validator.h

Go to the documentation of this file.

/*
 * validator/validator.h - secure validator DNS query response module
 *
 * Copyright (c) 2007, NLnet Labs. All rights reserved.
 *
 * This software is open source.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 
 * Redistributions of source code must retain the above copyright notice,
 * this list of conditions and the following disclaimer.
 * 
 * Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation
 * and/or other materials provided with the distribution.
 * 
 * Neither the name of the NLNET LABS nor the names of its contributors may
 * be used to endorse or promote products derived from this software without
 * specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

 
#ifndef VALIDATOR_VALIDATOR_H
#define VALIDATOR_VALIDATOR_H
#include "util/module.h"
#include "util/data/msgreply.h"
#include "validator/val_utils.h"
struct val_anchors;
struct key_cache;
struct key_entry_key;
struct val_neg_cache;
struct config_strlist;

#define NULL_KEY_TTL    60 /* seconds */

#define BOGUS_KEY_TTL   60 /* seconds */

#define VAL_MAX_RESTART_COUNT 5

#define SENTINEL_IS     "root-key-sentinel-is-ta-"
#define SENTINEL_NOT        "root-key-sentinel-not-ta-"
#define SENTINEL_KEYTAG_LEN 5

struct val_env {
    struct key_cache* kcache;

    struct val_neg_cache* neg_cache;

    int32_t date_override;

    int32_t skew_min;

    int32_t skew_max;

    uint32_t bogus_ttl;

    int nsec3_keyiter_count;

    size_t* nsec3_keysize;

    size_t* nsec3_maxiter;

    lock_basic_type bogus_lock;
    size_t num_rrset_bogus;
};

enum val_state {
    VAL_INIT_STATE = 0,
    VAL_FINDKEY_STATE,
    VAL_VALIDATE_STATE,
    VAL_FINISHED_STATE,
    VAL_DLVLOOKUP_STATE
};

struct val_qstate {
    enum val_state state;

    struct dns_msg* orig_msg;

    int restart_count;
    struct sock_list* chain_blacklist;

    struct query_info qchase;

    struct reply_info* chase_reply;

    size_t rrset_skip;

    uint8_t* trust_anchor_name;
    int trust_anchor_labs;
    size_t trust_anchor_len;

    struct ub_packed_rrset_key* ds_rrset;

    uint8_t* empty_DS_name;
    size_t empty_DS_len;

    struct key_entry_key* key_entry;

    enum val_classification subtype;

    uint8_t* signer_name;
    size_t signer_len;

    int wait_prime_ta;

    int dlv_checked;
    uint8_t* dlv_lookup_name;
    size_t dlv_lookup_name_len;
    uint8_t* dlv_insecure_at;
    size_t dlv_insecure_at_len;
    enum dlv_status {
        dlv_error, /* server failure */
        dlv_success, /* got a DLV */
        dlv_ask_higher, /* ask again */
        dlv_there_is_no_dlv /* got no DLV, sure of it */
    } dlv_status;
};

struct module_func_block* val_get_funcblock(void);

const char* val_state_to_string(enum val_state state);

int val_init(struct module_env* env, int id);

void val_deinit(struct module_env* env, int id);

void val_operate(struct module_qstate* qstate, enum module_ev event, int id,
        struct outbound_entry* outbound);

void val_inform_super(struct module_qstate* qstate, int id,
    struct module_qstate* super);

void val_clear(struct module_qstate* qstate, int id);

size_t val_get_mem(struct module_env* env, int id);
 
#endif /* VALIDATOR_VALIDATOR_H */