unbound
0.1
|
Global state for the validator. More...
#include <validator.h>
Data Fields | |
struct key_cache * | kcache |
key cache; these are validated keys. | |
struct val_neg_cache * | neg_cache |
aggressive negative cache. | |
int32_t | date_override |
for debug testing a fixed validation date can be entered. | |
int32_t | skew_min |
clock skew min for signatures | |
int32_t | skew_max |
clock skew max for signatures | |
uint32_t | bogus_ttl |
TTL for bogus data; used instead of untrusted TTL from data. | |
int | clean_additional |
If set, the validator should clean the additional section of secure messages. | |
int | permissive_mode |
If set, the validator will not make messages bogus, instead indeterminate is issued, so that no clients receive SERVFAIL. | |
int | nsec3_keyiter_count |
Number of entries in the NSEC3 maximum iteration count table. | |
size_t * | nsec3_keysize |
NSEC3 maximum iteration count per signing key size. | |
size_t * | nsec3_maxiter |
NSEC3 maximum iteration count per signing key size. | |
lock_basic_t | bogus_lock |
lock on bogus counter | |
size_t | num_rrset_bogus |
number of times rrsets marked bogus |
Global state for the validator.
struct key_cache* val_env::kcache |
key cache; these are validated keys.
trusted keys only end up here after being primed.
Referenced by process_dnskey_response(), process_prime_response(), processInit(), processValidate(), val_apply_cfg(), val_deinit(), and val_get_mem().
struct val_neg_cache* val_env::neg_cache |
aggressive negative cache.
index into NSECs in rrset cache.
Referenced by process_dlv_response(), processDLVLookup(), val_apply_cfg(), val_deinit(), val_dlv_init(), and val_get_mem().
int32_t val_env::date_override |
for debug testing a fixed validation date can be entered.
if 0, current time is used for rrsig validation
Referenced by adjust_ttl(), check_dates(), val_apply_cfg(), and verifytest_file().
uint32_t val_env::bogus_ttl |
TTL for bogus data; used instead of untrusted TTL from data.
Bogus data will not be verified more often than this interval. seconds.
Referenced by processFinished(), val_apply_cfg(), and val_verify_rrset().
If set, the validator will not make messages bogus, instead indeterminate is issued, so that no clients receive SERVFAIL.
This allows an operator to run validation 'shadow' without hurting responses to clients.
Referenced by processFinished(), val_apply_cfg(), and val_init().
Number of entries in the NSEC3 maximum iteration count table.
Keep this table short, and sorted by size
Referenced by get_max_iter(), val_apply_cfg(), and val_get_mem().
size_t* val_env::nsec3_keysize |
NSEC3 maximum iteration count per signing key size.
This array contains key size values (in increasing order)
Referenced by fill_nsec3_iter(), and val_deinit().
size_t* val_env::nsec3_maxiter |
NSEC3 maximum iteration count per signing key size.
This array contains the maximum iteration count for the keysize in the keysize array.
Referenced by fill_nsec3_iter(), get_max_iter(), val_apply_cfg(), and val_deinit().