This file contains helper functions for the validator module. More...
Data Structures | |
| struct | val_neg_cache |
| The negative cache. More... | |
| struct | val_neg_zone |
| Per Zone aggressive negative caching data. More... | |
| struct | val_neg_data |
| Data element for aggressive negative caching. More... | |
Functions | |
| struct val_neg_cache * | val_neg_create (struct config_file *cfg, size_t maxiter) |
| Create negative cache. More... | |
| size_t | val_neg_get_mem (struct val_neg_cache *neg) |
| see how much memory is in use by the negative cache. More... | |
| void | neg_cache_delete (struct val_neg_cache *neg) |
| Destroy negative cache. More... | |
| int | val_neg_data_compare (const void *a, const void *b) |
| Comparison function for rbtree val neg data elements. | |
| int | val_neg_zone_compare (const void *a, const void *b) |
| Comparison function for rbtree val neg zone elements. | |
| void | val_neg_addreply (struct val_neg_cache *neg, struct reply_info *rep) |
| Insert NSECs from this message into the negative cache for reference. More... | |
| void | val_neg_addreferral (struct val_neg_cache *neg, struct reply_info *rep, uint8_t *zone) |
| Insert NSECs from this referral into the negative cache for reference. More... | |
| struct dns_msg * | val_neg_getmsg (struct val_neg_cache *neg, struct query_info *qinfo, struct regional *region, struct rrset_cache *rrset_cache, struct sldns_buffer *buf, time_t now, int addsoa, uint8_t *topname, struct config_file *cfg) |
| For the given query, try to get a reply out of the negative cache. More... | |
| void | neg_insert_data (struct val_neg_cache *neg, struct val_neg_zone *zone, struct ub_packed_rrset_key *nsec) |
| Insert data into the data tree of a zone Does not do locking. More... | |
| void | neg_delete_data (struct val_neg_cache *neg, struct val_neg_data *el) |
| Delete a data element from the negative cache. More... | |
| struct val_neg_zone * | neg_find_zone (struct val_neg_cache *neg, uint8_t *nm, size_t len, uint16_t dclass) |
| Find the given zone, from the SOA owner name and class Does not do locking. More... | |
| struct val_neg_zone * | neg_create_zone (struct val_neg_cache *neg, uint8_t *nm, size_t nm_len, uint16_t dclass) |
| Create a new zone. More... | |
| void | val_neg_zone_take_inuse (struct val_neg_zone *zone) |
| take a zone into use. More... | |
This file contains helper functions for the validator module.
The functions help with aggressive negative caching. This creates new denials of existence, and proofs for absence of types from cached NSEC records.
| struct val_neg_cache* val_neg_create | ( | struct config_file * | cfg, |
| size_t | maxiter | ||
| ) |
Create negative cache.
| cfg | config options. |
| maxiter | max nsec3 iterations allowed. |
References val_neg_cache::lock, log_err(), val_neg_cache::max, config_file::neg_cache_size, val_neg_cache::nsec3_max_iter, rbtree_init(), val_neg_cache::tree, and val_neg_zone_compare().
Referenced by neg_test(), and val_apply_cfg().
| size_t val_neg_get_mem | ( | struct val_neg_cache * | neg | ) |
see how much memory is in use by the negative cache.
| neg | negative cache |
References val_neg_cache::lock, and val_neg_cache::use.
| void neg_cache_delete | ( | struct val_neg_cache * | neg | ) |
Destroy negative cache.
There must no longer be any other threads.
| neg | negative cache. |
References val_neg_cache::lock, neg_clear_zones(), traverse_postorder(), and val_neg_cache::tree.
Referenced by neg_test(), and val_deinit().
| void val_neg_addreply | ( | struct val_neg_cache * | neg, |
| struct reply_info * | rep | ||
| ) |
Insert NSECs from this message into the negative cache for reference.
| neg | negative cache |
| rep | reply with NSECs. Errors are ignored, means that storage is omitted. |
References reply_info::an_numrrsets, calc_data_need(), calc_zone_need(), packed_rrset_key::dname, packed_rrset_key::dname_len, LDNS_RR_TYPE_SOA, val_neg_cache::lock, log_err(), log_nametypeclass(), neg_create_zone(), neg_find_zone(), neg_make_space(), reply_info::ns_numrrsets, reply_find_soa(), reply_has_nsec(), reply_nsec_signer(), ub_packed_rrset_key::rk, packed_rrset_key::rrset_class, reply_info::rrsets, packed_rrset_key::type, val_neg_zone_take_inuse(), and VERB_ALGO.
| void val_neg_addreferral | ( | struct val_neg_cache * | neg, |
| struct reply_info * | rep, | ||
| uint8_t * | zone | ||
| ) |
Insert NSECs from this referral into the negative cache for reference.
| neg | negative cache |
| rep | referral reply with NS, NSECs. |
| zone | bailiwick for the referral. Errors are ignored, means that storage is omitted. |
References reply_info::an_numrrsets, calc_data_need(), calc_zone_need(), val_neg_zone::dclass, dname_subdomain_c(), LDNS_RR_TYPE_NS, val_neg_cache::lock, log_err(), log_nametypeclass(), neg_create_zone(), neg_find_zone(), neg_make_space(), reply_info::ns_numrrsets, reply_nsec_signer(), ub_packed_rrset_key::rk, reply_info::rrsets, packed_rrset_key::type, val_neg_zone_take_inuse(), and VERB_ALGO.
| struct dns_msg* val_neg_getmsg | ( | struct val_neg_cache * | neg, |
| struct query_info * | qinfo, | ||
| struct regional * | region, | ||
| struct rrset_cache * | rrset_cache, | ||
| struct sldns_buffer * | buf, | ||
| time_t | now, | ||
| int | addsoa, | ||
| uint8_t * | topname, | ||
| struct config_file * | cfg | ||
| ) |
For the given query, try to get a reply out of the negative cache.
The reply still needs to be validated.
| neg | negative cache. |
| qinfo | query |
| region | where to allocate reply. |
| rrset_cache | rrset cache. |
| buf | temporary buffer. |
| now | to check TTLs against. |
| addsoa | if true, produce result for external consumption. if false, do not add SOA - for unbound-internal consumption. |
| topname | do not look higher than this name, so that the result cannot be taken from a zone above the current trust anchor. Which could happen with multiple islands of trust. if NULL, then no trust anchor is used, but also the algorithm becomes more conservative, especially for opt-out zones, since the receiver may have a trust-anchor below the optout and thus the optout cannot be used to create a proof from the negative cache. |
| cfg | config options. |
References LDNS_MAX_DOMAINLEN.
Referenced by val_find_DS().
| void neg_insert_data | ( | struct val_neg_cache * | neg, |
| struct val_neg_zone * | zone, | ||
| struct ub_packed_rrset_key * | nsec | ||
| ) |
Insert data into the data tree of a zone Does not do locking.
| neg | negative cache |
| zone | zone to insert into |
| nsec | record to insert. |
References val_neg_data::count, lruhash_entry::data, packed_rrset_key::dname, dname_count_labels(), packed_rrset_key::dname_len, ub_packed_rrset_key::entry, val_neg_data::in_use, val_neg_data::labs, val_neg_data::len, log_assert, log_err(), log_nametypeclass(), val_neg_data::name, neg_closest_data_parent(), neg_data_chain(), neg_lru_front(), neg_lru_touch(), val_neg_data::node, val_neg_data::parent, query_dname_compare(), rbtree_insert(), ub_packed_rrset_key::rk, packed_rrset_key::rrset_class, packed_rrset_data::rrsig_count, sec_status_secure, sec_status_unchecked, packed_rrset_data::security, val_neg_zone::tree, packed_rrset_key::type, val_neg_cache::use, VERB_ALGO, and val_neg_data::zone.
| void neg_delete_data | ( | struct val_neg_cache * | neg, |
| struct val_neg_data * | el | ||
| ) |
Delete a data element from the negative cache.
May delete other data elements to keep tree coherent, or only mark the element as 'not in use'. Does not do locking.
| neg | negative cache. |
| el | data element to delete. |
References rbtree_type::count, val_neg_data::count, val_neg_cache::first, val_neg_data::in_use, val_neg_cache::last, val_neg_data::len, log_assert, val_neg_data::name, neg_delete_zone(), neg_lru_remove(), val_neg_data::node, val_neg_data::parent, rbtree_delete(), val_neg_zone::tree, val_neg_cache::use, and val_neg_data::zone.
Referenced by neg_make_space(), and remove_item().
| struct val_neg_zone* neg_find_zone | ( | struct val_neg_cache * | neg, |
| uint8_t * | nm, | ||
| size_t | len, | ||
| uint16_t | dclass | ||
| ) |
Find the given zone, from the SOA owner name and class Does not do locking.
| neg | negative cache |
| nm | what to look for. |
| len | length of nm |
| dclass | class to look for. |
References val_neg_zone::dclass, dname_count_labels(), rbnode_type::key, val_neg_zone::labs, val_neg_zone::len, val_neg_zone::name, val_neg_zone::node, rbtree_search(), and val_neg_cache::tree.
Referenced by add_item(), val_neg_addreferral(), and val_neg_addreply().
| struct val_neg_zone* neg_create_zone | ( | struct val_neg_cache * | neg, |
| uint8_t * | nm, | ||
| size_t | nm_len, | ||
| uint16_t | dclass | ||
| ) |
Create a new zone.
Does not do locking.
| neg | negative cache |
| nm | what to look for. |
| nm_len | length of name. |
| dclass | class of zone, host order. |
References val_neg_zone::count, val_neg_zone::dclass, dname_count_labels(), val_neg_zone::labs, val_neg_zone::len, log_assert, val_neg_zone::name, neg_closest_zone_parent(), neg_zone_chain(), val_neg_zone::node, val_neg_zone::parent, query_dname_compare(), rbtree_insert(), val_neg_cache::tree, and val_neg_cache::use.
Referenced by add_item(), val_neg_addreferral(), and val_neg_addreply().
| void val_neg_zone_take_inuse | ( | struct val_neg_zone * | zone | ) |
take a zone into use.
increases counts of parents. Does not do locking.
| zone | zone to take into use. |
References val_neg_zone::count, val_neg_zone::in_use, and val_neg_zone::parent.
Referenced by add_item(), val_neg_addreferral(), and val_neg_addreply().