Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
Kea
Commits
2ec4a397
Commit
2ec4a397
authored
Feb 21, 2012
by
JINMEI Tatuya
Browse files
[1587] documentation updates
parent
5b301ea5
Changes
2
Hide whitespace changes
Inline
Side-by-side
src/bin/auth/query.cc
View file @
2ec4a397
...
...
@@ -172,10 +172,16 @@ Query::addClosestEncloserProof(ZoneFinder& finder, const Name& name,
bool
exact_ok
,
bool
add_closest
)
{
const
ZoneFinder
::
FindNSEC3Result
result
=
finder
.
findNSEC3
(
name
,
true
);
// Validity check (see the method description). Note that a completely
// broken findNSEC3 implementation could even return NULL RRset in
// closest_proof. We don't explicitly check such case; addRRset() will
// throw an exception, and it will be converted to SERVFAIL at the caller.
if
(
!
exact_ok
&&
!
result
.
next_proof
)
{
isc_throw
(
BadNSEC3
,
"Matching NSEC3 found for a non existent name: "
<<
qname_
);
}
if
(
add_closest
)
{
response_
.
addRRset
(
Message
::
SECTION_AUTHORITY
,
boost
::
const_pointer_cast
<
AbstractRRset
>
(
...
...
@@ -194,6 +200,9 @@ Query::addClosestEncloserProof(ZoneFinder& finder, const Name& name,
void
Query
::
addNSEC3ForName
(
ZoneFinder
&
finder
,
const
Name
&
name
,
bool
match
)
{
const
ZoneFinder
::
FindNSEC3Result
result
=
finder
.
findNSEC3
(
name
,
false
);
// See the comment for addClosestEncloserProof(). We don't check a
// totally bogus case where closest_proof is NULL here.
if
(
match
!=
result
.
matched
)
{
isc_throw
(
BadNSEC3
,
"Unexpected "
<<
(
result
.
matched
?
"matching"
:
"covering"
)
...
...
src/bin/auth/query.h
View file @
2ec4a397
...
...
@@ -204,10 +204,56 @@ private:
/// within this method.
bool
processDSAtChild
();
/// \brief Add NSEC3 to the response for a closest encloser proof for a
/// given name.
///
/// This method calls \c findNSEC3() of the given zone finder for the
/// given name in the recursive mode, and adds the returned NSEC3(s) to
/// the authority section of the response message associated with the
/// \c Query object.
///
/// It returns the number of labels of the closest encloser (returned via
/// the \c findNSEC3() call) in case the caller needs to use that value
/// for subsequent processing, i.e, constructing the best possible wildcard
/// name that (would) match the query name.
///
/// Unless \c exact_ok is true, \c name is expected to be non existent,
/// in which case findNSEC3() in the recursive mode must return both
/// closest and next proofs. If the latter is NULL, it means a run time
/// collision (or the zone is broken in other way), and this method throws
/// a BadNSEC3 exception.
///
/// If \c exact_ok is true, this method takes into account the case
/// where the name exists and may or may not be at a zone cut to an
/// optout zone. In this case, depending on whether the zone is optout
/// or not, findNSEC3() may return non-NULL or NULL next_proof
/// (respectively). This method adds the next proof if and only if
/// findNSEC3() returns non NULL value for it. The Opt-Out flag
/// must be set or cleared accordingly, but this method doesn't check that
/// in this level (as long as the zone is signed validly and findNSEC3()
/// for the data source is implemented as documented, the condition
/// should be met; otherwise we'd let the validator detect the error).
///
/// By default this method always adds the closest proof.
/// If \c add_closest is false, it only adds the next proof to the message.
/// This correspond to the case of "wildcard answer responses" as described
/// in Section 7.2.6 of RFC5155.
uint8_t
addClosestEncloserProof
(
isc
::
datasrc
::
ZoneFinder
&
finder
,
const
isc
::
dns
::
Name
&
name
,
bool
exact_ok
,
bool
add_closet
=
true
);
bool
add_close
s
t
=
true
);
/// \brief Add matching or covering NSEC3 to the response for a give name.
///
/// This method calls \c findNSEC3() of the given zone finder for the
/// given name in the non recursive mode, and adds the returned NSEC3 to
/// the authority section of the response message associated with the
/// \c Query object.
///
/// Depending on the caller's context, the returned NSEC3 is one and
/// only one of matching or covering NSEC3. If \c match is true the
/// returned NSEC3 must be a matching one; otherwise it must be a covering
/// one. If this assumption isn't met this method throws a BadNSEC3
/// exception.
void
addNSEC3ForName
(
isc
::
datasrc
::
ZoneFinder
&
finder
,
const
isc
::
dns
::
Name
&
name
,
bool
match
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment