#include <config.h>#include <isc/log.h>#include <isc/string.h>#include <isc/util.h>#include <dns/db.h>#include <dns/nsec.h>#include <dns/rdata.h>#include <dns/rdatalist.h>#include <dns/rdataset.h>#include <dns/rdatasetiter.h>#include <dns/rdatastruct.h>#include <dns/result.h>#include <dst/dst.h>Go to the source code of this file.
Defines | |
| #define | RETERR(x) |
Functions | |
| void | dns_nsec_setbit (unsigned char *array, unsigned int type, unsigned int bit) |
| Set type bit in raw 'array' to 'bit'. | |
| isc_boolean_t | dns_nsec_isset (const unsigned char *array, unsigned int type) |
| Test if the corresponding 'type' bit is set in 'array'. | |
| unsigned int | dns_nsec_compressbitmap (unsigned char *map, const unsigned char *raw, unsigned int max_type) |
| Convert a raw bitmap into a compressed windowed bit map. 'map' and 'raw' may overlap. | |
| isc_result_t | dns_nsec_buildrdata (dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, dns_name_t *target, unsigned char *buffer, dns_rdata_t *rdata) |
| Build the rdata of a NSEC record. | |
| isc_result_t | dns_nsec_build (dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, dns_name_t *target, dns_ttl_t ttl) |
| Build a NSEC record and add it to a database. | |
| isc_boolean_t | dns_nsec_typepresent (dns_rdata_t *nsec, dns_rdatatype_t type) |
| Determine if a type is marked as present in an NSEC record. | |
| isc_result_t | dns_nsec_nseconly (dns_db_t *db, dns_dbversion_t *version, isc_boolean_t *answer) |
| isc_result_t | dns_nsec_noexistnodata (dns_rdatatype_t type, dns_name_t *name, dns_name_t *nsecname, dns_rdataset_t *nsecset, isc_boolean_t *exists, isc_boolean_t *data, dns_name_t *wild, dns_nseclog_t logit, void *arg) |
| Return ISC_R_SUCCESS if we can determine that the name doesn't exist or we can determine whether there is data or not at the name. If the name does not exist return the wildcard name. | |
Definition in file nsec.c.
| #define RETERR | ( | x | ) |
Value:
do { \ result = (x); \ if (result != ISC_R_SUCCESS) \ goto failure; \ } while (0)
| void dns_nsec_setbit | ( | unsigned char * | array, | |
| unsigned int | type, | |||
| unsigned int | bit | |||
| ) |
Set type bit in raw 'array' to 'bit'.
Definition at line 46 of file nsec.c.
Referenced by dns_nsec3_buildrdata(), dns_nsec_buildrdata(), and verifynode().
| isc_boolean_t dns_nsec_isset | ( | const unsigned char * | array, | |
| unsigned int | type | |||
| ) |
Test if the corresponding 'type' bit is set in 'array'.
Definition at line 59 of file nsec.c.
References ISC_TF.
Referenced by dns_nsec3_buildrdata(), dns_nsec3_typepresent(), dns_nsec_buildrdata(), dns_nsec_typepresent(), and verifynsec3().
| unsigned int dns_nsec_compressbitmap | ( | unsigned char * | map, | |
| const unsigned char * | raw, | |||
| unsigned int | max_type | |||
| ) |
Convert a raw bitmap into a compressed windowed bit map. 'map' and 'raw' may overlap.
Returns the length of the compressed windowed bit map.
Definition at line 70 of file nsec.c.
References start.
Referenced by dns_nsec3_buildrdata(), dns_nsec_buildrdata(), and match_nsec3().
| isc_result_t dns_nsec_buildrdata | ( | dns_db_t * | db, | |
| dns_dbversion_t * | version, | |||
| dns_dbnode_t * | node, | |||
| dns_name_t * | target, | |||
| unsigned char * | buffer, | |||
| dns_rdata_t * | rdata | |||
| ) |
Build the rdata of a NSEC record.
Requires:
Definition at line 103 of file nsec.c.
References isc_region::base, dns_db_allrdatasets(), dns_db_class(), dns_name_toregion(), DNS_NSEC_BUFFERSIZE, dns_nsec_compressbitmap(), dns_nsec_isset(), dns_nsec_setbit(), dns_rdata_fromregion(), dns_rdataset_disassociate(), dns_rdataset_init(), dns_rdatasetiter_current(), dns_rdatasetiter_destroy(), dns_rdatasetiter_first(), dns_rdatasetiter_next(), dns_rdatatype_iszonecutauth(), INSIST, ISC_R_NOMORE, ISC_R_SUCCESS, isc_region::length, r, and dns_rdataset::type.
Referenced by add_nsec(), dns_nsec_build(), and verifynsec().
| isc_result_t dns_nsec_build | ( | dns_db_t * | db, | |
| dns_dbversion_t * | version, | |||
| dns_dbnode_t * | node, | |||
| dns_name_t * | target, | |||
| dns_ttl_t | ttl | |||
| ) |
Build a NSEC record and add it to a database.
Definition at line 178 of file nsec.c.
References dns_db_addrdataset(), dns_db_class(), DNS_NSEC_BUFFERSIZE, dns_nsec_buildrdata(), DNS_R_UNCHANGED, dns_rdata_init(), DNS_RDATA_INIT, dns_rdatalist_init(), dns_rdatalist_tordataset(), dns_rdataset_disassociate(), dns_rdataset_init(), dns_rdataset_isassociated(), ISC_LIST_APPEND, ISC_R_SUCCESS, dns_rdatalist::rdclass, RETERR, dns_rdatalist::ttl, and dns_rdatalist::type.
Referenced by nsecify().
| isc_boolean_t dns_nsec_typepresent | ( | dns_rdata_t * | nsec, | |
| dns_rdatatype_t | type | |||
| ) |
Determine if a type is marked as present in an NSEC record.
Requires:
Definition at line 210 of file nsec.c.
References dns_nsec_isset(), dns_rdata_freestruct(), dns_rdata_tostruct(), INSIST, ISC_FALSE, ISC_R_SUCCESS, ISC_TF, REQUIRE, and dns_rdata::type.
Referenced by dns_nsec_noexistnodata(), isdelegation(), validate_authority(), validate_ncache(), and view_find().
| isc_result_t dns_nsec_nseconly | ( | dns_db_t * | db, | |
| dns_dbversion_t * | version, | |||
| isc_boolean_t * | answer | |||
| ) |
Definition at line 245 of file nsec.c.
References dns_db_detachnode(), dns_db_findrdataset(), dns_db_getoriginnode(), DNS_RDATA_INIT, dns_rdata_tostruct(), dns_rdataset_current(), dns_rdataset_disassociate(), dns_rdataset_first(), dns_rdataset_init(), dns_rdataset_next(), DST_ALG_DSA, DST_ALG_ECC, DST_ALG_RSAMD5, DST_ALG_RSASHA1, ISC_FALSE, ISC_R_NOMORE, ISC_R_NOTFOUND, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, and RUNTIME_CHECK.
Referenced by add_nsec3param_records(), check_dnssec(), dnskey_sane(), fixup_nsec3param(), main(), resume_addnsec3chain(), and zone_addnsec3chain().
| isc_result_t dns_nsec_noexistnodata | ( | dns_rdatatype_t | type, | |
| dns_name_t * | name, | |||
| dns_name_t * | nsecname, | |||
| dns_rdataset_t * | nsecset, | |||
| isc_boolean_t * | exists, | |||
| isc_boolean_t * | data, | |||
| dns_name_t * | wild, | |||
| dns_nseclog_t | logit, | |||
| void * | arg | |||
| ) |
Return ISC_R_SUCCESS if we can determine that the name doesn't exist or we can determine whether there is data or not at the name. If the name does not exist return the wildcard name.
Return ISC_R_IGNORE when the NSEC is not the appropriate one.
Definition at line 302 of file nsec.c.
References dns_name_concatenate(), dns_name_countlabels(), dns_name_fullcompare(), dns_name_getlabelsequence(), dns_name_init(), dns_name_issubdomain(), dns_namereln_subdomain, dns_nsec_typepresent(), dns_rdata_freestruct(), DNS_RDATA_INIT, dns_rdata_tostruct(), dns_rdataset_current(), dns_rdataset_first(), dns_rdatatype_atparent(), dns_wildcardname, ISC_FALSE, ISC_LOG_DEBUG, ISC_R_IGNORE, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, and dns_rdataset::type.
Referenced by authvalidated(), checkwildcard(), and findnoqname().