunt committed
332
333
334
335
336
337
	dns_name_copy(name, nta->name, NULL);

	nta->magic = NTA_MAGIC;

	*target = nta;
	return (ISC_R_SUCCESS);
Evan Hunt's avatar
Evan Hunt committed
338
339
340
}

isc_result_t
341
dns_ntatable_add(dns_ntatable_t *ntatable, const dns_name_t *name,
342
		 bool force, isc_stdtime_t now,
343
		 uint32_t lifetime)
Evan Hunt's avatar
Evan Hunt committed
344
345
346
347
{
	isc_result_t result;
	dns_nta_t *nta = NULL;
	dns_rbtnode_t *node;
Evan Hunt's avatar
Evan Hunt committed
348
	dns_view_t *view;
Evan Hunt's avatar
Evan Hunt committed
349
350
351

	REQUIRE(VALID_NTATABLE(ntatable));

Evan Hunt's avatar
Evan Hunt committed
352
353
354
	view = ntatable->view;

	result = nta_create(ntatable, name, &nta);
Evan Hunt's avatar
Evan Hunt committed
355
356
357
	if (result != ISC_R_SUCCESS)
		return (result);

Evan Hunt's avatar
Evan Hunt committed
358
	nta->expiry = now + lifetime;
359
	nta->forced = force;
Evan Hunt's avatar
Evan Hunt committed
360
361
362
363
364
365

	RWLOCK(&ntatable->rwlock, isc_rwlocktype_write);

	node = NULL;
	result = dns_rbt_addnode(ntatable->table, name, &node);
	if (result == ISC_R_SUCCESS) {
Evan Hunt's avatar
Evan Hunt committed
366
367
		if (!force)
			(void)settimer(ntatable, nta, lifetime);
Evan Hunt's avatar
Evan Hunt committed
368
369
370
371
372
		node->data = nta;
		nta = NULL;
	} else if (result == ISC_R_EXISTS) {
		dns_nta_t *n = node->data;
		if (n == NULL) {
Evan Hunt's avatar
Evan Hunt committed
373
374
			if (!force)
				(void)settimer(ntatable, nta, lifetime);
Evan Hunt's avatar
Evan Hunt committed
375
376
377
378
			node->data = nta;
			nta = NULL;
		} else {
			n->expiry = nta->expiry;
Evan Hunt's avatar
Evan Hunt committed
379
			nta_detach(view->mctx, &nta);
Evan Hunt's avatar
Evan Hunt committed
380
381
		}
		result = ISC_R_SUCCESS;
Tinderbox User's avatar
Tinderbox User committed
382
	}
Evan Hunt's avatar
Evan Hunt committed
383
384
385
386

	RWUNLOCK(&ntatable->rwlock, isc_rwlocktype_write);

	if (nta != NULL)
Evan Hunt's avatar
Evan Hunt committed
387
		nta_detach(view->mctx, &nta);
Evan Hunt's avatar
Evan Hunt committed
388
389
390
391
392
393
394
395

	return (result);
}

/*
 * Caller must hold a write lock on rwlock.
 */
static isc_result_t
396
deletenode(dns_ntatable_t *ntatable, const dns_name_t *name) {
Evan Hunt's avatar
Evan Hunt committed
397
398
399
400
401
402
403
404
405
406
407
	isc_result_t result;
	dns_rbtnode_t *node = NULL;

	REQUIRE(VALID_NTATABLE(ntatable));
	REQUIRE(name != NULL);

	result = dns_rbt_findnode(ntatable->table, name, NULL, &node, NULL,
				  DNS_RBTFIND_NOOPTIONS, NULL, NULL);
	if (result == ISC_R_SUCCESS) {
		if (node->data != NULL)
			result = dns_rbt_deletenode(ntatable->table,
408
						    node, false);
Evan Hunt's avatar
Evan Hunt committed
409
410
411
412
413
414
415
416
417
		else
			result = ISC_R_NOTFOUND;
	} else if (result == DNS_R_PARTIALMATCH)
		result = ISC_R_NOTFOUND;

	return (result);
}

isc_result_t
418
dns_ntatable_delete(dns_ntatable_t *ntatable, const dns_name_t *name) {
Evan Hunt's avatar
Evan Hunt committed
419
420
421
	isc_result_t result;

	RWLOCK(&ntatable->rwlock, isc_rwlocktype_write);
422
	result = deletenode(ntatable, name);
Evan Hunt's avatar
Evan Hunt committed
423
	RWUNLOCK(&ntatable->rwlock, isc_rwlocktype_write);
Tinderbox User's avatar
Tinderbox User committed
424

Evan Hunt's avatar
Evan Hunt committed
425
426
427
	return (result);
}

428
bool
Evan Hunt's avatar
Evan Hunt committed
429
dns_ntatable_covered(dns_ntatable_t *ntatable, isc_stdtime_t now,
430
		     const dns_name_t *name, const dns_name_t *anchor)
Evan Hunt's avatar
Evan Hunt committed
431
432
433
434
435
436
{
	isc_result_t result;
	dns_fixedname_t fn;
	dns_rbtnode_t *node;
	dns_name_t *foundname;
	dns_nta_t *nta = NULL;
437
	bool answer = false;
Evan Hunt's avatar
Evan Hunt committed
438
439
440
441
442
443
	isc_rwlocktype_t locktype = isc_rwlocktype_read;

	REQUIRE(ntatable == NULL || VALID_NTATABLE(ntatable));
	REQUIRE(dns_name_isabsolute(name));

	if (ntatable == NULL)
444
		return (false);
Evan Hunt's avatar
Evan Hunt committed
445

446
	foundname = dns_fixedname_initname(&fn);
Evan Hunt's avatar
Evan Hunt committed
447
448
449
450
451
452
453
454
455
456
457
458
459

 relock:
	RWLOCK(&ntatable->rwlock, locktype);
 again:
	node = NULL;
	result = dns_rbt_findnode(ntatable->table, name, foundname, &node, NULL,
				  DNS_RBTFIND_NOOPTIONS, NULL, NULL);
	if (result == DNS_R_PARTIALMATCH) {
		if (dns_name_issubdomain(foundname, anchor))
			result = ISC_R_SUCCESS;
	}
	if (result == ISC_R_SUCCESS) {
		nta = (dns_nta_t *) node->data;
460
		answer = (nta->expiry > now);
Evan Hunt's avatar
Evan Hunt committed
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
	}

	/* Deal with expired NTA */
	if (result == ISC_R_SUCCESS && !answer) {
		char nb[DNS_NAME_FORMATSIZE];

		if (locktype == isc_rwlocktype_read) {
			RWUNLOCK(&ntatable->rwlock, locktype);
			locktype = isc_rwlocktype_write;
			goto relock;
		}

		dns_name_format(foundname, nb, sizeof(nb));
		isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC,
			      DNS_LOGMODULE_NTA, ISC_LOG_INFO,
			      "deleting expired NTA at %s", nb);

Evan Hunt's avatar
Evan Hunt committed
478
479
480
		if (nta->timer != NULL) {
			(void) isc_timer_reset(nta->timer,
					       isc_timertype_inactive,
481
					       NULL, NULL, true);
Evan Hunt's avatar
Evan Hunt committed
482
483
484
			isc_timer_detach(&nta->timer);
		}

485
		result = deletenode(ntatable, foundname);
Evan Hunt's avatar
Evan Hunt committed
486
487
488
489
490
491
492
493
494
495
496
497
498
		if (result != ISC_R_SUCCESS) {
			isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC,
				      DNS_LOGMODULE_NTA, ISC_LOG_INFO,
				      "deleting NTA failed: %s",
				      isc_result_totext(result));
		}
		goto again;
	}
	RWUNLOCK(&ntatable->rwlock, locktype);

	return (answer);
}

Evan Hunt's avatar
Evan Hunt committed
499
500
501
502
503
504
505
static isc_result_t
putstr(isc_buffer_t **b, const char *str) {
	isc_result_t result;

	result = isc_buffer_reserve(b, strlen(str));
	if (result != ISC_R_SUCCESS)
		return (result);
506

Evan Hunt's avatar
Evan Hunt committed
507
508
509
510
	isc_buffer_putstr(*b, str);
	return (ISC_R_SUCCESS);
}

Evan Hunt's avatar
Evan Hunt committed
511
isc_result_t
512
513
514
dns_ntatable_totext(dns_ntatable_t *ntatable, const char *view,
		    isc_buffer_t **buf)
{
Evan Hunt's avatar
Evan Hunt committed
515
516
517
	isc_result_t result;
	dns_rbtnode_t *node;
	dns_rbtnodechain_t chain;
518
	bool first = true;
Evan Hunt's avatar
Evan Hunt committed
519
	isc_stdtime_t now;
Evan Hunt's avatar
Evan Hunt committed
520
521
522

	REQUIRE(VALID_NTATABLE(ntatable));

Evan Hunt's avatar
Evan Hunt committed
523
524
	isc_stdtime_get(&now);

Evan Hunt's avatar
Evan Hunt committed
525
	RWLOCK(&ntatable->rwlock, isc_rwlocktype_read);
Evan Hunt's avatar
Evan Hunt committed
526
	dns_rbtnodechain_init(&chain, ntatable->view->mctx);
Evan Hunt's avatar
Evan Hunt committed
527
	result = dns_rbtnodechain_first(&chain, ntatable->table, NULL, NULL);
Evan Hunt's avatar
Evan Hunt committed
528
529
530
	if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) {
		if (result == ISC_R_NOTFOUND)
			result = ISC_R_SUCCESS;
Evan Hunt's avatar
Evan Hunt committed
531
		goto cleanup;
Evan Hunt's avatar
Evan Hunt committed
532
	}
Evan Hunt's avatar
Evan Hunt committed
533
534
535
536
	for (;;) {
		dns_rbtnodechain_current(&chain, NULL, NULL, &node);
		if (node->data != NULL) {
			dns_nta_t *n = (dns_nta_t *) node->data;
Evan Hunt's avatar
Evan Hunt committed
537
			char nbuf[DNS_NAME_FORMATSIZE];
538
			char tbuf[ISC_FORMATHTTPTIMESTAMP_SIZE];
Evan Hunt's avatar
Evan Hunt committed
539
540
541
			char obuf[DNS_NAME_FORMATSIZE +
				  ISC_FORMATHTTPTIMESTAMP_SIZE +
				  sizeof("expired:  \n")];
Evan Hunt's avatar
Evan Hunt committed
542
543
			dns_fixedname_t fn;
			dns_name_t *name;
Evan Hunt's avatar
Evan Hunt committed
544
545
			isc_time_t t;

546
547
548
549
550
551
552
553
554
555
556
			/*
			 * Skip "validate-except" entries.
			 */
			if (n->expiry != 0xffffffffU) {
				name = dns_fixedname_initname(&fn);
				dns_rbt_fullnamefromnode(node, name);
				dns_name_format(name, nbuf, sizeof(nbuf));
				isc_time_set(&t, n->expiry, 0);
				isc_time_formattimestamp(&t, tbuf,
							 sizeof(tbuf));

557
				snprintf(obuf, sizeof(obuf), "%s%s%s%s: %s %s",
558
					 first ? "" : "\n", nbuf,
559
560
					 view != NULL ? "/" : "",
					 view != NULL ? view : "",
561
562
563
564
565
566
567
568
569
					 n->expiry <= now
					  ? "expired"
					  : "expiry",
					 tbuf);
				first = false;
				result = putstr(buf, obuf);
				if (result != ISC_R_SUCCESS)
					goto cleanup;
			}
Evan Hunt's avatar
Evan Hunt committed
570
571
572
573
574
575
576
		}
		result = dns_rbtnodechain_next(&chain, NULL, NULL);
		if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) {
			if (result == ISC_R_NOMORE)
				result = ISC_R_SUCCESS;
			break;
		}
Evan Hunt's avatar
Evan Hunt committed
577
578
	}

Evan Hunt's avatar
Evan Hunt committed
579
580
581
582
   cleanup:
	dns_rbtnodechain_invalidate(&chain);
	RWUNLOCK(&ntatable->rwlock, isc_rwlocktype_read);
	return (result);
Evan Hunt's avatar
Evan Hunt committed
583
}
Evan Hunt's avatar
Evan Hunt committed
584
585
586
587
588
589
590
591
592
593
594

isc_result_t
dns_ntatable_dump(dns_ntatable_t *ntatable, FILE *fp) {
	isc_result_t result;
	isc_buffer_t *text = NULL;
	int len = 4096;

	result = isc_buffer_allocate(ntatable->view->mctx, &text, len);
	if (result != ISC_R_SUCCESS)
		return (result);

595
	result = dns_ntatable_totext(ntatable, NULL, &text);
Evan Hunt's avatar
Evan Hunt committed
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610

	if (isc_buffer_usedlength(text) != 0) {
		(void) putstr(&text, "\n");
	} else if (result == ISC_R_SUCCESS) {
		(void) putstr(&text, "none");
	} else {
		(void) putstr(&text, "could not dump NTA table: ");
		(void) putstr(&text, isc_result_totext(result));
	}

	fprintf(fp, "%.*s", (int) isc_buffer_usedlength(text),
		(char *) isc_buffer_base(text));
	isc_buffer_free(&text);
	return (result);
}
611
612
613
614
615
616
617

isc_result_t
dns_ntatable_save(dns_ntatable_t *ntatable, FILE *fp) {
	isc_result_t result;
	dns_rbtnode_t *node;
	dns_rbtnodechain_t chain;
	isc_stdtime_t now;
618
	bool written = false;
619
620
621
622
623
624
625
626
627
628
629
630
631
632

	REQUIRE(VALID_NTATABLE(ntatable));

	isc_stdtime_get(&now);

	RWLOCK(&ntatable->rwlock, isc_rwlocktype_read);
	dns_rbtnodechain_init(&chain, ntatable->view->mctx);
	result = dns_rbtnodechain_first(&chain, ntatable->table, NULL, NULL);
	if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN)
		goto cleanup;

	for (;;) {
		dns_rbtnodechain_current(&chain, NULL, NULL, &node);
		if (node->data != NULL) {
633
634
635
636
			isc_buffer_t b;
			char nbuf[DNS_NAME_FORMATSIZE + 1], tbuf[80];
			dns_fixedname_t fn;
			dns_name_t *name;
637
638
			dns_nta_t *n = (dns_nta_t *) node->data;

639
640
641
642
643
644
645
			/*
			 * Skip this node if the expiry is already in the
			 * past, or if this is a "validate-except" entry.
			 */
			if (n->expiry <= now || n->expiry == 0xffffffffU) {
				goto skip;
			}
646

647
648
			name = dns_fixedname_initname(&fn);
			dns_rbt_fullnamefromnode(node, name);
649

650
651
652
653
			isc_buffer_init(&b, nbuf, sizeof(nbuf));
			result = dns_name_totext(name, false, &b);
			if (result != ISC_R_SUCCESS)
				goto skip;
654

655
656
			/* Zero terminate. */
			isc_buffer_putuint8(&b, 0);
657

658
659
			isc_buffer_init(&b, tbuf, sizeof(tbuf));
			dns_time32_totext(n->expiry, &b);
Evan Hunt's avatar
Evan Hunt committed
660

661
662
663
664
665
666
667
			/* Zero terminate. */
			isc_buffer_putuint8(&b, 0);

			fprintf(fp, "%s %s %s\n", nbuf,
				n->forced ? "forced" : "regular",
				tbuf);
			written = true;
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
		}
	skip:
		result = dns_rbtnodechain_next(&chain, NULL, NULL);
		if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) {
			if (result == ISC_R_NOMORE)
				result = ISC_R_SUCCESS;
			break;
		}
	}

   cleanup:
	dns_rbtnodechain_invalidate(&chain);
	RWUNLOCK(&ntatable->rwlock, isc_rwlocktype_read);

	if (result != ISC_R_SUCCESS)
		return (result);
	else
		return (written ? ISC_R_SUCCESS : ISC_R_NOTFOUND);
}