This file contains a module that performs validation of DNS queries. More...
#include "util/module.h"
#include "util/data/msgreply.h"
#include "validator/val_utils.h"
#include "validator/val_nsec3.h"
Data Structures | |
struct | val_env |
Global state for the validator. More... | |
struct | val_qstate |
Per query state for the validator module. More... | |
Macros | |
#define | NULL_KEY_TTL 60 /* seconds */ |
This is the TTL to use when a trust anchor fails to prime. | |
#define | BOGUS_KEY_TTL 60 /* seconds */ |
TTL for bogus key entries. | |
#define | SENTINEL_IS "root-key-sentinel-is-ta-" |
Root key sentinel is ta preamble. | |
#define | SENTINEL_NOT "root-key-sentinel-not-ta-" |
Root key sentinel is not ta preamble. | |
#define | SENTINEL_KEYTAG_LEN 5 |
Root key sentinel keytag length. | |
Enumerations | |
enum | val_state { VAL_INIT_STATE = 0 , VAL_FINDKEY_STATE , VAL_VALIDATE_STATE , VAL_FINISHED_STATE } |
State of the validator for a query. More... | |
Functions | |
struct module_func_block * | val_get_funcblock (void) |
Get the validator function block. | |
const char * | val_state_to_string (enum val_state state) |
Get validator state as a string. | |
int | val_init (struct module_env *env, int id) |
validator init | |
void | val_deinit (struct module_env *env, int id) |
validator deinit | |
void | val_operate (struct module_qstate *qstate, enum module_ev event, int id, struct outbound_entry *outbound) |
validator operate on a query | |
void | val_inform_super (struct module_qstate *qstate, int id, struct module_qstate *super) |
inform validator super. | |
void | val_clear (struct module_qstate *qstate, int id) |
validator cleanup query state | |
size_t | val_get_mem (struct module_env *env, int id) |
Debug helper routine that assists worker in determining memory in use. | |
void | validate_suspend_timer_cb (void *arg) |
Timer callback for msg signatures continue timer. | |
int | val_env_parse_key_iter (char *val_nsec3_key_iterations, size_t **keysize, size_t **maxiter, int *keyiter_count) |
Parse the val_nsec3_key_iterations string. | |
void | val_env_apply_cfg (struct val_env *val_env, struct config_file *cfg, size_t *keysize, size_t *maxiter, int keyiter_count) |
Apply config to validator env. | |
This file contains a module that performs validation of DNS queries.
According to RFC 4034.
#define NULL_KEY_TTL 60 /* seconds */ |
This is the TTL to use when a trust anchor fails to prime.
A trust anchor will be primed no more often than this interval. Used when harden- dnssec-stripped is off and the trust anchor fails.
#define BOGUS_KEY_TTL 60 /* seconds */ |
TTL for bogus key entries.
When a DS or DNSKEY fails in the chain of trust the entire zone for that name is blacked out for this TTL.
enum val_state |
struct module_func_block * val_get_funcblock | ( | void | ) |
Get the validator function block.
References val_block.
Referenced by checkconf(), and module_funcs_avail().
const char * val_state_to_string | ( | enum val_state | state | ) |
Get validator state as a string.
state | to convert |
References VAL_FINDKEY_STATE, VAL_FINISHED_STATE, VAL_INIT_STATE, and VAL_VALIDATE_STATE.
Referenced by val_handle().
void val_inform_super | ( | struct module_qstate * | qstate, |
int | id, | ||
struct module_qstate * | super | ||
) |
inform validator super.
qstate | query state that finished. |
id | module id. |
super | the qstate to inform. |
References dns_msg_deepcopy_region(), LDNS_RR_TYPE_DS, log_err(), log_query_info(), module_qstate::minfo, val_qstate::nsec3_cache_table, process_dnskey_response(), process_ds_response(), process_prime_response(), module_qstate::qinfo, query_info::qtype, module_qstate::region, module_qstate::reply_origin, module_qstate::return_msg, module_qstate::return_rcode, val_qstate::sub_ds_msg, VERB_ALGO, verbose(), and val_qstate::wait_prime_ta.
Referenced by fptr_whitelist_mod_inform_super().
size_t val_get_mem | ( | struct module_env * | env, |
int | id | ||
) |
Debug helper routine that assists worker in determining memory in use.
env | module environment |
id | module id. |
References val_env::kcache, key_cache_get_mem(), module_env::modinfo, val_env::neg_cache, val_env::nsec3_keyiter_count, and val_neg_get_mem().
Referenced by fptr_whitelist_mod_get_mem().
int val_env_parse_key_iter | ( | char * | val_nsec3_key_iterations, |
size_t ** | keysize, | ||
size_t ** | maxiter, | ||
int * | keyiter_count | ||
) |
Parse the val_nsec3_key_iterations string.
val_nsec3_key_iterations | the string with nsec3 iterations config. |
keysize | returns malloced key size array on success. |
maxiter | returns malloced max iterations array on success. |
keyiter_count | returns size of keysize and maxiter arrays. |
References cfg_count_numbers(), fill_nsec3_iter(), and log_err().
Referenced by fr_construct_from_config(), and val_apply_cfg().
void val_env_apply_cfg | ( | struct val_env * | val_env, |
struct config_file * | cfg, | ||
size_t * | keysize, | ||
size_t * | maxiter, | ||
int | keyiter_count | ||
) |
Apply config to validator env.
val_env | validator env. |
cfg | config |
keysize | nsec3 key size array. |
maxiter | nsec3 max iterations array. |
keyiter_count | size of keysize and maxiter arrays. |
References config_file::bogus_ttl, val_env::bogus_ttl, val_env::date_override, val_env::max_restart, val_env::nsec3_keyiter_count, val_env::nsec3_keysize, val_env::nsec3_maxiter, val_env::skew_max, val_env::skew_min, config_file::val_date_override, config_file::val_max_restart, config_file::val_sig_skew_max, and config_file::val_sig_skew_min.
Referenced by fr_adjust_val_env(), and val_apply_cfg().