dns_cache: added support for permanent entries

Permanent entries are intended to be used for management
purposes, i.e. they are useful if there is no DNS server
available for instance. Such entries never expire, and overwrite
any existing entry that was added by the resolver.
They can be added to the cache from modules or over the RPC calls
dns.add_a, dns.add_aaaa and dns.add_srv with the flag value of 2.
(or 3 in case of negative permanent entry)

- err_flags in struct dns_hash_entry is changed to be a general
purpose flag, and renamed to ent_flag.
- DNS_BAD_NAME is renamed to DNS_FLAG_BAD_NAME
- DNS_FLAG_PERMANENT value is added.
- new rpc call to force deleting the permanent entries from the
cache: dns.delete_all_force. (dns.delete_all deletes only
the non-permanent entries.)

core_cmd.c

@@ -56,6 +56,7 @@ void dns_cache_mem_info(rpc_t* rpc, void* ctx);
 void dns_cache_view(rpc_t* rpc, void* ctx);
 void dns_cache_rpc_lookup(rpc_t* rpc, void* ctx);
 void dns_cache_delete_all(rpc_t* rpc, void* ctx);
+void dns_cache_delete_all_force(rpc_t* rpc, void* ctx);
 void dns_cache_add_a(rpc_t* rpc, void* ctx);
 void dns_cache_add_aaaa(rpc_t* rpc, void* ctx);
 void dns_cache_add_srv(rpc_t* rpc, void* ctx);
@@ -94,7 +95,12 @@ static const char* dns_cache_rpc_lookup_doc[] = {
 };
 
 static const char* dns_cache_delete_all_doc[] = {
-	"deletes all the entries from the DNS cache",
+	"deletes all the non-permanent entries from the DNS cache",
+	0
+};
+
+static const char* dns_cache_delete_all_force_doc[] = {
+	"deletes all the entries from the DNS cache including the permanent ones",
 	0
 };
 
@@ -848,6 +854,8 @@ static rpc_export_t core_rpc_methods[] = {
 		0	},
 	{"dns.delete_all",         dns_cache_delete_all,  dns_cache_delete_all_doc,
 		0	},
+	{"dns.delete_all_force",   dns_cache_delete_all_force, dns_cache_delete_all_force_doc,
+		0	},
 	{"dns.add_a",              dns_cache_add_a,       dns_cache_add_a_doc,
 		0	},
 	{"dns.add_aaaa",           dns_cache_add_aaaa,    dns_cache_add_aaaa_doc,

dns_cache.c

@@ -573,6 +573,7 @@ again:
 			servers_up &&
 #endif
 			/* automatically remove expired elements */
+			((e->ent_flags & DNS_FLAG_PERMANENT) == 0) &&
 			((s_ticks_t)(now-e->expire)>=0)
 		) {
 				_dns_hash_remove(e);
@@ -591,7 +592,8 @@ again:
 #endif
 #endif
 			return e;
-		}else if ((e->type==T_CNAME) && !((e->rr_lst==0) || e->err_flags) &&
+		}else if ((e->type==T_CNAME) &&
+					!((e->rr_lst==0) || (e->ent_flags & DNS_FLAG_BAD_NAME)) &&
 					(e->name_len==name->len) &&
 					(strncasecmp(e->name, name->s, e->name_len)==0)){
 			/*if CNAME matches and CNAME is entry is not a neg. cache entry
@@ -659,7 +661,9 @@ inline static int dns_cache_clean(unsigned int no, int expired_only)
 	clist_foreach_safe(dns_last_used_lst, l, tmp, next){
 		e=(struct dns_hash_entry*)(((char*)l)-
 				(char*)&((struct dns_hash_entry*)(0))->last_used_lst);
-		if (!expired_only || ((s_ticks_t)(now-e->expire)>=0)){
+		if (((e->ent_flags & DNS_FLAG_PERMANENT) == 0)
+			&& (!expired_only || ((s_ticks_t)(now-e->expire)>=0))
+		) {
 				_dns_hash_remove(e);
 				deleted++;
 		}
@@ -669,7 +673,9 @@ inline static int dns_cache_clean(unsigned int no, int expired_only)
 #else
 	for(h=start; h!=(start+DNS_HASH_SIZE); h++){
 		clist_foreach_safe(&dns_hash[h%DNS_HASH_SIZE], e, t, next){
-			if  ((s_ticks_t)(now-e->expire)>=0){
+			if (((e->ent_flags & DNS_FLAG_PERMANENT) == 0)
+				&& ((s_ticks_t)(now-e->expire)>=0)
+			) {
 				_dns_hash_remove(e);
 				deleted++;
 			}
@@ -681,8 +687,10 @@ inline static int dns_cache_clean(unsigned int no, int expired_only)
 	if (!expired_only){
 		for(h=start; h!=(start+DNS_HASH_SIZE); h++){
 			clist_foreach_safe(&dns_hash[h%DNS_HASH_SIZE], e, t, next){
-				_dns_hash_remove(e);
-				deleted++;
+				if ((e->ent_flags & DNS_FLAG_PERMANENT) == 0) {
+					_dns_hash_remove(e);
+					deleted++;
+				}
 				n++;
 				if (n>=no) goto skip;
 			}
@@ -724,7 +732,9 @@ inline static int dns_cache_free_mem(unsigned int target, int expired_only)
 		if (*dns_cache_mem_used<=target) break;
 		e=(struct dns_hash_entry*)(((char*)l)-
 				(char*)&((struct dns_hash_entry*)(0))->last_used_lst);
-		if (!expired_only || ((s_ticks_t)(now-e->expire)>=0)){
+		if (((e->ent_flags & DNS_FLAG_PERMANENT) == 0)
+			&& (!expired_only || ((s_ticks_t)(now-e->expire)>=0))
+		) {
 				_dns_hash_remove(e);
 				deleted++;
 		}
@@ -734,7 +744,9 @@ inline static int dns_cache_free_mem(unsigned int target, int expired_only)
 		clist_foreach_safe(&dns_hash[h%DNS_HASH_SIZE], e, t, next){
 			if (*dns_cache_mem_used<=target)
 				goto skip;
-			if  ((s_ticks_t)(now-e->expire)>=0){
+			if (((e->ent_flags & DNS_FLAG_PERMANENT) == 0)
+				&& ((s_ticks_t)(now-e->expire)>=0)
+			) {
 				_dns_hash_remove(e);
 				deleted++;
 			}
@@ -746,7 +758,9 @@ inline static int dns_cache_free_mem(unsigned int target, int expired_only)
 			clist_foreach_safe(&dns_hash[h%DNS_HASH_SIZE], e, t, next){
 				if (*dns_cache_mem_used<=target)
 					goto skip;
-				if  ((s_ticks_t)(now-e->expire)>=0){
+				if (((e->ent_flags & DNS_FLAG_PERMANENT) == 0)
+					&& ((s_ticks_t)(now-e->expire)>=0)
+				) {
 					_dns_hash_remove(e);
 					deleted++;
 				}
@@ -811,7 +825,7 @@ inline static int dns_cache_add(struct dns_hash_entry* e)
 	h=dns_hash_no(e->name, e->name_len, e->type);
 #ifdef DNS_CACHE_DEBUG
 	DBG("dns_cache_add: adding %.*s(%d) %d (flags=%0x) at %d\n",
-			e->name_len, e->name, e->name_len, e->type, e->err_flags, h);
+			e->name_len, e->name, e->name_len, e->type, e->ent_flags, h);
 #endif
 	LOCK_DNS_HASH();
 		*dns_cache_mem_used+=e->total_size; /* no need for atomic ops, written
@@ -853,7 +867,7 @@ inline static int dns_cache_add_unsafe(struct dns_hash_entry* e)
 	h=dns_hash_no(e->name, e->name_len, e->type);
 #ifdef DNS_CACHE_DEBUG
 	DBG("dns_cache_add: adding %.*s(%d) %d (flags=%0x) at %d\n",
-			e->name_len, e->name, e->name_len, e->type, e->err_flags, h);
+			e->name_len, e->name, e->name_len, e->type, e->ent_flags, h);
 #endif
 	*dns_cache_mem_used+=e->total_size; /* no need for atomic ops, written
 										 only from within a lock */
@@ -883,7 +897,7 @@ inline static struct dns_hash_entry* dns_cache_mk_bad_entry(str* name,
 	size=sizeof(struct dns_hash_entry)+name->len-1+1;
 	e=shm_malloc(size);
 	if (e==0){
-		LOG(L_ERR, "ERROR: dns_cache_mk_ip_entry: out of memory\n");
+		LOG(L_ERR, "ERROR: dns_cache_mk_bad_entry: out of memory\n");
 		return 0;
 	}
 	memset(e, 0, size); /* init with 0*/
@@ -894,7 +908,7 @@ inline static struct dns_hash_entry* dns_cache_mk_bad_entry(str* name,
 	e->last_used=now;
 	e->expire=now+S_TO_TICKS(ttl);
 	memcpy(e->name, name->s, name->len);
-	e->err_flags=flags;
+	e->ent_flags=flags;
 	return e;
 }
 
@@ -1234,7 +1248,7 @@ inline static struct dns_hash_entry* dns_cache_mk_rd_entry(str* name, int type,
 	size+=ROUND_POINTER(sizeof(struct dns_hash_entry)+name->len-1+1);
 	e=shm_malloc(size);
 	if (e==0){
-		LOG(L_ERR, "ERROR: dns_cache_mk_ip_entry: out of memory\n");
+		LOG(L_ERR, "ERROR: dns_cache_mk_rd_entry: out of memory\n");
 		return 0;
 	}
 	memset(e, 0, size); /* init with 0 */
@@ -1544,7 +1558,7 @@ found:
 	for (r=0; r<no_records; r++){
 		rec[r].e=shm_malloc(rec[r].size);
 		if (rec[r].e==0){
-			LOG(L_ERR, "ERROR: dns_cache_mk_ip_entry: out of memory\n");
+			LOG(L_ERR, "ERROR: dns_cache_mk_rd_entry: out of memory\n");
 			goto error;
 		}
 		memset(rec[r].e, 0, rec[r].size); /* init with 0*/
@@ -1951,7 +1965,7 @@ inline static struct dns_hash_entry* dns_cache_do_request(str* name, int type)
 		free_rdata_list(records);
 	}else if (cfg_get(core, core_cfg, dns_neg_cache_ttl)){
 		e=dns_cache_mk_bad_entry(name, type, 
-				cfg_get(core, core_cfg, dns_neg_cache_ttl), DNS_BAD_NAME);
+				cfg_get(core, core_cfg, dns_neg_cache_ttl), DNS_FLAG_BAD_NAME);
 		if (likely(e)) {
 			atomic_set(&e->refcnt, 1); /* 1 because we return a ref. to it */
 			dns_cache_add(e); /* refcnt++ inside*/
@@ -2028,10 +2042,12 @@ inline static struct dns_hash_entry* dns_get_entry(str* name, int type)
 	e=dns_hash_get(name, type, &h, &err);
 #ifdef USE_DNS_CACHE_STATS
 	if (e) {
-		if (e->err_flags==DNS_BAD_NAME && dns_cache_stats)
+		if ((e->ent_flags & DNS_FLAG_BAD_NAME) && dns_cache_stats)
 			/* negative DNS cache hit */
 			dns_cache_stats[process_no].dc_neg_hits_cnt++;
-		else if (!e->err_flags && dns_cache_stats) /* DNS cache hit */
+		else if (((e->ent_flags & DNS_FLAG_BAD_NAME) == 0)
+				&& dns_cache_stats
+		) /* DNS cache hit */
 			dns_cache_stats[process_no].dc_hits_cnt++;
 
 		if (dns_cache_stats)
@@ -2053,7 +2069,7 @@ inline static struct dns_hash_entry* dns_get_entry(str* name, int type)
 			goto error; /* could not resolve cname */
 	}
 	/* found */
-	if ((e->rr_lst==0) || e->err_flags){
+	if ((e->rr_lst==0) || (e->ent_flags & DNS_FLAG_BAD_NAME)){
 		/* negative cache => not resolvable */
 		dns_hash_put(e);
 		e=0;
@@ -2106,6 +2122,7 @@ inline static struct dns_rr* dns_entry_get_rr(	struct dns_hash_entry* e,
 			/* check the expiration time only when the servers are up */
 			servers_up &&
 #endif
+			((e->ent_flags & DNS_FLAG_PERMANENT) == 0) &&
 			((s_ticks_t)(now-rr->expire)>=0) /* expired rr */
 		)
 			continue;
@@ -2208,6 +2225,7 @@ retry:
 			/* check the expiration time only when the servers are up */
 			servers_up &&
 #endif
+			((e->ent_flags & DNS_FLAG_PERMANENT) == 0) &&
 			((s_ticks_t)(now-rr->expire)>=0) /* expired entry */) ||
 				(rr->err_flags) /* bad rr */ ||
 				(srv_marked(tried, idx)) ) /* already tried */{
@@ -3516,7 +3534,7 @@ void dns_cache_debug(rpc_t* rpc, void* ctx)
 								(s_ticks_t)(e->expire-now)<0?-1:
 									TICKS_TO_S(e->expire-now),
 								TICKS_TO_S(now-e->last_used),
-								e->err_flags);
+								e->ent_flags);
 			}
 		}
 	UNLOCK_DNS_HASH();
@@ -3632,7 +3650,7 @@ void dns_cache_debug_all(rpc_t* rpc, void* ctx)
 								(int)(s_ticks_t)(e->expire-now)<0?-1:
 									TICKS_TO_S(e->expire-now),
 								(int)TICKS_TO_S(now-e->last_used),
-								(int)e->err_flags);
+								(int)e->ent_flags);
 					switch(e->type){
 						case T_A:
 						case T_AAAA:
@@ -3773,10 +3791,16 @@ void dns_cache_print_entry(rpc_t* rpc, void* ctx, struct dns_hash_entry* e)
 						e->total_size);
 	rpc->printf(ctx, "%sreference counter: %d", SPACE_FORMAT,
 						e->refcnt.val);
-	rpc->printf(ctx, "%sexpires in (s): %d", SPACE_FORMAT, expires);
+	if (e->ent_flags & DNS_FLAG_PERMANENT) {
+		rpc->printf(ctx, "%spermanent: yes", SPACE_FORMAT);
+	} else {
+		rpc->printf(ctx, "%spermanent: no", SPACE_FORMAT);
+		rpc->printf(ctx, "%sexpires in (s): %d", SPACE_FORMAT, expires);
+	}
 	rpc->printf(ctx, "%slast used (s): %d", SPACE_FORMAT,
 						TICKS_TO_S(now-e->last_used));
-	rpc->printf(ctx, "%serror flags: %d", SPACE_FORMAT, e->err_flags);
+	rpc->printf(ctx, "%snegative entry: %s", SPACE_FORMAT,
+						(e->ent_flags & DNS_FLAG_BAD_NAME) ? "yes" : "no");
 	
 	for (rr=e->rr_lst; rr; rr=rr->next) {
 		switch(e->type) {
@@ -3874,7 +3898,9 @@ void dns_cache_view(rpc_t* rpc, void* ctx)
 	LOCK_DNS_HASH();
 	for (h=0; h<DNS_HASH_SIZE; h++){
 		clist_foreach(&dns_hash[h], e, next){
-			if (TICKS_LT(e->expire, now)) {
+			if (((e->ent_flags & DNS_FLAG_PERMANENT) == 0)
+				&& TICKS_LT(e->expire, now)
+			) {
 				continue;
 			}
 			rpc->printf(ctx, "{\n");
@@ -3886,8 +3912,11 @@ void dns_cache_view(rpc_t* rpc, void* ctx)
 }
 
 
-/* deletes all the entries from the cache */
-void dns_cache_flush(void)
+/* Delete all the entries from the cache.
+ * If del_permanent is 0, then only the
+ * non-permanent entries are deleted.
+ */
+void dns_cache_flush(int del_permanent)
 {
 	int h;
 	struct dns_hash_entry* e;
@@ -3897,20 +3926,32 @@ void dns_cache_flush(void)
 	LOCK_DNS_HASH();
 		for (h=0; h<DNS_HASH_SIZE; h++){
 			clist_foreach_safe(&dns_hash[h], e, tmp, next){
-				_dns_hash_remove(e);
+				if (del_permanent || ((e->ent_flags & DNS_FLAG_PERMANENT) == 0))
+					_dns_hash_remove(e);
 			}
 		}
 	UNLOCK_DNS_HASH();
 }
 
-/* deletes all the entries from the cache */
+/* deletes all the non-permanent entries from the cache */
 void dns_cache_delete_all(rpc_t* rpc, void* ctx)
 {
 	if (!cfg_get(core, core_cfg, use_dns_cache)){
 		rpc->fault(ctx, 500, "dns cache support disabled (see use_dns_cache)");
 		return;
 	}
-	dns_cache_flush();
+	dns_cache_flush(0);
+}
+
+/* deletes all the entries from the cache,
+ * even the permanent ones */
+void dns_cache_delete_all_force(rpc_t* rpc, void* ctx)
+{
+	if (!cfg_get(core, core_cfg, use_dns_cache)){
+		rpc->fault(ctx, 500, "dns cache support disabled (see use_dns_cache)");
+		return;
+	}
+	dns_cache_flush(1);
 }
 
 /* clones an entry and extends its memory area to hold a new rr.
@@ -4063,6 +4104,10 @@ static struct dns_hash_entry *dns_cache_clone_entry(struct dns_hash_entry *e,
  * If there is an existing record with the same name and value
  * (ip address in case of A/AAAA record, name in case of SRV record)
  * only the remaining fields are updated.
+ * 
+ * Note that permanent records cannot be overwritten unless
+ * the new record is also permanent. A permanent record
+ * completely replaces a non-permanent one.
  *
  * Currently only A, AAAA, and SRV records are supported.
  */
@@ -4100,7 +4145,7 @@ int dns_cache_add_record(unsigned short type,
 		return -1;
 	}
 
-	if (!flags) {
+	if ((flags & DNS_FLAG_BAD_NAME) == 0) {
 		/* fix-up the values */
 		switch(type) {
 		case T_A:
@@ -4139,8 +4184,16 @@ int dns_cache_add_record(unsigned short type,
 		old=NULL;
 	}
 
+	if (old
+		&& (old->ent_flags & DNS_FLAG_PERMANENT)
+		&& ((flags & DNS_FLAG_PERMANENT) == 0)
+	) {
+		LOG(L_ERR, "ERROR: A non-permanent record cannot overwrite "
+				"a permanent entry\n");
+		goto error;
+	}
 	/* prepare the entry */
-	if (flags) {
+	if (flags & DNS_FLAG_BAD_NAME) {
 		/* negative entry */
 		new = dns_cache_mk_bad_entry(name, type, ttl, flags);
 		if (!new) {
@@ -4149,10 +4202,16 @@ int dns_cache_add_record(unsigned short type,
 			goto error;
 		}
 	} else {
-		if (!old || old->err_flags) {
-			/* there was no matching entry in the hash table,
-			or the entry is a negative record with inefficient space,
-			let us create a new one */
+		if (!old
+			|| (old->ent_flags & DNS_FLAG_BAD_NAME)
+			|| (((old->ent_flags & DNS_FLAG_PERMANENT) == 0)
+				&& (flags & DNS_FLAG_PERMANENT))
+		) {
+			/* There was no matching entry in the hash table,
+			 * the entry is a negative record with inefficient space,
+			 * or a permanent entry overwrites a non-permanent one.
+			 * Let us create a new one.
+			 */
 			switch(type) {
 			case T_A:
 			case T_AAAA:
@@ -4175,6 +4234,7 @@ int dns_cache_add_record(unsigned short type,
 					goto error;
 				}
 			}
+			new->ent_flags = flags;
 		} else {
 			/* we must modify the entry, so better to clone it, modify the new 
 			 * one, and replace the old with the new entry in the hash table,
@@ -4289,7 +4349,7 @@ static void dns_cache_delete_record(rpc_t* rpc, void* ctx, unsigned short type)
 {
 	struct dns_hash_entry *e;
 	str name;
-	int err, h, found=0;
+	int err, h, found=0, permanent=0;
 
 	if (!cfg_get(core, core_cfg, use_dns_cache)){
 		rpc->fault(ctx, 500, "dns cache support disabled (see use_dns_cache)");
@@ -4303,12 +4363,17 @@ static void dns_cache_delete_record(rpc_t* rpc, void* ctx, unsigned short type)
 
 	e=_dns_hash_find(&name, type, &h, &err);
 	if (e && (e->type==type)) {
-		_dns_hash_remove(e);
+		if ((e->ent_flags & DNS_FLAG_PERMANENT) == 0)
+			_dns_hash_remove(e);
+		else
+			permanent = 1;
 		found = 1;
 	}
 
 	UNLOCK_DNS_HASH();
 
+	if (permanent)
+		rpc->fault(ctx, 400, "Permanent entries cannot be deleted");
 	if (!found)
 		rpc->fault(ctx, 400, "Not found");
 }
@@ -4346,7 +4411,7 @@ int dns_cache_delete_single_record(unsigned short type,
 		return -1;
 	}
 
-	if (!flags) {
+	if ((flags & DNS_FLAG_BAD_NAME) == 0) {
 		/* fix-up the values */
 		switch(type) {
 		case T_A:
@@ -4381,11 +4446,11 @@ int dns_cache_delete_single_record(unsigned short type,
 		goto not_found;
 
 	if ((old->type != type) /* may be CNAME */
-		|| (old->err_flags != flags)
+		|| (old->ent_flags != flags)
 	)
 		goto not_found;
 
-	if (flags) /* negative record, there is no value */
+	if (flags && DNS_FLAG_BAD_NAME) /* negative record, there is no value */
 		goto delete;
 
 	/* check whether there is an rr with the same value */

dns_cache.h

@@ -100,8 +100,14 @@ enum dns_errors{
 /** @brief return a short string, printable error description (err <=0) */
 const char* dns_strerror(int err);
 
-/** @brief dns entry error flags */
-#define DNS_BAD_NAME     1 /* unresolvable */
+/** @brief dns entry flags,
+ * shall be on the power of 2 */
+/*@{ */
+#define DNS_FLAG_BAD_NAME	1 /**< error flag: unresolvable */
+#define DNS_FLAG_PERMANENT	2 /**< permanent record, never times out,
+					never deleted, never overwritten
+					unless explicitely requested */
+/*@} */
 
 /** @name dns requests flags */
 /*@{ */
@@ -155,7 +161,7 @@ struct dns_hash_entry{
 	ticks_t expire; /* when the whole entry will expire */
 	int total_size;
 	unsigned short type;
-	unsigned char err_flags;
+	unsigned char ent_flags; /* entry flags: unresolvable/permanent */
 	unsigned char name_len; /* can be maximum 255 bytes */
 	char name[1]; /* variable length, name, null terminated
 	                 (actual lenght = name_len +1)*/
@@ -336,8 +342,11 @@ inline static int dns_sip_resolve2su(struct dns_srv_handle* h,
 	return ret;
 }
 
-/** @brief deletes all the entries from the cache */
-void dns_cache_flush(void);
+/** @brief Delete all the entries from the cache.
+ * If del_permanent is 0, then only the
+ * non-permanent entries are deleted.
+ */
+void dns_cache_flush(int del_permanent);
 
 #ifdef DNS_WATCHDOG_SUPPORT
 /** @brief sets the state of the DNS servers:
@@ -355,6 +364,10 @@ int dns_get_server_state(void);
  * (ip address in case of A/AAAA record, name in case of SRV record)
  * only the remaining fields are updated.
  *
+ * Note that permanent records cannot be overwritten unless
+ * the new record is also permanent. A permanent record
+ * completely replaces a non-permanent one.
+ *
  * Currently only A, AAAA, and SRV records are supported.
  */
 int dns_cache_add_record(unsigned short type,