Commit bb4bfb9a authored by Evan Hunt's avatar Evan Hunt
Browse files

Merge branch...

Merge branch '251-documentation-of-rpz-min-update-interval-is-inconsistent-with-implementation' into 'master'

Resolve "Documentation of RPZ min-update-interval is inconsistent with implementation"

Closes #251

See merge request !277
parents 5a75f5bc 975afc50
Pipeline #1746 passed with stages
in 8 minutes and 30 seconds
......@@ -2096,8 +2096,10 @@ configure_rpz_name2(dns_view_t *view, const cfg_obj_t *obj, dns_name_t *name,
static isc_result_t
configure_rpz_zone(dns_view_t *view, const cfg_listelt_t *element,
isc_boolean_t recursive_only_def, dns_ttl_t ttl_def,
isc_uint32_t minupdateint_def, const dns_rpz_zone_t *old,
isc_boolean_t recursive_only_default,
dns_ttl_t ttl_default,
isc_uint32_t minupdateinterval_default,
const dns_rpz_zone_t *old,
isc_boolean_t *old_rpz_okp)
{
const cfg_obj_t *rpz_obj, *obj;
......@@ -2126,7 +2128,9 @@ configure_rpz_zone(dns_view_t *view, const cfg_listelt_t *element,
}
obj = cfg_tuple_get(rpz_obj, "recursive-only");
if (cfg_obj_isvoid(obj) ? recursive_only_def : cfg_obj_asboolean(obj)) {
if (cfg_obj_isvoid(obj) ?
recursive_only_default : cfg_obj_asboolean(obj))
{
view->rpzs->p.no_rd_ok &= ~DNS_RPZ_ZBIT(zone->num);
} else {
view->rpzs->p.no_rd_ok |= DNS_RPZ_ZBIT(zone->num);
......@@ -2143,14 +2147,14 @@ configure_rpz_zone(dns_view_t *view, const cfg_listelt_t *element,
if (cfg_obj_isuint32(obj)) {
zone->max_policy_ttl = cfg_obj_asuint32(obj);
} else {
zone->max_policy_ttl = ttl_def;
zone->max_policy_ttl = ttl_default;
}
obj = cfg_tuple_get(rpz_obj, "min-update-interval");
if (cfg_obj_isuint32(obj)) {
zone->min_update_int = cfg_obj_asuint32(obj);
zone->min_update_interval = cfg_obj_asuint32(obj);
} else {
zone->min_update_int = minupdateint_def;
zone->min_update_interval = minupdateinterval_default;
}
if (*old_rpz_okp && zone->max_policy_ttl != old->max_policy_ttl)
......@@ -2249,11 +2253,11 @@ configure_rpz(dns_view_t *view, const cfg_obj_t **maps,
char *rps_cstr;
size_t rps_cstr_size;
const cfg_obj_t *sub_obj;
isc_boolean_t recursive_only_def;
isc_boolean_t recursive_only_default;
isc_boolean_t nsip_enabled, nsdname_enabled;
dns_rpz_zbits_t nsip_on, nsdname_on;
dns_ttl_t ttl_def;
isc_uint32_t minupdateint_def;
dns_ttl_t ttl_default;
isc_uint32_t minupdateinterval_default;
dns_rpz_zones_t *zones;
const dns_rpz_zones_t *old;
dns_view_t *pview;
......@@ -2344,9 +2348,9 @@ configure_rpz(dns_view_t *view, const cfg_obj_t **maps,
sub_obj = cfg_tuple_get(rpz_obj, "recursive-only");
if (!cfg_obj_isvoid(sub_obj) &&
!cfg_obj_asboolean(sub_obj))
recursive_only_def = ISC_FALSE;
recursive_only_default = ISC_FALSE;
else
recursive_only_def = ISC_TRUE;
recursive_only_default = ISC_TRUE;
sub_obj = cfg_tuple_get(rpz_obj, "break-dnssec");
if (!cfg_obj_isvoid(sub_obj) &&
......@@ -2357,15 +2361,15 @@ configure_rpz(dns_view_t *view, const cfg_obj_t **maps,
sub_obj = cfg_tuple_get(rpz_obj, "max-policy-ttl");
if (cfg_obj_isuint32(sub_obj))
ttl_def = cfg_obj_asuint32(sub_obj);
ttl_default = cfg_obj_asuint32(sub_obj);
else
ttl_def = DNS_RPZ_MAX_TTL_DEFAULT;
ttl_default = DNS_RPZ_MAX_TTL_DEFAULT;
sub_obj = cfg_tuple_get(rpz_obj, "min-update-interval");
if (cfg_obj_isuint32(sub_obj))
minupdateint_def = cfg_obj_asuint32(sub_obj);
minupdateinterval_default = cfg_obj_asuint32(sub_obj);
else
minupdateint_def = DNS_RPZ_MINUPDATEINT_DEF;
minupdateinterval_default = DNS_RPZ_MINUPDATEINTERVAL_DEFAULT;
sub_obj = cfg_tuple_get(rpz_obj, "min-ns-dots");
if (cfg_obj_isuint32(sub_obj))
......@@ -2409,9 +2413,10 @@ configure_rpz(dns_view_t *view, const cfg_obj_t **maps,
old_zone = NULL;
}
result = configure_rpz_zone(view, zone_element,
recursive_only_def, ttl_def,
minupdateint_def, old_zone,
old_rpz_okp);
recursive_only_default,
ttl_default,
minupdateinterval_default,
old_zone, old_rpz_okp);
if (result != ISC_R_SUCCESS) {
if (pview != NULL)
dns_view_detach(&pview);
......
......@@ -10277,7 +10277,7 @@ example.com CNAME rpz-tcp-only.
If an update to a RPZ zone (for example, via IXFR) happens less
than <option>min-update-interval</option> seconds after the most
recent update, then the changes will not be carried out until this
interval has elapsed. The default is <literal>5</literal> seconds.
interval has elapsed. The default is <literal>60</literal> seconds.
For convenience, TTL-style time unit suffixes may be
used to specify the value.
</para>
......
......@@ -137,7 +137,7 @@ struct dns_rpz_zone {
dns_ttl_t max_policy_ttl;
dns_rpz_policy_t policy; /* DNS_RPZ_POLICY_GIVEN or override */
isc_uint32_t min_update_int;/* minimal interval between updates */
isc_uint32_t min_update_interval;/* minimal interval between updates */
isc_ht_t *nodes; /* entries in zone */
dns_rpz_zones_t *rpzs; /* owner */
isc_time_t lastupdated; /* last time the zone was processed */
......@@ -347,9 +347,9 @@ typedef struct {
dns_fixedname_t _fnamef;
} dns_rpz_st_t;
#define DNS_RPZ_TTL_DEFAULT 5
#define DNS_RPZ_MAX_TTL_DEFAULT DNS_RPZ_TTL_DEFAULT
#define DNS_RPZ_MINUPDATEINT_DEF 60
#define DNS_RPZ_TTL_DEFAULT 5
#define DNS_RPZ_MAX_TTL_DEFAULT DNS_RPZ_TTL_DEFAULT
#define DNS_RPZ_MINUPDATEINTERVAL_DEFAULT 60
/*
* So various response policy zone messages can be turned up or down.
......
......@@ -1610,8 +1610,8 @@ dns_rpz_dbupdate_callback(dns_db_t *db, void *fn_arg) {
zone->updatepending = ISC_TRUE;
isc_time_now(&now);
tdiff = isc_time_microdiff(&now, &zone->lastupdated) / 1000000;
if (tdiff < zone->min_update_int) {
isc_uint64_t defer = zone->min_update_int - tdiff;
if (tdiff < zone->min_update_interval) {
isc_uint64_t defer = zone->min_update_interval - tdiff;
isc_interval_t interval;
dns_name_format(&zone->origin, dname,
DNS_NAME_FORMATSIZE);
......@@ -1801,7 +1801,7 @@ finish_update(dns_rpz_zone_t *rpz) {
* If there's an update pending schedule it
*/
if (rpz->updatepending == ISC_TRUE) {
isc_uint64_t defer = rpz->min_update_int;
isc_uint64_t defer = rpz->min_update_interval;
isc_interval_t interval;
dns_name_format(&rpz->origin, dname,
DNS_NAME_FORMATSIZE);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment