mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-31 20:09:35 -05:00
max iterations for neg cache.
git-svn-id: file:///svn/unbound/trunk@1291 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
c73c662fce
commit
bfb4e20f43
4 changed files with 18 additions and 9 deletions
|
|
@ -1,3 +1,6 @@
|
|||
9 October 2008: Wouter
|
||||
- negative cache caps max iterations of NSEC3 done.
|
||||
|
||||
8 October 2008: Wouter
|
||||
- NSEC negative cache for DS.
|
||||
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ int val_neg_zone_compare(const void* a, const void* b)
|
|||
return dname_canon_lab_cmp(x->name, x->labs, y->name, y->labs, &m);
|
||||
}
|
||||
|
||||
struct val_neg_cache* val_neg_create(struct config_file* cfg)
|
||||
struct val_neg_cache* val_neg_create(struct config_file* cfg, size_t maxiter)
|
||||
{
|
||||
struct val_neg_cache* neg = (struct val_neg_cache*)calloc(1,
|
||||
sizeof(*neg));
|
||||
|
|
@ -83,6 +83,7 @@ struct val_neg_cache* val_neg_create(struct config_file* cfg)
|
|||
log_err("Could not create neg cache: out of memory");
|
||||
return NULL;
|
||||
}
|
||||
neg->nsec3_max_iter = maxiter;
|
||||
neg->max = 1024*1024; /* 1 M is thousands of entries */
|
||||
if(cfg) neg->max = cfg->neg_cache_size;
|
||||
rbtree_init(&neg->tree, &val_neg_zone_compare);
|
||||
|
|
@ -832,6 +833,7 @@ static void neg_insert_data(struct val_neg_cache* neg,
|
|||
uint8_t* s;
|
||||
size_t slen, it;
|
||||
if(nsec3_get_params(nsec, 0, &h, &it, &s, &slen) &&
|
||||
it <= neg->nsec3_max_iter &&
|
||||
(h != zone->nsec3_hash || it != zone->nsec3_iter ||
|
||||
slen != zone->nsec3_saltlen ||
|
||||
memcmp(zone->nsec3_salt, s, slen) != 0)) {
|
||||
|
|
|
|||
|
|
@ -76,6 +76,8 @@ struct val_neg_cache {
|
|||
size_t use;
|
||||
/** max memory to use (bytes) */
|
||||
size_t max;
|
||||
/** max nsec3 iterations allowed */
|
||||
size_t nsec3_max_iter;
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
@ -162,9 +164,10 @@ struct val_neg_data {
|
|||
/**
|
||||
* Create negative cache
|
||||
* @param cfg: config options.
|
||||
* @param maxiter: max nsec3 iterations allowed.
|
||||
* @return neg cache, empty or NULL on failure.
|
||||
*/
|
||||
struct val_neg_cache* val_neg_create(struct config_file* cfg);
|
||||
struct val_neg_cache* val_neg_create(struct config_file* cfg, size_t maxiter);
|
||||
|
||||
/**
|
||||
* see how much memory is in use by the negative cache.
|
||||
|
|
|
|||
|
|
@ -121,13 +121,6 @@ val_apply_cfg(struct module_env* env, struct val_env* val_env,
|
|||
log_err("validator: error in trustanchors config");
|
||||
return 0;
|
||||
}
|
||||
if(!val_env->neg_cache)
|
||||
val_env->neg_cache = val_neg_create(cfg);
|
||||
if(!val_env->neg_cache) {
|
||||
log_err("out of memory");
|
||||
return 0;
|
||||
}
|
||||
env->neg_cache = val_env->neg_cache;
|
||||
val_env->date_override = cfg->val_date_override;
|
||||
c = cfg_count_numbers(cfg->val_nsec3_key_iterations);
|
||||
if(c < 1 || (c&1)) {
|
||||
|
|
@ -140,6 +133,14 @@ val_apply_cfg(struct module_env* env, struct val_env* val_env,
|
|||
log_err("validator: cannot apply nsec3 key iterations");
|
||||
return 0;
|
||||
}
|
||||
if(!val_env->neg_cache)
|
||||
val_env->neg_cache = val_neg_create(cfg,
|
||||
val_env->nsec3_maxiter[val_env->nsec3_keyiter_count-1]);
|
||||
if(!val_env->neg_cache) {
|
||||
log_err("out of memory");
|
||||
return 0;
|
||||
}
|
||||
env->neg_cache = val_env->neg_cache;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue