Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Optimse RR digest calculation in DNSSEC.

Browse Source 
If an RR is of a type which doesn't need canonicalisation,
bypass the relatively slow canonicalisation code, and insert
it direct into the digest.
This commit is contained in:
Simon Kelley
2020-11-12 23:09:15 +00:00
parent 2d765867c5
commit 059aded070
1 changed files with 49 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
src/dnssec.c
View File

@@ -579,7 +579,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname); hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
from_wire(keyname); from_wire(keyname);
#define RRBUFLEN 300 /* Most RRs are smaller than this. */ #define RRBUFLEN 128 /* Most RRs are smaller than this. */
for (i = 0; i < rrsetidx; ++i) for (i = 0; i < rrsetidx; ++i)
{ {
@@ -618,49 +618,65 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
hash->update(ctx, 4, p); /* class and type */ hash->update(ctx, 4, p); /* class and type */
hash->update(ctx, 4, (unsigned char *)&nsigttl); hash->update(ctx, 4, (unsigned char *)&nsigttl);
p += 8; /* skip class, type, ttl */ p += 8; /* skip type, class, ttl */
GETSHORT(rdlen, p); GETSHORT(rdlen, p);
if (!CHECK_LEN(header, p, plen, rdlen)) if (!CHECK_LEN(header, p, plen, rdlen))
return STAT_BOGUS; return STAT_BOGUS;
/* canonicalise rdata and calculate length of same, use /* Optimisation for RR types which need no cannonicalisation.
name buffer as workspace for get_rdata. */ This includes DNSKEY DS NSEC and NSEC3, which are also long, so
state.ip = p; it saves lots of calls to get_rdata, and avoids the pessimal
state.op = NULL; segmented insertion, even with a small rrbuf[].
state.desc = rr_desc;
state.buff = name;
state.end = p + rdlen;
for (j = 0; get_rdata(header, plen, &state); j++) If canonicalisation is not needed, a simple insertion into the hash works.
if (j < RRBUFLEN) */
rrbuf[j] = *state.op; if (*rr_desc == (u16)-1)
len = htons((u16)j);
hash->update(ctx, 2, (unsigned char *)&len);
/* If the RR is shorter than RRBUFLEN (most of them, in practice)
then we can just digest it now. If it exceeds RRBUFLEN we have to
go back to the start and do it in chunks. */
if (j >= RRBUFLEN)
{ {
len = htons(rdlen);
hash->update(ctx, 2, (unsigned char *)&len);
hash->update(ctx, rdlen, p);
}
else
{
/* canonicalise rdata and calculate length of same, use
name buffer as workspace for get_rdata. */
state.ip = p; state.ip = p;
state.op = NULL; state.op = NULL;
state.desc = rr_desc; state.desc = rr_desc;
state.buff = name;
state.end = p + rdlen;
for (j = 0; get_rdata(header, plen, &state); j++) for (j = 0; get_rdata(header, plen, &state); j++)
if (j < RRBUFLEN)
rrbuf[j] = *state.op;
len = htons((u16)j);
hash->update(ctx, 2, (unsigned char *)&len);
/* If the RR is shorter than RRBUFLEN (most of them, in practice)
then we can just digest it now. If it exceeds RRBUFLEN we have to
go back to the start and do it in chunks. */
if (j >= RRBUFLEN)
{ {
rrbuf[j] = *state.op; state.ip = p;
state.op = NULL;
state.desc = rr_desc;
if (j == RRBUFLEN - 1) for (j = 0; get_rdata(header, plen, &state); j++)
{ {
hash->update(ctx, RRBUFLEN, rrbuf); rrbuf[j] = *state.op;
j = -1;
} if (j == RRBUFLEN - 1)
{
hash->update(ctx, RRBUFLEN, rrbuf);
j = -1;
}
}
} }
}
if (j != 0) if (j != 0)
hash->update(ctx, j, rrbuf); hash->update(ctx, j, rrbuf);
}
} }
hash->digest(ctx, hash->digest_size, digest); hash->digest(ctx, hash->digest_size, digest);