Lines Matching refs:vq
69 struct val_qstate* vq, int id, int rcode, struct dns_msg* msg,
214 val_new_getmsg(struct module_qstate* qstate, struct val_qstate* vq)
219 vq->orig_msg = (struct dns_msg*)regional_alloc(qstate->region,
221 if(!vq->orig_msg)
223 vq->orig_msg->qinfo = qstate->qinfo;
224 vq->orig_msg->rep = (struct reply_info*)regional_alloc(
226 if(!vq->orig_msg->rep)
228 memset(vq->orig_msg->rep, 0, sizeof(struct reply_info));
229 vq->orig_msg->rep->flags = (uint16_t)(qstate->return_rcode&0xf)
231 vq->orig_msg->rep->qdcount = 1;
233 vq->orig_msg = qstate->return_msg;
235 vq->qchase = qstate->qinfo;
237 vq->chase_reply = regional_alloc_init(qstate->region,
238 vq->orig_msg->rep,
240 if(!vq->chase_reply)
242 if(vq->orig_msg->rep->rrset_count > RR_COUNT_MAX)
244 vq->chase_reply->rrsets = regional_alloc_init(qstate->region,
245 vq->orig_msg->rep->rrsets, sizeof(struct ub_packed_rrset_key*)
246 * vq->orig_msg->rep->rrset_count);
247 if(!vq->chase_reply->rrsets)
249 vq->rrset_skip = 0;
250 return vq;
257 struct val_qstate* vq = (struct val_qstate*)regional_alloc(
258 qstate->region, sizeof(*vq));
260 if(!vq)
262 memset(vq, 0, sizeof(*vq));
263 qstate->minfo[id] = vq;
264 vq->state = VAL_INIT_STATE;
265 return val_new_getmsg(qstate, vq);
383 struct val_qstate* vq = (struct val_qstate*)qstate->minfo[id];
427 vq->chain_blacklist);
524 * @param vq: validator query state.
530 prime_trust_anchor(struct module_qstate* qstate, struct val_qstate* vq,
549 vq->wait_prime_ta = 1; /* to elicit PRIME_RESP_STATE processing
552 vq->trust_anchor_name = regional_alloc_init(qstate->region,
554 vq->trust_anchor_len = toprime->namelen;
555 vq->trust_anchor_labs = toprime->namelabs;
556 if(!vq->trust_anchor_name) {
1474 * @param vq: validator query state.
1481 processInit(struct module_qstate* qstate, struct val_qstate* vq,
1488 qstate->query_flags, &qstate->qinfo, &vq->qchase,
1489 vq->orig_msg->rep, vq->rrset_skip);
1490 if(vq->restart_count > VAL_MAX_RESTART_COUNT) {
1497 vq->rrset_skip < vq->orig_msg->rep->rrset_count) {
1500 vq->qchase.qname = vq->orig_msg->rep->
1501 rrsets[vq->rrset_skip]->rk.dname;
1502 vq->qchase.qname_len = vq->orig_msg->rep->
1503 rrsets[vq->rrset_skip]->rk.dname_len;
1504 vq->qchase.qtype = ntohs(vq->orig_msg->rep->
1505 rrsets[vq->rrset_skip]->rk.type);
1506 vq->qchase.qclass = ntohs(vq->orig_msg->rep->
1507 rrsets[vq->rrset_skip]->rk.rrset_class);
1509 lookup_name = vq->qchase.qname;
1510 lookup_len = vq->qchase.qname_len;
1513 if(vq->qchase.qtype == LDNS_RR_TYPE_DS ||
1514 (vq->qchase.qtype == LDNS_RR_TYPE_NSEC &&
1515 vq->orig_msg->rep->rrset_count > vq->rrset_skip &&
1516 ntohs(vq->orig_msg->rep->rrsets[vq->rrset_skip]->rk.type) ==
1518 !(vq->orig_msg->rep->rrsets[vq->rrset_skip]->
1523 val_mark_indeterminate(vq->chase_reply, qstate->env->anchors,
1525 vq->key_entry = NULL;
1526 vq->empty_DS_name = NULL;
1527 vq->ds_rrset = 0;
1529 lookup_name, lookup_len, vq->qchase.qclass);
1532 val_find_signer(subtype, &vq->qchase, vq->orig_msg->rep,
1533 vq->rrset_skip, &vq->signer_name, &vq->signer_len);
1534 if(vq->signer_name != NULL &&
1535 !dname_subdomain_c(lookup_name, vq->signer_name)) {
1537 "of lookupname, omitted", vq->signer_name, 0, 0);
1538 vq->signer_name = NULL;
1540 if(vq->signer_name == NULL) {
1544 lookup_name = vq->signer_name;
1545 lookup_len = vq->signer_len;
1550 if(subtype == VAL_CLASS_NAMEERROR && vq->signer_name &&
1554 lookup_name, lookup_len, vq->qchase.qclass);
1558 vq->chase_reply->security = sec_status_indeterminate;
1559 vq->state = VAL_FINISHED_STATE;
1571 if(vq->rrset_skip > 0 || subtype == VAL_CLASS_CNAME ||
1575 val_fill_reply(vq->chase_reply, vq->orig_msg->rep,
1576 vq->rrset_skip, lookup_name, lookup_len,
1577 vq->signer_name);
1579 log_dns_msg("chased extract", &vq->qchase,
1580 vq->chase_reply);
1583 vq->key_entry = key_cache_obtain(ve->kcache, lookup_name, lookup_len,
1584 vq->qchase.qclass, qstate->region, *qstate->env->now);
1587 if(vq->key_entry == NULL && anchor == NULL) {
1589 vq->chase_reply->security = sec_status_indeterminate;
1591 vq->state = VAL_FINISHED_STATE;
1596 else if(vq->key_entry == NULL || (anchor &&
1597 dname_strict_subdomain_c(anchor->name, vq->key_entry->name))) {
1600 vq->chase_reply->security = sec_status_insecure;
1601 val_mark_insecure(vq->chase_reply, anchor->name,
1605 vq->state = VAL_FINISHED_STATE;
1610 if(!prime_trust_anchor(qstate, vq, id, anchor)) {
1617 vq->state = VAL_FINDKEY_STATE;
1624 if(key_entry_isnull(vq->key_entry)) {
1628 vq->chase_reply->security = sec_status_insecure;
1629 val_mark_insecure(vq->chase_reply, vq->key_entry->name,
1632 vq->state = VAL_FINISHED_STATE;
1634 } else if(key_entry_isbad(vq->key_entry)) {
1636 errinf_dname(qstate, "key for validation", vq->key_entry->name);
1638 if(key_entry_get_reason(vq->key_entry)) {
1640 errinf(qstate, key_entry_get_reason(vq->key_entry));
1643 vq->restart_count = VAL_MAX_RESTART_COUNT;
1644 vq->chase_reply->security = sec_status_bogus;
1645 vq->state = VAL_FINISHED_STATE;
1651 vq->state = VAL_FINDKEY_STATE;
1662 * @param vq: validator query state.
1668 processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id)
1675 log_query_info(VERB_ALGO, "validator: FindKey", &vq->qchase);
1681 log_assert(vq->key_entry && !key_entry_isbad(vq->key_entry));
1682 if(key_entry_isnull(vq->key_entry)) {
1683 if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
1684 vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
1685 vq->qchase.qclass, BIT_CD, &newq, 0)) {
1692 target_key_name = vq->signer_name;
1693 target_key_len = vq->signer_len;
1695 target_key_name = vq->qchase.qname;
1696 target_key_len = vq->qchase.qname_len;
1699 current_key_name = vq->key_entry->name;
1703 vq->state = VAL_VALIDATE_STATE;
1707 if(vq->empty_DS_name) {
1712 vq->empty_DS_name) == 0) {
1717 vq->chase_reply->security = sec_status_bogus;
1718 vq->state = VAL_FINISHED_STATE;
1721 current_key_name = vq->empty_DS_name;
1731 vq->chase_reply->security = sec_status_bogus;
1732 vq->state = VAL_FINISHED_STATE;
1749 if(vq->ds_rrset)
1750 log_nametypeclass(VERB_ALGO, "DS RRset", vq->ds_rrset->rk.dname, LDNS_RR_TYPE_DS, LDNS_RR_CLASS_IN);
1753 if(vq->ds_rrset && query_dname_compare(vq->ds_rrset->rk.dname,
1754 vq->key_entry->name) != 0) {
1755 if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
1756 vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
1757 vq->qchase.qclass, BIT_CD, &newq, 0)) {
1764 if(!vq->ds_rrset || query_dname_compare(vq->ds_rrset->rk.dname,
1775 if(!qstate->blacklist && !vq->chain_blacklist &&
1777 target_key_len, vq->qchase.qclass, qstate->region,
1778 vq->key_entry->name)) ) {
1780 process_ds_response(qstate, vq, id, LDNS_RCODE_NOERROR,
1785 target_key_len, LDNS_RR_TYPE_DS, vq->qchase.qclass,
1794 if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
1795 vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
1796 vq->qchase.qclass, BIT_CD, &newq, 0)) {
1813 * @param vq: validator query state.
1820 processValidate(struct module_qstate* qstate, struct val_qstate* vq,
1826 if(!vq->key_entry) {
1832 vq->state = VAL_FINISHED_STATE;
1835 if(key_entry_isnull(vq->key_entry)) {
1837 vq->signer_name?"":"unsigned ");
1838 vq->chase_reply->security = sec_status_insecure;
1839 val_mark_insecure(vq->chase_reply, vq->key_entry->name,
1841 key_cache_insert(ve->kcache, vq->key_entry, qstate);
1845 if(key_entry_isbad(vq->key_entry)) {
1847 "of trust to keys for", vq->key_entry->name,
1848 LDNS_RR_TYPE_DNSKEY, vq->key_entry->key_class);
1849 vq->chase_reply->security = sec_status_bogus;
1851 if(vq->restart_count >= VAL_MAX_RESTART_COUNT)
1852 key_cache_insert(ve->kcache, vq->key_entry, qstate);
1858 if(vq->signer_name == NULL) {
1860 "signer name", &vq->qchase);
1865 vq->chase_reply->security = sec_status_bogus;
1869 &vq->qchase, vq->orig_msg->rep, vq->rrset_skip);
1871 remove_spurious_authority(vq->chase_reply, vq->orig_msg->rep);
1875 if(!validate_msg_signatures(qstate, qstate->env, ve, &vq->qchase,
1876 vq->chase_reply, vq->key_entry)) {
1882 detect_wrongly_truncated(vq->orig_msg->rep)) {
1884 vq->orig_msg->rep->ns_numrrsets = 0;
1885 vq->orig_msg->rep->ar_numrrsets = 0;
1886 vq->orig_msg->rep->rrset_count =
1887 vq->orig_msg->rep->an_numrrsets;
1888 vq->chase_reply->ns_numrrsets = 0;
1889 vq->chase_reply->ar_numrrsets = 0;
1890 vq->chase_reply->rrset_count =
1891 vq->chase_reply->an_numrrsets;
1905 &vq->qchase, vq->chase_reply, vq->key_entry);
1908 vq->chase_reply->security));
1914 &vq->qchase, vq->chase_reply, vq->key_entry);
1917 vq->chase_reply->security));
1921 rcode = (int)FLAGS_GET_RCODE(vq->orig_msg->rep->flags);
1924 &vq->qchase, vq->chase_reply, vq->key_entry, &rcode);
1927 vq->chase_reply->security));
1928 FLAGS_SET_RCODE(vq->orig_msg->rep->flags, rcode);
1929 FLAGS_SET_RCODE(vq->chase_reply->flags, rcode);
1935 &vq->qchase, vq->chase_reply, vq->key_entry);
1938 vq->chase_reply->security));
1945 &vq->qchase, vq->chase_reply, vq->key_entry);
1948 vq->chase_reply->security));
1953 validate_referral_response(vq->chase_reply);
1956 vq->chase_reply->security));
1962 validate_any_response(qstate->env, ve, &vq->qchase,
1963 vq->chase_reply, vq->key_entry);
1966 vq->chase_reply->security));
1973 if(vq->chase_reply->security == sec_status_bogus) {
1988 * @param vq: validator query state.
1995 processFinished(struct module_qstate* qstate, struct val_qstate* vq,
1999 qstate->query_flags, &qstate->qinfo, &vq->qchase,
2000 vq->orig_msg->rep, vq->rrset_skip);
2003 if(vq->rrset_skip == 0)
2004 vq->orig_msg->rep->security = vq->chase_reply->security;
2006 vq->rrset_skip < vq->orig_msg->rep->an_numrrsets +
2007 vq->orig_msg->rep->ns_numrrsets) {
2011 if(vq->chase_reply->security < vq->orig_msg->rep->security)
2012 vq->orig_msg->rep->security =
2013 vq->chase_reply->security;
2018 vq->rrset_skip = val_next_unchecked(vq->orig_msg->rep,
2019 vq->rrset_skip);
2020 if(vq->rrset_skip < vq->orig_msg->rep->rrset_count) {
2023 vq->chase_reply->security = sec_status_unchecked;
2024 vq->state = VAL_INIT_STATE;
2029 if(vq->chase_reply->security != sec_status_bogus &&
2032 if(!val_chase_cname(&vq->qchase, vq->orig_msg->rep,
2033 &vq->rrset_skip)) {
2035 vq->orig_msg->rep->security = sec_status_bogus;
2039 &vq->qchase);
2040 vq->chase_reply->security = sec_status_unchecked;
2041 vq->state = VAL_INIT_STATE;
2046 if(vq->orig_msg->rep->security == sec_status_secure) {
2052 val_check_nonsecure(qstate->env, vq->orig_msg->rep);
2053 if(vq->orig_msg->rep->security == sec_status_secure) {
2058 vq->orig_msg->rep);
2065 if(vq->orig_msg->rep->security == sec_status_bogus) {
2067 if(vq->restart_count < VAL_MAX_RESTART_COUNT) {
2068 int restart_count = vq->restart_count+1;
2075 memset(vq, 0, sizeof(*vq));
2076 vq->restart_count = restart_count;
2077 vq->state = VAL_INIT_STATE;
2083 vq->orig_msg->rep->ttl = ve->bogus_ttl;
2084 vq->orig_msg->rep->prefetch_ttl =
2085 PREFETCH_TTL_CALC(vq->orig_msg->rep->ttl);
2086 vq->orig_msg->rep->serve_expired_ttl =
2087 vq->orig_msg->rep->ttl + qstate->env->cfg->serve_expired_ttl;
2109 vq->orig_msg->rep->security = sec_status_indeterminate;
2112 if(vq->orig_msg->rep->security == sec_status_secure &&
2124 (uint8_t*)"", 1, 0, vq->qchase.qclass, keytag)) {
2125 vq->orig_msg->rep->security =
2134 (uint8_t*)"", 1, 0, vq->qchase.qclass, keytag)) {
2135 vq->orig_msg->rep->security =
2145 if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo,
2146 vq->orig_msg->rep, 0, qstate->prefetch_leeway, 0, NULL,
2154 if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo,
2155 vq->orig_msg->rep, 1, 0, 0, NULL,
2161 qstate->return_msg = vq->orig_msg;
2171 * @param vq: validator query state.
2176 val_handle(struct module_qstate* qstate, struct val_qstate* vq,
2182 val_state_to_string(vq->state));
2183 switch(vq->state) {
2185 cont = processInit(qstate, vq, ve, id);
2188 cont = processFindKey(qstate, vq, id);
2191 cont = processValidate(qstate, vq, ve, id);
2194 cont = processFinished(qstate, vq, ve, id);
2198 vq->state);
2210 struct val_qstate* vq = (struct val_qstate*)qstate->minfo[id];
2216 if(vq && qstate->qinfo.qname != vq->qchase.qname)
2218 &vq->qchase);
2221 (event == module_event_pass && vq == NULL)) {
2257 if(!vq) {
2258 vq = val_new(qstate, id);
2259 if(!vq) {
2264 } else if(!vq->orig_msg) {
2265 if(!val_new_getmsg(qstate, vq)) {
2271 val_handle(qstate, vq, ve, id);
2277 val_handle(qstate, vq, ve, id);
2372 * @param vq: validator query state
2385 ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq,
2419 vq->key_entry, &reason, LDNS_SECTION_ANSWER, qstate);
2465 qstate->env, ve, qinfo, msg->rep, vq->key_entry,
2494 msg->rep->ns_numrrsets, qinfo, vq->key_entry, &reason,
2556 vq->key_entry, &reason, LDNS_SECTION_ANSWER, qstate);
2596 * @param vq: validator query state
2604 process_ds_response(struct module_qstate* qstate, struct val_qstate* vq,
2609 uint8_t* olds = vq->empty_DS_name;
2610 vq->empty_DS_name = NULL;
2611 if(!ds_response_to_ke(qstate, vq, id, rcode, msg, qinfo, &dske)) {
2613 vq->key_entry = NULL; /* make it error */
2614 vq->state = VAL_VALIDATE_STATE;
2618 vq->empty_DS_name = regional_alloc_init(qstate->region,
2620 if(!vq->empty_DS_name) {
2622 vq->key_entry = NULL; /* make it error */
2623 vq->state = VAL_VALIDATE_STATE;
2626 vq->empty_DS_len = qinfo->qname_len;
2627 vq->chain_blacklist = NULL;
2631 vq->ds_rrset = key_entry_get_rrset(dske, qstate->region);
2632 if(!vq->ds_rrset) {
2634 vq->key_entry = NULL; /* make it error */
2635 vq->state = VAL_VALIDATE_STATE;
2638 vq->chain_blacklist = NULL; /* fresh blacklist for next part*/
2641 && vq->restart_count < VAL_MAX_RESTART_COUNT) {
2642 vq->empty_DS_name = olds;
2643 val_blacklist(&vq->chain_blacklist, qstate->region, origin, 1);
2645 vq->restart_count++;
2654 vq->key_entry = dske;
2656 vq->state = VAL_VALIDATE_STATE;
2669 * @param vq: validator query state
2677 process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq,
2682 struct key_entry_key* old = vq->key_entry;
2694 if(vq->restart_count < VAL_MAX_RESTART_COUNT) {
2695 val_blacklist(&vq->chain_blacklist, qstate->region,
2698 vq->restart_count++;
2701 vq->key_entry = key_entry_create_bad(qstate->region,
2704 if(!vq->key_entry) {
2711 vq->state = VAL_VALIDATE_STATE;
2714 if(!vq->ds_rrset) {
2716 vq->key_entry = NULL;
2717 vq->state = VAL_VALIDATE_STATE;
2721 vq->key_entry = val_verify_new_DNSKEYs(qstate->region, qstate->env,
2722 ve, dnskey, vq->ds_rrset, downprot, &reason, qstate);
2724 if(!vq->key_entry) {
2726 vq->state = VAL_VALIDATE_STATE;
2731 if(!key_entry_isgood(vq->key_entry)) {
2732 if(key_entry_isbad(vq->key_entry)) {
2733 if(vq->restart_count < VAL_MAX_RESTART_COUNT) {
2734 val_blacklist(&vq->chain_blacklist,
2737 vq->restart_count++;
2738 vq->key_entry = old;
2747 vq->chain_blacklist = NULL;
2748 vq->state = VAL_VALIDATE_STATE;
2751 vq->chain_blacklist = NULL;
2755 key_cache_insert(ve->kcache, vq->key_entry, qstate);
2766 * @param vq: validator query state
2773 process_prime_response(struct module_qstate* qstate, struct val_qstate* vq,
2779 vq->trust_anchor_name, vq->trust_anchor_labs,
2780 vq->trust_anchor_len, vq->qchase.qclass);
2783 vq->state = VAL_INIT_STATE;
2784 if(!vq->trust_anchor_name)
2785 vq->state = VAL_VALIDATE_STATE; /* break a loop */
2786 vq->trust_anchor_name = NULL;
2801 vq->state = VAL_INIT_STATE;
2802 vq->trust_anchor_name = NULL;
2806 vq->key_entry = primeResponseToKE(dnskey_rrset, ta, qstate, id);
2808 if(vq->key_entry) {
2809 if(key_entry_isbad(vq->key_entry)
2810 && vq->restart_count < VAL_MAX_RESTART_COUNT) {
2811 val_blacklist(&vq->chain_blacklist, qstate->region,
2814 vq->restart_count++;
2815 vq->key_entry = NULL;
2816 vq->state = VAL_INIT_STATE;
2819 vq->chain_blacklist = NULL;
2823 key_cache_insert(ve->kcache, vq->key_entry, qstate);
2827 if(!vq->key_entry || key_entry_isnull(vq->key_entry) ||
2828 key_entry_isbad(vq->key_entry)) {
2829 vq->state = VAL_VALIDATE_STATE;
2845 struct val_qstate* vq = (struct val_qstate*)super->minfo[id];
2849 if(!vq) {
2853 if(vq->wait_prime_ta) {
2854 vq->wait_prime_ta = 0;
2855 process_prime_response(super, vq, id, qstate->return_rcode,
2860 process_ds_response(super, vq, id, qstate->return_rcode,
2865 process_dnskey_response(super, vq, id, qstate->return_rcode,