Introduce Denial-of-Existence (DoE) for Nack response.
Note this commit changes how names are stored in the database, compliant
to the canonical order.
Change-Id: I9857aaefc1f7da08ff53eff43c8f8c8bd5443953
Refs: #4152
diff --git a/src/daemon/db-mgr.cpp b/src/daemon/db-mgr.cpp
index b925f2d..5652de2 100644
--- a/src/daemon/db-mgr.cpp
+++ b/src/daemon/db-mgr.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2014-2017, Regents of the University of California.
+ * Copyright (c) 2014-2018, Regents of the University of California.
*
* This file is part of NDNS (Named Data Networking Domain Name Service).
* See AUTHORS.md for complete list of NDNS authors and contributors.
@@ -125,6 +125,37 @@
NDNS_LOG_INFO("clear all the data in the database: " << m_dbFile);
}
+
+void
+DbMgr::saveName(const Name& name, sqlite3_stmt* stmt, int iCol, bool isStatic)
+{
+ const Block& wire = name.wireEncode();
+ sqlite3_bind_blob(stmt, iCol, wire.value(), wire.value_size(), isStatic ? SQLITE_STATIC : SQLITE_TRANSIENT);
+}
+
+Name
+DbMgr::restoreName(sqlite3_stmt* stmt, int iCol)
+{
+ Name name;
+
+ const uint8_t* buffer = static_cast<const uint8_t*>(sqlite3_column_blob(stmt, iCol));
+ size_t nBytesLeft = sqlite3_column_bytes(stmt, iCol);
+
+ while (nBytesLeft > 0) {
+ bool hasDecodingSucceeded;
+ name::Component component;
+ std::tie(hasDecodingSucceeded, component) = Block::fromBuffer(buffer, nBytesLeft);
+ if (!hasDecodingSucceeded) {
+ BOOST_THROW_EXCEPTION(Error("Error while decoding name from the database"));
+ }
+ name.append(component);
+ buffer += component.size();
+ nBytesLeft -= component.size();
+ }
+
+ return name;
+}
+
///////////////////////////////////////////////////////////////////////////////////////////////////
// Zone
///////////////////////////////////////////////////////////////////////////////////////////////////
@@ -142,8 +173,8 @@
BOOST_THROW_EXCEPTION(PrepareError(sql));
}
- const Block& zoneName = zone.getName().wireEncode();
- sqlite3_bind_blob(stmt, 1, zoneName.wire(), zoneName.size(), SQLITE_STATIC);
+
+ saveName(zone.getName(), stmt, 1);
sqlite3_bind_int(stmt, 2, zone.getTtl().count());
rc = sqlite3_step(stmt);
@@ -233,8 +264,7 @@
BOOST_THROW_EXCEPTION(PrepareError(sql));
}
- const Block& zoneName = zone.getName().wireEncode();
- sqlite3_bind_blob(stmt, 1, zoneName.wire(), zoneName.size(), SQLITE_STATIC);
+ saveName(zone.getName(), stmt, 1);
if (sqlite3_step(stmt) == SQLITE_ROW) {
zone.setId(sqlite3_column_int64(stmt, 0));
@@ -266,8 +296,7 @@
Zone& zone = vec.back();
zone.setId(sqlite3_column_int64(stmt, 0));
zone.setTtl(time::seconds(sqlite3_column_int(stmt, 2)));
- zone.setName(Name(Block(static_cast<const uint8_t*>(sqlite3_column_blob(stmt, 1)),
- sqlite3_column_bytes(stmt, 1))));
+ zone.setName(restoreName(stmt, 1));
}
sqlite3_finalize(stmt);
@@ -331,8 +360,7 @@
sqlite3_bind_int64(stmt, 1, rrset.getZone()->getId());
- const Block& label = rrset.getLabel().wireEncode();
- sqlite3_bind_blob(stmt, 2, label.wire(), label.size(), SQLITE_STATIC);
+ saveName(rrset.getLabel(), stmt, 2);
sqlite3_bind_blob(stmt, 3, rrset.getType().wire(), rrset.getType().size(), SQLITE_STATIC);
sqlite3_bind_blob(stmt, 4, rrset.getVersion().wire(), rrset.getVersion().size(), SQLITE_STATIC);
sqlite3_bind_int64(stmt, 5, rrset.getTtl().count());
@@ -374,8 +402,52 @@
sqlite3_bind_int64(stmt, 1, rrset.getZone()->getId());
- const Block& label = rrset.getLabel().wireEncode();
- sqlite3_bind_blob(stmt, 2, label.wire(), label.size(), SQLITE_STATIC);
+ saveName(rrset.getLabel(), stmt, 2);
+ sqlite3_bind_blob(stmt, 3, rrset.getType().wire(), rrset.getType().size(), SQLITE_STATIC);
+
+ if (sqlite3_step(stmt) == SQLITE_ROW) {
+ rrset.setId(sqlite3_column_int64(stmt, 0));
+ rrset.setTtl(time::seconds(sqlite3_column_int64(stmt, 1)));
+ rrset.setVersion(Block(static_cast<const uint8_t*>(sqlite3_column_blob(stmt, 2)),
+ sqlite3_column_bytes(stmt, 2)));
+ rrset.setData(Block(static_cast<const uint8_t*>(sqlite3_column_blob(stmt, 3)),
+ sqlite3_column_bytes(stmt, 3)));
+ }
+ else {
+ rrset.setId(0);
+ }
+ sqlite3_finalize(stmt);
+
+ return rrset.getId() != 0;
+}
+
+bool
+DbMgr::findLowerBound(Rrset& rrset)
+{
+ if (rrset.getZone() == 0) {
+ BOOST_THROW_EXCEPTION(RrsetError("Rrset has not been assigned to a zone"));
+ }
+
+ if (rrset.getZone()->getId() == 0) {
+ bool isFound = find(*rrset.getZone());
+ if (!isFound) {
+ return false;
+ }
+ }
+
+ sqlite3_stmt* stmt;
+ const char* sql =
+ "SELECT id, ttl, version, data FROM rrsets"
+ " WHERE zone_id=? and label<? and type=? ORDER BY label DESC";
+ int rc = sqlite3_prepare_v2(m_conn, sql, -1, &stmt, 0);
+
+ if (rc != SQLITE_OK) {
+ BOOST_THROW_EXCEPTION(PrepareError(sql));
+ }
+
+ sqlite3_bind_int64(stmt, 1, rrset.getZone()->getId());
+
+ saveName(rrset.getLabel(), stmt, 2);
sqlite3_bind_blob(stmt, 3, rrset.getType().wire(), rrset.getType().size(), SQLITE_STATIC);
if (sqlite3_step(stmt) == SQLITE_ROW) {
@@ -406,7 +478,7 @@
std::vector<Rrset> vec;
sqlite3_stmt* stmt;
const char* sql = "SELECT id, ttl, version, data, label, type "
- "FROM rrsets where zone_id=? ";
+ "FROM rrsets where zone_id=? ORDER BY label";
int rc = sqlite3_prepare_v2(m_conn, sql, -1, &stmt, 0);
if (rc != SQLITE_OK) {
@@ -424,8 +496,7 @@
sqlite3_column_bytes(stmt, 2)));
rrset.setData(Block(static_cast<const uint8_t*>(sqlite3_column_blob(stmt, 3)),
sqlite3_column_bytes(stmt, 3)));
- rrset.setLabel(Name(Block(static_cast<const uint8_t*>(sqlite3_column_blob(stmt, 4)),
- sqlite3_column_bytes(stmt, 4))));
+ rrset.setLabel(restoreName(stmt, 4));
rrset.setType(Block(static_cast<const uint8_t*>(sqlite3_column_blob(stmt, 5)),
sqlite3_column_bytes(stmt, 5)));
}
@@ -434,6 +505,33 @@
return vec;
}
+void
+DbMgr::removeRrsetsOfZoneByType(Zone& zone, const name::Component& type)
+{
+ if (zone.getId() == 0)
+ find(zone);
+
+ if (zone.getId() == 0)
+ BOOST_THROW_EXCEPTION(RrsetError("Attempting to find all the rrsets with a zone does not in the database"));
+
+ sqlite3_stmt* stmt;
+ const char* sql = "DELETE FROM rrsets WHERE zone_id = ? AND type = ?";
+ int rc = sqlite3_prepare_v2(m_conn, sql, -1, &stmt, 0);
+
+ if (rc != SQLITE_OK) {
+ BOOST_THROW_EXCEPTION(PrepareError(sql));
+ }
+
+ sqlite3_bind_int64(stmt, 1, zone.getId());
+ sqlite3_bind_blob(stmt, 2, type.wire(), type.size(), SQLITE_STATIC);
+
+ rc = sqlite3_step(stmt);
+ if (rc != SQLITE_DONE) {
+ sqlite3_finalize(stmt);
+ BOOST_THROW_EXCEPTION(ExecuteError(sql));
+ }
+ sqlite3_finalize(stmt);
+}
void
DbMgr::remove(Rrset& rrset)
diff --git a/src/daemon/db-mgr.hpp b/src/daemon/db-mgr.hpp
index 04b9672..ff0066e 100644
--- a/src/daemon/db-mgr.hpp
+++ b/src/daemon/db-mgr.hpp
@@ -166,6 +166,20 @@
find(Rrset& rrset);
/**
+ * @brief get the data from db according to `m_zone`, `m_label`, `m_type`.
+ *
+ * The lower bound rrset is the largest label that is less than rrset's label
+ * If record exists, `m_ttl`, `m_version` and `m_data` is set
+ *
+ * @pre m_rrset.getZone().getId() > 0
+ * @post whatever the previous id is,
+ * m_rrset.getId() > 0 if record exists, otherwise m_rrset.getId() == 0
+ * @return true if the record exist
+ */
+ bool
+ findLowerBound(Rrset& rrset);
+
+ /**
* @brief get all the rrsets which is stored at given zone
* @throw RrsetError() if zone does not exist in the database
* @note if zone.getId() == 0, the function setId for the zone automatically
@@ -183,6 +197,13 @@
remove(Rrset& rrset);
/**
+ * @brief remove all records of a specific type in a zone
+ */
+ void
+ removeRrsetsOfZoneByType(Zone& zone,
+ const name::Component& type);
+
+ /**
* @brief replace ttl, version, and Data with new values
* @pre m_rrset.getId() > 0
*/
@@ -199,6 +220,19 @@
}
private:
+ /**
+ * @brief Save @p name to the database in the internal sortable format
+ *
+ * If @p name is not preserved until @p stmt is executed, @p isStatic must be
+ * set to `false`.
+ */
+ void
+ saveName(const Name& name, sqlite3_stmt* stmt, int iCol, bool isStatic = true);
+
+ Name
+ restoreName(sqlite3_stmt* stmt, int iCol);
+
+private:
std::string m_dbFile;
sqlite3* m_conn;
};
diff --git a/src/daemon/name-server.cpp b/src/daemon/name-server.cpp
index 11ad3a8..c7649ef 100644
--- a/src/daemon/name-server.cpp
+++ b/src/daemon/name-server.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2014-2017, Regents of the University of California.
+ * Copyright (c) 2014-2018, Regents of the University of California.
*
* This file is part of NDNS (Named Data Networking Domain Name Service).
* See AUTHORS.md for complete list of NDNS authors and contributors.
@@ -91,14 +91,24 @@
m_face.put(*answer);
}
else {
- // no record, construct NACK
Name name = interest.getName();
name.appendVersion();
shared_ptr<Data> answer = make_shared<Data>(name);
+ Rrset doe(&m_zone);
+ // currently, there is only one DoE record contains everything
+ doe.setLabel(Name(re.rrLabel).append(re.rrType));
+ doe.setType(label::DOE_RR_TYPE);
+ if (!m_dbMgr.findLowerBound(doe)) {
+ NDNS_LOG_FATAL("fail to find DoE record of zone:" + m_zone.getName().toUri());
+ BOOST_THROW_EXCEPTION(std::runtime_error("fail to find DoE record of zone:" + m_zone.getName().toUri()));
+ }
+
+ answer->setContent(doe.getData());
answer->setFreshnessPeriod(this->getContentFreshness());
answer->setContentType(NDNS_NACK);
+ // give this NACk a random signature
+ m_keyChain.sign(*answer);
- m_keyChain.sign(*answer, signingByCertificate(m_certName));
NDNS_LOG_TRACE("answer query with NDNS-NACK: " << answer->getName());
m_face.put(*answer);
}
diff --git a/src/daemon/rrset-factory.cpp b/src/daemon/rrset-factory.cpp
index 4351fcd..3bfca03 100644
--- a/src/daemon/rrset-factory.cpp
+++ b/src/daemon/rrset-factory.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2014-2017, Regents of the University of California.
+ * Copyright (c) 2014-2018, Regents of the University of California.
*
* This file is part of NDNS (Named Data Networking Domain Name Service).
* See AUTHORS.md for complete list of NDNS authors and contributors.
@@ -77,7 +77,7 @@
std::pair<Rrset, Name>
RrsetFactory::generateBaseRrset(const Name& label,
const name::Component& type,
- const uint64_t version,
+ uint64_t version,
const time::seconds& ttl)
{
Rrset rrset(&m_zone);
@@ -117,7 +117,7 @@
Rrset
RrsetFactory::generateNsRrset(const Name& label,
- const uint64_t version,
+ uint64_t version,
time::seconds ttl,
const ndn::DelegationList& delegations)
{
@@ -144,7 +144,7 @@
Rrset
RrsetFactory::generateTxtRrset(const Name& label,
- const uint64_t version,
+ uint64_t version,
time::seconds ttl,
const std::vector<std::string>& strings)
{
@@ -178,7 +178,7 @@
Rrset
RrsetFactory::generateCertRrset(const Name& label,
- const uint64_t version,
+ uint64_t version,
time::seconds ttl,
const ndn::security::v2::Certificate& cert)
{
@@ -205,7 +205,7 @@
Rrset
RrsetFactory::generateAuthRrset(const Name& label,
- const uint64_t version,
+ uint64_t version,
time::seconds ttl)
{
if (!m_checked) {
@@ -228,6 +228,39 @@
return rrset;
}
+Rrset
+RrsetFactory::generateDoeRrset(const Name& label,
+ uint64_t version,
+ time::seconds ttl,
+ const Name& lowerLabel,
+ const Name& upperLabel)
+{
+ if (!m_checked) {
+ BOOST_THROW_EXCEPTION(Error("You have to call checkZoneKey before call generate functions"));
+ }
+
+ if (ttl == DEFAULT_RR_TTL)
+ ttl = m_zone.getTtl();
+
+ Name name;
+ Rrset rrset;
+ std::tie(rrset, name) = generateBaseRrset(label, label::DOE_RR_TYPE, version, ttl);
+
+ std::vector<Block> range;
+ range.push_back(lowerLabel.wireEncode());
+ range.push_back(upperLabel.wireEncode());
+
+ Data data(name);
+ data.setContent(wireEncode(range));
+
+ setContentType(data, NDNS_DOE, ttl);
+ sign(data);
+ rrset.setData(data.wireEncode());
+
+ return rrset;
+}
+
+
void
RrsetFactory::sign(Data& data)
{
diff --git a/src/daemon/rrset-factory.hpp b/src/daemon/rrset-factory.hpp
index 59b3b09..e8babc7 100644
--- a/src/daemon/rrset-factory.hpp
+++ b/src/daemon/rrset-factory.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2014-2017, Regents of the University of California.
+ * Copyright (c) 2014-2018, Regents of the University of California.
*
* This file is part of NDNS (Named Data Networking Domain Name Service).
* See AUTHORS.md for complete list of NDNS authors and contributors.
@@ -61,27 +61,38 @@
Rrset
generateNsRrset(const Name& label,
- const uint64_t version,
+ uint64_t version,
time::seconds ttl,
const ndn::DelegationList& delegations);
Rrset
generateTxtRrset(const Name& label,
- const uint64_t version,
+ uint64_t version,
time::seconds ttl,
const std::vector<std::string>& contents);
Rrset
generateAuthRrset(const Name& label,
- const uint64_t version,
+ uint64_t version,
time::seconds ttl);
Rrset
generateCertRrset(const Name& label,
- const uint64_t version,
+ uint64_t version,
time::seconds ttl,
const ndn::security::v2::Certificate& cert);
+ /**
+ * @brief DoE records are just txt records of all entries of a zone
+ * which means the any range showed in this record does not exist
+ */
+ Rrset
+ generateDoeRrset(const Name& label,
+ uint64_t version,
+ time::seconds ttl,
+ const Name& lowerLabel,
+ const Name& upperLabel);
+
static std::vector<std::string>
wireDecodeTxt(const Block& wire);
@@ -94,7 +105,7 @@
std::pair<Rrset, Name>
generateBaseRrset(const Name& label,
const name::Component& type,
- const uint64_t version,
+ uint64_t version,
const time::seconds& ttl);
bool
diff --git a/src/daemon/rrset.cpp b/src/daemon/rrset.cpp
index 96ffce7..75c4d81 100644
--- a/src/daemon/rrset.cpp
+++ b/src/daemon/rrset.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2014, Regents of the University of California.
+/*
+ * Copyright (c) 2014-2018, Regents of the University of California.
*
* This file is part of NDNS (Named Data Networking Domain Name Service).
* See AUTHORS.md for complete list of NDNS authors and contributors.
@@ -57,5 +57,25 @@
}
+bool
+Rrset::operator<(const Rrset& other) const
+{
+ if (getZone() != other.getZone() ||
+ (getZone() != nullptr && *getZone() != *other.getZone())) {
+ BOOST_THROW_EXCEPTION(std::runtime_error("Cannot compare Rrset that belong to different zones"));
+ }
+
+ bool isLess = getLabel() < other.getLabel();
+ if (!isLess && getLabel() == other.getLabel()) {
+ isLess = getType() < other.getType();
+
+ if (!isLess && getType() == other.getType()) {
+ isLess = getVersion() < other.getVersion();
+ }
+ }
+ return isLess;
+}
+
+
} // namespace ndns
} // namespace ndn
diff --git a/src/daemon/rrset.hpp b/src/daemon/rrset.hpp
index aaedcfe..0e4b883 100644
--- a/src/daemon/rrset.hpp
+++ b/src/daemon/rrset.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2014, Regents of the University of California.
+/*
+ * Copyright (c) 2014-2018, Regents of the University of California.
*
* This file is part of NDNS (Named Data Networking Domain Name Service).
* See AUTHORS.md for complete list of NDNS authors and contributors.
@@ -187,6 +187,9 @@
return !(*this == other);
}
+ bool
+ operator<(const Rrset& other) const;
+
private:
uint64_t m_id;
Zone* m_zone;