Merge branch 'each-cleanup-rbt' into 'main'

replace RBT usage throughout named

See merge request isc-projects/bind9!8213

Author: oerdnj

CHANGES

@@ -1,3 +1,7 @@
+6238.	[cleanup]	Refactor several objects relying on dns_rbt trees
+			to instead of dns_nametree, a wrapper around dns_qp.
+			[GL !8213]
+
 6237.	[bug]		Address memory leaks due to not clearing OpenSSL error
 			stack. [GL #4159]
 

bin/named/server.c

@@ -83,6 +83,7 @@
 #include <dns/keyvalues.h>
 #include <dns/master.h>
 #include <dns/masterdump.h>
+#include <dns/nametree.h>
 #include <dns/nsec3.h>
 #include <dns/nta.h>
 #include <dns/order.h>
@@ -602,21 +603,23 @@ configure_view_sortlist(const cfg_obj_t *vconfig, const cfg_obj_t *config,
 static isc_result_t
 configure_view_nametable(const cfg_obj_t *vconfig, const cfg_obj_t *config,
 			 const char *confname, const char *conftuplename,
-			 isc_mem_t *mctx, dns_rbt_t **rbtp) {
-	isc_result_t result;
+			 isc_mem_t *mctx, dns_nametree_t **ntp) {
+	isc_result_t result = ISC_R_SUCCESS;
 	const cfg_obj_t *maps[3];
 	const cfg_obj_t *obj = NULL;
-	const cfg_listelt_t *element;
+	const cfg_listelt_t *element = NULL;
 	int i = 0;
 	dns_fixedname_t fixed;
-	dns_name_t *name;
+	dns_name_t *name = NULL;
 	isc_buffer_t b;
-	const char *str;
-	const cfg_obj_t *nameobj;
+	const char *str = NULL;
+	const cfg_obj_t *nameobj = NULL;
 
-	if (*rbtp != NULL) {
-		dns_rbt_destroy(rbtp);
+	if (*ntp != NULL) {
+		dns_nametree_detach(ntp);
 	}
+	dns_nametree_create(mctx, DNS_NAMETREE_BOOL, confname, ntp);
+
 	if (vconfig != NULL) {
 		maps[i++] = cfg_tuple_get(vconfig, "options");
 	}
@@ -632,7 +635,7 @@ configure_view_nametable(const cfg_obj_t *vconfig, const cfg_obj_t *config,
 	(void)named_config_get(maps, confname, &obj);
 	if (obj == NULL) {
 		/*
-		 * No value available.	*rbtp == NULL.
+		 * No value available.	*ntp == NULL.
 		 */
 		return (ISC_R_SUCCESS);
 	}
@@ -644,11 +647,6 @@ configure_view_nametable(const cfg_obj_t *vconfig, const cfg_obj_t *config,
 		}
 	}
 
-	result = dns_rbt_create(mctx, NULL, NULL, rbtp);
-	if (result != ISC_R_SUCCESS) {
-		return (result);
-	}
-
 	name = dns_fixedname_initname(&fixed);
 	for (element = cfg_list_first(obj); element != NULL;
 	     element = cfg_list_next(element))
@@ -658,14 +656,7 @@ configure_view_nametable(const cfg_obj_t *vconfig, const cfg_obj_t *config,
 		isc_buffer_constinit(&b, str, strlen(str));
 		isc_buffer_add(&b, strlen(str));
 		CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
-		/*
-		 * We don't need the node data, but need to set dummy data to
-		 * avoid a partial match with an empty node.  For example, if
-		 * we have foo.example.com and bar.example.com, we'd get a match
-		 * for baz.example.com, which is not the expected result.
-		 * We simply use (void *)1 as the dummy data.
-		 */
-		result = dns_rbt_addname(*rbtp, name, (void *)1);
+		result = dns_nametree_add(*ntp, name, true);
 		if (result != ISC_R_SUCCESS) {
 			cfg_obj_log(nameobj, named_g_lctx, ISC_LOG_ERROR,
 				    "failed to add %s for %s: %s", str,
@@ -674,10 +665,10 @@ configure_view_nametable(const cfg_obj_t *vconfig, const cfg_obj_t *config,
 		}
 	}
 
-	return (result);
+	return (ISC_R_SUCCESS);
 
 cleanup:
-	dns_rbt_destroy(rbtp);
+	dns_nametree_detach(ntp);
 	return (result);
 }
 
@@ -4915,7 +4906,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
 	/*
 	 * Set supported DNSSEC algorithms.
 	 */
-	dns_resolver_reset_algorithms(view->resolver);
 	disabled = NULL;
 	(void)named_config_get(maps, "disable-algorithms", &disabled);
 	if (disabled != NULL) {
@@ -4930,7 +4920,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
 	/*
 	 * Set supported DS digest types.
 	 */
-	dns_resolver_reset_ds_digests(view->resolver);
 	disabled = NULL;
 	(void)named_config_get(maps, "disable-ds-digests", &disabled);
 	if (disabled != NULL) {
@@ -5530,7 +5519,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
 	 */
 	CHECK(configure_view_dnsseckeys(view, vconfig, config, bindkeys,
 					auto_root));
-	dns_resolver_resetmustbesecure(view->resolver);
+
 	obj = NULL;
 	result = named_config_get(maps, "dnssec-must-be-secure", &obj);
 	if (result == ISC_R_SUCCESS) {

lib/dns/Makefile.am

@@ -91,6 +91,7 @@ libdns_la_HEADERS =			\
 	include/dns/masterdump.h	\
 	include/dns/message.h		\
 	include/dns/name.h		\
+	include/dns/nametree.h		\
 	include/dns/ncache.h		\
 	include/dns/nsec.h		\
 	include/dns/nsec3.h		\
@@ -196,6 +197,7 @@ libdns_la_SOURCES =			\
 	masterdump.c			\
 	message.c			\
 	name.c				\
+	nametree.c			\
 	ncache.c			\
 	nsec.c				\
 	nsec3.c				\

lib/dns/include/dns/nametree.h

@@ -0,0 +1,194 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#pragma once
+
+/*****
+***** Module Info
+*****/
+
+/*! \file
+ * \brief
+ * A nametree module is a tree of DNS names containing boolean values
+ * or bitfields, allowing a quick lookup to see whether a name is included
+ * in or excluded from some policy.
+ */
+
+#include <stdbool.h>
+
+#include <isc/lang.h>
+#include <isc/magic.h>
+#include <isc/refcount.h>
+#include <isc/rwlock.h>
+#include <isc/stdtime.h>
+
+#include <dns/rdatastruct.h>
+#include <dns/types.h>
+
+#include <dst/dst.h>
+
+/* Define to 1 for detailed reference tracing */
+#undef DNS_NAMETREE_TRACE
+
+typedef enum {
+	DNS_NAMETREE_BOOL,
+	DNS_NAMETREE_BITS,
+	DNS_NAMETREE_COUNT
+} dns_nametree_type_t;
+
+ISC_LANG_BEGINDECLS
+
+void
+dns_nametree_create(isc_mem_t *mctx, dns_nametree_type_t type, const char *name,
+		    dns_nametree_t **ntp);
+/*%<
+ * Create a nametree.
+ *
+ * If 'name' is not NULL, it will be saved as the name of the QP trie
+ * for debugging purposes.
+ *
+ * 'type' indicates whether the tree will be used for storing boolean
+ * values (DNS_NAMETREE_BOOL), bitfields (DNS_NAMETREE_BITS), or counters
+ * (DNS_NAMETREE_COUNT).
+ *
+ * Requires:
+ *
+ *\li	'mctx' is a valid memory context.
+ *\li	ntp != NULL && *ntp == NULL
+ */
+
+isc_result_t
+dns_nametree_add(dns_nametree_t *nametree, const dns_name_t *name,
+		 uint32_t value);
+/*%<
+ * Add a node to 'nametree'.
+ *
+ * If the nametree type was set to DNS_NAMETREE_BOOL, then 'value'
+ * represents a single boolean value, true or false. If the name already
+ * exists within the tree, then return ISC_R_EXISTS.
+ *
+ * If the nametree type was set to DNS_NAMETREE_COUNT, then 'value'
+ * can only be true. Each time the same name is added to the tree,
+ * ISC_R_SUCCESS is returned and a counter is incremented.
+ * dns_nametree_delete() must be deleted the same number of times
+ * as dns_nametree_add() before the name is removed from the tree.
+ *
+ * If the nametree type was set to DNS_NAMETREE_BITS, then 'value' is
+ * a bit number within a bit field, which is sized to accomodate at least
+ * 'value' bits. If the name already exists, then that bit will be set
+ * in the bitfield, other bits will be retained, and ISC_R_SUCCESS will be
+ * returned. If 'value' excees the number of bits in the existing bit
+ * field, the field will be expanded.
+ *
+ * Requires:
+ *
+ *\li	'nametree' points to a valid nametree.
+ *
+ * Returns:
+ *
+ *\li	ISC_R_SUCCESS
+ *\li	ISC_R_EXISTS
+ *
+ *\li	Any other result indicates failure.
+ */
+
+isc_result_t
+dns_nametree_delete(dns_nametree_t *nametree, const dns_name_t *name);
+/*%<
+ * Delete 'name' from 'nametree'.
+ *
+ * If the nametree type was set to DNS_NAMETREE_COUNT, then this must
+ * be called for each name the same number of times as dns_nametree_add()
+ * was called before the name is removed.
+ *
+ * Requires:
+ *
+ *\li	'nametree' points to a valid nametree.
+ *\li	'name' is not NULL
+ *
+ * Returns:
+ *
+ *\li	ISC_R_SUCCESS
+ *
+ *\li	Any other result indicates failure.
+ */
+
+isc_result_t
+dns_nametree_find(dns_nametree_t *nametree, const dns_name_t *name,
+		  dns_ntnode_t **ntp);
+/*%<
+ * Retrieve the node that exactly matches 'name' from 'nametree'.
+ *
+ * Requires:
+ *
+ *\li	'nametree' is a valid nametree.
+ *
+ *\li	'name' is a valid name.
+ *
+ *\li	ntp != NULL && *ntp == NULL
+ *
+ * Returns:
+ *
+ *\li	ISC_R_SUCCESS
+ *\li	ISC_R_NOTFOUND
+ *
+ *\li	Any other result indicates an error.
+ */
+
+bool
+dns_nametree_covered(dns_nametree_t *nametree, const dns_name_t *name,
+		     dns_name_t *found, uint32_t bit);
+/*%<
+ * Indicates whether a 'name' (with optional 'bit' value) is covered by
+ * 'nametree'.
+ *
+ * In DNS_NAMETREE_BOOL nametrees, this returns true if 'name' has a match
+ * or a closest ancestor in 'nametree' with its value set to 'true'.
+ * 'bit' is ignored.
+ *
+ * In DNS_NAMETREE_BITS trees, this returns true if 'name' has a match or
+ * a closest ancestor in 'nametree' with the 'bit' set in its bitfield.
+ *
+ * If a name is not found, the default return value is false.
+ *
+ * If 'found' is not NULL, the name or ancestor name that was found in
+ * the tree is copied into it.
+ *
+ * Requires:
+ *
+ *\li	'nametree' is a valid nametree, or is NULL.
+ */
+
+#if DNS_NAMETREE_TRACE
+#define dns_nametree_ref(ptr) \
+	dns_nametree__ref(ptr, __func__, __FILE__, __LINE__)
+#define dns_nametree_unref(ptr) \
+	dns_nametree__unref(ptr, __func__, __FILE__, __LINE__)
+#define dns_nametree_attach(ptr, ptrp) \
+	dns_nametree__attach(ptr, ptrp, __func__, __FILE__, __LINE__)
+#define dns_nametree_detach(ptrp) \
+	dns_nametree__detach(ptrp, __func__, __FILE__, __LINE__)
+#define dns_ntnode_ref(ptr) dns_ntnode__ref(ptr, __func__, __FILE__, __LINE__)
+#define dns_ntnode_unref(ptr) \
+	dns_ntnode__unref(ptr, __func__, __FILE__, __LINE__)
+#define dns_ntnode_attach(ptr, ptrp) \
+	dns_ntnode__attach(ptr, ptrp, __func__, __FILE__, __LINE__)
+#define dns_ntnode_detach(ptrp) \
+	dns_ntnode__detach(ptrp, __func__, __FILE__, __LINE__)
+ISC_REFCOUNT_TRACE_DECL(dns_nametree);
+ISC_REFCOUNT_TRACE_DECL(dns_ntnode);
+#else
+ISC_REFCOUNT_DECL(dns_nametree);
+ISC_REFCOUNT_DECL(dns_ntnode);
+#endif
+ISC_LANG_ENDDECLS

lib/dns/include/dns/resolver.h

@@ -423,18 +423,6 @@ dns_resolver_addalternate(dns_resolver_t *resolver, const isc_sockaddr_t *alt,
  * \li	only one of 'name' or 'alt' to be valid.
  */
 
-void
-dns_resolver_reset_algorithms(dns_resolver_t *resolver);
-/*%<
- * Clear the disabled DNSSEC algorithms.
- */
-
-void
-dns_resolver_reset_ds_digests(dns_resolver_t *resolver);
-/*%<
- * Clear the disabled DS digest types.
- */
-
 isc_result_t
 dns_resolver_disable_algorithm(dns_resolver_t *resolver, const dns_name_t *name,
 			       unsigned int alg);
@@ -482,9 +470,6 @@ dns_resolver_ds_digest_supported(dns_resolver_t	  *resolver,
  * crypto libraries if it was not specifically disabled.
  */
 
-void
-dns_resolver_resetmustbesecure(dns_resolver_t *resolver);
-
 isc_result_t
 dns_resolver_setmustbesecure(dns_resolver_t *resolver, const dns_name_t *name,
 			     bool value);

lib/dns/include/dns/types.h

@@ -116,8 +116,10 @@ typedef struct dns_message	   dns_message_t;
 typedef uint16_t		   dns_messageid_t;
 typedef isc_region_t		   dns_label_t;
 typedef struct dns_name		   dns_name_t;
+typedef struct dns_nametree	   dns_nametree_t;
 typedef ISC_LIST(dns_name_t) dns_namelist_t;
 typedef struct dns_ntatable	 dns_ntatable_t;
+typedef struct dns_ntnode	 dns_ntnode_t;
 typedef uint16_t		 dns_opcode_t;
 typedef struct dns_order	 dns_order_t;
 typedef struct dns_peer		 dns_peer_t;

lib/dns/include/dns/view.h

@@ -140,12 +140,11 @@ struct dns_view {
 	dns_acl_t	     *denyansweracl;
 	dns_acl_t	     *nocasecompress;
 	bool		      msgcompression;
-	dns_rbt_t	     *answeracl_exclude;
-	dns_rbt_t	     *denyanswernames;
-	dns_rbt_t	     *answernames_exclude;
+	dns_nametree_t	     *answeracl_exclude;
+	dns_nametree_t	     *denyanswernames;
+	dns_nametree_t	     *answernames_exclude;
+	dns_nametree_t	     *sfd;
 	dns_rrl_t	     *rrl;
-	dns_rbt_t	     *sfd;
-	isc_rwlock_t	      sfd_lock;
 	bool		      provideixfr;
 	bool		      requestnsid;
 	bool		      sendcookie;