validator.h File Reference

This file contains a module that performs validation of DNS queries. More...

Data Structures

struct  val_env
 Global state for the validator. More...
 
struct  val_qstate
 Per query state for the validator module. More...
 

Macros

#define NULL_KEY_TTL   60 /* seconds */
 This is the TTL to use when a trust anchor fails to prime.
 
#define BOGUS_KEY_TTL   60 /* seconds */
 TTL for bogus key entries.
 
#define SENTINEL_IS   "root-key-sentinel-is-ta-"
 Root key sentinel is ta preamble.
 
#define SENTINEL_NOT   "root-key-sentinel-not-ta-"
 Root key sentinel is not ta preamble.
 
#define SENTINEL_KEYTAG_LEN   5
 Root key sentinel keytag length.
 

Enumerations

enum  val_state { VAL_INIT_STATE = 0 , VAL_FINDKEY_STATE , VAL_VALIDATE_STATE , VAL_FINISHED_STATE }
 State of the validator for a query. More...
 

Functions

struct module_func_blockval_get_funcblock (void)
 Get the validator function block.
 
const char * val_state_to_string (enum val_state state)
 Get validator state as a string.
 
int val_init (struct module_env *env, int id)
 validator init
 
void val_deinit (struct module_env *env, int id)
 validator deinit
 
void val_operate (struct module_qstate *qstate, enum module_ev event, int id, struct outbound_entry *outbound)
 validator operate on a query
 
void val_inform_super (struct module_qstate *qstate, int id, struct module_qstate *super)
 inform validator super.
 
void val_clear (struct module_qstate *qstate, int id)
 validator cleanup query state
 
size_t val_get_mem (struct module_env *env, int id)
 Debug helper routine that assists worker in determining memory in use.
 
void validate_suspend_timer_cb (void *arg)
 Timer callback for msg signatures continue timer.
 
int val_env_parse_key_iter (char *val_nsec3_key_iterations, size_t **keysize, size_t **maxiter, int *keyiter_count)
 Parse the val_nsec3_key_iterations string.
 
void val_env_apply_cfg (struct val_env *val_env, struct config_file *cfg, size_t *keysize, size_t *maxiter, int keyiter_count)
 Apply config to validator env.
 

Detailed Description

This file contains a module that performs validation of DNS queries.

According to RFC 4034.

Macro Definition Documentation

◆ NULL_KEY_TTL

#define NULL_KEY_TTL   60 /* seconds */

This is the TTL to use when a trust anchor fails to prime.

A trust anchor will be primed no more often than this interval. Used when harden- dnssec-stripped is off and the trust anchor fails.

◆ BOGUS_KEY_TTL

#define BOGUS_KEY_TTL   60 /* seconds */

TTL for bogus key entries.

When a DS or DNSKEY fails in the chain of trust the entire zone for that name is blacked out for this TTL.

Enumeration Type Documentation

◆ val_state

enum val_state

State of the validator for a query.

Enumerator
VAL_INIT_STATE 

initial state for validation

VAL_FINDKEY_STATE 

find the proper keys for validation, follow trust chain

VAL_VALIDATE_STATE 

validate the answer, using found key entry

VAL_FINISHED_STATE 

finish up

Function Documentation

◆ val_get_funcblock()

struct module_func_block * val_get_funcblock ( void  )

Get the validator function block.

Returns
: function block with function pointers to validator methods.

References val_block.

Referenced by checkconf(), and module_funcs_avail().

◆ val_state_to_string()

const char * val_state_to_string ( enum val_state  state)

Get validator state as a string.

Parameters
stateto convert
Returns
constant string that is printable.

References VAL_FINDKEY_STATE, VAL_FINISHED_STATE, VAL_INIT_STATE, and VAL_VALIDATE_STATE.

Referenced by val_handle().

◆ val_inform_super()

◆ val_get_mem()

size_t val_get_mem ( struct module_env env,
int  id 
)

Debug helper routine that assists worker in determining memory in use.

Parameters
envmodule environment
idmodule id.
Returns
memory in use in bytes.

References val_env::kcache, key_cache_get_mem(), module_env::modinfo, val_env::neg_cache, val_env::nsec3_keyiter_count, and val_neg_get_mem().

Referenced by fptr_whitelist_mod_get_mem().

◆ val_env_parse_key_iter()

int val_env_parse_key_iter ( char *  val_nsec3_key_iterations,
size_t **  keysize,
size_t **  maxiter,
int *  keyiter_count 
)

Parse the val_nsec3_key_iterations string.

Parameters
val_nsec3_key_iterationsthe string with nsec3 iterations config.
keysizereturns malloced key size array on success.
maxiterreturns malloced max iterations array on success.
keyiter_countreturns size of keysize and maxiter arrays.
Returns
false if it does not parse correctly.

References cfg_count_numbers(), fill_nsec3_iter(), and log_err().

Referenced by fr_construct_from_config(), and val_apply_cfg().

◆ val_env_apply_cfg()

void val_env_apply_cfg ( struct val_env val_env,
struct config_file cfg,
size_t *  keysize,
size_t *  maxiter,
int  keyiter_count 
)

Apply config to validator env.

Parameters
val_envvalidator env.
cfgconfig
keysizensec3 key size array.
maxiternsec3 max iterations array.
keyiter_countsize of keysize and maxiter arrays.

References config_file::bogus_ttl, val_env::bogus_ttl, val_env::date_override, val_env::max_restart, val_env::nsec3_keyiter_count, val_env::nsec3_keysize, val_env::nsec3_maxiter, val_env::skew_max, val_env::skew_min, config_file::val_date_override, config_file::val_max_restart, config_file::val_sig_skew_max, and config_file::val_sig_skew_min.

Referenced by fr_adjust_val_env(), and val_apply_cfg().