NSD ACL Plugin

[Erik Rozendaal]

Colm MacCarthaigh wrote:
> On Thu, Jul 10, 2003 at 02:37:16PM +0100, Colm MacCarthaigh wrote:
> 
>>>Probably the easiest way is to use the HEAP_WALK macro in heap.h (which 
>>>redefines RBTREE_WALK in rbtree.h) on interface->nsd->db->heap.  This will 
>>>give you all the domains (not just the ones specific to a zone).
>>
>>O.k., I'll give that a go.
> 
> 
> I've been playing with this, but getting very far. My recursive
> register_data replacement now looks like this:

[... code snipped ...]

> I know the code within the HEAP_WALK loop needs changing, but the
> problem I'm seeing is that the code never gets inside the loop,
> nothing in there ever runs. NSD just sits there, it seems that
> rbtree_first gets itself into an infinite loop and never exists. 
> 
> Before I go debugging this properly, am I actually using HEAP_WALK
> correctly ?

Yes, you are.  However, it is hard to debug this with shared objects.  So I 
tried the following:

0. I modified example-plugin.so to include the following lines in the 
reload function:

	void *key;
	void *data;
	
	HEAP_WALK(nsd->nsd->db->heap, key, data) {
		fprintf(stderr, "name %s\n", dnamestr(key));
	}
	
    This also resulted in an infinite loop that was hard to debug.

Then I made the following changes to make things easier to debug:

1. Add the RTLD_GLOBAL flag to the call to dlopen in plugin.c "handle = 
dlopen(name, RTLD_NOW | RTLD_GLOBAL)".
2. Configure with LDFLAGS='-rdynamic' to make global symbols in nsd 
available to the plugins.
3. Do _not_ link rbtree.o into the plugin.

But now the HEAP_WALK works.  Although I don't know why :(  But hopefully 
this will help you anyway.

I'm planning to change the name lookup algorithm for NSD 1.3.0 and that 
should make it much easier to walk over a set of domain names given a 
parent domain name.  But until then this is your best bet.

Erik