From a35f8defbf9488108e075f2f83be537ca4f05e88 Mon Sep 17 00:00:00 2001
From: Miek Gieben <miek@miek.nl>
Date: Wed, 10 Oct 2012 17:27:03 +0200
Subject: [PATCH] even faster, by smarter checking for tsig

---
 server.go | 36 ++++++++++++++++++++----------------
 1 file changed, 20 insertions(+), 16 deletions(-)

diff --git a/server.go b/server.go
index 785e3eef..06ff5796 100644
--- a/server.go
+++ b/server.go
@@ -390,14 +390,16 @@ func serve(a net.Addr, h Handler, m []byte, u *net.UDPConn, t *net.TCPConn, tsig
 		}
 
 		w.tsigStatus = nil
-		if t := req.IsTsig(); t != nil {
-			secret := t.Hdr.Name
-			if _, ok := tsigSecret[secret]; !ok {
-				w.tsigStatus = ErrKeyAlg
+		if w.tsigSecret != nil {
+			if t := req.IsTsig(); t != nil {
+				secret := t.Hdr.Name
+				if _, ok := tsigSecret[secret]; !ok {
+					w.tsigStatus = ErrKeyAlg
+				}
+				w.tsigStatus = TsigVerify(m, tsigSecret[secret], "", false)
+				w.tsigTimersOnly = false
+				w.tsigRequestMAC = req.Extra[len(req.Extra)-1].(*RR_TSIG).MAC
 			}
-			w.tsigStatus = TsigVerify(m, tsigSecret[secret], "", false)
-			w.tsigTimersOnly = false
-			w.tsigRequestMAC = req.Extra[len(req.Extra)-1].(*RR_TSIG).MAC
 		}
 		h.ServeDNS(w, req) // this does the writing back to the client
 		if w.hijacked {
@@ -418,17 +420,19 @@ func (w *response) Write(m *Msg) (err error) {
 	if m == nil {
 		return &Error{Err: "nil message"}
 	}
-	if t := m.IsTsig(); t != nil {
-		data, w.tsigRequestMAC, err = TsigGenerate(m, w.tsigSecret[t.Hdr.Name], w.tsigRequestMAC, w.tsigTimersOnly)
-		if err != nil {
-			return err
-		}
-	} else {
-		data, err = m.Pack()
-		if err != nil {
-			return err
+	if w.tsigSecret != nil { // if no secrets, dont check for the tsig (which is a longer check)
+		if t := m.IsTsig(); t != nil {
+			data, w.tsigRequestMAC, err = TsigGenerate(m, w.tsigSecret[t.Hdr.Name], w.tsigRequestMAC, w.tsigTimersOnly)
+			if err != nil {
+				return err
+			}
+			return w.WriteBuf(data)
 		}
 	}
+	data, err = m.Pack()
+	if err != nil {
+		return err
+	}
 	return w.WriteBuf(data)
 }