Data Structures | Macros | Enumerations | Functions
validator.h File Reference

This file contains a module that performs validation of DNS queries. More...

#include "util/module.h"
#include "util/data/msgreply.h"
#include "validator/val_utils.h"

Data Structures

struct  val_env
 Global state for the validator. More...
 
struct  val_qstate
 Per query state for the validator module. More...
 

Macros

#define NULL_KEY_TTL   60 /* seconds */
 This is the TTL to use when a trust anchor fails to prime. More...
 
#define BOGUS_KEY_TTL   60 /* seconds */
 TTL for bogus key entries. More...
 
#define VAL_MAX_RESTART_COUNT   5
 max number of query restarts, number of IPs to probe
 

Enumerations

enum  val_state {
  VAL_INIT_STATE = 0, VAL_FINDKEY_STATE, VAL_VALIDATE_STATE, VAL_FINISHED_STATE,
  VAL_DLVLOOKUP_STATE
}
 State of the validator for a query. More...
 

Functions

struct module_func_blockval_get_funcblock (void)
 Get the validator function block. More...
 
const char * val_state_to_string (enum val_state state)
 Get validator state as a string. More...
 
int val_init (struct module_env *env, int id)
 validator init
 
void val_deinit (struct module_env *env, int id)
 validator deinit
 
void val_operate (struct module_qstate *qstate, enum module_ev event, int id, struct outbound_entry *outbound)
 validator operate on a query
 
void val_inform_super (struct module_qstate *qstate, int id, struct module_qstate *super)
 inform validator super. More...
 
void val_clear (struct module_qstate *qstate, int id)
 validator cleanup query state
 
size_t val_get_mem (struct module_env *env, int id)
 Debug helper routine that assists worker in determining memory in use. More...
 

Detailed Description

This file contains a module that performs validation of DNS queries.

According to RFC 4034.

Macro Definition Documentation

#define NULL_KEY_TTL   60 /* seconds */

This is the TTL to use when a trust anchor fails to prime.

A trust anchor will be primed no more often than this interval. Used when harden- dnssec-stripped is off and the trust anchor fails.

Referenced by primeResponseToKE().

#define BOGUS_KEY_TTL   60 /* seconds */

TTL for bogus key entries.

When a DS or DNSKEY fails in the chain of trust the entire zone for that name is blacked out for this TTL.

Referenced by ds_response_to_ke(), primeResponseToKE(), process_dnskey_response(), val_verify_new_DNSKEYs(), and val_verify_new_DNSKEYs_with_ta().

Enumeration Type Documentation

enum val_state

State of the validator for a query.

Enumerator
VAL_INIT_STATE 

initial state for validation

VAL_FINDKEY_STATE 

find the proper keys for validation, follow trust chain

VAL_VALIDATE_STATE 

validate the answer, using found key entry

VAL_FINISHED_STATE 

finish up

VAL_DLVLOOKUP_STATE 

DLV lookup state, processing DLV queries.

Function Documentation

struct module_func_block* val_get_funcblock ( void  )

Get the validator function block.

Returns
: function block with function pointers to validator methods.

References val_block.

Referenced by checkconf(), and module_funcs_avail().

const char* val_state_to_string ( enum val_state  state)

Get validator state as a string.

Parameters
stateto convert
Returns
constant string that is printable.

References VAL_DLVLOOKUP_STATE, VAL_FINDKEY_STATE, VAL_FINISHED_STATE, VAL_INIT_STATE, and VAL_VALIDATE_STATE.

Referenced by val_handle().

void val_inform_super ( struct module_qstate qstate,
int  id,
struct module_qstate super 
)
size_t val_get_mem ( struct module_env env,
int  id 
)

Debug helper routine that assists worker in determining memory in use.

Parameters
envmodule environment
idmodule id.
Returns
memory in use in bytes.

References val_env::kcache, key_cache_get_mem(), module_env::modinfo, val_env::neg_cache, val_env::nsec3_keyiter_count, and val_neg_get_mem().

Referenced by fptr_whitelist_mod_get_mem().