unbound 0.1
|
This file contains helper functions for the validator module. More...
Data Structures | |
struct | val_neg_cache |
The negative cache. More... | |
struct | val_neg_zone |
Per Zone aggressive negative caching data. More... | |
struct | val_neg_data |
Data element for aggressive negative caching. More... | |
Functions | |
struct val_neg_cache * | val_neg_create (struct config_file *cfg, size_t maxiter) |
Create negative cache. | |
size_t | val_neg_get_mem (struct val_neg_cache *neg) |
see how much memory is in use by the negative cache. | |
void | neg_cache_delete (struct val_neg_cache *neg) |
Destroy negative cache. | |
int | val_neg_data_compare (const void *a, const void *b) |
Comparison function for rbtree val neg data elements. | |
int | val_neg_zone_compare (const void *a, const void *b) |
Comparison function for rbtree val neg zone elements. | |
void | val_neg_addreply (struct val_neg_cache *neg, struct reply_info *rep) |
Insert NSECs from this message into the negative cache for reference. | |
void | val_neg_addreferral (struct val_neg_cache *neg, struct reply_info *rep, uint8_t *zone) |
Insert NSECs from this referral into the negative cache for reference. | |
int | val_neg_dlvlookup (struct val_neg_cache *neg, uint8_t *qname, size_t len, uint16_t qclass, struct rrset_cache *rrset_cache, uint32_t now) |
Perform a DLV style lookup During the lookup, we could find out that data has expired. | |
struct dns_msg * | val_neg_getmsg (struct val_neg_cache *neg, struct query_info *qinfo, struct regional *region, struct rrset_cache *rrset_cache, ldns_buffer *buf, uint32_t now, int addsoa, uint8_t *topname) |
For the given query, try to get a reply out of the negative cache. | |
void | neg_insert_data (struct val_neg_cache *neg, struct val_neg_zone *zone, struct ub_packed_rrset_key *nsec) |
Insert data into the data tree of a zone Does not do locking. | |
void | neg_delete_data (struct val_neg_cache *neg, struct val_neg_data *el) |
Delete a data element from the negative cache. | |
struct val_neg_zone * | neg_find_zone (struct val_neg_cache *neg, uint8_t *nm, size_t len, uint16_t dclass) |
Find the given zone, from the SOA owner name and class Does not do locking. | |
struct val_neg_zone * | neg_create_zone (struct val_neg_cache *neg, uint8_t *nm, size_t nm_len, uint16_t dclass) |
Create a new zone. | |
void | val_neg_zone_take_inuse (struct val_neg_zone *zone) |
take a zone into use. |
This file contains helper functions for the validator module.
The functions help with aggressive negative caching. This creates new denials of existance, and proofs for absence of types from cached NSEC records.
struct val_neg_cache* val_neg_create | ( | struct config_file * | cfg, |
size_t | maxiter | ||
) | [read] |
Create negative cache.
cfg,: | config options. |
maxiter,: | max nsec3 iterations allowed. |
References val_neg_cache::lock, log_err(), val_neg_cache::max, config_file::neg_cache_size, val_neg_cache::nsec3_max_iter, rbtree_init(), val_neg_cache::tree, and val_neg_zone_compare().
Referenced by neg_test(), and val_apply_cfg().
size_t val_neg_get_mem | ( | struct val_neg_cache * | neg | ) |
see how much memory is in use by the negative cache.
neg,: | negative cache |
References val_neg_cache::lock, and val_neg_cache::use.
Referenced by val_get_mem().
void neg_cache_delete | ( | struct val_neg_cache * | neg | ) |
Destroy negative cache.
There must no longer be any other threads.
neg,: | negative cache. |
References val_neg_cache::lock, neg_clear_zones(), traverse_postorder(), and val_neg_cache::tree.
Referenced by neg_test(), and val_deinit().
void val_neg_addreply | ( | struct val_neg_cache * | neg, |
struct reply_info * | rep | ||
) |
Insert NSECs from this message into the negative cache for reference.
neg,: | negative cache |
rep,: | reply with NSECs. Errors are ignored, means that storage is omitted. |
References reply_info::an_numrrsets, calc_data_need(), calc_zone_need(), rbtree_t::count, packed_rrset_key::dname, packed_rrset_key::dname_len, dname_subdomain_c(), val_neg_cache::lock, log_err(), log_nametypeclass(), val_neg_zone::name, neg_create_zone(), neg_delete_zone(), neg_find_zone(), neg_insert_data(), neg_make_space(), reply_info::ns_numrrsets, reply_find_soa(), reply_has_nsec(), ub_packed_rrset_key::rk, packed_rrset_key::rrset_class, reply_info::rrsets, val_neg_zone::tree, packed_rrset_key::type, val_neg_zone_take_inuse(), and VERB_ALGO.
Referenced by process_dlv_response().
void val_neg_addreferral | ( | struct val_neg_cache * | neg, |
struct reply_info * | rep, | ||
uint8_t * | zone | ||
) |
Insert NSECs from this referral into the negative cache for reference.
neg,: | negative cache |
rep,: | referral reply with NS, NSECs. |
zone,: | bailiwick for the referral. Errors are ignored, means that storage is omitted. |
References reply_info::an_numrrsets, calc_data_need(), calc_zone_need(), rbtree_t::count, packed_rrset_key::dname, dname_subdomain_c(), val_neg_cache::lock, log_err(), log_nametypeclass(), val_neg_zone::name, neg_create_zone(), neg_delete_zone(), neg_find_zone(), neg_insert_data(), neg_make_space(), reply_info::ns_numrrsets, reply_nsec_signer(), ub_packed_rrset_key::rk, reply_info::rrsets, val_neg_zone::tree, packed_rrset_key::type, val_neg_zone_take_inuse(), and VERB_ALGO.
Referenced by processQueryResponse().
int val_neg_dlvlookup | ( | struct val_neg_cache * | neg, |
uint8_t * | qname, | ||
size_t | len, | ||
uint16_t | qclass, | ||
struct rrset_cache * | rrset_cache, | ||
uint32_t | now | ||
) |
Perform a DLV style lookup During the lookup, we could find out that data has expired.
In that case the neg_cache entries are removed, and lookup fails.
neg,: | negative cache. |
qname,: | name to look for |
len,: | length of qname. |
qclass,: | class to look in. |
rrset_cache,: | the rrset cache, for NSEC lookups. |
now,: | current time for ttl checks. |
References lruhash_entry::data, val_neg_zone::dclass, dname_count_labels(), ub_packed_rrset_key::entry, val_neg_data::in_use, val_neg_zone::in_use, val_neg_data::labs, val_neg_data::len, lruhash_entry::lock, val_neg_cache::lock, log_nametypeclass(), val_neg_data::name, val_neg_zone::name, neg_closest_data(), neg_closest_zone_parent(), neg_delete_data(), neg_lru_touch(), val_neg_zone::nsec3_hash, nsec_proves_nodata(), PACKED_RRSET_NSEC_AT_APEX, val_neg_data::parent, val_neg_zone::parent, query_info::qclass, query_info::qname, query_info::qtype, query_dname_compare(), rrset_cache_lookup(), sec_status_secure, packed_rrset_data::security, packed_rrset_data::ttl, val_nsec_proves_name_error(), VERB_ALGO, and verbose().
Referenced by processDLVLookup(), and val_dlv_init().
struct dns_msg* val_neg_getmsg | ( | struct val_neg_cache * | neg, |
struct query_info * | qinfo, | ||
struct regional * | region, | ||
struct rrset_cache * | rrset_cache, | ||
ldns_buffer * | buf, | ||
uint32_t | now, | ||
int | addsoa, | ||
uint8_t * | topname | ||
) | [read] |
For the given query, try to get a reply out of the negative cache.
The reply still needs to be validated.
neg,: | negative cache. |
qinfo,: | query |
region,: | where to allocate reply. |
rrset_cache,: | rrset cache. |
buf,: | temporary buffer. |
now,: | to check TTLs against. |
addsoa,: | if true, produce result for external consumption. if false, do not add SOA - for unbound-internal consumption. |
topname,: | do not look higher than this name, so that the result cannot be taken from a zone above the current trust anchor. Which could happen with multiple islands of trust. if NULL, then no trust anchor is used, but also the algorithm becomes more conservative, especially for opt-out zones, since the receiver may have a trust-anchor below the optout and thus the optout cannot be used to create a proof from the negative cache. |
References add_soa(), dname_count_labels(), dname_remove_label(), dname_subdomain_c(), dns_msg_authadd(), dns_msg_create(), grab_nsec(), val_neg_zone::in_use, val_neg_cache::lock, log_assert, val_neg_zone::name, neg_closest_zone_parent(), neg_nsec3_proof_ds(), val_neg_zone::parent, query_info::qclass, query_info::qname, query_info::qname_len, and query_info::qtype.
Referenced by processInitRequest(), and val_find_DS().
void neg_insert_data | ( | struct val_neg_cache * | neg, |
struct val_neg_zone * | zone, | ||
struct ub_packed_rrset_key * | nsec | ||
) |
Insert data into the data tree of a zone Does not do locking.
neg,: | negative cache |
zone,: | zone to insert into |
nsec,: | record to insert. |
References val_neg_data::count, lruhash_entry::data, packed_rrset_key::dname, dname_count_labels(), packed_rrset_key::dname_len, ub_packed_rrset_key::entry, val_neg_data::in_use, val_neg_data::labs, log_assert, log_err(), log_nametypeclass(), memdup(), val_neg_data::name, neg_closest_data_parent(), neg_data_chain(), neg_lru_front(), neg_lru_touch(), val_neg_data::node, nsec3_get_params(), val_neg_zone::nsec3_hash, val_neg_zone::nsec3_iter, val_neg_zone::nsec3_salt, val_neg_zone::nsec3_saltlen, val_neg_data::parent, query_dname_compare(), rbtree_insert(), ub_packed_rrset_key::rk, packed_rrset_key::rrset_class, packed_rrset_data::rrsig_count, sec_status_secure, sec_status_unchecked, packed_rrset_data::security, val_neg_zone::tree, packed_rrset_key::type, val_neg_cache::use, VERB_ALGO, wipeout(), and val_neg_data::zone.
Referenced by add_item(), val_neg_addreferral(), and val_neg_addreply().
void neg_delete_data | ( | struct val_neg_cache * | neg, |
struct val_neg_data * | el | ||
) |
Delete a data element from the negative cache.
May delete other data elements to keep tree coherent, or only mark the element as 'not in use'. Does not do locking.
neg,: | negative cache. |
el,: | data element to delete. |
References rbtree_t::count, val_neg_data::count, val_neg_data::in_use, val_neg_data::len, log_assert, val_neg_data::name, neg_delete_zone(), neg_lru_remove(), val_neg_data::node, val_neg_data::parent, rbtree_delete(), val_neg_zone::tree, val_neg_cache::use, and val_neg_data::zone.
Referenced by neg_make_space(), remove_item(), val_neg_dlvlookup(), and wipeout().
struct val_neg_zone* neg_find_zone | ( | struct val_neg_cache * | neg, |
uint8_t * | nm, | ||
size_t | len, | ||
uint16_t | dclass | ||
) | [read] |
Find the given zone, from the SOA owner name and class Does not do locking.
neg,: | negative cache |
nm,: | what to look for. |
len,: | length of nm |
dclass,: | class to look for. |
References val_neg_zone::dclass, dname_count_labels(), rbnode_t::key, val_neg_zone::labs, val_neg_zone::len, val_neg_zone::name, val_neg_zone::node, rbtree_search(), and val_neg_cache::tree.
Referenced by add_item(), val_neg_addreferral(), and val_neg_addreply().
struct val_neg_zone* neg_create_zone | ( | struct val_neg_cache * | neg, |
uint8_t * | nm, | ||
size_t | nm_len, | ||
uint16_t | dclass | ||
) | [read] |
Create a new zone.
Does not do locking.
neg,: | negative cache |
nm,: | what to look for. |
nm_len,: | length of name. |
dclass,: | class of zone, host order. |
References val_neg_zone::count, dname_count_labels(), val_neg_zone::labs, log_assert, val_neg_zone::name, neg_closest_zone_parent(), neg_zone_chain(), val_neg_zone::node, val_neg_zone::parent, query_dname_compare(), rbtree_insert(), val_neg_cache::tree, and val_neg_cache::use.
Referenced by add_item(), val_neg_addreferral(), and val_neg_addreply().
void val_neg_zone_take_inuse | ( | struct val_neg_zone * | zone | ) |
take a zone into use.
increases counts of parents. Does not do locking.
zone,: | zone to take into use. |
References val_neg_zone::count, val_neg_zone::in_use, and val_neg_zone::parent.
Referenced by add_item(), val_neg_addreferral(), and val_neg_addreply().