Commit 2ec4a397 authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1587] documentation updates

parent 5b301ea5
......@@ -172,10 +172,16 @@ Query::addClosestEncloserProof(ZoneFinder& finder, const Name& name,
bool exact_ok, bool add_closest)
{
const ZoneFinder::FindNSEC3Result result = finder.findNSEC3(name, true);
// Validity check (see the method description). Note that a completely
// broken findNSEC3 implementation could even return NULL RRset in
// closest_proof. We don't explicitly check such case; addRRset() will
// throw an exception, and it will be converted to SERVFAIL at the caller.
if (!exact_ok && !result.next_proof) {
isc_throw(BadNSEC3, "Matching NSEC3 found for a non existent name: "
<< qname_);
}
if (add_closest) {
response_.addRRset(Message::SECTION_AUTHORITY,
boost::const_pointer_cast<AbstractRRset>(
......@@ -194,6 +200,9 @@ Query::addClosestEncloserProof(ZoneFinder& finder, const Name& name,
void
Query::addNSEC3ForName(ZoneFinder& finder, const Name& name, bool match) {
const ZoneFinder::FindNSEC3Result result = finder.findNSEC3(name, false);
// See the comment for addClosestEncloserProof(). We don't check a
// totally bogus case where closest_proof is NULL here.
if (match != result.matched) {
isc_throw(BadNSEC3, "Unexpected "
<< (result.matched ? "matching" : "covering")
......
......@@ -204,10 +204,56 @@ private:
/// within this method.
bool processDSAtChild();
/// \brief Add NSEC3 to the response for a closest encloser proof for a
/// given name.
///
/// This method calls \c findNSEC3() of the given zone finder for the
/// given name in the recursive mode, and adds the returned NSEC3(s) to
/// the authority section of the response message associated with the
/// \c Query object.
///
/// It returns the number of labels of the closest encloser (returned via
/// the \c findNSEC3() call) in case the caller needs to use that value
/// for subsequent processing, i.e, constructing the best possible wildcard
/// name that (would) match the query name.
///
/// Unless \c exact_ok is true, \c name is expected to be non existent,
/// in which case findNSEC3() in the recursive mode must return both
/// closest and next proofs. If the latter is NULL, it means a run time
/// collision (or the zone is broken in other way), and this method throws
/// a BadNSEC3 exception.
///
/// If \c exact_ok is true, this method takes into account the case
/// where the name exists and may or may not be at a zone cut to an
/// optout zone. In this case, depending on whether the zone is optout
/// or not, findNSEC3() may return non-NULL or NULL next_proof
/// (respectively). This method adds the next proof if and only if
/// findNSEC3() returns non NULL value for it. The Opt-Out flag
/// must be set or cleared accordingly, but this method doesn't check that
/// in this level (as long as the zone is signed validly and findNSEC3()
/// for the data source is implemented as documented, the condition
/// should be met; otherwise we'd let the validator detect the error).
///
/// By default this method always adds the closest proof.
/// If \c add_closest is false, it only adds the next proof to the message.
/// This correspond to the case of "wildcard answer responses" as described
/// in Section 7.2.6 of RFC5155.
uint8_t addClosestEncloserProof(isc::datasrc::ZoneFinder& finder,
const isc::dns::Name& name, bool exact_ok,
bool add_closet = true);
bool add_closest = true);
/// \brief Add matching or covering NSEC3 to the response for a give name.
///
/// This method calls \c findNSEC3() of the given zone finder for the
/// given name in the non recursive mode, and adds the returned NSEC3 to
/// the authority section of the response message associated with the
/// \c Query object.
///
/// Depending on the caller's context, the returned NSEC3 is one and
/// only one of matching or covering NSEC3. If \c match is true the
/// returned NSEC3 must be a matching one; otherwise it must be a covering
/// one. If this assumption isn't met this method throws a BadNSEC3
/// exception.
void addNSEC3ForName(isc::datasrc::ZoneFinder& finder,
const isc::dns::Name& name, bool match);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment