upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-08 20:22:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Embed algorithm in key tag counter

Browse source 
Key tags are not unique across algorithms.
This commit is contained in:
Matthijs Mekking 2020-04-02 11:59:35 +02:00
parent eb6a8b47d7
commit b2028e26da
4 changed files with 19 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/dns/include/dns/stats.h
View file

@ -684,7 +684,7 @@ dns_rcodestats_increment(dns_stats_t *stats, dns_opcode_t code);
*/
void
dns_dnssecsignstats_increment(dns_stats_t *stats, dns_keytag_t id,
dns_dnssecsignstats_increment(dns_stats_t *stats, dns_keytag_t id, uint8_t alg,
bool refresh);
/*%<
* Increment the statistics counter for the DNSKEY 'id'. If 'refresh' is set

13
lib/dns/stats.c
View file

@ -104,8 +104,8 @@ typedef enum {
/* Maximum number of keys to keep track of for DNSSEC signing statistics. */
static int dnssec_max_keys = 4;
/* Attribute to signal whether a counter is actually a key id. */
#define DNSSECSIGNSTATS_IS_KEY 0x10000
/* Key id mask */
#define DNSSECSIGNSTATS_KEY_ID_MASK 0x0000FFFF
/* DNSSEC sign operation (sign or refresh) */
#define DNSSECSIGNSTATS_SIGN 1
#define DNSSECSIGNSTATS_REFRESH 2
@ -360,15 +360,15 @@ dns_rcodestats_increment(dns_stats_t *stats, dns_rcode_t code) {
}
void
dns_dnssecsignstats_increment(dns_stats_t *stats, dns_keytag_t id,
dns_dnssecsignstats_increment(dns_stats_t *stats, dns_keytag_t id, uint8_t alg,
bool refresh) {
isc_statscounter_t operation = DNSSECSIGNSTATS_SIGN;
uint32_t kval;
REQUIRE(DNS_STATS_VALID(stats) && stats->type == dns_statstype_dnssec);
kval = (uint32_t)id;
kval |= DNSSECSIGNSTATS_IS_KEY;
/* Shift algorithm in front of key tag, which is 16 bits */
kval = (uint32_t)(alg << 16 | id);
/* What operation are we counting? */
if (refresh) {
@ -551,8 +551,7 @@ dnssec_statsdump(isc_stats_t *stats, bool refresh, isc_stats_dumper_t dump_fn,
continue;
}
id = (dns_keytag_t)kval;
id &= ~DNSSECSIGNSTATS_IS_KEY;
id = (dns_keytag_t)kval & DNSSECSIGNSTATS_KEY_ID_MASK;
dump_fn((isc_statscounter_t)id, val, arg);
}

4
lib/dns/update.c
View file

@ -1117,6 +1117,7 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
#define REVOKE(x) ((dst_key_flags(x) & DNS_KEYFLAG_REVOKE) != 0)
#define KSK(x) ((dst_key_flags(x) & DNS_KEYFLAG_KSK) != 0)
#define ID(x) dst_key_id(x)
#define ALG(x) dst_key_alg(x)
/*
@ -1260,7 +1261,8 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
/* Update DNSSEC sign statistics. */
if (dnssecsignstats != NULL) {
dns_dnssecsignstats_increment(
dnssecsignstats, dst_key_id(keys[i]), false);
dnssecsignstats, ID(keys[i]),
(uint8_t)ALG(keys[i]), false);
}
}
if (!added_sig) {

15
lib/dns/zone.c
View file

@ -120,6 +120,7 @@
*/
#define REVOKE(x) ((dst_key_flags(x) & DNS_KEYFLAG_REVOKE) != 0)
#define KSK(x) ((dst_key_flags(x) & DNS_KEYFLAG_KSK) != 0)
#define ID(x) dst_key_id(x)
#define ALG(x) dst_key_alg(x)
/*
@ -6923,10 +6924,12 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_zone_t *zone,
if (dnssecsignstats != NULL) {
/* Generated a new signature. */
dns_dnssecsignstats_increment(
dnssecsignstats, dst_key_id(keys[i]), false);
dnssecsignstats, ID(keys[i]),
(uint8_t)ALG(keys[i]), false);
/* This is a refresh. */
dns_dnssecsignstats_increment(
dnssecsignstats, dst_key_id(keys[i]), true);
dnssecsignstats, ID(keys[i]),
(uint8_t)ALG(keys[i]), true);
}
}
@ -7507,11 +7510,11 @@ sign_a_node(dns_db_t *db, dns_zone_t *zone, dns_name_t *name,
dnssecsignstats = dns_zone_getdnssecsignstats(zone);
if (dnssecsignstats != NULL) {
/* Generated a new signature. */
dns_dnssecsignstats_increment(dnssecsignstats,
dst_key_id(key), false);
dns_dnssecsignstats_increment(dnssecsignstats, ID(key),
ALG(key), false);
/* This is a refresh. */
dns_dnssecsignstats_increment(dnssecsignstats,
dst_key_id(key), true);
dns_dnssecsignstats_increment(dnssecsignstats, ID(key),
ALG(key), true);
}
(*signatures)--;