diff --git a/lib/dns/include/dns/stats.h b/lib/dns/include/dns/stats.h index 79c3fe70a0..2883a31d38 100644 --- a/lib/dns/include/dns/stats.h +++ b/lib/dns/include/dns/stats.h @@ -684,7 +684,7 @@ dns_rcodestats_increment(dns_stats_t *stats, dns_opcode_t code); */ void -dns_dnssecsignstats_increment(dns_stats_t *stats, dns_keytag_t id, +dns_dnssecsignstats_increment(dns_stats_t *stats, dns_keytag_t id, uint8_t alg, bool refresh); /*%< * Increment the statistics counter for the DNSKEY 'id'. If 'refresh' is set diff --git a/lib/dns/stats.c b/lib/dns/stats.c index 711cf880b5..1b3ef4d24d 100644 --- a/lib/dns/stats.c +++ b/lib/dns/stats.c @@ -104,8 +104,8 @@ typedef enum { /* Maximum number of keys to keep track of for DNSSEC signing statistics. */ static int dnssec_max_keys = 4; -/* Attribute to signal whether a counter is actually a key id. */ -#define DNSSECSIGNSTATS_IS_KEY 0x10000 +/* Key id mask */ +#define DNSSECSIGNSTATS_KEY_ID_MASK 0x0000FFFF /* DNSSEC sign operation (sign or refresh) */ #define DNSSECSIGNSTATS_SIGN 1 #define DNSSECSIGNSTATS_REFRESH 2 @@ -360,15 +360,15 @@ dns_rcodestats_increment(dns_stats_t *stats, dns_rcode_t code) { } void -dns_dnssecsignstats_increment(dns_stats_t *stats, dns_keytag_t id, +dns_dnssecsignstats_increment(dns_stats_t *stats, dns_keytag_t id, uint8_t alg, bool refresh) { isc_statscounter_t operation = DNSSECSIGNSTATS_SIGN; uint32_t kval; REQUIRE(DNS_STATS_VALID(stats) && stats->type == dns_statstype_dnssec); - kval = (uint32_t)id; - kval |= DNSSECSIGNSTATS_IS_KEY; + /* Shift algorithm in front of key tag, which is 16 bits */ + kval = (uint32_t)(alg << 16 | id); /* What operation are we counting? */ if (refresh) { @@ -551,8 +551,7 @@ dnssec_statsdump(isc_stats_t *stats, bool refresh, isc_stats_dumper_t dump_fn, continue; } - id = (dns_keytag_t)kval; - id &= ~DNSSECSIGNSTATS_IS_KEY; + id = (dns_keytag_t)kval & DNSSECSIGNSTATS_KEY_ID_MASK; dump_fn((isc_statscounter_t)id, val, arg); } diff --git a/lib/dns/update.c b/lib/dns/update.c index 476c3e4b17..657cc777b0 100644 --- a/lib/dns/update.c +++ b/lib/dns/update.c @@ -1117,6 +1117,7 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db, #define REVOKE(x) ((dst_key_flags(x) & DNS_KEYFLAG_REVOKE) != 0) #define KSK(x) ((dst_key_flags(x) & DNS_KEYFLAG_KSK) != 0) +#define ID(x) dst_key_id(x) #define ALG(x) dst_key_alg(x) /* @@ -1260,7 +1261,8 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db, /* Update DNSSEC sign statistics. */ if (dnssecsignstats != NULL) { dns_dnssecsignstats_increment( - dnssecsignstats, dst_key_id(keys[i]), false); + dnssecsignstats, ID(keys[i]), + (uint8_t)ALG(keys[i]), false); } } if (!added_sig) { diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 23c8a5f92b..273aa3c591 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -120,6 +120,7 @@ */ #define REVOKE(x) ((dst_key_flags(x) & DNS_KEYFLAG_REVOKE) != 0) #define KSK(x) ((dst_key_flags(x) & DNS_KEYFLAG_KSK) != 0) +#define ID(x) dst_key_id(x) #define ALG(x) dst_key_alg(x) /* @@ -6923,10 +6924,12 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_zone_t *zone, if (dnssecsignstats != NULL) { /* Generated a new signature. */ dns_dnssecsignstats_increment( - dnssecsignstats, dst_key_id(keys[i]), false); + dnssecsignstats, ID(keys[i]), + (uint8_t)ALG(keys[i]), false); /* This is a refresh. */ dns_dnssecsignstats_increment( - dnssecsignstats, dst_key_id(keys[i]), true); + dnssecsignstats, ID(keys[i]), + (uint8_t)ALG(keys[i]), true); } } @@ -7507,11 +7510,11 @@ sign_a_node(dns_db_t *db, dns_zone_t *zone, dns_name_t *name, dnssecsignstats = dns_zone_getdnssecsignstats(zone); if (dnssecsignstats != NULL) { /* Generated a new signature. */ - dns_dnssecsignstats_increment(dnssecsignstats, - dst_key_id(key), false); + dns_dnssecsignstats_increment(dnssecsignstats, ID(key), + ALG(key), false); /* This is a refresh. */ - dns_dnssecsignstats_increment(dnssecsignstats, - dst_key_id(key), true); + dns_dnssecsignstats_increment(dnssecsignstats, ID(key), + ALG(key), true); } (*signatures)--;