lib » dns » include » dns

nta.h File Reference

The NTA module provides services for storing and retrieving negative trust anchors, and determine whether a given domain is subject to DNSSEC validation. More...

#include <isc/buffer.h>
#include <isc/lang.h>
#include <isc/magic.h>
#include <isc/refcount.h>
#include <isc/rwlock.h>
#include <isc/stdtime.h>
#include <isc/task.h>
#include <isc/timer.h>
#include <dns/types.h>
#include <dns/rdataset.h>
#include <dns/resolver.h>
#include <dns/view.h>

Go to the source code of this file.

Data Structures

struct dns_ntatable

Defines

#define DNS_NTA_H   1

#define NTATABLE_MAGIC   ISC_MAGIC('N', 'T', 'A', 't')

#define VALID_NTATABLE(nt)   ISC_MAGIC_VALID(nt, NTATABLE_MAGIC)

Functions

isc_result_t dns_ntatable_create (dns_view_t *view, isc_taskmgr_t *taskmgr, isc_timermgr_t *timermgr, dns_ntatable_t **ntatablep)

Create an NTA table in view 'view'.

void dns_ntatable_attach (dns_ntatable_t *source, dns_ntatable_t **targetp)

Attach *targetp to source.

void dns_ntatable_detach (dns_ntatable_t **ntatablep)

Detach *ntatablep from its ntatable.

isc_result_t dns_ntatable_add (dns_ntatable_t *ntatable, dns_name_t *name, isc_boolean_t force, isc_stdtime_t now, isc_uint32_t lifetime)

Add a negative trust anchor to 'ntatable' for name 'name', which will expire at time 'now' + 'lifetime'. If 'force' is ISC_FALSE, then the name will be checked periodically to see if it's bogus; if not, then the NTA will be allowed to expire early.

isc_result_t dns_ntatable_delete (dns_ntatable_t *ntatable, dns_name_t *keyname)

Delete node(s) from 'ntatable' matching name 'keyname'.

isc_boolean_t dns_ntatable_covered (dns_ntatable_t *ntatable, isc_stdtime_t now, dns_name_t *name, dns_name_t *anchor)

Return ISC_TRUE if 'name' is below a non-expired negative trust anchor which in turn is at or below 'anchor'.

isc_result_t dns_ntatable_totext (dns_ntatable_t *ntatable, isc_buffer_t **buf)

Dump the NTA table to buffer at 'buf'.

isc_result_t dns_ntatable_dump (dns_ntatable_t *ntatable, FILE *fp)

Dump the NTA table to the file opened as 'fp'.

isc_result_t dns_ntatable_save (dns_ntatable_t *ntatable, FILE *fp)

Save the NTA table to the file opened as 'fp', for later loading.

Detailed Description

The NTA module provides services for storing and retrieving negative trust anchors, and determine whether a given domain is subject to DNSSEC validation.

Definition in file nta.h.

Define Documentation

#define DNS_NTA_H 1

Definition at line 18 of file nta.h.

#define NTATABLE_MAGIC ISC_MAGIC('N', 'T', 'A', 't')

Definition at line 61 of file nta.h.

Referenced by dns_ntatable_create().

#define VALID_NTATABLE ( nt ) ISC_MAGIC_VALID(nt, NTATABLE_MAGIC)

Definition at line 62 of file nta.h.

Referenced by delete(), dns_ntatable_add(), dns_ntatable_attach(), dns_ntatable_covered(), dns_ntatable_detach(), dns_ntatable_save(), dns_ntatable_totext(), nta_create(), and settimer().

Function Documentation

isc_result_t dns_ntatable_create	(	dns_view_t *	view,
		isc_taskmgr_t *	taskmgr,
		isc_timermgr_t *	timermgr,
		dns_ntatable_t **	ntatablep
	)

Create an NTA table in view 'view'.

Requires:

'view' is a valid view.

'tmgr' is a valid timer manager.

ntatablep != NULL && *ntatablep == NULL

Ensures:

On success, *ntatablep is a valid, empty NTA table.

Returns:

ISC_R_SUCCESS
Any other result indicates failure.

Definition at line 108 of file nta.c.

References dns_rbt_create(), dns_rbt_destroy(), free_nta(), isc_mem_get, isc_mem_put, ISC_R_NOMEMORY, ISC_R_SUCCESS, isc_rwlock_init(), isc_task_create(), isc_task_detach(), isc_task_setname(), dns_ntatable::magic, dns_view::mctx, NTATABLE_MAGIC, dns_ntatable::references, REQUIRE, dns_ntatable::rwlock, dns_ntatable::table, dns_ntatable::task, dns_ntatable::taskmgr, dns_ntatable::timermgr, and dns_ntatable::view.

Referenced by dns_view_initntatable().

void dns_ntatable_attach	(	dns_ntatable_t *	source,
		dns_ntatable_t **	targetp
	)

Attach *targetp to source.

Requires:

'source' is a valid ntatable.

'targetp' points to a NULL dns_ntatable_t *.

Ensures:

*targetp is attached to source.

Definition at line 161 of file nta.c.

References INSIST, isc_rwlocktype_write, dns_ntatable::references, REQUIRE, dns_ntatable::rwlock, RWLOCK, RWUNLOCK, and VALID_NTATABLE.

Referenced by dns_view_getntatable().

void dns_ntatable_detach ( dns_ntatable_t ** ntatablep )

Detach *ntatablep from its ntatable.

Requires:

'ntatablep' points to a valid ntatable.

Ensures:

*ntatablep is NULL.

If '*ntatablep' is the last reference to the ntatable, all resources used by the ntatable will be freed

Definition at line 177 of file nta.c.

References destroy(), dns_rbt_destroy(), INSIST, ISC_FALSE, isc_mem_put, isc_rwlock_destroy(), isc_rwlocktype_write, isc_task_detach(), ISC_TRUE, dns_ntatable::magic, dns_view::mctx, dns_ntatable::references, REQUIRE, dns_ntatable::rwlock, RWLOCK, RWUNLOCK, dns_ntatable::table, dns_ntatable::task, dns_ntatable::taskmgr, dns_ntatable::timermgr, VALID_NTATABLE, and dns_ntatable::view.

Referenced by destroy(), dns_view_initntatable(), dns_view_loadnta(), dns_view_saventa(), ns_server_dumpsecroots(), and ns_server_nta().

isc_result_t dns_ntatable_add	(	dns_ntatable_t *	ntatable,
		dns_name_t *	name,
		isc_boolean_t	force,
		isc_stdtime_t	now,
		isc_uint32_t	lifetime
	)

Add a negative trust anchor to 'ntatable' for name 'name', which will expire at time 'now' + 'lifetime'. If 'force' is ISC_FALSE, then the name will be checked periodically to see if it's bogus; if not, then the NTA will be allowed to expire early.

Notes:

If an NTA already exists in the table, its expiry time is updated.

Requires:

'ntatable' points to a valid ntatable.

'name' points to a valid name.

Returns:

ISC_R_SUCCESS

Any other result indicates failure.

Definition at line 347 of file nta.c.

References dns_rbtnode::data, dns_rbt_addnode(), dns_nta::expiry, dns_nta::forced, ISC_R_EXISTS, ISC_R_SUCCESS, isc_rwlocktype_write, dns_view::mctx, nta_create(), nta_detach(), REQUIRE, dns_ntatable::rwlock, RWLOCK, RWUNLOCK, settimer(), dns_ntatable::table, VALID_NTATABLE, and dns_ntatable::view.

Referenced by dns_view_loadnta(), and ns_server_nta().

isc_result_t dns_ntatable_delete	(	dns_ntatable_t *	ntatable,
		dns_name_t *	keyname
	)

Delete node(s) from 'ntatable' matching name 'keyname'.

Requires:

'ntatable' points to a valid ntatable.

'name' is not NULL

Returns:

ISC_R_SUCCESS

Any other result indicates failure.

Definition at line 424 of file nta.c.

References isc_rwlocktype_write, dns_ntatable::rwlock, RWLOCK, and RWUNLOCK.

Referenced by ns_server_nta().

isc_boolean_t dns_ntatable_covered	(	dns_ntatable_t *	ntatable,
		isc_stdtime_t	now,
		dns_name_t *	name,
		dns_name_t *	anchor
	)

Return ISC_TRUE if 'name' is below a non-expired negative trust anchor which in turn is at or below 'anchor'.

If 'ntatable' has not been initialized, return ISC_FALSE.

Requires:

'ntatable' is NULL or is a valid ntatable.

'name' is a valid absolute name.

Definition at line 435 of file nta.c.

References answer, dns_rbtnode::data, dns_fixedname_init, dns_fixedname_name, dns_lctx, DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_NTA, dns_name_format(), DNS_NAME_FORMATSIZE, dns_name_isabsolute(), dns_name_issubdomain(), DNS_R_PARTIALMATCH, dns_rbt_findnode(), DNS_RBTFIND_NOOPTIONS, dns_nta::expiry, ISC_FALSE, ISC_LOG_INFO, isc_log_write(), ISC_R_SUCCESS, isc_result_totext(), isc_rwlocktype_read, isc_rwlocktype_write, ISC_TF, isc_timer_detach(), isc_timer_reset(), isc_timertype_inactive, ISC_TRUE, REQUIRE, dns_ntatable::rwlock, RWLOCK, RWUNLOCK, dns_ntatable::table, dns_nta::timer, and VALID_NTATABLE.

Referenced by dns_view_issecuredomain(), and dns_view_ntacovers().

isc_result_t dns_ntatable_totext	(	dns_ntatable_t *	ntatable,
		isc_buffer_t **	buf
	)

Dump the NTA table to buffer at 'buf'.

Requires:

"ntatable" is a valid table.

"*buf" is a valid buffer.

Definition at line 519 of file nta.c.

References cleanup(), dns_rbtnode::data, dns_fixedname_init, dns_fixedname_name, dns_name_format(), DNS_NAME_FORMATSIZE, DNS_R_NEWORIGIN, dns_rbt_fullnamefromnode(), dns_rbtnodechain_current(), dns_rbtnodechain_first(), dns_rbtnodechain_init(), dns_rbtnodechain_invalidate(), dns_rbtnodechain_next(), dns_nta::expiry, ISC_FALSE, ISC_FORMATHTTPTIMESTAMP_SIZE, ISC_R_NOMORE, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_rwlocktype_read, isc_stdtime_get(), isc_time_formattimestamp(), isc_time_set(), ISC_TRUE, dns_view::mctx, name, now, putstr(), REQUIRE, dns_ntatable::rwlock, RWLOCK, RWUNLOCK, dns_ntatable::table, VALID_NTATABLE, and dns_ntatable::view.

Referenced by dns_ntatable_dump(), ns_server_dumpsecroots(), and ns_server_nta().

isc_result_t dns_ntatable_dump	(	dns_ntatable_t *	ntatable,
		FILE *	fp
	)

Dump the NTA table to the file opened as 'fp'.

Definition at line 633 of file nta.c.

References dns_ntatable_totext(), isc_buffer_allocate(), isc_buffer_base, isc_buffer_free(), isc_buffer_usedlength, ISC_R_SUCCESS, isc_result_totext(), dns_view::mctx, putstr(), text, and dns_ntatable::view.

isc_result_t dns_ntatable_save	(	dns_ntatable_t *	ntatable,
		FILE *	fp
	)

Save the NTA table to the file opened as 'fp', for later loading.

Definition at line 660 of file nta.c.

References cleanup(), dns_rbtnode::data, dns_fixedname_init, dns_fixedname_name, dns_name_totext(), DNS_R_NEWORIGIN, dns_rbt_fullnamefromnode(), dns_rbtnodechain_current(), dns_rbtnodechain_first(), dns_rbtnodechain_init(), dns_rbtnodechain_invalidate(), dns_rbtnodechain_next(), dns_time32_totext(), dns_nta::expiry, dns_nta::forced, isc_buffer_init, isc_buffer_putuint8, ISC_FALSE, ISC_R_NOMORE, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_rwlocktype_read, isc_stdtime_get(), ISC_TRUE, dns_view::mctx, name, REQUIRE, dns_ntatable::rwlock, RWLOCK, RWUNLOCK, dns_ntatable::table, VALID_NTATABLE, and dns_ntatable::view.

Referenced by dns_view_saventa().

Generated on Tue Apr 28 17:41:10 2015 by Doxygen 1.5.4 for BIND9 Internals 9.11.0pre-alpha


Data Structures
struct	dns_ntatable
Defines
#define	DNS_NTA_H 1
#define	NTATABLE_MAGIC ISC_MAGIC('N', 'T', 'A', 't')
#define	VALID_NTATABLE(nt) ISC_MAGIC_VALID(nt, NTATABLE_MAGIC)
Functions
isc_result_t	dns_ntatable_create (dns_view_t view, isc_taskmgr_t taskmgr, isc_timermgr_t timermgr, dns_ntatable_t *ntatablep)
	Create an NTA table in view 'view'.
void	dns_ntatable_attach (dns_ntatable_t source, dns_ntatable_t *targetp)
	Attach *targetp to source.
void	dns_ntatable_detach (dns_ntatable_t **ntatablep)
	Detach *ntatablep from its ntatable.
isc_result_t	dns_ntatable_add (dns_ntatable_t ntatable, dns_name_t name, isc_boolean_t force, isc_stdtime_t now, isc_uint32_t lifetime)
	Add a negative trust anchor to 'ntatable' for name 'name', which will expire at time 'now' + 'lifetime'. If 'force' is ISC_FALSE, then the name will be checked periodically to see if it's bogus; if not, then the NTA will be allowed to expire early.
isc_result_t	dns_ntatable_delete (dns_ntatable_t ntatable, dns_name_t keyname)
	Delete node(s) from 'ntatable' matching name 'keyname'.
isc_boolean_t	dns_ntatable_covered (dns_ntatable_t ntatable, isc_stdtime_t now, dns_name_t name, dns_name_t *anchor)
	Return ISC_TRUE if 'name' is below a non-expired negative trust anchor which in turn is at or below 'anchor'.
isc_result_t	dns_ntatable_totext (dns_ntatable_t ntatable, isc_buffer_t *buf)
	Dump the NTA table to buffer at 'buf'.
isc_result_t	dns_ntatable_dump (dns_ntatable_t ntatable, FILE fp)
	Dump the NTA table to the file opened as 'fp'.
isc_result_t	dns_ntatable_save (dns_ntatable_t ntatable, FILE fp)
	Save the NTA table to the file opened as 'fp', for later loading.