Maintained by: NLnet Labs
Data Fields
val_env Struct Reference

Global state for the validator. More...

#include <validator.h>

Data Fields

struct key_cachekcache
 key cache; these are validated keys. More...
 
struct val_neg_cacheneg_cache
 aggressive negative cache. More...
 
int32_t date_override
 for debug testing a fixed validation date can be entered. More...
 
int32_t skew_min
 clock skew min for signatures
 
int32_t skew_max
 clock skew max for signatures
 
uint32_t bogus_ttl
 TTL for bogus data; used instead of untrusted TTL from data. More...
 
int clean_additional
 If set, the validator should clean the additional section of secure messages.
 
int permissive_mode
 If set, the validator will not make messages bogus, instead indeterminate is issued, so that no clients receive SERVFAIL. More...
 
int nsec3_keyiter_count
 Number of entries in the NSEC3 maximum iteration count table. More...
 
size_t * nsec3_keysize
 NSEC3 maximum iteration count per signing key size. More...
 
size_t * nsec3_maxiter
 NSEC3 maximum iteration count per signing key size. More...
 
lock_basic_t bogus_lock
 lock on bogus counter
 
size_t num_rrset_bogus
 number of times rrsets marked bogus
 

Detailed Description

Global state for the validator.

Field Documentation

struct key_cache* val_env::kcache

key cache; these are validated keys.

trusted keys only end up here after being primed.

Referenced by process_dnskey_response(), process_prime_response(), processInit(), processValidate(), val_apply_cfg(), val_deinit(), and val_get_mem().

struct val_neg_cache* val_env::neg_cache

aggressive negative cache.

index into NSECs in rrset cache.

Referenced by process_dlv_response(), processDLVLookup(), val_apply_cfg(), val_deinit(), val_dlv_init(), and val_get_mem().

int32_t val_env::date_override

for debug testing a fixed validation date can be entered.

if 0, current time is used for rrsig validation

Referenced by adjust_ttl(), check_dates(), val_apply_cfg(), and verifytest_file().

uint32_t val_env::bogus_ttl

TTL for bogus data; used instead of untrusted TTL from data.

Bogus data will not be verified more often than this interval. seconds.

Referenced by processFinished(), val_apply_cfg(), and val_verify_rrset().

int val_env::permissive_mode

If set, the validator will not make messages bogus, instead indeterminate is issued, so that no clients receive SERVFAIL.

This allows an operator to run validation 'shadow' without hurting responses to clients.

Referenced by processFinished(), val_apply_cfg(), and val_init().

int val_env::nsec3_keyiter_count

Number of entries in the NSEC3 maximum iteration count table.

Keep this table short, and sorted by size

Referenced by get_max_iter(), val_apply_cfg(), and val_get_mem().

size_t* val_env::nsec3_keysize

NSEC3 maximum iteration count per signing key size.

This array contains key size values (in increasing order)

Referenced by fill_nsec3_iter(), and val_deinit().

size_t* val_env::nsec3_maxiter

NSEC3 maximum iteration count per signing key size.

This array contains the maximum iteration count for the keysize in the keysize array.

Referenced by fill_nsec3_iter(), get_max_iter(), val_apply_cfg(), and val_deinit().


The documentation for this struct was generated from the following file: