packed_rrset.h File Reference

This file contains the data storage for RRsets. More...

Data Structures

struct  packed_rrset_key
 The identifying information for an RRset. More...
 
struct  ub_packed_rrset_key
 This structure contains an RRset. More...
 
struct  packed_rrset_data
 RRset data. More...
 
struct  packed_rrset
 An RRset can be represented using both key and data together. More...
 
struct  packed_rrset_list
 list of packed rrsets More...
 

Macros

#define PACKED_RRSET_NSEC_AT_APEX   0x1
 this rrset is NSEC and is at zone apex (at child side of zonecut)
 
#define PACKED_RRSET_PARENT_SIDE   0x2
 this rrset is A/AAAA and is in-zone-glue (from parent side of zonecut)
 
#define PACKED_RRSET_SOA_NEG   0x4
 this rrset is SOA and has the negative ttl (from nxdomain or nodata), this is set on SOA rrsets in the authority section, to keep its TTL separate from the SOA in the answer section from a direct SOA query or ANY query.
 
#define PACKED_RRSET_FIXEDTTL   0x80000000
 This rrset is considered to have a fixed TTL; its TTL doesn't have to be updated on encoding in a reply. More...
 
#define PACKED_RRSET_RPZ   0x8
 This rrset is from RPZ. More...
 
#define RR_COUNT_MAX   0xffffff
 number of rrs and rrsets for integer overflow protection. More...
 

Typedefs

typedef uint64_t rrset_id_type
 type used to uniquely identify rrsets. More...
 

Enumerations

enum  rrset_trust {
  rrset_trust_none = 0 , rrset_trust_add_noAA , rrset_trust_auth_noAA , rrset_trust_add_AA ,
  rrset_trust_nonauth_ans_AA , rrset_trust_ans_noAA , rrset_trust_glue , rrset_trust_auth_AA ,
  rrset_trust_ans_AA , rrset_trust_sec_noglue , rrset_trust_prim_noglue , rrset_trust_validated ,
  rrset_trust_ultimate
}
 RRset trustworthiness. More...
 
enum  sec_status {
  sec_status_unchecked = 0 , sec_status_bogus , sec_status_indeterminate , sec_status_insecure ,
  sec_status_secure_sentinel_fail , sec_status_secure
}
 Security status from validation for data. More...
 

Functions

void ub_packed_rrset_parsedelete (struct ub_packed_rrset_key *pkey, struct alloc_cache *alloc)
 Delete packed rrset key and data, not entered in hashtables yet. More...
 
size_t packed_rrset_sizeof (struct packed_rrset_data *data)
 Memory size of rrset data. More...
 
time_t ub_packed_rrset_ttl (struct ub_packed_rrset_key *key)
 Get TTL of rrset. More...
 
size_t ub_rrset_sizefunc (void *key, void *data)
 Calculate memory size of rrset entry. More...
 
int ub_rrset_compare (void *k1, void *k2)
 compares two rrset keys. More...
 
int rrsetdata_equal (struct packed_rrset_data *d1, struct packed_rrset_data *d2)
 compare two rrset data structures. More...
 
void ub_rrset_key_delete (void *key, void *userdata)
 Old key to be deleted. More...
 
void rrset_data_delete (void *data, void *userdata)
 Old data to be deleted. More...
 
hashvalue_type rrset_key_hash (struct packed_rrset_key *key)
 Calculate hash value for a packed rrset key. More...
 
void packed_rrset_ptr_fixup (struct packed_rrset_data *data)
 Fixup pointers in fixed data packed_rrset_data blob. More...
 
void packed_rrset_ttl_add (struct packed_rrset_data *data, time_t add)
 Fixup TTLs in fixed data packed_rrset_data blob. More...
 
void get_cname_target (struct ub_packed_rrset_key *rrset, uint8_t **dname, size_t *dname_len)
 Utility procedure to extract CNAME target name from its rdata. More...
 
const char * rrset_trust_to_string (enum rrset_trust s)
 Get a printable string for a rrset trust value. More...
 
const char * sec_status_to_string (enum sec_status s)
 Get a printable string for a security status value. More...
 
void log_rrset_key (enum verbosity_value v, const char *str, struct ub_packed_rrset_key *rrset)
 Print string with neat domain name, type, class from rrset. More...
 
int packed_rr_to_string (struct ub_packed_rrset_key *rrset, size_t i, time_t now, char *dest, size_t dest_len)
 Convert RR from RRset to string. More...
 
void log_packed_rrset (enum verbosity_value v, const char *str, struct ub_packed_rrset_key *rrset)
 Print the string with prefix, one rr per line. More...
 
struct ub_packed_rrset_keypacked_rrset_copy_region (struct ub_packed_rrset_key *key, struct regional *region, time_t now)
 Allocate rrset in region - no more locks needed. More...
 
struct ub_packed_rrset_keypacked_rrset_copy_alloc (struct ub_packed_rrset_key *key, struct alloc_cache *alloc, time_t now)
 Allocate rrset with malloc (from region or you are holding the lock). More...
 
int packed_rrset_find_rr (struct packed_rrset_data *d, uint8_t *rdata, size_t len, size_t *index)
 Find RR index in packed rrset Raw comparison, does not canonicalize RDATA. More...
 

Detailed Description

This file contains the data storage for RRsets.

Macro Definition Documentation

◆ PACKED_RRSET_FIXEDTTL

#define PACKED_RRSET_FIXEDTTL   0x80000000

This rrset is considered to have a fixed TTL; its TTL doesn't have to be updated on encoding in a reply.

This flag is not expected to be set in cached data.

◆ PACKED_RRSET_RPZ

#define PACKED_RRSET_RPZ   0x8

This rrset is from RPZ.

It is not real, it is synthesized data to block access. The flag makes lookups, from cache in iterator, ignore the fake items and only use actual data. Eg. when the iterator looksup NS, CNAME, A and AAAA types, it then gets items without this flag that are the actual network. But messages with these records in it can be stored in the cache and retrieved for a reply.

◆ RR_COUNT_MAX

#define RR_COUNT_MAX   0xffffff

number of rrs and rrsets for integer overflow protection.

More than this is not really possible (64K packet has much less RRs and RRsets) in a message. And this is small enough that also multiplied there is no integer overflow.

Typedef Documentation

◆ rrset_id_type

typedef uint64_t rrset_id_type

type used to uniquely identify rrsets.

Cannot be reused without clearing the cache.

Enumeration Type Documentation

◆ rrset_trust

RRset trustworthiness.

Bigger value is more trust. RFC 2181. The rrset_trust_add_noAA, rrset_trust_auth_noAA, rrset_trust_add_AA, are mentioned as the same trustworthiness in 2181, but split up here for ease of processing.

rrset_trust_nonauth_ans_AA, rrset_trust_ans_noAA are also mentioned as the same trustworthiness in 2181, but split up here for ease of processing.

Added trust_none for a sane initial value, smaller than anything else. Added validated and ultimate trust for keys and rrsig validated content.

Enumerator
rrset_trust_none 

initial value for trust

rrset_trust_add_noAA 

Additional information from non-authoritative answers.

rrset_trust_auth_noAA 

Data from the authority section of a non-authoritative answer.

rrset_trust_add_AA 

Additional information from an authoritative answer.

rrset_trust_nonauth_ans_AA 

non-authoritative data from the answer section of authoritative answers

rrset_trust_ans_noAA 

Data from the answer section of a non-authoritative answer.

rrset_trust_glue 

Glue from a primary zone, or glue from a zone transfer.

rrset_trust_auth_AA 

Data from the authority section of an authoritative answer.

rrset_trust_ans_AA 

The authoritative data included in the answer section of an authoritative reply.

rrset_trust_sec_noglue 

Data from a zone transfer, other than glue.

rrset_trust_prim_noglue 

Data from a primary zone file, other than glue data.

rrset_trust_validated 

DNSSEC(rfc4034) validated with trusted keys.

rrset_trust_ultimate 

ultimately trusted, no more trust is possible; trusted keys from the unbound configuration setup.

◆ sec_status

enum sec_status

Security status from validation for data.

The order is significant; more secure, more proven later.

Enumerator
sec_status_unchecked 

UNCHECKED means that object has yet to be validated.

sec_status_bogus 

BOGUS means that the object (RRset or message) failed to validate (according to local policy), but should have validated.

sec_status_indeterminate 

INDETERMINATE means that the object is insecure, but not authoritatively so.

Generally this means that the RRset is not below a configured trust anchor.

sec_status_insecure 

INSECURE means that the object is authoritatively known to be insecure.

Generally this means that this RRset is below a trust anchor, but also below a verified, insecure delegation.

sec_status_secure_sentinel_fail 

SECURE_SENTINEL_FAIL means that the object (RRset or message) validated according to local policy but did not succeed in the root KSK sentinel test (draft-ietf-dnsop-kskroll-sentinel).

sec_status_secure 

SECURE means that the object (RRset or message) validated according to local policy.

Function Documentation

◆ ub_packed_rrset_parsedelete()

void ub_packed_rrset_parsedelete ( struct ub_packed_rrset_key pkey,
struct alloc_cache alloc 
)

Delete packed rrset key and data, not entered in hashtables yet.

Used during parsing.

Parameters
pkeyrrset key structure with locks, key and data pointers.
allocwhere to return the unfree-able key structure.

References alloc_special_release(), lruhash_entry::data, packed_rrset_key::dname, ub_packed_rrset_key::entry, ub_packed_rrset_key::id, and ub_packed_rrset_key::rk.

Referenced by move_into_cache(), reply_info_parsedelete(), and rrset_cache_update().

◆ packed_rrset_sizeof()

◆ ub_packed_rrset_ttl()

time_t ub_packed_rrset_ttl ( struct ub_packed_rrset_key key)

Get TTL of rrset.

RRset data must be filled in correctly.

Parameters
keyrrset key, with data to examine.
Returns
ttl value.

References packed_rrset_data::ttl.

Referenced by iter_prepend(), and iter_store_parentside_neg().

◆ ub_rrset_sizefunc()

size_t ub_rrset_sizefunc ( void *  key,
void *  data 
)

Calculate memory size of rrset entry.

For hash table usage.

Parameters
keystruct ub_packed_rrset_key*.
datastruct packed_rrset_data*.
Returns
size in bytes.

References ub_packed_rrset_key::entry, lruhash_entry::lock, packed_rrset_sizeof(), and ub_packed_rrset_key::rk.

Referenced by fptr_whitelist_hash_sizefunc(), and rrset_cache_create().

◆ ub_rrset_compare()

int ub_rrset_compare ( void *  k1,
void *  k2 
)

compares two rrset keys.

Parameters
k1struct ub_packed_rrset_key*.
k2struct ub_packed_rrset_key*.
Returns
0 if equal.

References packed_rrset_key::dname, packed_rrset_key::dname_len, packed_rrset_key::flags, query_dname_compare(), ub_packed_rrset_key::rk, packed_rrset_key::rrset_class, and packed_rrset_key::type.

Referenced by fptr_whitelist_hash_compfunc(), iter_find_rrset_in_prepend_answer(), and rrset_cache_create().

◆ rrsetdata_equal()

int rrsetdata_equal ( struct packed_rrset_data d1,
struct packed_rrset_data d2 
)

compare two rrset data structures.

Compared rdata and rrsigdata, not the trust or ttl value.

Parameters
d1data to compare.
d2data to compare.
Returns
1 if equal.

References packed_rrset_data::count, packed_rrset_data::rr_data, packed_rrset_data::rr_len, and packed_rrset_data::rrsig_count.

Referenced by iter_find_rrset_in_prepend_answer(), rrset_cache_update(), rrset_check_sec_status(), and rrset_update_sec_status().

◆ ub_rrset_key_delete()

void ub_rrset_key_delete ( void *  key,
void *  userdata 
)

Old key to be deleted.

RRset keys are recycled via alloc. The id is set to 0. So that other threads, after acquiring a lock always get the correct value, in this case the 0 deleted-special value.

Parameters
keystruct ub_packed_rrset_key*.
userdataalloc structure to use for recycling.

References alloc_special_release(), packed_rrset_key::dname, ub_packed_rrset_key::id, and ub_packed_rrset_key::rk.

Referenced by fptr_whitelist_hash_delkeyfunc(), and rrset_cache_create().

◆ rrset_data_delete()

void rrset_data_delete ( void *  data,
void *  userdata 
)

Old data to be deleted.

Parameters
datawhat to delete.
userdatauser data ptr.

Referenced by fptr_whitelist_hash_deldatafunc(), and rrset_cache_create().

◆ rrset_key_hash()

◆ packed_rrset_ptr_fixup()

void packed_rrset_ptr_fixup ( struct packed_rrset_data data)

◆ packed_rrset_ttl_add()

void packed_rrset_ttl_add ( struct packed_rrset_data data,
time_t  add 
)

Fixup TTLs in fixed data packed_rrset_data blob.

Parameters
datarrset data structure. Otherwise correctly filled in.
addhow many seconds to add, pass time(0) for example.

References packed_rrset_data::count, packed_rrset_data::rr_ttl, packed_rrset_data::rrsig_count, packed_rrset_data::ttl, and packed_rrset_data::ttl_add.

Referenced by dns_cache_store(), packed_rrset_copy_alloc(), and store_rrset().

◆ get_cname_target()

void get_cname_target ( struct ub_packed_rrset_key rrset,
uint8_t **  dname,
size_t *  dname_len 
)

Utility procedure to extract CNAME target name from its rdata.

Failsafes; it will change passed dname to a valid dname or do nothing.

Parameters
rrsetthe rrset structure. Must be a CNAME. Only first RR is used (multiple RRs are technically illegal anyway). Also works on type DNAME. Returns target name.
dnamethis pointer is updated to point into the cname rdata. If a failsafe fails, nothing happens to the pointer (such as the rdata was not a valid dname, not a CNAME, ...).
dname_lenlength of dname is returned.

References packed_rrset_data::count, lruhash_entry::data, ub_packed_rrset_key::entry, LDNS_RR_TYPE_CNAME, LDNS_RR_TYPE_DNAME, ub_packed_rrset_key::rk, packed_rrset_data::rr_len, and packed_rrset_key::type.

Referenced by handle_cname_response(), mesh_serve_expired_callback(), reply_check_cname_chain(), reply_find_answer_rrset(), reply_find_final_cname_target(), and val_chase_cname().

◆ rrset_trust_to_string()

const char* rrset_trust_to_string ( enum rrset_trust  s)

◆ sec_status_to_string()

const char* sec_status_to_string ( enum sec_status  s)

Get a printable string for a security status value.

Parameters
ssecurity status
Returns
printable string.

References sec_status_bogus, sec_status_indeterminate, sec_status_insecure, sec_status_secure, sec_status_secure_sentinel_fail, and sec_status_unchecked.

Referenced by already_validated(), validate_referral_response(), and verify_dnskey().

◆ log_rrset_key()

void log_rrset_key ( enum verbosity_value  v,
const char *  str,
struct ub_packed_rrset_key rrset 
)

Print string with neat domain name, type, class from rrset.

Parameters
vat what verbosity level to print this.
strstring of message.
rrsetstructure with name, type and class.

Referenced by iter_lookup_parent_NS_from_cache(), iter_store_parentside_NS(), and remove_spurious_authority().

◆ packed_rr_to_string()

int packed_rr_to_string ( struct ub_packed_rrset_key rrset,
size_t  i,
time_t  now,
char *  dest,
size_t  dest_len 
)

Convert RR from RRset to string.

Parameters
rrsetstructure with data.
iindex of rr or RRSIG.
nowtime that is subtracted from ttl before printout. Can be 0.
destdestination string buffer. Must be nonNULL.
dest_lenlength of dest buffer (>0).
Returns
false on failure.

References packed_rrset_data::count, packed_rrset_key::dname, packed_rrset_key::dname_len, log_assert, ub_packed_rrset_key::rk, packed_rrset_data::rr_len, and packed_rrset_key::type.

Referenced by do_list_local_data(), dump_rrset_line(), pr_rrs(), print_rrset(), and verify_rrset().

◆ log_packed_rrset()

void log_packed_rrset ( enum verbosity_value  v,
const char *  str,
struct ub_packed_rrset_key rrset 
)

Print the string with prefix, one rr per line.

Parameters
vat what verbosity level to print this.
strstring of message.
rrsetwith name, and rdata, and rrsigs.

Referenced by autr_debug_print_tp().

◆ packed_rrset_copy_region()

struct ub_packed_rrset_key* packed_rrset_copy_region ( struct ub_packed_rrset_key key,
struct regional region,
time_t  now 
)

◆ packed_rrset_copy_alloc()

struct ub_packed_rrset_key* packed_rrset_copy_alloc ( struct ub_packed_rrset_key key,
struct alloc_cache alloc,
time_t  now 
)

Allocate rrset with malloc (from region or you are holding the lock).

Parameters
keykey with data entry.
allocalloc_cache to create rrset_keys
nowadjust the TTLs to be absolute (add to all TTLs).
Returns
new region-alloced rrset key or NULL on alloc failure.

References alloc_special_obtain(), alloc_special_release(), lruhash_entry::data, packed_rrset_key::dname, packed_rrset_key::dname_len, ub_packed_rrset_key::entry, lruhash_entry::hash, memdup(), packed_rrset_ptr_fixup(), packed_rrset_sizeof(), packed_rrset_ttl_add(), and ub_packed_rrset_key::rk.

Referenced by iter_store_parentside_rrset(), and rrset_cache_update_wildcard().

◆ packed_rrset_find_rr()

int packed_rrset_find_rr ( struct packed_rrset_data d,
uint8_t *  rdata,
size_t  len,
size_t *  index 
)

Find RR index in packed rrset Raw comparison, does not canonicalize RDATA.

Parameters
dpacked rrset
rdataRDATA of RR to find
lenlength of rdata
indexpointer to int to store index of found RR
Returns
1 if RR found, 0 otherwise

References packed_rrset_data::count, packed_rrset_data::rr_data, and packed_rrset_data::rr_len.

Referenced by az_domain_remove_rr(), rpz_data_delete_rr(), rpz_remove_clientip_rr(), and rpz_rrset_delete_rr().