Lines Matching defs:vq
66 struct val_qstate* vq, int id, int rcode, struct dns_msg* msg,
201 val_new_getmsg(struct module_qstate* qstate, struct val_qstate* vq)
206 vq->orig_msg = (struct dns_msg*)regional_alloc(qstate->region,
208 if(!vq->orig_msg)
210 vq->orig_msg->qinfo = qstate->qinfo;
211 vq->orig_msg->rep = (struct reply_info*)regional_alloc(
213 if(!vq->orig_msg->rep)
215 memset(vq->orig_msg->rep, 0, sizeof(struct reply_info));
216 vq->orig_msg->rep->flags = (uint16_t)(qstate->return_rcode&0xf)
218 vq->orig_msg->rep->qdcount = 1;
220 vq->orig_msg = qstate->return_msg;
222 vq->qchase = qstate->qinfo;
224 vq->chase_reply = regional_alloc_init(qstate->region,
225 vq->orig_msg->rep,
227 if(!vq->chase_reply)
229 if(vq->orig_msg->rep->rrset_count > RR_COUNT_MAX)
231 vq->chase_reply->rrsets = regional_alloc_init(qstate->region,
232 vq->orig_msg->rep->rrsets, sizeof(struct ub_packed_rrset_key*)
233 * vq->orig_msg->rep->rrset_count);
234 if(!vq->chase_reply->rrsets)
236 vq->rrset_skip = 0;
237 return vq;
244 struct val_qstate* vq = (struct val_qstate*)regional_alloc(
245 qstate->region, sizeof(*vq));
247 if(!vq)
249 memset(vq, 0, sizeof(*vq));
250 qstate->minfo[id] = vq;
251 vq->state = VAL_INIT_STATE;
252 return val_new_getmsg(qstate, vq);
366 struct val_qstate* vq = (struct val_qstate*)qstate->minfo[id];
391 vq->chain_blacklist);
403 * @param vq: validator query state.
409 prime_trust_anchor(struct module_qstate* qstate, struct val_qstate* vq,
420 vq->wait_prime_ta = 1; /* to elicit PRIME_RESP_STATE processing
423 vq->trust_anchor_name = regional_alloc_init(qstate->region,
425 vq->trust_anchor_len = toprime->namelen;
426 vq->trust_anchor_labs = toprime->namelabs;
427 if(!vq->trust_anchor_name) {
1305 * @param vq: validator query state.
1312 processInit(struct module_qstate* qstate, struct val_qstate* vq,
1319 qstate->query_flags, &qstate->qinfo, &vq->qchase,
1320 vq->orig_msg->rep, vq->rrset_skip);
1321 if(vq->restart_count > VAL_MAX_RESTART_COUNT) {
1328 vq->rrset_skip < vq->orig_msg->rep->rrset_count) {
1331 vq->qchase.qname = vq->orig_msg->rep->
1332 rrsets[vq->rrset_skip]->rk.dname;
1333 vq->qchase.qname_len = vq->orig_msg->rep->
1334 rrsets[vq->rrset_skip]->rk.dname_len;
1335 vq->qchase.qtype = ntohs(vq->orig_msg->rep->
1336 rrsets[vq->rrset_skip]->rk.type);
1337 vq->qchase.qclass = ntohs(vq->orig_msg->rep->
1338 rrsets[vq->rrset_skip]->rk.rrset_class);
1340 lookup_name = vq->qchase.qname;
1341 lookup_len = vq->qchase.qname_len;
1344 if(vq->qchase.qtype == LDNS_RR_TYPE_DS ||
1345 (vq->qchase.qtype == LDNS_RR_TYPE_NSEC &&
1346 vq->orig_msg->rep->rrset_count > vq->rrset_skip &&
1347 ntohs(vq->orig_msg->rep->rrsets[vq->rrset_skip]->rk.type) ==
1349 !(vq->orig_msg->rep->rrsets[vq->rrset_skip]->
1354 val_mark_indeterminate(vq->chase_reply, qstate->env->anchors,
1356 vq->key_entry = NULL;
1357 vq->empty_DS_name = NULL;
1358 vq->ds_rrset = 0;
1360 lookup_name, lookup_len, vq->qchase.qclass);
1363 val_find_signer(subtype, &vq->qchase, vq->orig_msg->rep,
1364 vq->rrset_skip, &vq->signer_name, &vq->signer_len);
1365 if(vq->signer_name != NULL &&
1366 !dname_subdomain_c(lookup_name, vq->signer_name)) {
1368 "of lookupname, omitted", vq->signer_name, 0, 0);
1369 vq->signer_name = NULL;
1371 if(vq->signer_name == NULL) {
1375 lookup_name = vq->signer_name;
1376 lookup_len = vq->signer_len;
1381 if(subtype == VAL_CLASS_NAMEERROR && vq->signer_name &&
1385 lookup_name, lookup_len, vq->qchase.qclass);
1389 vq->chase_reply->security = sec_status_indeterminate;
1390 vq->state = VAL_FINISHED_STATE;
1402 if(vq->rrset_skip > 0 || subtype == VAL_CLASS_CNAME ||
1406 val_fill_reply(vq->chase_reply, vq->orig_msg->rep,
1407 vq->rrset_skip, lookup_name, lookup_len,
1408 vq->signer_name);
1410 log_dns_msg("chased extract", &vq->qchase,
1411 vq->chase_reply);
1414 vq->key_entry = key_cache_obtain(ve->kcache, lookup_name, lookup_len,
1415 vq->qchase.qclass, qstate->region, *qstate->env->now);
1418 if(vq->key_entry == NULL && anchor == NULL) {
1420 vq->chase_reply->security = sec_status_indeterminate;
1422 vq->state = VAL_FINISHED_STATE;
1427 else if(vq->key_entry == NULL || (anchor &&
1428 dname_strict_subdomain_c(anchor->name, vq->key_entry->name))) {
1431 vq->chase_reply->security = sec_status_insecure;
1432 val_mark_insecure(vq->chase_reply, anchor->name,
1435 vq->dlv_checked=1; /* skip DLV check */
1437 vq->state = VAL_FINISHED_STATE;
1442 if(!prime_trust_anchor(qstate, vq, id, anchor)) {
1449 vq->state = VAL_FINDKEY_STATE;
1456 if(key_entry_isnull(vq->key_entry)) {
1460 vq->chase_reply->security = sec_status_insecure;
1461 val_mark_insecure(vq->chase_reply, vq->key_entry->name,
1464 vq->state = VAL_FINISHED_STATE;
1466 } else if(key_entry_isbad(vq->key_entry)) {
1468 errinf_dname(qstate, "key for validation", vq->key_entry->name);
1470 if(key_entry_get_reason(vq->key_entry)) {
1472 errinf(qstate, key_entry_get_reason(vq->key_entry));
1475 vq->restart_count = VAL_MAX_RESTART_COUNT;
1476 vq->chase_reply->security = sec_status_bogus;
1477 vq->state = VAL_FINISHED_STATE;
1483 vq->state = VAL_FINDKEY_STATE;
1494 * @param vq: validator query state.
1500 processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id)
1506 log_query_info(VERB_ALGO, "validator: FindKey", &vq->qchase);
1513 log_assert(vq->key_entry && !key_entry_isbad(vq->key_entry));
1514 if(key_entry_isnull(vq->key_entry)) {
1515 if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
1516 vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
1517 vq->qchase.qclass, BIT_CD)) {
1524 target_key_name = vq->signer_name;
1525 target_key_len = vq->signer_len;
1527 target_key_name = vq->qchase.qname;
1528 target_key_len = vq->qchase.qname_len;
1531 current_key_name = vq->key_entry->name;
1535 vq->state = VAL_VALIDATE_STATE;
1539 if(vq->empty_DS_name) {
1544 vq->empty_DS_name) == 0) {
1549 vq->chase_reply->security = sec_status_bogus;
1550 vq->state = VAL_FINISHED_STATE;
1553 current_key_name = vq->empty_DS_name;
1563 vq->chase_reply->security = sec_status_bogus;
1564 vq->state = VAL_FINISHED_STATE;
1581 if(vq->ds_rrset)
1582 log_nametypeclass(VERB_ALGO, "DS RRset", vq->ds_rrset->rk.dname, LDNS_RR_TYPE_DS, LDNS_RR_CLASS_IN);
1585 if(vq->ds_rrset && query_dname_compare(vq->ds_rrset->rk.dname,
1586 vq->key_entry->name) != 0) {
1587 if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
1588 vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
1589 vq->qchase.qclass, BIT_CD)) {
1596 if(!vq->ds_rrset || query_dname_compare(vq->ds_rrset->rk.dname,
1607 if(!qstate->blacklist && !vq->chain_blacklist &&
1609 target_key_len, vq->qchase.qclass, qstate->region,
1610 vq->key_entry->name)) ) {
1612 process_ds_response(qstate, vq, id, LDNS_RCODE_NOERROR,
1617 target_key_len, LDNS_RR_TYPE_DS, vq->qchase.qclass,
1626 if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
1627 vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
1628 vq->qchase.qclass, BIT_CD)) {
1645 * @param vq: validator query state.
1652 processValidate(struct module_qstate* qstate, struct val_qstate* vq,
1658 if(!vq->key_entry) {
1664 vq->state = VAL_FINISHED_STATE;
1667 if(key_entry_isnull(vq->key_entry)) {
1669 vq->signer_name?"":"unsigned ");
1670 vq->chase_reply->security = sec_status_insecure;
1671 val_mark_insecure(vq->chase_reply, vq->key_entry->name,
1673 key_cache_insert(ve->kcache, vq->key_entry, qstate);
1677 if(key_entry_isbad(vq->key_entry)) {
1679 "of trust to keys for", vq->key_entry->name,
1680 LDNS_RR_TYPE_DNSKEY, vq->key_entry->key_class);
1681 vq->chase_reply->security = sec_status_bogus;
1683 if(vq->restart_count >= VAL_MAX_RESTART_COUNT)
1684 key_cache_insert(ve->kcache, vq->key_entry, qstate);
1690 if(vq->signer_name == NULL) {
1692 "signer name", &vq->qchase);
1697 vq->chase_reply->security = sec_status_bogus;
1701 &vq->qchase, vq->orig_msg->rep, vq->rrset_skip);
1703 remove_spurious_authority(vq->chase_reply, vq->orig_msg->rep);
1707 if(!validate_msg_signatures(qstate, qstate->env, ve, &vq->qchase,
1708 vq->chase_reply, vq->key_entry)) {
1714 detect_wrongly_truncated(vq->orig_msg->rep)) {
1716 vq->orig_msg->rep->ns_numrrsets = 0;
1717 vq->orig_msg->rep->ar_numrrsets = 0;
1718 vq->orig_msg->rep->rrset_count =
1719 vq->orig_msg->rep->an_numrrsets;
1720 vq->chase_reply->ns_numrrsets = 0;
1721 vq->chase_reply->ar_numrrsets = 0;
1722 vq->chase_reply->rrset_count =
1723 vq->chase_reply->an_numrrsets;
1737 &vq->qchase, vq->chase_reply, vq->key_entry);
1740 vq->chase_reply->security));
1746 &vq->qchase, vq->chase_reply, vq->key_entry);
1749 vq->chase_reply->security));
1753 rcode = (int)FLAGS_GET_RCODE(vq->orig_msg->rep->flags);
1756 &vq->qchase, vq->chase_reply, vq->key_entry, &rcode);
1759 vq->chase_reply->security));
1760 FLAGS_SET_RCODE(vq->orig_msg->rep->flags, rcode);
1761 FLAGS_SET_RCODE(vq->chase_reply->flags, rcode);
1767 &vq->qchase, vq->chase_reply, vq->key_entry);
1770 vq->chase_reply->security));
1777 &vq->qchase, vq->chase_reply, vq->key_entry);
1780 vq->chase_reply->security));
1785 validate_referral_response(vq->chase_reply);
1788 vq->chase_reply->security));
1794 validate_any_response(qstate->env, ve, &vq->qchase,
1795 vq->chase_reply, vq->key_entry);
1798 vq->chase_reply->security));
1805 if(vq->chase_reply->security == sec_status_bogus) {
1826 * @param vq: validator query state.
1837 val_dlv_init(struct module_qstate* qstate, struct val_qstate* vq,
1845 log_assert(vq->dlv_checked);
1848 vq->dlv_lookup_name = NULL;
1849 vq->dlv_lookup_name_len = 0;
1850 vq->dlv_insecure_at = NULL;
1851 vq->dlv_insecure_at_len = 0;
1857 if(vq->signer_name) {
1858 nm = vq->signer_name;
1859 nm_len = vq->signer_len;
1862 nm = vq->qchase.qname;
1863 nm_len = vq->qchase.qname_len;
1864 if(vq->qchase.qtype == LDNS_RR_TYPE_DS)
1868 vq->qchase.qclass);
1877 vq->dlv_lookup_name_len = nm_len - 1 +
1879 vq->dlv_lookup_name = regional_alloc(qstate->region,
1880 vq->dlv_lookup_name_len);
1881 if(!vq->dlv_lookup_name) {
1885 memmove(vq->dlv_lookup_name, nm, nm_len-1);
1886 memmove(vq->dlv_lookup_name+nm_len-1,
1889 log_nametypeclass(VERB_ALGO, "DLV name", vq->dlv_lookup_name,
1890 LDNS_RR_TYPE_DLV, vq->qchase.qclass);
1896 if(vq->key_entry && key_entry_isnull(vq->key_entry)) {
1897 nm = vq->key_entry->name;
1898 nm_len = vq->key_entry->namelen;
1901 vq->dlv_insecure_at_len = nm_len - 1 +
1903 vq->dlv_insecure_at = regional_alloc(qstate->region,
1904 vq->dlv_insecure_at_len);
1905 if(!vq->dlv_insecure_at) {
1909 memmove(vq->dlv_insecure_at, nm, nm_len-1);
1910 memmove(vq->dlv_insecure_at+nm_len-1,
1914 vq->dlv_insecure_at, 0, vq->qchase.qclass);
1919 while(val_neg_dlvlookup(ve->neg_cache, vq->dlv_lookup_name,
1920 vq->dlv_lookup_name_len, vq->qchase.qclass,
1923 dname_remove_label(&vq->dlv_lookup_name,
1924 &vq->dlv_lookup_name_len);
1926 if(!dname_subdomain_c(vq->dlv_lookup_name,
1932 if(vq->dlv_insecure_at && !dname_subdomain_c(
1933 vq->dlv_lookup_name, vq->dlv_insecure_at)) {
1940 vq->state = VAL_DLVLOOKUP_STATE;
1941 if(!generate_request(qstate, id, vq->dlv_lookup_name,
1942 vq->dlv_lookup_name_len, LDNS_RR_TYPE_DLV,
1943 vq->qchase.qclass, 0)) {
1961 * @param vq: validator query state.
1968 processFinished(struct module_qstate* qstate, struct val_qstate* vq,
1972 qstate->query_flags, &qstate->qinfo, &vq->qchase,
1973 vq->orig_msg->rep, vq->rrset_skip);
1977 if((vq->chase_reply->security == sec_status_insecure ||
1978 vq->chase_reply->security == sec_status_indeterminate) &&
1979 qstate->env->anchors->dlv_anchor && !vq->dlv_checked) {
1980 vq->dlv_checked = 1;
1981 if(!val_dlv_init(qstate, vq, ve, id))
1986 if(vq->rrset_skip == 0)
1987 vq->orig_msg->rep->security = vq->chase_reply->security;
1989 vq->rrset_skip < vq->orig_msg->rep->an_numrrsets +
1990 vq->orig_msg->rep->ns_numrrsets) {
1994 if(vq->chase_reply->security < vq->orig_msg->rep->security)
1995 vq->orig_msg->rep->security =
1996 vq->chase_reply->security;
2001 vq->rrset_skip = val_next_unchecked(vq->orig_msg->rep,
2002 vq->rrset_skip);
2003 if(vq->rrset_skip < vq->orig_msg->rep->rrset_count) {
2006 vq->chase_reply->security = sec_status_unchecked;
2007 vq->dlv_checked = 0; /* can do DLV for this RR */
2008 vq->state = VAL_INIT_STATE;
2013 if(vq->chase_reply->security != sec_status_bogus &&
2016 if(!val_chase_cname(&vq->qchase, vq->orig_msg->rep,
2017 &vq->rrset_skip)) {
2019 vq->orig_msg->rep->security = sec_status_bogus;
2023 &vq->qchase);
2024 vq->chase_reply->security = sec_status_unchecked;
2025 vq->dlv_checked = 0; /* can do DLV for this RR */
2026 vq->state = VAL_INIT_STATE;
2031 if(vq->orig_msg->rep->security == sec_status_secure) {
2037 val_check_nonsecure(ve, vq->orig_msg->rep);
2038 if(vq->orig_msg->rep->security == sec_status_secure) {
2046 if(vq->orig_msg->rep->security == sec_status_bogus) {
2048 if(vq->restart_count < VAL_MAX_RESTART_COUNT) {
2049 int restart_count = vq->restart_count+1;
2056 memset(vq, 0, sizeof(*vq));
2057 vq->restart_count = restart_count;
2058 vq->state = VAL_INIT_STATE;
2064 vq->orig_msg->rep->ttl = ve->bogus_ttl;
2065 vq->orig_msg->rep->prefetch_ttl =
2066 PREFETCH_TTL_CALC(vq->orig_msg->rep->ttl);
2080 vq->orig_msg->rep->security = sec_status_indeterminate;
2087 if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo,
2088 vq->orig_msg->rep, 0, qstate->prefetch_leeway, 0, NULL,
2095 if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo,
2096 vq->orig_msg->rep, 1, 0, 0, NULL,
2102 qstate->return_msg = vq->orig_msg;
2111 * @param vq: validator query state.
2118 processDLVLookup(struct module_qstate* qstate, struct val_qstate* vq,
2123 if(vq->dlv_status==dlv_error)
2125 else if(vq->dlv_status==dlv_success)
2127 else if(vq->dlv_status==dlv_ask_higher)
2129 else if(vq->dlv_status==dlv_there_is_no_dlv)
2133 if(vq->dlv_status == dlv_error) {
2136 } else if(vq->dlv_status == dlv_success) {
2140 vq->state = VAL_FINDKEY_STATE;
2143 log_assert(dname_subdomain_c(vq->ds_rrset->rk.dname,
2145 nmlen = vq->ds_rrset->rk.dname_len -
2148 vq->ds_rrset->rk.dname, nmlen);
2155 vq->ds_rrset->rk.dname = nm;
2156 vq->ds_rrset->rk.dname_len = nmlen;
2160 vq->key_entry = key_entry_create_null(qstate->region,
2161 nm, nmlen, vq->qchase.qclass, 0, 0);
2162 if(!vq->key_entry) {
2167 if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
2168 vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
2169 vq->qchase.qclass, BIT_CD)) {
2174 } else if(vq->dlv_status == dlv_there_is_no_dlv) {
2176 vq->state = VAL_FINISHED_STATE;
2179 log_assert(vq->dlv_status == dlv_ask_higher);
2182 if(!dname_subdomain_c(vq->dlv_lookup_name,
2186 vq->state = VAL_FINISHED_STATE;
2189 if(vq->dlv_insecure_at && !dname_subdomain_c(vq->dlv_lookup_name,
2190 vq->dlv_insecure_at)) {
2193 log_nametypeclass(VERB_ALGO, "enpt", vq->dlv_insecure_at, 0, 0);
2194 vq->state = VAL_FINISHED_STATE;
2199 if(val_neg_dlvlookup(ve->neg_cache, vq->dlv_lookup_name,
2200 vq->dlv_lookup_name_len, vq->qchase.qclass,
2203 dname_remove_label(&vq->dlv_lookup_name,
2204 &vq->dlv_lookup_name_len);
2206 return processDLVLookup(qstate, vq, ve, id);
2209 if(!generate_request(qstate, id, vq->dlv_lookup_name,
2210 vq->dlv_lookup_name_len, LDNS_RR_TYPE_DLV,
2211 vq->qchase.qclass, 0)) {
2223 * @param vq: validator query state.
2228 val_handle(struct module_qstate* qstate, struct val_qstate* vq,
2234 val_state_to_string(vq->state));
2235 switch(vq->state) {
2237 cont = processInit(qstate, vq, ve, id);
2240 cont = processFindKey(qstate, vq, id);
2243 cont = processValidate(qstate, vq, ve, id);
2246 cont = processFinished(qstate, vq, ve, id);
2249 cont = processDLVLookup(qstate, vq, ve, id);
2253 vq->state);
2265 struct val_qstate* vq = (struct val_qstate*)qstate->minfo[id];
2271 if(vq && qstate->qinfo.qname != vq->qchase.qname)
2273 &vq->qchase);
2276 (event == module_event_pass && vq == NULL)) {
2310 if(!vq) {
2311 vq = val_new(qstate, id);
2312 if(!vq) {
2317 } else if(!vq->orig_msg) {
2318 if(!val_new_getmsg(qstate, vq)) {
2324 val_handle(qstate, vq, ve, id);
2330 val_handle(qstate, vq, ve, id);
2425 * @param vq: validator query state
2438 ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq,
2472 vq->key_entry, &reason);
2518 qstate->env, ve, qinfo, msg->rep, vq->key_entry,
2547 msg->rep->ns_numrrsets, qinfo, vq->key_entry, &reason);
2608 vq->key_entry, &reason);
2648 * @param vq: validator query state
2656 process_ds_response(struct module_qstate* qstate, struct val_qstate* vq,
2661 uint8_t* olds = vq->empty_DS_name;
2662 vq->empty_DS_name = NULL;
2663 if(!ds_response_to_ke(qstate, vq, id, rcode, msg, qinfo, &dske)) {
2665 vq->key_entry = NULL; /* make it error */
2666 vq->state = VAL_VALIDATE_STATE;
2670 vq->empty_DS_name = regional_alloc_init(qstate->region,
2672 if(!vq->empty_DS_name) {
2674 vq->key_entry = NULL; /* make it error */
2675 vq->state = VAL_VALIDATE_STATE;
2678 vq->empty_DS_len = qinfo->qname_len;
2679 vq->chain_blacklist = NULL;
2683 vq->ds_rrset = key_entry_get_rrset(dske, qstate->region);
2684 if(!vq->ds_rrset) {
2686 vq->key_entry = NULL; /* make it error */
2687 vq->state = VAL_VALIDATE_STATE;
2690 vq->chain_blacklist = NULL; /* fresh blacklist for next part*/
2693 && vq->restart_count < VAL_MAX_RESTART_COUNT) {
2694 vq->empty_DS_name = olds;
2695 val_blacklist(&vq->chain_blacklist, qstate->region, origin, 1);
2697 vq->restart_count++;
2706 vq->key_entry = dske;
2708 vq->state = VAL_VALIDATE_STATE;
2721 * @param vq: validator query state
2729 process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq,
2734 struct key_entry_key* old = vq->key_entry;
2746 if(vq->restart_count < VAL_MAX_RESTART_COUNT) {
2747 val_blacklist(&vq->chain_blacklist, qstate->region,
2750 vq->restart_count++;
2753 vq->key_entry = key_entry_create_bad(qstate->region,
2756 if(!vq->key_entry) {
2763 vq->state = VAL_VALIDATE_STATE;
2766 if(!vq->ds_rrset) {
2768 vq->key_entry = NULL;
2769 vq->state = VAL_VALIDATE_STATE;
2773 vq->key_entry = val_verify_new_DNSKEYs(qstate->region, qstate->env,
2774 ve, dnskey, vq->ds_rrset, downprot, &reason);
2776 if(!vq->key_entry) {
2778 vq->state = VAL_VALIDATE_STATE;
2783 if(!key_entry_isgood(vq->key_entry)) {
2784 if(key_entry_isbad(vq->key_entry)) {
2785 if(vq->restart_count < VAL_MAX_RESTART_COUNT) {
2786 val_blacklist(&vq->chain_blacklist,
2789 vq->restart_count++;
2790 vq->key_entry = old;
2799 vq->chain_blacklist = NULL;
2800 vq->state = VAL_VALIDATE_STATE;
2803 vq->chain_blacklist = NULL;
2807 key_cache_insert(ve->kcache, vq->key_entry, qstate);
2818 * @param vq: validator query state
2825 process_prime_response(struct module_qstate* qstate, struct val_qstate* vq,
2831 vq->trust_anchor_name, vq->trust_anchor_labs,
2832 vq->trust_anchor_len, vq->qchase.qclass);
2835 vq->state = VAL_INIT_STATE;
2836 if(!vq->trust_anchor_name)
2837 vq->state = VAL_VALIDATE_STATE; /* break a loop */
2838 vq->trust_anchor_name = NULL;
2851 vq->state = VAL_INIT_STATE;
2852 vq->trust_anchor_name = NULL;
2856 vq->key_entry = primeResponseToKE(dnskey_rrset, ta, qstate, id);
2858 if(vq->key_entry) {
2859 if(key_entry_isbad(vq->key_entry)
2860 && vq->restart_count < VAL_MAX_RESTART_COUNT) {
2861 val_blacklist(&vq->chain_blacklist, qstate->region,
2864 vq->restart_count++;
2865 vq->key_entry = NULL;
2866 vq->state = VAL_INIT_STATE;
2869 vq->chain_blacklist = NULL;
2873 key_cache_insert(ve->kcache, vq->key_entry, qstate);
2877 if(!vq->key_entry || key_entry_isnull(vq->key_entry) ||
2878 key_entry_isbad(vq->key_entry)) {
2879 vq->state = VAL_VALIDATE_STATE;
2892 * @param vq: validator query state
2899 process_dlv_response(struct module_qstate* qstate, struct val_qstate* vq,
2906 /* lookup failed, set in vq to give up */
2907 vq->dlv_status = dlv_error;
2912 vq->dlv_status = dlv_error;
2924 vq->dlv_lookup_name) == 0) {
2926 vq->ds_rrset = (struct ub_packed_rrset_key*)
2928 msg->rep->rrsets[0], sizeof(*vq->ds_rrset));
2929 if(!vq->ds_rrset) {
2933 vq->ds_rrset->entry.key = vq->ds_rrset;
2934 vq->ds_rrset->rk.dname = (uint8_t*)regional_alloc_init(
2935 qstate->region, vq->ds_rrset->rk.dname,
2936 vq->ds_rrset->rk.dname_len);
2937 if(!vq->ds_rrset->rk.dname) {
2939 vq->dlv_status = dlv_error;
2942 vq->ds_rrset->entry.data = regional_alloc_init(qstate->region,
2943 vq->ds_rrset->entry.data,
2944 packed_rrset_sizeof(vq->ds_rrset->entry.data));
2945 if(!vq->ds_rrset->entry.data) {
2947 vq->dlv_status = dlv_error;
2950 packed_rrset_ptr_fixup(vq->ds_rrset->entry.data);
2951 /* make vq do a DNSKEY query next up */
2952 vq->dlv_status = dlv_success;
2960 * then set this in the vq, so it can make queries when activated.
2963 if(!val_nsec_check_dlv(qinfo, msg->rep, &vq->dlv_lookup_name,
2964 &vq->dlv_lookup_name_len)) {
2965 vq->dlv_status = dlv_error;
2969 if(!dname_subdomain_c(vq->dlv_lookup_name,
2971 vq->dlv_status = dlv_there_is_no_dlv;
2974 vq->dlv_status = dlv_ask_higher;
2988 struct val_qstate* vq = (struct val_qstate*)super->minfo[id];
2992 if(!vq) {
2996 if(vq->wait_prime_ta) {
2997 vq->wait_prime_ta = 0;
2998 process_prime_response(super, vq, id, qstate->return_rcode,
3003 process_ds_response(super, vq, id, qstate->return_rcode,
3008 process_dnskey_response(super, vq, id, qstate->return_rcode,
3013 process_dlv_response(super, vq, id, qstate->return_rcode,