nta.c File Reference

#include <config.h>
#include <isc/buffer.h>
#include <isc/log.h>
#include <isc/mem.h>
#include <isc/print.h>
#include <isc/rwlock.h>
#include <isc/string.h>
#include <isc/task.h>
#include <isc/time.h>
#include <isc/timer.h>
#include <isc/util.h>
#include <dns/db.h>
#include <dns/log.h>
#include <dns/nta.h>
#include <dns/fixedname.h>
#include <dns/name.h>
#include <dns/rbt.h>
#include <dns/rdataset.h>
#include <dns/resolver.h>
#include <dns/result.h>
#include <dns/time.h>

Go to the source code of this file.

Data Structures
struct	dns_nta
Defines
#define	NTA_MAGIC   ISC_MAGIC('N', 'T', 'A', 'n')
#define	VALID_NTA(nn)   ISC_MAGIC_VALID(nn, NTA_MAGIC)
Functions
static void	nta_ref (dns_nta_t *nta)
static void	nta_detach (isc_mem_t *mctx, dns_nta_t **ntap)
static void	free_nta (void *data, void *arg)
isc_result_t	dns_ntatable_create (dns_view_t *view, isc_taskmgr_t *taskmgr, isc_timermgr_t *timermgr, dns_ntatable_t **ntatablep)
	Create an NTA table in view 'view'.
void	dns_ntatable_attach (dns_ntatable_t *source, dns_ntatable_t **targetp)
	Attach *targetp to source.
void	dns_ntatable_detach (dns_ntatable_t **ntatablep)
	Detach *ntatablep from its ntatable.
static void	fetch_done (isc_task_t *task, isc_event_t *event)
static void	checkbogus (isc_task_t *task, isc_event_t *event)
static isc_result_t	settimer (dns_ntatable_t *ntatable, dns_nta_t *nta, isc_uint32_t lifetime)
static isc_result_t	nta_create (dns_ntatable_t *ntatable, dns_name_t *name, dns_nta_t **target)
isc_result_t	dns_ntatable_add (dns_ntatable_t *ntatable, dns_name_t *name, isc_boolean_t force, isc_stdtime_t now, isc_uint32_t lifetime)
	Add a negative trust anchor to 'ntatable' for name 'name', which will expire at time 'now' + 'lifetime'. If 'force' is ISC_FALSE, then the name will be checked periodically to see if it's bogus; if not, then the NTA will be allowed to expire early.
static isc_result_t	delete (dns_ntatable_t *ntatable, dns_name_t *name)
isc_result_t	dns_ntatable_delete (dns_ntatable_t *ntatable, dns_name_t *name)
	Delete node(s) from 'ntatable' matching name 'keyname'.
isc_boolean_t	dns_ntatable_covered (dns_ntatable_t *ntatable, isc_stdtime_t now, dns_name_t *name, dns_name_t *anchor)
	Return ISC_TRUE if 'name' is below a non-expired negative trust anchor which in turn is at or below 'anchor'.
static isc_result_t	putstr (isc_buffer_t **b, const char *str)
isc_result_t	dns_ntatable_totext (dns_ntatable_t *ntatable, isc_buffer_t **buf)
	Dump the NTA table to buffer at 'buf'.
isc_result_t	dns_ntatable_dump (dns_ntatable_t *ntatable, FILE *fp)
	Dump the NTA table to the file opened as 'fp'.
isc_result_t	dns_ntatable_save (dns_ntatable_t *ntatable, FILE *fp)
	Save the NTA table to the file opened as 'fp', for later loading.

---

Detailed Description

Definition in file nta.c.

---

Define Documentation

#define NTA_MAGIC   ISC_MAGIC('N', 'T', 'A', 'n')

Definition at line 57 of file nta.c.

Referenced by nta_create().

#define VALID_NTA

(

nn

)

ISC_MAGIC_VALID(nn, NTA_MAGIC)

Definition at line 58 of file nta.c.

Referenced by nta_detach(), and settimer().

---

Function Documentation

static void nta_ref

(

dns_nta_t *

nta

)

[static]

Definition at line 65 of file nta.c.

References isc_refcount_increment, and dns_nta::refcount.

Referenced by checkbogus().

static void nta_detach	(	isc_mem_t *	mctx,
		dns_nta_t **	ntap
	)			[static]

Definition at line 70 of file nta.c.

References dns_rdataset_disassociate(), dns_rdataset_isassociated(), dns_resolver_cancelfetch(), dns_resolver_destroyfetch(), dns_nta::fetch, isc_mem_put, isc_refcount_decrement, isc_refcount_destroy, isc_timer_detach(), isc_timer_reset(), isc_timertype_inactive, ISC_TRUE, dns_nta::magic, dns_nta::rdataset, dns_nta::refcount, REQUIRE, dns_nta::sigrdataset, dns_nta::timer, and VALID_NTA.

Referenced by checkbogus(), dns_ntatable_add(), fetch_done(), and free_nta().

static void free_nta	(	void *	data,
		void *	arg
	)			[static]

Definition at line 100 of file nta.c.

References mctx, and nta_detach().

Referenced by dns_ntatable_create().

isc_result_t dns_ntatable_create	(	dns_view_t *	view,
		isc_taskmgr_t *	taskmgr,
		isc_timermgr_t *	timermgr,
		dns_ntatable_t **	ntatablep
	)

Create an NTA table in view 'view'.

Requires:

• 'view' is a valid view.

• 'tmgr' is a valid timer manager.

• ntatablep != NULL && *ntatablep == NULL

Ensures:

• On success, *ntatablep is a valid, empty NTA table.

Returns:

• ISC_R_SUCCESS
• Any other result indicates failure.

Definition at line 108 of file nta.c.

References dns_rbt_create(), dns_rbt_destroy(), free_nta(), isc_mem_get, isc_mem_put, ISC_R_NOMEMORY, ISC_R_SUCCESS, isc_rwlock_init(), isc_task_create(), isc_task_detach(), isc_task_setname(), dns_ntatable::magic, dns_view::mctx, NTATABLE_MAGIC, dns_ntatable::references, REQUIRE, dns_ntatable::rwlock, dns_ntatable::table, dns_ntatable::task, dns_ntatable::taskmgr, dns_ntatable::timermgr, and dns_ntatable::view.

Referenced by dns_view_initntatable().

void dns_ntatable_attach	(	dns_ntatable_t *	source,
		dns_ntatable_t **	targetp
	)

Attach *targetp to source.

Requires:

• 'source' is a valid ntatable.

• 'targetp' points to a NULL dns_ntatable_t *.

Ensures:

• *targetp is attached to source.

Definition at line 161 of file nta.c.

References INSIST, isc_rwlocktype_write, dns_ntatable::references, REQUIRE, dns_ntatable::rwlock, RWLOCK, RWUNLOCK, and VALID_NTATABLE.

Referenced by dns_view_getntatable().

void dns_ntatable_detach

(

dns_ntatable_t **

ntatablep

)

Detach *ntatablep from its ntatable.

Requires:

• 'ntatablep' points to a valid ntatable.

Ensures:

• *ntatablep is NULL.

• If '*ntatablep' is the last reference to the ntatable, all resources used by the ntatable will be freed

Definition at line 177 of file nta.c.

References destroy(), dns_rbt_destroy(), INSIST, ISC_FALSE, isc_mem_put, isc_rwlock_destroy(), isc_rwlocktype_write, isc_task_detach(), ISC_TRUE, dns_ntatable::magic, dns_view::mctx, dns_ntatable::references, REQUIRE, dns_ntatable::rwlock, RWLOCK, RWUNLOCK, dns_ntatable::table, dns_ntatable::task, dns_ntatable::taskmgr, dns_ntatable::timermgr, VALID_NTATABLE, and dns_ntatable::view.

Referenced by destroy(), dns_view_initntatable(), dns_view_loadnta(), dns_view_saventa(), ns_server_dumpsecroots(), and ns_server_nta().

static void fetch_done	(	isc_task_t *	task,
		isc_event_t *	event
	)			[static]

Definition at line 206 of file nta.c.

References dns_db_detach(), dns_db_detachnode(), DNS_R_NCACHENXDOMAIN, DNS_R_NCACHENXRRSET, DNS_R_NXDOMAIN, DNS_R_NXRRSET, dns_rdataset_disassociate(), dns_rdataset_isassociated(), dns_resolver_destroyfetch(), dns_nta::expiry, dns_nta::fetch, isc_event_free(), ISC_R_SUCCESS, isc_stdtime_get(), isc_timer_reset(), isc_timertype_inactive, ISC_TRUE, dns_view::mctx, now, nta_detach(), dns_nta::ntatable, dns_nta::rdataset, dns_nta::sigrdataset, dns_nta::timer, UNUSED, and dns_ntatable::view.

static void checkbogus	(	isc_task_t *	task,
		isc_event_t *	event
	)			[static]

Definition at line 255 of file nta.c.

References DNS_FETCHOPT_NONTA, dns_rdataset_disassociate(), dns_rdataset_isassociated(), dns_resolver_cancelfetch(), dns_resolver_createfetch(), dns_nta::fetch, fetch_done(), isc_event_free(), ISC_R_SUCCESS, dns_view::mctx, dns_nta::name, nta_detach(), nta_ref(), dns_nta::ntatable, dns_nta::rdataset, dns_view::resolver, dns_nta::sigrdataset, and dns_ntatable::view.

Referenced by settimer().

static isc_result_t settimer	(	dns_ntatable_t *	ntatable,
		dns_nta_t *	nta,
		isc_uint32_t	lifetime
	)			[static]

Definition at line 286 of file nta.c.

References checkbogus(), isc_interval_set(), ISC_R_SUCCESS, isc_timer_create(), isc_timertype_ticker, dns_view::nta_recheck, REQUIRE, dns_ntatable::task, dns_nta::timer, dns_ntatable::timermgr, VALID_NTA, VALID_NTATABLE, and dns_ntatable::view.

Referenced by dns_ntatable_add().

static isc_result_t nta_create	(	dns_ntatable_t *	ntatable,
		dns_name_t *	name,
		dns_nta_t **	target
	)			[static]

Definition at line 309 of file nta.c.

References dns_fixedname_init, dns_fixedname_name, dns_name_copy(), dns_rdataset_init(), dns_nta::expiry, dns_nta::fetch, dns_nta::fn, isc_mem_get, isc_mem_put, ISC_R_NOMEMORY, ISC_R_SUCCESS, isc_refcount_init(), dns_nta::magic, dns_view::mctx, dns_nta::name, NTA_MAGIC, dns_nta::ntatable, dns_nta::rdataset, dns_nta::refcount, REQUIRE, dns_nta::sigrdataset, dns_nta::timer, VALID_NTATABLE, and dns_ntatable::view.

Referenced by dns_ntatable_add().

isc_result_t dns_ntatable_add	(	dns_ntatable_t *	ntatable,
		dns_name_t *	name,
		isc_boolean_t	force,
		isc_stdtime_t	now,
		isc_uint32_t	lifetime
	)

Add a negative trust anchor to 'ntatable' for name 'name', which will expire at time 'now' + 'lifetime'. If 'force' is ISC_FALSE, then the name will be checked periodically to see if it's bogus; if not, then the NTA will be allowed to expire early.

Notes:

• If an NTA already exists in the table, its expiry time is updated.

Requires:

• 'ntatable' points to a valid ntatable.

• 'name' points to a valid name.

Returns:

• ISC_R_SUCCESS

• Any other result indicates failure.

Definition at line 347 of file nta.c.

References dns_rbtnode::data, dns_rbt_addnode(), dns_nta::expiry, dns_nta::forced, ISC_R_EXISTS, ISC_R_SUCCESS, isc_rwlocktype_write, dns_view::mctx, nta_create(), nta_detach(), REQUIRE, dns_ntatable::rwlock, RWLOCK, RWUNLOCK, settimer(), dns_ntatable::table, VALID_NTATABLE, and dns_ntatable::view.

Referenced by dns_view_loadnta(), and ns_server_nta().

static isc_result_t delete	(	dns_ntatable_t *	ntatable,
		dns_name_t *	name
	)			[static]

Definition at line 402 of file nta.c.

References dns_rbtnode::data, DNS_R_PARTIALMATCH, dns_rbt_deletenode(), dns_rbt_findnode(), DNS_RBTFIND_NOOPTIONS, ISC_FALSE, ISC_R_NOTFOUND, ISC_R_SUCCESS, name, REQUIRE, dns_ntatable::table, and VALID_NTATABLE.

isc_result_t dns_ntatable_delete	(	dns_ntatable_t *	ntatable,
		dns_name_t *	keyname
	)

Delete node(s) from 'ntatable' matching name 'keyname'.

Requires:

• 'ntatable' points to a valid ntatable.

• 'name' is not NULL

Returns:

• ISC_R_SUCCESS

• Any other result indicates failure.

Definition at line 424 of file nta.c.

References isc_rwlocktype_write, dns_ntatable::rwlock, RWLOCK, and RWUNLOCK.

Referenced by ns_server_nta().

isc_boolean_t dns_ntatable_covered	(	dns_ntatable_t *	ntatable,
		isc_stdtime_t	now,
		dns_name_t *	name,
		dns_name_t *	anchor
	)

Return ISC_TRUE if 'name' is below a non-expired negative trust anchor which in turn is at or below 'anchor'.

If 'ntatable' has not been initialized, return ISC_FALSE.

Requires:

• 'ntatable' is NULL or is a valid ntatable.

• 'name' is a valid absolute name.

Definition at line 435 of file nta.c.

References answer, dns_rbtnode::data, dns_fixedname_init, dns_fixedname_name, dns_lctx, DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_NTA, dns_name_format(), DNS_NAME_FORMATSIZE, dns_name_isabsolute(), dns_name_issubdomain(), DNS_R_PARTIALMATCH, dns_rbt_findnode(), DNS_RBTFIND_NOOPTIONS, dns_nta::expiry, ISC_FALSE, ISC_LOG_INFO, isc_log_write(), ISC_R_SUCCESS, isc_result_totext(), isc_rwlocktype_read, isc_rwlocktype_write, ISC_TF, isc_timer_detach(), isc_timer_reset(), isc_timertype_inactive, ISC_TRUE, REQUIRE, dns_ntatable::rwlock, RWLOCK, RWUNLOCK, dns_ntatable::table, dns_nta::timer, and VALID_NTATABLE.

Referenced by dns_view_issecuredomain(), and dns_view_ntacovers().

static isc_result_t putstr	(	isc_buffer_t **	b,
		const char *	str
	)			[static]

Definition at line 507 of file nta.c.

References isc_buffer_putstr, isc_buffer_reserve(), and ISC_R_SUCCESS.

isc_result_t dns_ntatable_totext	(	dns_ntatable_t *	ntatable,
		isc_buffer_t **	buf
	)

Dump the NTA table to buffer at 'buf'.

Requires:

• "ntatable" is a valid table.

• "*buf" is a valid buffer.

Definition at line 519 of file nta.c.

References cleanup(), dns_rbtnode::data, dns_fixedname_init, dns_fixedname_name, dns_name_format(), DNS_NAME_FORMATSIZE, DNS_R_NEWORIGIN, dns_rbt_fullnamefromnode(), dns_rbtnodechain_current(), dns_rbtnodechain_first(), dns_rbtnodechain_init(), dns_rbtnodechain_invalidate(), dns_rbtnodechain_next(), dns_nta::expiry, ISC_FALSE, ISC_FORMATHTTPTIMESTAMP_SIZE, ISC_R_NOMORE, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_rwlocktype_read, isc_stdtime_get(), isc_time_formattimestamp(), isc_time_set(), ISC_TRUE, dns_view::mctx, name, now, putstr(), REQUIRE, dns_ntatable::rwlock, RWLOCK, RWUNLOCK, dns_ntatable::table, VALID_NTATABLE, and dns_ntatable::view.

Referenced by dns_ntatable_dump(), ns_server_dumpsecroots(), and ns_server_nta().

isc_result_t dns_ntatable_dump	(	dns_ntatable_t *	ntatable,
		FILE *	fp
	)

Dump the NTA table to the file opened as 'fp'.

Definition at line 633 of file nta.c.

References dns_ntatable_totext(), isc_buffer_allocate(), isc_buffer_base, isc_buffer_free(), isc_buffer_usedlength, ISC_R_SUCCESS, isc_result_totext(), dns_view::mctx, putstr(), text, and dns_ntatable::view.

isc_result_t dns_ntatable_save	(	dns_ntatable_t *	ntatable,
		FILE *	fp
	)

Save the NTA table to the file opened as 'fp', for later loading.

Definition at line 660 of file nta.c.

References cleanup(), dns_rbtnode::data, dns_fixedname_init, dns_fixedname_name, dns_name_totext(), DNS_R_NEWORIGIN, dns_rbt_fullnamefromnode(), dns_rbtnodechain_current(), dns_rbtnodechain_first(), dns_rbtnodechain_init(), dns_rbtnodechain_invalidate(), dns_rbtnodechain_next(), dns_time32_totext(), dns_nta::expiry, dns_nta::forced, isc_buffer_init, isc_buffer_putuint8, ISC_FALSE, ISC_R_NOMORE, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_rwlocktype_read, isc_stdtime_get(), ISC_TRUE, dns_view::mctx, name, REQUIRE, dns_ntatable::rwlock, RWLOCK, RWUNLOCK, dns_ntatable::table, VALID_NTATABLE, and dns_ntatable::view.

Referenced by dns_view_saventa().

---