adb.c - This C code implements a DNS caching system called …

/contrib/bind9/lib/dns/adb.c

https://bitbucket.org/freebsd/freebsd-head/ · C · 4113 lines · 2943 code · 573 blank · 597 comment · 770 complexity · 4b87144099769830b153bfe500bfa4ea MD5 · raw file
Large files are truncated click here to view the full file

/*
 * Copyright (C) 2004-2012  Internet Systems Consortium, Inc. ("ISC")
 * Copyright (C) 1999-2003  Internet Software Consortium.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 * PERFORMANCE OF THIS SOFTWARE.
 */

/* $Id$ */

/*! \file
 *
 * \note
 * In finds, if task == NULL, no events will be generated, and no events
 * have been sent.  If task != NULL but taskaction == NULL, an event has been
 * posted but not yet freed.  If neither are NULL, no event was posted.
 *
 */

#include <config.h>

#include <limits.h>

#include <isc/mutexblock.h>
#include <isc/netaddr.h>
#include <isc/random.h>
#include <isc/stats.h>
#include <isc/string.h>         /* Required for HP/UX (and others?) */
#include <isc/task.h>
#include <isc/util.h>

#include <dns/adb.h>
#include <dns/db.h>
#include <dns/events.h>
#include <dns/log.h>
#include <dns/rdata.h>
#include <dns/rdataset.h>
#include <dns/rdatastruct.h>
#include <dns/rdatatype.h>
#include <dns/resolver.h>
#include <dns/result.h>
#include <dns/stats.h>

#define DNS_ADB_MAGIC             ISC_MAGIC('D', 'a', 'd', 'b')
#define DNS_ADB_VALID(x)          ISC_MAGIC_VALID(x, DNS_ADB_MAGIC)
#define DNS_ADBNAME_MAGIC         ISC_MAGIC('a', 'd', 'b', 'N')
#define DNS_ADBNAME_VALID(x)      ISC_MAGIC_VALID(x, DNS_ADBNAME_MAGIC)
#define DNS_ADBNAMEHOOK_MAGIC     ISC_MAGIC('a', 'd', 'N', 'H')
#define DNS_ADBNAMEHOOK_VALID(x)  ISC_MAGIC_VALID(x, DNS_ADBNAMEHOOK_MAGIC)
#define DNS_ADBLAMEINFO_MAGIC     ISC_MAGIC('a', 'd', 'b', 'Z')
#define DNS_ADBLAMEINFO_VALID(x)  ISC_MAGIC_VALID(x, DNS_ADBLAMEINFO_MAGIC)
#define DNS_ADBENTRY_MAGIC        ISC_MAGIC('a', 'd', 'b', 'E')
#define DNS_ADBENTRY_VALID(x)     ISC_MAGIC_VALID(x, DNS_ADBENTRY_MAGIC)
#define DNS_ADBFETCH_MAGIC        ISC_MAGIC('a', 'd', 'F', '4')
#define DNS_ADBFETCH_VALID(x)     ISC_MAGIC_VALID(x, DNS_ADBFETCH_MAGIC)
#define DNS_ADBFETCH6_MAGIC       ISC_MAGIC('a', 'd', 'F', '6')
#define DNS_ADBFETCH6_VALID(x)    ISC_MAGIC_VALID(x, DNS_ADBFETCH6_MAGIC)

/*!
 * For type 3 negative cache entries, we will remember that the address is
 * broken for this long.  XXXMLG This is also used for actual addresses, too.
 * The intent is to keep us from constantly asking about A/AAAA records
 * if the zone has extremely low TTLs.
 */
#define ADB_CACHE_MINIMUM       10      /*%< seconds */
#define ADB_CACHE_MAXIMUM       86400   /*%< seconds (86400 = 24 hours) */
#define ADB_ENTRY_WINDOW        1800    /*%< seconds */

/*%
 * The period in seconds after which an ADB name entry is regarded as stale
 * and forced to be cleaned up.
 * TODO: This should probably be configurable at run-time.
 */
#ifndef ADB_STALE_MARGIN
#define ADB_STALE_MARGIN        1800
#endif

#define FREE_ITEMS              64      /*%< free count for memory pools */
#define FILL_COUNT              16      /*%< fill count for memory pools */

#define DNS_ADB_INVALIDBUCKET (-1)      /*%< invalid bucket address */

#define DNS_ADB_MINADBSIZE      (1024*1024)     /*%< 1 Megabyte */

typedef ISC_LIST(dns_adbname_t) dns_adbnamelist_t;
typedef struct dns_adbnamehook dns_adbnamehook_t;
typedef ISC_LIST(dns_adbnamehook_t) dns_adbnamehooklist_t;
typedef struct dns_adblameinfo dns_adblameinfo_t;
typedef ISC_LIST(dns_adbentry_t) dns_adbentrylist_t;
typedef struct dns_adbfetch dns_adbfetch_t;
typedef struct dns_adbfetch6 dns_adbfetch6_t;

/*% dns adb structure */
struct dns_adb {
	unsigned int                    magic;

	isc_mutex_t                     lock;
	isc_mutex_t                     reflock; /*%< Covers irefcnt, erefcnt */
	isc_mutex_t                     overmemlock; /*%< Covers overmem */
	isc_mem_t                      *mctx;
	dns_view_t                     *view;

	isc_taskmgr_t                  *taskmgr;
	isc_task_t                     *task;

	isc_interval_t                  tick_interval;
	int                             next_cleanbucket;

	unsigned int                    irefcnt;
	unsigned int                    erefcnt;

	isc_mutex_t                     mplock;
	isc_mempool_t                  *nmp;    /*%< dns_adbname_t */
	isc_mempool_t                  *nhmp;   /*%< dns_adbnamehook_t */
	isc_mempool_t                  *limp;   /*%< dns_adblameinfo_t */
	isc_mempool_t                  *emp;    /*%< dns_adbentry_t */
	isc_mempool_t                  *ahmp;   /*%< dns_adbfind_t */
	isc_mempool_t                  *aimp;   /*%< dns_adbaddrinfo_t */
	isc_mempool_t                  *afmp;   /*%< dns_adbfetch_t */

	/*!
	 * Bucketized locks and lists for names.
	 *
	 * XXXRTH  Have a per-bucket structure that contains all of these?
	 */
	unsigned int			nnames;
	isc_mutex_t                     namescntlock;
	unsigned int			namescnt;
	dns_adbnamelist_t               *names;
	dns_adbnamelist_t               *deadnames;
	isc_mutex_t                     *namelocks;
	isc_boolean_t                   *name_sd;
	unsigned int                    *name_refcnt;

	/*!
	 * Bucketized locks and lists for entries.
	 *
	 * XXXRTH  Have a per-bucket structure that contains all of these?
	 */
	unsigned int			nentries;
	isc_mutex_t                     entriescntlock;
	unsigned int			entriescnt;
	dns_adbentrylist_t              *entries;
	dns_adbentrylist_t              *deadentries;
	isc_mutex_t                     *entrylocks;
	isc_boolean_t                   *entry_sd; /*%< shutting down */
	unsigned int                    *entry_refcnt;

	isc_event_t                     cevent;
	isc_boolean_t                   cevent_sent;
	isc_boolean_t                   shutting_down;
	isc_eventlist_t                 whenshutdown;
	isc_event_t			growentries;
	isc_boolean_t			growentries_sent;
	isc_event_t			grownames;
	isc_boolean_t			grownames_sent;
};

/*
 * XXXMLG  Document these structures.
 */

/*% dns_adbname structure */
struct dns_adbname {
	unsigned int                    magic;
	dns_name_t                      name;
	dns_adb_t                      *adb;
	unsigned int                    partial_result;
	unsigned int                    flags;
	int                             lock_bucket;
	dns_name_t                      target;
	isc_stdtime_t                   expire_target;
	isc_stdtime_t                   expire_v4;
	isc_stdtime_t                   expire_v6;
	unsigned int                    chains;
	dns_adbnamehooklist_t           v4;
	dns_adbnamehooklist_t           v6;
	dns_adbfetch_t                 *fetch_a;
	dns_adbfetch_t                 *fetch_aaaa;
	unsigned int                    fetch_err;
	unsigned int                    fetch6_err;
	dns_adbfindlist_t               finds;
	/* for LRU-based management */
	isc_stdtime_t                   last_used;

	ISC_LINK(dns_adbname_t)         plink;
};

/*% The adbfetch structure */
struct dns_adbfetch {
	unsigned int                    magic;
	dns_fetch_t                    *fetch;
	dns_rdataset_t                  rdataset;
};

/*%
 * This is a small widget that dangles off a dns_adbname_t.  It contains a
 * pointer to the address information about this host, and a link to the next
 * namehook that will contain the next address this host has.
 */
struct dns_adbnamehook {
	unsigned int                    magic;
	dns_adbentry_t                 *entry;
	ISC_LINK(dns_adbnamehook_t)     plink;
};

/*%
 * This is a small widget that holds qname-specific information about an
 * address.  Currently limited to lameness, but could just as easily be
 * extended to other types of information about zones.
 */
struct dns_adblameinfo {
	unsigned int                    magic;

	dns_name_t                      qname;
	dns_rdatatype_t                 qtype;
	isc_stdtime_t                   lame_timer;

	ISC_LINK(dns_adblameinfo_t)     plink;
};

/*%
 * An address entry.  It holds quite a bit of information about addresses,
 * including edns state (in "flags"), rtt, and of course the address of
 * the host.
 */
struct dns_adbentry {
	unsigned int                    magic;

	int                             lock_bucket;
	unsigned int                    refcnt;

	unsigned int                    flags;
	unsigned int                    srtt;
	isc_sockaddr_t                  sockaddr;

	isc_stdtime_t                   expires;
	/*%<
	 * A nonzero 'expires' field indicates that the entry should
	 * persist until that time.  This allows entries found
	 * using dns_adb_findaddrinfo() to persist for a limited time
	 * even though they are not necessarily associated with a
	 * name.
	 */

	ISC_LIST(dns_adblameinfo_t)     lameinfo;
	ISC_LINK(dns_adbentry_t)        plink;

};

/*
 * Internal functions (and prototypes).
 */
static inline dns_adbname_t *new_adbname(dns_adb_t *, dns_name_t *);
static inline void free_adbname(dns_adb_t *, dns_adbname_t **);
static inline dns_adbnamehook_t *new_adbnamehook(dns_adb_t *,
						 dns_adbentry_t *);
static inline void free_adbnamehook(dns_adb_t *, dns_adbnamehook_t **);
static inline dns_adblameinfo_t *new_adblameinfo(dns_adb_t *, dns_name_t *,
						 dns_rdatatype_t);
static inline void free_adblameinfo(dns_adb_t *, dns_adblameinfo_t **);
static inline dns_adbentry_t *new_adbentry(dns_adb_t *);
static inline void free_adbentry(dns_adb_t *, dns_adbentry_t **);
static inline dns_adbfind_t *new_adbfind(dns_adb_t *);
static inline isc_boolean_t free_adbfind(dns_adb_t *, dns_adbfind_t **);
static inline dns_adbaddrinfo_t *new_adbaddrinfo(dns_adb_t *, dns_adbentry_t *,
						 in_port_t);
static inline dns_adbfetch_t *new_adbfetch(dns_adb_t *);
static inline void free_adbfetch(dns_adb_t *, dns_adbfetch_t **);
static inline dns_adbname_t *find_name_and_lock(dns_adb_t *, dns_name_t *,
						unsigned int, int *);
static inline dns_adbentry_t *find_entry_and_lock(dns_adb_t *,
						  isc_sockaddr_t *, int *,
						  isc_stdtime_t);
static void dump_adb(dns_adb_t *, FILE *, isc_boolean_t debug, isc_stdtime_t);
static void print_dns_name(FILE *, dns_name_t *);
static void print_namehook_list(FILE *, const char *legend,
				dns_adbnamehooklist_t *list,
				isc_boolean_t debug,
				isc_stdtime_t now);
static void print_find_list(FILE *, dns_adbname_t *);
static void print_fetch_list(FILE *, dns_adbname_t *);
static inline isc_boolean_t dec_adb_irefcnt(dns_adb_t *);
static inline void inc_adb_irefcnt(dns_adb_t *);
static inline void inc_adb_erefcnt(dns_adb_t *);
static inline void inc_entry_refcnt(dns_adb_t *, dns_adbentry_t *,
				    isc_boolean_t);
static inline isc_boolean_t dec_entry_refcnt(dns_adb_t *, isc_boolean_t,
					     dns_adbentry_t *, isc_boolean_t);
static inline void violate_locking_hierarchy(isc_mutex_t *, isc_mutex_t *);
static isc_boolean_t clean_namehooks(dns_adb_t *, dns_adbnamehooklist_t *);
static void clean_target(dns_adb_t *, dns_name_t *);
static void clean_finds_at_name(dns_adbname_t *, isc_eventtype_t,
				unsigned int);
static isc_boolean_t check_expire_namehooks(dns_adbname_t *, isc_stdtime_t);
static isc_boolean_t check_expire_entry(dns_adb_t *, dns_adbentry_t **,
					isc_stdtime_t);
static void cancel_fetches_at_name(dns_adbname_t *);
static isc_result_t dbfind_name(dns_adbname_t *, isc_stdtime_t,
				dns_rdatatype_t);
static isc_result_t fetch_name(dns_adbname_t *, isc_boolean_t,
			       dns_rdatatype_t);
static inline void check_exit(dns_adb_t *);
static void destroy(dns_adb_t *);
static isc_boolean_t shutdown_names(dns_adb_t *);
static isc_boolean_t shutdown_entries(dns_adb_t *);
static inline void link_name(dns_adb_t *, int, dns_adbname_t *);
static inline isc_boolean_t unlink_name(dns_adb_t *, dns_adbname_t *);
static inline void link_entry(dns_adb_t *, int, dns_adbentry_t *);
static inline isc_boolean_t unlink_entry(dns_adb_t *, dns_adbentry_t *);
static isc_boolean_t kill_name(dns_adbname_t **, isc_eventtype_t);
static void water(void *, int);
static void dump_entry(FILE *, dns_adbentry_t *, isc_boolean_t, isc_stdtime_t);

/*
 * MUST NOT overlap DNS_ADBFIND_* flags!
 */
#define FIND_EVENT_SENT         0x40000000
#define FIND_EVENT_FREED        0x80000000
#define FIND_EVENTSENT(h)       (((h)->flags & FIND_EVENT_SENT) != 0)
#define FIND_EVENTFREED(h)      (((h)->flags & FIND_EVENT_FREED) != 0)

#define NAME_NEEDS_POKE         0x80000000
#define NAME_IS_DEAD            0x40000000
#define NAME_HINT_OK            DNS_ADBFIND_HINTOK
#define NAME_GLUE_OK            DNS_ADBFIND_GLUEOK
#define NAME_STARTATZONE        DNS_ADBFIND_STARTATZONE
#define NAME_DEAD(n)            (((n)->flags & NAME_IS_DEAD) != 0)
#define NAME_NEEDSPOKE(n)       (((n)->flags & NAME_NEEDS_POKE) != 0)
#define NAME_GLUEOK(n)          (((n)->flags & NAME_GLUE_OK) != 0)
#define NAME_HINTOK(n)          (((n)->flags & NAME_HINT_OK) != 0)

/*
 * Private flag(s) for entries.
 * MUST NOT overlap FCTX_ADDRINFO_xxx and DNS_FETCHOPT_NOEDNS0.
 */
#define ENTRY_IS_DEAD		0x80000000

/*
 * To the name, address classes are all that really exist.  If it has a
 * V6 address it doesn't care if it came from a AAAA query.
 */
#define NAME_HAS_V4(n)          (!ISC_LIST_EMPTY((n)->v4))
#define NAME_HAS_V6(n)          (!ISC_LIST_EMPTY((n)->v6))
#define NAME_HAS_ADDRS(n)       (NAME_HAS_V4(n) || NAME_HAS_V6(n))

/*
 * Fetches are broken out into A and AAAA types.  In some cases,
 * however, it makes more sense to test for a particular class of fetches,
 * like V4 or V6 above.
 * Note: since we have removed the support of A6 in adb, FETCH_A and FETCH_AAAA
 * are now equal to FETCH_V4 and FETCH_V6, respectively.
 */
#define NAME_FETCH_A(n)         ((n)->fetch_a != NULL)
#define NAME_FETCH_AAAA(n)      ((n)->fetch_aaaa != NULL)
#define NAME_FETCH_V4(n)        (NAME_FETCH_A(n))
#define NAME_FETCH_V6(n)        (NAME_FETCH_AAAA(n))
#define NAME_FETCH(n)           (NAME_FETCH_V4(n) || NAME_FETCH_V6(n))

/*
 * Find options and tests to see if there are addresses on the list.
 */
#define FIND_WANTEVENT(fn)      (((fn)->options & DNS_ADBFIND_WANTEVENT) != 0)
#define FIND_WANTEMPTYEVENT(fn) (((fn)->options & DNS_ADBFIND_EMPTYEVENT) != 0)
#define FIND_AVOIDFETCHES(fn)   (((fn)->options & DNS_ADBFIND_AVOIDFETCHES) \
				 != 0)
#define FIND_STARTATZONE(fn)    (((fn)->options & DNS_ADBFIND_STARTATZONE) \
				 != 0)
#define FIND_HINTOK(fn)         (((fn)->options & DNS_ADBFIND_HINTOK) != 0)
#define FIND_GLUEOK(fn)         (((fn)->options & DNS_ADBFIND_GLUEOK) != 0)
#define FIND_HAS_ADDRS(fn)      (!ISC_LIST_EMPTY((fn)->list))
#define FIND_RETURNLAME(fn)     (((fn)->options & DNS_ADBFIND_RETURNLAME) != 0)

/*
 * These are currently used on simple unsigned ints, so they are
 * not really associated with any particular type.
 */
#define WANT_INET(x)            (((x) & DNS_ADBFIND_INET) != 0)
#define WANT_INET6(x)           (((x) & DNS_ADBFIND_INET6) != 0)

#define EXPIRE_OK(exp, now)     ((exp == INT_MAX) || (exp < now))

/*
 * Find out if the flags on a name (nf) indicate if it is a hint or
 * glue, and compare this to the appropriate bits set in o, to see if
 * this is ok.
 */
#define GLUE_OK(nf, o) (!NAME_GLUEOK(nf) || (((o) & DNS_ADBFIND_GLUEOK) != 0))
#define HINT_OK(nf, o) (!NAME_HINTOK(nf) || (((o) & DNS_ADBFIND_HINTOK) != 0))
#define GLUEHINT_OK(nf, o) (GLUE_OK(nf, o) || HINT_OK(nf, o))
#define STARTATZONE_MATCHES(nf, o) (((nf)->flags & NAME_STARTATZONE) == \
				    ((o) & DNS_ADBFIND_STARTATZONE))

#define ENTER_LEVEL             ISC_LOG_DEBUG(50)
#define EXIT_LEVEL              ENTER_LEVEL
#define CLEAN_LEVEL             ISC_LOG_DEBUG(100)
#define DEF_LEVEL               ISC_LOG_DEBUG(5)
#define NCACHE_LEVEL            ISC_LOG_DEBUG(20)

#define NCACHE_RESULT(r)        ((r) == DNS_R_NCACHENXDOMAIN || \
				 (r) == DNS_R_NCACHENXRRSET)
#define AUTH_NX(r)              ((r) == DNS_R_NXDOMAIN || \
				 (r) == DNS_R_NXRRSET)
#define NXDOMAIN_RESULT(r)      ((r) == DNS_R_NXDOMAIN || \
				 (r) == DNS_R_NCACHENXDOMAIN)
#define NXRRSET_RESULT(r)       ((r) == DNS_R_NCACHENXRRSET || \
				 (r) == DNS_R_NXRRSET || \
				 (r) == DNS_R_HINTNXRRSET)

/*
 * Error state rankings.
 */

#define FIND_ERR_SUCCESS                0  /* highest rank */
#define FIND_ERR_CANCELED               1
#define FIND_ERR_FAILURE                2
#define FIND_ERR_NXDOMAIN               3
#define FIND_ERR_NXRRSET                4
#define FIND_ERR_UNEXPECTED             5
#define FIND_ERR_NOTFOUND               6
#define FIND_ERR_MAX                    7

static const char *errnames[] = {
	"success",
	"canceled",
	"failure",
	"nxdomain",
	"nxrrset",
	"unexpected",
	"not_found"
};

#define NEWERR(old, new)        (ISC_MIN((old), (new)))

static isc_result_t find_err_map[FIND_ERR_MAX] = {
	ISC_R_SUCCESS,
	ISC_R_CANCELED,
	ISC_R_FAILURE,
	DNS_R_NXDOMAIN,
	DNS_R_NXRRSET,
	ISC_R_UNEXPECTED,
	ISC_R_NOTFOUND          /* not YET found */
};

static void
DP(int level, const char *format, ...) ISC_FORMAT_PRINTF(2, 3);

static void
DP(int level, const char *format, ...) {
	va_list args;

	va_start(args, format);
	isc_log_vwrite(dns_lctx,
		       DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_ADB,
		       level, format, args);
	va_end(args);
}

/*%
 * Increment resolver-related statistics counters.
 */
static inline void
inc_stats(dns_adb_t *adb, isc_statscounter_t counter) {
	if (adb->view->resstats != NULL)
		isc_stats_increment(adb->view->resstats, counter);
}

static inline dns_ttl_t
ttlclamp(dns_ttl_t ttl) {
	if (ttl < ADB_CACHE_MINIMUM)
		ttl = ADB_CACHE_MINIMUM;
	if (ttl > ADB_CACHE_MAXIMUM)
		ttl = ADB_CACHE_MAXIMUM;

	return (ttl);
}

/*
 * Hashing is most efficient if the number of buckets is prime.
 * The sequence below is the closest previous primes to 2^n and
 * 1.5 * 2^n, for values of n from 10 to 28.  (The tables will
 * no longer grow beyond 2^28 entries.)
 */
static const unsigned nbuckets[] = { 1021, 1531, 2039, 3067, 4093, 6143,
				     8191, 12281, 16381, 24571, 32749,
				     49193, 65521, 98299, 131071, 199603,
				     262139, 393209, 524287, 768431, 1048573,
				     1572853, 2097143, 3145721, 4194301,
				     6291449, 8388593, 12582893, 16777213,
				     25165813, 33554393, 50331599, 67108859,
				     100663291, 134217689, 201326557,
				     268535431, 0 };

static void
grow_entries(isc_task_t *task, isc_event_t *ev) {
	dns_adb_t *adb;
	dns_adbentry_t *e;
	dns_adbentrylist_t *newdeadentries = NULL;
	dns_adbentrylist_t *newentries = NULL;
	isc_boolean_t *newentry_sd = NULL;
	isc_mutex_t *newentrylocks = NULL;
	isc_result_t result;
	unsigned int *newentry_refcnt = NULL;
	unsigned int i, n, bucket;

	adb = ev->ev_arg;
	INSIST(DNS_ADB_VALID(adb));

	isc_event_free(&ev);

	isc_task_beginexclusive(task);

	i = 0;
	while (nbuckets[i] != 0 && adb->nentries >= nbuckets[i])
		i++;
	if (nbuckets[i] != 0)
		n = nbuckets[i];
	else
		goto done;

	DP(ISC_LOG_INFO, "adb: grow_entries to %u starting", n);

	/*
	 * Are we shutting down?
	 */
	for (i = 0; i < adb->nentries; i++)
		if (adb->entry_sd[i])
			goto cleanup;

	/*
	 * Grab all the resources we need.
	 */
	newentries = isc_mem_get(adb->mctx, sizeof(*newentries) * n);
	newdeadentries = isc_mem_get(adb->mctx, sizeof(*newdeadentries) * n);
	newentrylocks = isc_mem_get(adb->mctx, sizeof(*newentrylocks) * n);
	newentry_sd = isc_mem_get(adb->mctx, sizeof(*newentry_sd) * n);
	newentry_refcnt = isc_mem_get(adb->mctx, sizeof(*newentry_refcnt) * n);
	if (newentries == NULL || newdeadentries == NULL ||
	    newentrylocks == NULL || newentry_sd == NULL ||
	    newentry_refcnt == NULL)
		goto cleanup;

	/*
	 * Initialise the new resources.
	 */
	result = isc_mutexblock_init(newentrylocks, n);
	if (result != ISC_R_SUCCESS)
		goto cleanup;

	for (i = 0; i < n; i++) {
		ISC_LIST_INIT(newentries[i]);
		ISC_LIST_INIT(newdeadentries[i]);
		newentry_sd[i] = ISC_FALSE;
		newentry_refcnt[i] = 0;
		adb->irefcnt++;
	}

	/*
	 * Move entries to new arrays.
	 */
	for (i = 0; i < adb->nentries; i++) {
		e = ISC_LIST_HEAD(adb->entries[i]);
		while (e != NULL) {
			ISC_LIST_UNLINK(adb->entries[i], e, plink);
			bucket = isc_sockaddr_hash(&e->sockaddr, ISC_TRUE) % n;
			e->lock_bucket = bucket;
			ISC_LIST_APPEND(newentries[bucket], e, plink);
			INSIST(adb->entry_refcnt[i] > 0);
			adb->entry_refcnt[i]--;
			newentry_refcnt[bucket]++;
			e = ISC_LIST_HEAD(adb->entries[i]);
		}
		e = ISC_LIST_HEAD(adb->deadentries[i]);
		while (e != NULL) {
			ISC_LIST_UNLINK(adb->deadentries[i], e, plink);
			bucket = isc_sockaddr_hash(&e->sockaddr, ISC_TRUE) % n;
			e->lock_bucket = bucket;
			ISC_LIST_APPEND(newdeadentries[bucket], e, plink);
			INSIST(adb->entry_refcnt[i] > 0);
			adb->entry_refcnt[i]--;
			newentry_refcnt[bucket]++;
			e = ISC_LIST_HEAD(adb->deadentries[i]);
		}
		INSIST(adb->entry_refcnt[i] == 0);
		adb->irefcnt--;
	}

	/*
	 * Cleanup old resources.
	 */
	DESTROYMUTEXBLOCK(adb->entrylocks, adb->nentries);
	isc_mem_put(adb->mctx, adb->entries,
		    sizeof(*adb->entries) * adb->nentries);
	isc_mem_put(adb->mctx, adb->deadentries,
		    sizeof(*adb->deadentries) * adb->nentries);
	isc_mem_put(adb->mctx, adb->entrylocks,
		    sizeof(*adb->entrylocks) * adb->nentries);
	isc_mem_put(adb->mctx, adb->entry_sd,
		    sizeof(*adb->entry_sd) * adb->nentries);
	isc_mem_put(adb->mctx, adb->entry_refcnt,
		    sizeof(*adb->entry_refcnt) * adb->nentries);

	/*
	 * Install new resources.
	 */
	adb->entries = newentries;
	adb->deadentries = newdeadentries;
	adb->entrylocks = newentrylocks;
	adb->entry_sd = newentry_sd;
	adb->entry_refcnt = newentry_refcnt;
	adb->nentries = n;

	/*
	 * Only on success do we set adb->growentries_sent to ISC_FALSE.
	 * This will prevent us being continuously being called on error.
	 */
	adb->growentries_sent = ISC_FALSE;
	goto done;

 cleanup:
	if (newentries != NULL)
		isc_mem_put(adb->mctx, newentries,
			    sizeof(*newentries) * n);
	if (newdeadentries != NULL)
		isc_mem_put(adb->mctx, newdeadentries,
			    sizeof(*newdeadentries) * n);
	if (newentrylocks != NULL)
		isc_mem_put(adb->mctx, newentrylocks,
			    sizeof(*newentrylocks) * n);
	if (newentry_sd != NULL)
		isc_mem_put(adb->mctx, newentry_sd,
			    sizeof(*newentry_sd) * n);
	if (newentry_refcnt != NULL)
		isc_mem_put(adb->mctx, newentry_refcnt,
			     sizeof(*newentry_refcnt) * n);
 done:
	isc_task_endexclusive(task);

	LOCK(&adb->lock);
	if (dec_adb_irefcnt(adb))
		check_exit(adb);
	UNLOCK(&adb->lock);
	DP(ISC_LOG_INFO, "adb: grow_entries finished");
}

static void
grow_names(isc_task_t *task, isc_event_t *ev) {
	dns_adb_t *adb;
	dns_adbname_t *name;
	dns_adbnamelist_t *newdeadnames = NULL;
	dns_adbnamelist_t *newnames = NULL;
	isc_boolean_t *newname_sd = NULL;
	isc_mutex_t *newnamelocks = NULL;
	isc_result_t result;
	unsigned int *newname_refcnt = NULL;
	unsigned int i, n, bucket;

	adb = ev->ev_arg;
	INSIST(DNS_ADB_VALID(adb));

	isc_event_free(&ev);

	isc_task_beginexclusive(task);

	i = 0;
	while (nbuckets[i] != 0 && adb->nnames >= nbuckets[i])
		i++;
	if (nbuckets[i] != 0)
		n = nbuckets[i];
	else
		goto done;

	DP(ISC_LOG_INFO, "adb: grow_names to %u starting", n);

	/*
	 * Are we shutting down?
	 */
	for (i = 0; i < adb->nnames; i++)
		if (adb->name_sd[i])
			goto cleanup;

	/*
	 * Grab all the resources we need.
	 */
	newnames = isc_mem_get(adb->mctx, sizeof(*newnames) * n);
	newdeadnames = isc_mem_get(adb->mctx, sizeof(*newdeadnames) * n);
	newnamelocks = isc_mem_get(adb->mctx, sizeof(*newnamelocks) * n);
	newname_sd = isc_mem_get(adb->mctx, sizeof(*newname_sd) * n);
	newname_refcnt = isc_mem_get(adb->mctx, sizeof(*newname_refcnt) * n);
	if (newnames == NULL || newdeadnames == NULL ||
	    newnamelocks == NULL || newname_sd == NULL ||
	    newname_refcnt == NULL)
		goto cleanup;

	/*
	 * Initialise the new resources.
	 */
	result = isc_mutexblock_init(newnamelocks, n);
	if (result != ISC_R_SUCCESS)
		goto cleanup;

	for (i = 0; i < n; i++) {
		ISC_LIST_INIT(newnames[i]);
		ISC_LIST_INIT(newdeadnames[i]);
		newname_sd[i] = ISC_FALSE;
		newname_refcnt[i] = 0;
		adb->irefcnt++;
	}

	/*
	 * Move names to new arrays.
	 */
	for (i = 0; i < adb->nnames; i++) {
		name = ISC_LIST_HEAD(adb->names[i]);
		while (name != NULL) {
			ISC_LIST_UNLINK(adb->names[i], name, plink);
			bucket = dns_name_fullhash(&name->name, ISC_TRUE) % n;
			name->lock_bucket = bucket;
			ISC_LIST_APPEND(newnames[bucket], name, plink);
			INSIST(adb->name_refcnt[i] > 0);
			adb->name_refcnt[i]--;
			newname_refcnt[bucket]++;
			name = ISC_LIST_HEAD(adb->names[i]);
		}
		name = ISC_LIST_HEAD(adb->deadnames[i]);
		while (name != NULL) {
			ISC_LIST_UNLINK(adb->deadnames[i], name, plink);
			bucket = dns_name_fullhash(&name->name, ISC_TRUE) % n;
			name->lock_bucket = bucket;
			ISC_LIST_APPEND(newdeadnames[bucket], name, plink);
			INSIST(adb->name_refcnt[i] > 0);
			adb->name_refcnt[i]--;
			newname_refcnt[bucket]++;
			name = ISC_LIST_HEAD(adb->deadnames[i]);
		}
		INSIST(adb->name_refcnt[i] == 0);
		adb->irefcnt--;
	}

	/*
	 * Cleanup old resources.
	 */
	DESTROYMUTEXBLOCK(adb->namelocks, adb->nnames);
	isc_mem_put(adb->mctx, adb->names,
		    sizeof(*adb->names) * adb->nnames);
	isc_mem_put(adb->mctx, adb->deadnames,
		    sizeof(*adb->deadnames) * adb->nnames);
	isc_mem_put(adb->mctx, adb->namelocks,
		    sizeof(*adb->namelocks) * adb->nnames);
	isc_mem_put(adb->mctx, adb->name_sd,
		    sizeof(*adb->name_sd) * adb->nnames);
	isc_mem_put(adb->mctx, adb->name_refcnt,
		    sizeof(*adb->name_refcnt) * adb->nnames);

	/*
	 * Install new resources.
	 */
	adb->names = newnames;
	adb->deadnames = newdeadnames;
	adb->namelocks = newnamelocks;
	adb->name_sd = newname_sd;
	adb->name_refcnt = newname_refcnt;
	adb->nnames = n;

	/*
	 * Only on success do we set adb->grownames_sent to ISC_FALSE.
	 * This will prevent us being continuously being called on error.
	 */
	adb->grownames_sent = ISC_FALSE;
	goto done;

 cleanup:
	if (newnames != NULL)
		isc_mem_put(adb->mctx, newnames, sizeof(*newnames) * n);
	if (newdeadnames != NULL)
		isc_mem_put(adb->mctx, newdeadnames, sizeof(*newdeadnames) * n);
	if (newnamelocks != NULL)
		isc_mem_put(adb->mctx, newnamelocks, sizeof(*newnamelocks) * n);
	if (newname_sd != NULL)
		isc_mem_put(adb->mctx, newname_sd, sizeof(*newname_sd) * n);
	if (newname_refcnt != NULL)
		isc_mem_put(adb->mctx, newname_refcnt,
			     sizeof(*newname_refcnt) * n);
 done:
	isc_task_endexclusive(task);

	LOCK(&adb->lock);
	if (dec_adb_irefcnt(adb))
		check_exit(adb);
	UNLOCK(&adb->lock);
	DP(ISC_LOG_INFO, "adb: grow_names finished");
}

/*
 * Requires the adbname bucket be locked and that no entry buckets be locked.
 *
 * This code handles A and AAAA rdatasets only.
 */
static isc_result_t
import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset,
		isc_stdtime_t now)
{
	isc_result_t result;
	dns_adb_t *adb;
	dns_adbnamehook_t *nh;
	dns_adbnamehook_t *anh;
	dns_rdata_t rdata = DNS_RDATA_INIT;
	struct in_addr ina;
	struct in6_addr in6a;
	isc_sockaddr_t sockaddr;
	dns_adbentry_t *foundentry;  /* NO CLEAN UP! */
	int addr_bucket;
	isc_boolean_t new_addresses_added;
	dns_rdatatype_t rdtype;
	unsigned int findoptions;
	dns_adbnamehooklist_t *hookhead;

	INSIST(DNS_ADBNAME_VALID(adbname));
	adb = adbname->adb;
	INSIST(DNS_ADB_VALID(adb));

	rdtype = rdataset->type;
	INSIST((rdtype == dns_rdatatype_a) || (rdtype == dns_rdatatype_aaaa));
	if (rdtype == dns_rdatatype_a)
		findoptions = DNS_ADBFIND_INET;
	else
		findoptions = DNS_ADBFIND_INET6;

	addr_bucket = DNS_ADB_INVALIDBUCKET;
	new_addresses_added = ISC_FALSE;

	nh = NULL;
	result = dns_rdataset_first(rdataset);
	while (result == ISC_R_SUCCESS) {
		dns_rdata_reset(&rdata);
		dns_rdataset_current(rdataset, &rdata);
		if (rdtype == dns_rdatatype_a) {
			INSIST(rdata.length == 4);
			memcpy(&ina.s_addr, rdata.data, 4);
			isc_sockaddr_fromin(&sockaddr, &ina, 0);
			hookhead = &adbname->v4;
		} else {
			INSIST(rdata.length == 16);
			memcpy(in6a.s6_addr, rdata.data, 16);
			isc_sockaddr_fromin6(&sockaddr, &in6a, 0);
			hookhead = &adbname->v6;
		}

		INSIST(nh == NULL);
		nh = new_adbnamehook(adb, NULL);
		if (nh == NULL) {
			adbname->partial_result |= findoptions;
			result = ISC_R_NOMEMORY;
			goto fail;
		}

		foundentry = find_entry_and_lock(adb, &sockaddr, &addr_bucket,
						 now);
		if (foundentry == NULL) {
			dns_adbentry_t *entry;

			entry = new_adbentry(adb);
			if (entry == NULL) {
				adbname->partial_result |= findoptions;
				result = ISC_R_NOMEMORY;
				goto fail;
			}

			entry->sockaddr = sockaddr;
			entry->refcnt = 1;

			nh->entry = entry;

			link_entry(adb, addr_bucket, entry);
		} else {
			for (anh = ISC_LIST_HEAD(*hookhead);
			     anh != NULL;
			     anh = ISC_LIST_NEXT(anh, plink))
				if (anh->entry == foundentry)
					break;
			if (anh == NULL) {
				foundentry->refcnt++;
				nh->entry = foundentry;
			} else
				free_adbnamehook(adb, &nh);
		}

		new_addresses_added = ISC_TRUE;
		if (nh != NULL)
			ISC_LIST_APPEND(*hookhead, nh, plink);
		nh = NULL;
		result = dns_rdataset_next(rdataset);
	}

 fail:
	if (nh != NULL)
		free_adbnamehook(adb, &nh);

	if (addr_bucket != DNS_ADB_INVALIDBUCKET)
		UNLOCK(&adb->entrylocks[addr_bucket]);

	if (rdataset->trust == dns_trust_glue ||
	    rdataset->trust == dns_trust_additional)
		rdataset->ttl = ADB_CACHE_MINIMUM;
	else if (rdataset->trust == dns_trust_ultimate)
		rdataset->ttl = 0;
	else
		rdataset->ttl = ttlclamp(rdataset->ttl);

	if (rdtype == dns_rdatatype_a) {
		DP(NCACHE_LEVEL, "expire_v4 set to MIN(%u,%u) import_rdataset",
		   adbname->expire_v4, now + rdataset->ttl);
		adbname->expire_v4 = ISC_MIN(adbname->expire_v4,
					     now + rdataset->ttl);
	} else {
		DP(NCACHE_LEVEL, "expire_v6 set to MIN(%u,%u) import_rdataset",
		   adbname->expire_v6, now + rdataset->ttl);
		adbname->expire_v6 = ISC_MIN(adbname->expire_v6,
					     now + rdataset->ttl);
	}

	if (new_addresses_added) {
		/*
		 * Lie a little here.  This is more or less so code that cares
		 * can find out if any new information was added or not.
		 */
		return (ISC_R_SUCCESS);
	}

	return (result);
}

/*
 * Requires the name's bucket be locked.
 */
static isc_boolean_t
kill_name(dns_adbname_t **n, isc_eventtype_t ev) {
	dns_adbname_t *name;
	isc_boolean_t result = ISC_FALSE;
	isc_boolean_t result4, result6;
	int bucket;
	dns_adb_t *adb;

	INSIST(n != NULL);
	name = *n;
	*n = NULL;
	INSIST(DNS_ADBNAME_VALID(name));
	adb = name->adb;
	INSIST(DNS_ADB_VALID(adb));

	DP(DEF_LEVEL, "killing name %p", name);

	/*
	 * If we're dead already, just check to see if we should go
	 * away now or not.
	 */
	if (NAME_DEAD(name) && !NAME_FETCH(name)) {
		result = unlink_name(adb, name);
		free_adbname(adb, &name);
		if (result)
			result = dec_adb_irefcnt(adb);
		return (result);
	}

	/*
	 * Clean up the name's various lists.  These two are destructive
	 * in that they will always empty the list.
	 */
	clean_finds_at_name(name, ev, DNS_ADBFIND_ADDRESSMASK);
	result4 = clean_namehooks(adb, &name->v4);
	result6 = clean_namehooks(adb, &name->v6);
	clean_target(adb, &name->target);
	result = ISC_TF(result4 || result6);

	/*
	 * If fetches are running, cancel them.  If none are running, we can
	 * just kill the name here.
	 */
	if (!NAME_FETCH(name)) {
		INSIST(result == ISC_FALSE);
		result = unlink_name(adb, name);
		free_adbname(adb, &name);
		if (result)
			result = dec_adb_irefcnt(adb);
	} else {
		cancel_fetches_at_name(name);
		if (!NAME_DEAD(name)) {
			bucket = name->lock_bucket;
			ISC_LIST_UNLINK(adb->names[bucket], name, plink);
			ISC_LIST_APPEND(adb->deadnames[bucket], name, plink);
			name->flags |= NAME_IS_DEAD;
		}
	}
	return (result);
}

/*
 * Requires the name's bucket be locked and no entry buckets be locked.
 */
static isc_boolean_t
check_expire_namehooks(dns_adbname_t *name, isc_stdtime_t now) {
	dns_adb_t *adb;
	isc_boolean_t result4 = ISC_FALSE;
	isc_boolean_t result6 = ISC_FALSE;

	INSIST(DNS_ADBNAME_VALID(name));
	adb = name->adb;
	INSIST(DNS_ADB_VALID(adb));

	/*
	 * Check to see if we need to remove the v4 addresses
	 */
	if (!NAME_FETCH_V4(name) && EXPIRE_OK(name->expire_v4, now)) {
		if (NAME_HAS_V4(name)) {
			DP(DEF_LEVEL, "expiring v4 for name %p", name);
			result4 = clean_namehooks(adb, &name->v4);
			name->partial_result &= ~DNS_ADBFIND_INET;
		}
		name->expire_v4 = INT_MAX;
		name->fetch_err = FIND_ERR_UNEXPECTED;
	}

	/*
	 * Check to see if we need to remove the v6 addresses
	 */
	if (!NAME_FETCH_V6(name) && EXPIRE_OK(name->expire_v6, now)) {
		if (NAME_HAS_V6(name)) {
			DP(DEF_LEVEL, "expiring v6 for name %p", name);
			result6 = clean_namehooks(adb, &name->v6);
			name->partial_result &= ~DNS_ADBFIND_INET6;
		}
		name->expire_v6 = INT_MAX;
		name->fetch6_err = FIND_ERR_UNEXPECTED;
	}

	/*
	 * Check to see if we need to remove the alias target.
	 */
	if (EXPIRE_OK(name->expire_target, now)) {
		clean_target(adb, &name->target);
		name->expire_target = INT_MAX;
	}
	return (ISC_TF(result4 || result6));
}

/*
 * Requires the name's bucket be locked.
 */
static inline void
link_name(dns_adb_t *adb, int bucket, dns_adbname_t *name) {
	INSIST(name->lock_bucket == DNS_ADB_INVALIDBUCKET);

	ISC_LIST_PREPEND(adb->names[bucket], name, plink);
	name->lock_bucket = bucket;
	adb->name_refcnt[bucket]++;
}

/*
 * Requires the name's bucket be locked.
 */
static inline isc_boolean_t
unlink_name(dns_adb_t *adb, dns_adbname_t *name) {
	int bucket;
	isc_boolean_t result = ISC_FALSE;

	bucket = name->lock_bucket;
	INSIST(bucket != DNS_ADB_INVALIDBUCKET);

	if (NAME_DEAD(name))
		ISC_LIST_UNLINK(adb->deadnames[bucket], name, plink);
	else
		ISC_LIST_UNLINK(adb->names[bucket], name, plink);
	name->lock_bucket = DNS_ADB_INVALIDBUCKET;
	INSIST(adb->name_refcnt[bucket] > 0);
	adb->name_refcnt[bucket]--;
	if (adb->name_sd[bucket] && adb->name_refcnt[bucket] == 0)
		result = ISC_TRUE;
	return (result);
}

/*
 * Requires the entry's bucket be locked.
 */
static inline void
link_entry(dns_adb_t *adb, int bucket, dns_adbentry_t *entry) {
	int i;
	dns_adbentry_t *e;

	if (isc_mem_isovermem(adb->mctx)) {
		for (i = 0; i < 2; i++) {
			e = ISC_LIST_TAIL(adb->entries[bucket]);
			if (e == NULL)
				break;
			if (e->refcnt == 0) {
				unlink_entry(adb, e);
				free_adbentry(adb, &e);
				continue;
			}
			INSIST((e->flags & ENTRY_IS_DEAD) == 0);
			e->flags |= ENTRY_IS_DEAD;
			ISC_LIST_UNLINK(adb->entries[bucket], e, plink);
			ISC_LIST_PREPEND(adb->deadentries[bucket], e, plink);
		}
	}

	ISC_LIST_PREPEND(adb->entries[bucket], entry, plink);
	entry->lock_bucket = bucket;
	adb->entry_refcnt[bucket]++;
}

/*
 * Requires the entry's bucket be locked.
 */
static inline isc_boolean_t
unlink_entry(dns_adb_t *adb, dns_adbentry_t *entry) {
	int bucket;
	isc_boolean_t result = ISC_FALSE;

	bucket = entry->lock_bucket;
	INSIST(bucket != DNS_ADB_INVALIDBUCKET);

	if ((entry->flags & ENTRY_IS_DEAD) != 0)
		ISC_LIST_UNLINK(adb->deadentries[bucket], entry, plink);
	else
		ISC_LIST_UNLINK(adb->entries[bucket], entry, plink);
	entry->lock_bucket = DNS_ADB_INVALIDBUCKET;
	INSIST(adb->entry_refcnt[bucket] > 0);
	adb->entry_refcnt[bucket]--;
	if (adb->entry_sd[bucket] && adb->entry_refcnt[bucket] == 0)
		result = ISC_TRUE;
	return (result);
}

static inline void
violate_locking_hierarchy(isc_mutex_t *have, isc_mutex_t *want) {
	if (isc_mutex_trylock(want) != ISC_R_SUCCESS) {
		UNLOCK(have);
		LOCK(want);
		LOCK(have);
	}
}

/*
 * The ADB _MUST_ be locked before calling.  Also, exit conditions must be
 * checked after calling this function.
 */
static isc_boolean_t
shutdown_names(dns_adb_t *adb) {
	unsigned int bucket;
	isc_boolean_t result = ISC_FALSE;
	dns_adbname_t *name;
	dns_adbname_t *next_name;

	for (bucket = 0; bucket < adb->nnames; bucket++) {
		LOCK(&adb->namelocks[bucket]);
		adb->name_sd[bucket] = ISC_TRUE;

		name = ISC_LIST_HEAD(adb->names[bucket]);
		if (name == NULL) {
			/*
			 * This bucket has no names.  We must decrement the
			 * irefcnt ourselves, since it will not be
			 * automatically triggered by a name being unlinked.
			 */
			INSIST(result == ISC_FALSE);
			result = dec_adb_irefcnt(adb);
		} else {
			/*
			 * Run through the list.  For each name, clean up finds
			 * found there, and cancel any fetches running.  When
			 * all the fetches are canceled, the name will destroy
			 * itself.
			 */
			while (name != NULL) {
				next_name = ISC_LIST_NEXT(name, plink);
				INSIST(result == ISC_FALSE);
				result = kill_name(&name,
						   DNS_EVENT_ADBSHUTDOWN);
				name = next_name;
			}
		}

		UNLOCK(&adb->namelocks[bucket]);
	}
	return (result);
}

/*
 * The ADB _MUST_ be locked before calling.  Also, exit conditions must be
 * checked after calling this function.
 */
static isc_boolean_t
shutdown_entries(dns_adb_t *adb) {
	unsigned int bucket;
	isc_boolean_t result = ISC_FALSE;
	dns_adbentry_t *entry;
	dns_adbentry_t *next_entry;

	for (bucket = 0; bucket < adb->nentries; bucket++) {
		LOCK(&adb->entrylocks[bucket]);
		adb->entry_sd[bucket] = ISC_TRUE;

		entry = ISC_LIST_HEAD(adb->entries[bucket]);
		if (adb->entry_refcnt[bucket] == 0) {
			/*
			 * This bucket has no entries.  We must decrement the
			 * irefcnt ourselves, since it will not be
			 * automatically triggered by an entry being unlinked.
			 */
			result = dec_adb_irefcnt(adb);
		} else {
			/*
			 * Run through the list.  Cleanup any entries not
			 * associated with names, and which are not in use.
			 */
			while (entry != NULL) {
				next_entry = ISC_LIST_NEXT(entry, plink);
				if (entry->refcnt == 0 &&
				    entry->expires != 0) {
					result = unlink_entry(adb, entry);
					free_adbentry(adb, &entry);
					if (result)
						result = dec_adb_irefcnt(adb);
				}
				entry = next_entry;
			}
		}

		UNLOCK(&adb->entrylocks[bucket]);
	}
	return (result);
}

/*
 * Name bucket must be locked
 */
static void
cancel_fetches_at_name(dns_adbname_t *name) {
	if (NAME_FETCH_A(name))
	    dns_resolver_cancelfetch(name->fetch_a->fetch);

	if (NAME_FETCH_AAAA(name))
	    dns_resolver_cancelfetch(name->fetch_aaaa->fetch);
}

/*
 * Assumes the name bucket is locked.
 */
static isc_boolean_t
clean_namehooks(dns_adb_t *adb, dns_adbnamehooklist_t *namehooks) {
	dns_adbentry_t *entry;
	dns_adbnamehook_t *namehook;
	int addr_bucket;
	isc_boolean_t result = ISC_FALSE;
	isc_boolean_t overmem = isc_mem_isovermem(adb->mctx);

	addr_bucket = DNS_ADB_INVALIDBUCKET;
	namehook = ISC_LIST_HEAD(*namehooks);
	while (namehook != NULL) {
		INSIST(DNS_ADBNAMEHOOK_VALID(namehook));

		/*
		 * Clean up the entry if needed.
		 */
		entry = namehook->entry;
		if (entry != NULL) {
			INSIST(DNS_ADBENTRY_VALID(entry));

			if (addr_bucket != entry->lock_bucket) {
				if (addr_bucket != DNS_ADB_INVALIDBUCKET)
					UNLOCK(&adb->entrylocks[addr_bucket]);
				addr_bucket = entry->lock_bucket;
				LOCK(&adb->entrylocks[addr_bucket]);
			}

			result = dec_entry_refcnt(adb, overmem, entry,
						  ISC_FALSE);
		}

		/*
		 * Free the namehook
		 */
		namehook->entry = NULL;
		ISC_LIST_UNLINK(*namehooks, namehook, plink);
		free_adbnamehook(adb, &namehook);

		namehook = ISC_LIST_HEAD(*namehooks);
	}

	if (addr_bucket != DNS_ADB_INVALIDBUCKET)
		UNLOCK(&adb->entrylocks[addr_bucket]);
	return (result);
}

static void
clean_target(dns_adb_t *adb, dns_name_t *target) {
	if (dns_name_countlabels(target) > 0) {
		dns_name_free(target, adb->mctx);
		dns_name_init(target, NULL);
	}
}

static isc_result_t
set_target(dns_adb_t *adb, dns_name_t *name, dns_name_t *fname,
	   dns_rdataset_t *rdataset, dns_name_t *target)
{
	isc_result_t result;
	dns_namereln_t namereln;
	unsigned int nlabels;
	int order;
	dns_rdata_t rdata = DNS_RDATA_INIT;
	dns_fixedname_t fixed1, fixed2;
	dns_name_t *prefix, *new_target;

	REQUIRE(dns_name_countlabels(target) == 0);

	if (rdataset->type == dns_rdatatype_cname) {
		dns_rdata_cname_t cname;

		/*
		 * Copy the CNAME's target into the target name.
		 */
		result = dns_rdataset_first(rdataset);
		if (result != ISC_R_SUCCESS)
			return (result);
		dns_rdataset_current(rdataset, &rdata);
		result = dns_rdata_tostruct(&rdata, &cname, NULL);
		if (result != ISC_R_SUCCESS)
			return (result);
		result = dns_name_dup(&cname.cname, adb->mctx, target);
		dns_rdata_freestruct(&cname);
		if (result != ISC_R_SUCCESS)
			return (result);
	} else {
		dns_rdata_dname_t dname;

		INSIST(rdataset->type == dns_rdatatype_dname);
		namereln = dns_name_fullcompare(name, fname, &order, &nlabels);
		INSIST(namereln == dns_namereln_subdomain);
		/*
		 * Get the target name of the DNAME.
		 */
		result = dns_rdataset_first(rdataset);
		if (result != ISC_R_SUCCESS)
			return (result);
		dns_rdataset_current(rdataset, &rdata);
		result = dns_rdata_tostruct(&rdata, &dname, NULL);
		if (result != ISC_R_SUCCESS)
			return (result);
		/*
		 * Construct the new target name.
		 */
		dns_fixedname_init(&fixed1);
		prefix = dns_fixedname_name(&fixed1);
		dns_fixedname_init(&fixed2);
		new_target = dns_fixedname_name(&fixed2);
		dns_name_split(name, nlabels, prefix, NULL);
		result = dns_name_concatenate(prefix, &dname.dname, new_target,
					      NULL);
		dns_rdata_freestruct(&dname);
		if (result != ISC_R_SUCCESS)
			return (result);
		result = dns_name_dup(new_target, adb->mctx, target);
		if (result != ISC_R_SUCCESS)
			return (result);
	}

	return (ISC_R_SUCCESS);
}

/*
 * Assumes nothing is locked, since this is called by the client.
 */
static void
event_free(isc_event_t *event) {
	dns_adbfind_t *find;

	INSIST(event != NULL);
	find = event->ev_destroy_arg;
	INSIST(DNS_ADBFIND_VALID(find));

	LOCK(&find->lock);
	find->flags |= FIND_EVENT_FREED;
	event->ev_destroy_arg = NULL;
	UNLOCK(&find->lock);
}

/*
 * Assumes the name bucket is locked.
 */
static void
clean_finds_at_name(dns_adbname_t *name, isc_eventtype_t evtype,
		    unsigned int addrs)
{
	isc_event_t *ev;
	isc_task_t *task;
	dns_adbfind_t *find;
	dns_adbfind_t *next_find;
	isc_boolean_t process;
	unsigned int wanted, notify;

	DP(ENTER_LEVEL,
	   "ENTER clean_finds_at_name, name %p, evtype %08x, addrs %08x",
	   name, evtype, addrs);

	find = ISC_LIST_HEAD(name->finds);
	while (find != NULL) {
		LOCK(&find->lock);
		next_find = ISC_LIST_NEXT(find, plink);

		process = ISC_FALSE;
		wanted = find->flags & DNS_ADBFIND_ADDRESSMASK;
		notify = wanted & addrs;

		switch (evtype) {
		case DNS_EVENT_ADBMOREADDRESSES:
			DP(ISC_LOG_DEBUG(3), "DNS_EVENT_ADBMOREADDRESSES");
			if ((notify) != 0) {
				find->flags &= ~addrs;
				process = ISC_TRUE;
			}
			break;
		case DNS_EVENT_ADBNOMOREADDRESSES:
			DP(ISC_LOG_DEBUG(3), "DNS_EVENT_ADBNOMOREADDRESSES");
			find->flags &= ~addrs;
			wanted = find->flags & DNS_ADBFIND_ADDRESSMASK;
			if (wanted == 0)
				process = ISC_TRUE;
			break;
		default:
			find->flags &= ~addrs;
			process = ISC_TRUE;
		}

		if (process) {
			DP(DEF_LEVEL, "cfan: processing find %p", find);
			/*
			 * Unlink the find from the name, letting the caller
			 * call dns_adb_destroyfind() on it to clean it up
			 * later.
			 */
			ISC_LIST_UNLINK(name->finds, find, plink);
			find->adbname = NULL;
			find->name_bucket = DNS_ADB_INVALIDBUCKET;

			INSIST(!FIND_EVENTSENT(find));

			ev = &find->event;
			task = ev->ev_sender;
			ev->ev_sender = find;
			find->result_v4 = find_err_map[name->fetch_err];
			find->result_v6 = find_err_map[name->fetch6_err];
			ev->ev_type = evtype;
			ev->ev_destroy = event_free;
			ev->ev_destroy_arg = find;

			DP(DEF_LEVEL,
			   "sending event %p to task %p for find %p",
			   ev, task, find);

			isc_task_sendanddetach(&task, (isc_event_t **)&ev);
		} else {
			DP(DEF_LEVEL, "cfan: skipping find %p", find);
		}

		UNLOCK(&find->lock);
		find = next_find;
	}

	DP(ENTER_LEVEL, "EXIT clean_finds_at_name, name %p", name);
}

static inline void
check_exit(dns_adb_t *adb) {
	isc_event_t *event;
	/*
	 * The caller must be holding the adb lock.
	 */
	if (adb->shutting_down) {
		/*
		 * If there aren't any external references either, we're
		 * done.  Send the control event to initiate shutdown.
		 */
		INSIST(!adb->cevent_sent);      /* Sanity check. */
		event = &adb->cevent;
		isc_task_send(adb->task, &event);
		adb->cevent_sent = ISC_TRUE;
	}
}

static inline isc_boolean_t
dec_adb_irefcnt(dns_adb_t *adb) {
	isc_event_t *event;
	isc_task_t *etask;
	isc_boolean_t result = ISC_FALSE;

	LOCK(&adb->reflock);

	INSIST(adb->irefcnt > 0);
	adb->irefcnt--;

	if (adb->irefcnt == 0) {
		event = ISC_LIST_HEAD(adb->whenshutdown);
		while (event != NULL) {
			ISC_LIST_UNLINK(adb->whenshutdown, event, ev_link);
			etask = event->ev_sender;
			event->ev_sender = adb;
			isc_task_sendanddetach(&etask, &event);
			event = ISC_LIST_HEAD(adb->whenshutdown);
		}
	}

	if (adb->irefcnt == 0 && adb->erefcnt == 0)
		result = ISC_TRUE;
	UNLOCK(&adb->reflock);
	return (result);
}

static inline void
inc_adb_irefcnt(dns_adb_t *adb) {
	LOCK(&adb->reflock);
	adb->irefcnt++;
	UNLOCK(&adb->reflock);
}

static inline void
inc_adb_erefcnt(dns_adb_t *adb) {
	LOCK(&adb->reflock);
	adb->erefcnt++;
	UNLOCK(&adb->reflock);
}

static inline void
inc_entry_refcnt(dns_adb_t *adb, dns_adbentry_t *entry, isc_boolean_t lock) {
	int bucket;

	bucket = entry->lock_bucket;

	if (lock)
		LOCK(&adb->entrylocks[bucket]);

	entry->refcnt++;

	if (lock)
		UNLOCK(&adb->entrylocks[bucket]);
}

static inline isc_boolean_t
dec_entry_refcnt(dns_adb_t *adb, isc_boolean_t overmem, dns_adbentry_t *entry,
		 isc_boolean_t lock)
{
	int bucket;
	isc_boolean_t destroy_entry;
	isc_boolean_t result = ISC_FALSE;

	bucket = entry->lock_bucket;

	if (lock)
		LOCK(&adb->entrylocks[bucket]);

	INSIST(entry->refcnt > 0);
	entry->refcnt--;

	destroy_entry = ISC_FALSE;
	if (entry->refcnt == 0 &&
	    (adb->entry_sd[bucket] || entry->expires == 0 || overmem ||
	     (entry->flags & ENTRY_IS_DEAD) != 0)) {
		destroy_entry = ISC_TRUE;
		result = unlink_entry(adb, entry);
	}

	if (lock)
		UNLOCK(&adb->entrylocks[bucket]);

	if (!destroy_entry)
		return (result);

	entry->lock_bucket = DNS_ADB_INVALIDBUCKET;

	free_adbentry(adb, &entry);
	if (result)
		result = dec_adb_irefcnt(adb);

	return (result);
}

static inline dns_adbname_t *
new_adbname(dns_adb_t *adb, dns_name_t *dnsname) {
	dns_adbname_t *name;

	name = isc_mempool_get(adb->nmp);
	if (name == NULL)
		return (NULL);

	dns_name_init(&name->name, NULL);
	if (dns_name_dup(dnsname, adb->mctx, &name->name) != ISC_R_SUCCESS) {
		isc_mempool_put(adb->nmp, name);
		return (NULL);
	}
	dns_name_init(&name->target, NULL);
	name->magic = DNS_ADBNAME_MAGIC;
	name->adb = adb;
	name->partial_result = 0;
	name->flags = 0;
	name->expire_v4 = INT_MAX;
	name->expire_v6 = INT_MAX;
	name->expire_target = INT_MAX;
	name->chains = 0;
	name->lock_bucket = DNS_ADB_INVALIDBUCKET;
	ISC_LIST_INIT(name->v4);
	ISC_LIST_INIT(name->v6);
	name->fetch_a = NULL;
	name->fetch_aaaa = NULL;
	name->fetch_err = FIND_ERR_UNEXPECTED;
	name->fetch6_err = FIND_ERR_UNEXPECTED;
	ISC_LIST_INIT(name->finds);
	ISC_LINK_INIT(name, plink);

	LOCK(&adb->namescntlock);
	adb->namescnt++;
	if (!adb->grownames_sent && adb->namescnt > (adb->nnames * 8)) {
		isc_event_t *event = &adb->grownames;
		inc_adb_irefcnt(adb);
		isc_task_send(adb->task, &event);
		adb->grownames_sent = ISC_TRUE;
	}
	UNLOCK(&adb->namescntlock);

	return (name);
}

static inline void
free_adbname(dns_adb_t *adb, dns_adbname_t **name) {
	dns_adbname_t *n;

	INSIST(name != NULL && DNS_ADBNAME_VALID(*name));
	n = *name;
	*name = NULL;

	INSIST(!NAME_HAS_V4(n));
	INSIST(!NAME_HAS_V6(n));
	INSIST(!NAME_FETCH(n));
	INSIST(ISC_LIST_EMPTY(n->finds));
	INSIST(!ISC_LINK_LINKED(n, plink));
	INSIST(n->lock_bucket == DNS_ADB_INVALIDBUCKET);
	INSIST(n->adb == adb);

	n->magic = 0;
	dns_name_free(&n->name, adb->mctx);

	isc_mempool_put(adb->nmp, n);
	LOCK(&adb->namescntlock);
	adb->namescnt--;
	UNLOCK(&adb->namescntlock);
}

static inline dns_adbnamehook_t *
new_adbnamehook(dns_adb_t *adb, dns_adbentry_t *entry) {
	dns_adbnamehook_t *nh;

	nh = isc_mempool_get(adb->nhmp);
	if (nh == NULL)
		return (NULL);

	nh->magic = DNS_ADBNAMEHOOK_MAGIC;
	nh->entry = entry;
	ISC_LINK_INIT(nh, plink);

	return (nh);
}

static inline void
free_adbnamehook(dns_adb_t *adb, dns_adbnamehook_t **namehook) {
	dns_adbnamehook_t *nh;

	INSIST(namehook != NULL && DNS_ADBNAMEHOOK_VALID(*namehook));
	nh = *namehook;
	*namehook = NULL;

	INSIST(nh->entry == NULL);
	INSIST(!ISC_LINK_LINKED(nh, plink));

	nh->magic = 0;
	isc_mempool_put(adb->nhmp, nh);
}

static inline dns_adblameinfo_t *
new_adblameinfo(dns_adb_t *adb, dns_name_t *qname, dns_rdatatype_t qtype) {
	dns_adblameinfo_t *li;

	li = isc_mempool_get(adb->limp);
	if (li == NULL)
		return (NULL);

	dns_name_init(&li->qname, NULL);
	if (dns_name_dup(qname, adb->mctx, &li->qname) != ISC_R_SUCCESS) {
		isc_mempool_put(adb->limp, li);
		return (NULL);
	}
	li->magic = DNS_ADBLAMEINFO_MAGIC;
	li->lame_timer = 0;
	li->qtype = qtype;
	ISC_LINK_INIT(li, plink);

	return (li);
}

static inline void
free_adblameinfo(dns_adb_t *adb, dns_adblameinfo_t **lameinfo) {
	dns_adblameinfo_t *li;

	INSIST(lameinfo != NULL && DNS_ADBLAMEINFO_VALID(*lameinfo));
	li = *lameinfo;
	*lameinfo = NULL;

	INSIST(!ISC_LINK_LINKED(li, plink));

	dns_name_free(&li->qname, adb->mctx);

	li->magic = 0;

	isc_mempool_put(adb->limp, li);
}

static inline dns_adbentry_t *
new_adbentry(dns_adb_t *adb) {
	dns_adbentry_t *e;
	isc_uint32_t r;

	e = isc_mempool_get(adb->emp);
	if (e == NULL)
		return (NULL);

	e->magic = DNS_ADBENTRY_MAGIC;
	e->lock_bucket = DNS_ADB_INVALIDBUCKET;
	e->refcnt = 0;
	e->flags = 0;
	isc_random_get(&r);
	e->srtt = (r & 0x1f) + 1;
	e->expires = 0;
	ISC_LIST_INIT(e->lameinfo);
	ISC_LINK_INIT(e, plink);
	LOCK(&adb->entriescntlock);
	adb->entriescnt++;
	if (!adb->growentries_sent &&
	    adb->entriescnt > (adb->nentries * 8)) {
		isc_event_t *event = &adb->growentries;
		inc_adb_irefcnt(adb);
		isc_task_send(adb->task,…
Summary ✨

This C code implements a DNS caching system called dns_adb. It manages a cache of DNS names and their associated data, providing functions for adding, removing, and flushing entries, as well as handling overmem conditions. The code also includes a water mark system to limit the size of the cache.
Tech Fingerprint

Alerts (9)

Complexity hotspot; lines 409 to 417 (total complexity: 14)
409 410 411 412 413 414 415 416 417