This file contains a module that performs validation of DNS queries. More...
#include "util/module.h"#include "util/data/msgreply.h"#include "validator/val_utils.h"#include "validator/val_nsec3.h"Data Structures | |
| struct | val_env |
| Global state for the validator. More... | |
| struct | val_qstate |
| Per query state for the validator module. More... | |
Macros | |
| #define | NULL_KEY_TTL 60 /* seconds */ |
| This is the TTL to use when a trust anchor fails to prime. | |
| #define | BOGUS_KEY_TTL 60 /* seconds */ |
| TTL for bogus key entries. | |
| #define | SENTINEL_IS "root-key-sentinel-is-ta-" |
| Root key sentinel is ta preamble. | |
| #define | SENTINEL_NOT "root-key-sentinel-not-ta-" |
| Root key sentinel is not ta preamble. | |
| #define | SENTINEL_KEYTAG_LEN 5 |
| Root key sentinel keytag length. | |
Enumerations | |
| enum | val_state { VAL_INIT_STATE = 0 , VAL_FINDKEY_STATE , VAL_VALIDATE_STATE , VAL_FINISHED_STATE } |
| State of the validator for a query. More... | |
Functions | |
| struct module_func_block * | val_get_funcblock (void) |
| Get the validator function block. | |
| const char * | val_state_to_string (enum val_state state) |
| Get validator state as a string. | |
| int | val_init (struct module_env *env, int id) |
| validator init | |
| void | val_deinit (struct module_env *env, int id) |
| validator deinit | |
| void | val_operate (struct module_qstate *qstate, enum module_ev event, int id, struct outbound_entry *outbound) |
| validator operate on a query | |
| void | val_inform_super (struct module_qstate *qstate, int id, struct module_qstate *super) |
| inform validator super. | |
| void | val_clear (struct module_qstate *qstate, int id) |
| validator cleanup query state | |
| size_t | val_get_mem (struct module_env *env, int id) |
| Debug helper routine that assists worker in determining memory in use. | |
| void | validate_suspend_timer_cb (void *arg) |
| Timer callback for msg signatures continue timer. | |
| int | val_env_parse_key_iter (char *val_nsec3_key_iterations, size_t **keysize, size_t **maxiter, int *keyiter_count) |
| Parse the val_nsec3_key_iterations string. | |
| void | val_env_apply_cfg (struct val_env *val_env, struct config_file *cfg, size_t *keysize, size_t *maxiter, int keyiter_count) |
| Apply config to validator env. | |
This file contains a module that performs validation of DNS queries.
According to RFC 4034.
| #define NULL_KEY_TTL 60 /* seconds */ |
This is the TTL to use when a trust anchor fails to prime.
A trust anchor will be primed no more often than this interval. Used when harden- dnssec-stripped is off and the trust anchor fails.
| #define BOGUS_KEY_TTL 60 /* seconds */ |
TTL for bogus key entries.
When a DS or DNSKEY fails in the chain of trust the entire zone for that name is blacked out for this TTL.
| enum val_state |
| struct module_func_block * val_get_funcblock | ( | void | ) |
Get the validator function block.
References val_block.
Referenced by checkconf(), and module_funcs_avail().
| const char * val_state_to_string | ( | enum val_state | state | ) |
Get validator state as a string.
| state | to convert |
References VAL_FINDKEY_STATE, VAL_FINISHED_STATE, VAL_INIT_STATE, and VAL_VALIDATE_STATE.
Referenced by val_handle().
| void val_inform_super | ( | struct module_qstate * | qstate, |
| int | id, | ||
| struct module_qstate * | super | ||
| ) |
inform validator super.
| qstate | query state that finished. |
| id | module id. |
| super | the qstate to inform. |
References dns_msg_deepcopy_region(), LDNS_RR_TYPE_DS, log_err(), log_query_info(), module_qstate::minfo, val_qstate::nsec3_cache_table, process_dnskey_response(), process_ds_response(), process_prime_response(), module_qstate::qinfo, query_info::qtype, module_qstate::region, module_qstate::reply_origin, module_qstate::return_msg, module_qstate::return_rcode, val_qstate::sub_ds_msg, VERB_ALGO, verbose(), and val_qstate::wait_prime_ta.
Referenced by fptr_whitelist_mod_inform_super().
| size_t val_get_mem | ( | struct module_env * | env, |
| int | id | ||
| ) |
Debug helper routine that assists worker in determining memory in use.
| env | module environment |
| id | module id. |
References val_env::kcache, key_cache_get_mem(), module_env::modinfo, val_env::neg_cache, val_env::nsec3_keyiter_count, and val_neg_get_mem().
Referenced by fptr_whitelist_mod_get_mem().
| int val_env_parse_key_iter | ( | char * | val_nsec3_key_iterations, |
| size_t ** | keysize, | ||
| size_t ** | maxiter, | ||
| int * | keyiter_count | ||
| ) |
Parse the val_nsec3_key_iterations string.
| val_nsec3_key_iterations | the string with nsec3 iterations config. |
| keysize | returns malloced key size array on success. |
| maxiter | returns malloced max iterations array on success. |
| keyiter_count | returns size of keysize and maxiter arrays. |
References cfg_count_numbers(), fill_nsec3_iter(), and log_err().
Referenced by fr_construct_from_config(), and val_apply_cfg().
| void val_env_apply_cfg | ( | struct val_env * | val_env, |
| struct config_file * | cfg, | ||
| size_t * | keysize, | ||
| size_t * | maxiter, | ||
| int | keyiter_count | ||
| ) |
Apply config to validator env.
| val_env | validator env. |
| cfg | config |
| keysize | nsec3 key size array. |
| maxiter | nsec3 max iterations array. |
| keyiter_count | size of keysize and maxiter arrays. |
References config_file::bogus_ttl, val_env::bogus_ttl, val_env::date_override, val_env::max_restart, val_env::nsec3_keyiter_count, val_env::nsec3_keysize, val_env::nsec3_maxiter, val_env::skew_max, val_env::skew_min, config_file::val_date_override, config_file::val_max_restart, config_file::val_sig_skew_max, and config_file::val_sig_skew_min.
Referenced by fr_adjust_val_env(), and val_apply_cfg().