iter_delegpt.h revision 356345 
1/*
2 * iterator/iter_delegpt.h - delegation point with NS and address information.
3 *
4 * Copyright (c) 2007, NLnet Labs. All rights reserved.
5 *
6 * This software is open source.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
14 *
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
18 *
19 * Neither the name of the NLNET LABS nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35
36/**
37 * \file
38 *
39 * This file implements the Delegation Point. It contains a list of name servers
40 * and their addresses if known.
41 */
42
43#ifndef ITERATOR_ITER_DELEGPT_H
44#define ITERATOR_ITER_DELEGPT_H
45#include "util/log.h"
46struct regional;
47struct delegpt_ns;
48struct delegpt_addr;
49struct dns_msg;
50struct ub_packed_rrset_key;
51struct msgreply_entry;
52
53/**
54 * Delegation Point.
55 * For a domain name, the NS rrset, and the A and AAAA records for those.
56 */
57struct delegpt {
58	/** the domain name of the delegation point. */
59	uint8_t* name;
60	/** length of the delegation point name */
61	size_t namelen;
62	/** number of labels in delegation point */
63	int namelabs;
64
65	/** the nameservers, names from the NS RRset rdata. */
66	struct delegpt_ns* nslist;
67	/** the target addresses for delegation */
68	struct delegpt_addr* target_list;
69	/** the list of usable targets; subset of target_list
70	 * the items in this list are not part of the result list.  */
71	struct delegpt_addr* usable_list;
72	/** the list of returned targets; subset of target_list */
73	struct delegpt_addr* result_list;
74
75	/** if true, the NS RRset was bogus. All info is bad. */
76	int bogus;
77	/** if true, the parent-side NS record has been applied:
78	 * its names have been added and their addresses can follow later.
79	 * Also true if the delegationpoint was created from a delegation
80	 * message and thus contains the parent-side-info already. */
81	uint8_t has_parent_side_NS;
82	/** for assertions on type of delegpt */
83	uint8_t dp_type_mlc;
84	/** use SSL for upstream query */
85	uint8_t ssl_upstream;
86	/** delegpt from authoritative zone that is locally hosted */
87	uint8_t auth_dp;
88	/*** no cache */
89	int no_cache;
90};
91
92/**
93 * Nameservers for a delegation point.
94 */
95struct delegpt_ns {
96	/** next in list */
97	struct delegpt_ns* next;
98	/** name of nameserver */
99	uint8_t* name;
100	/** length of name */
101	size_t namelen;
102	/**
103	 * If the name has been resolved. false if not queried for yet.
104	 * true if the A, AAAA queries have been generated.
105	 * marked true if those queries fail.
106	 * and marked true if got4 and got6 are both true.
107	 */
108	int resolved;
109	/** if the ipv4 address is in the delegpt */
110	uint8_t got4;
111	/** if the ipv6 address is in the delegpt */
112	uint8_t got6;
113	/**
114	 * If the name is parent-side only and thus dispreferred.
115	 * Its addresses become dispreferred as well
116	 */
117	uint8_t lame;
118	/** if the parent-side ipv4 address has been looked up (last resort).
119	 * Also enabled if a parent-side cache entry exists, or a parent-side
120	 * negative-cache entry exists. */
121	uint8_t done_pside4;
122	/** if the parent-side ipv6 address has been looked up (last resort).
123	 * Also enabled if a parent-side cache entry exists, or a parent-side
124	 * negative-cache entry exists. */
125	uint8_t done_pside6;
126};
127
128/**
129 * Address of target nameserver in delegation point.
130 */
131struct delegpt_addr {
132	/** next delegation point in results */
133	struct delegpt_addr* next_result;
134	/** next delegation point in usable list */
135	struct delegpt_addr* next_usable;
136	/** next delegation point in all targets list */
137	struct delegpt_addr* next_target;
138
139	/** delegation point address */
140	struct sockaddr_storage addr;
141	/** length of addr */
142	socklen_t addrlen;
143	/** number of attempts for this addr */
144	int attempts;
145	/** rtt stored here in the selection algorithm */
146	int sel_rtt;
147	/** if true, the A or AAAA RR was bogus, so this address is bad.
148	 * Also check the dp->bogus to see if everything is bogus. */
149	uint8_t bogus;
150	/** if true, this address is dispreferred: it is a lame IP address */
151	uint8_t lame;
152	/** if the address is dnsseclame, but this cannot be cached, this
153	 * option is useful to mark the address dnsseclame.
154	 * This value is not copied in addr-copy and dp-copy. */
155	uint8_t dnsseclame;
156	/** the TLS authentication name, (if not NULL) to use. */
157	char* tls_auth_name;
158};
159
160/**
161 * Create new delegation point.
162 * @param regional: where to allocate it.
163 * @return new delegation point or NULL on error.
164 */
165struct delegpt* delegpt_create(struct regional* regional);
166
167/**
168 * Create a copy of a delegation point.
169 * @param dp: delegation point to copy.
170 * @param regional: where to allocate it.
171 * @return new delegation point or NULL on error.
172 */
173struct delegpt* delegpt_copy(struct delegpt* dp, struct regional* regional);
174
175/**
176 * Set name of delegation point.
177 * @param dp: delegation point.
178 * @param regional: where to allocate the name copy.
179 * @param name: name to use.
180 * @return false on error.
181 */
182int delegpt_set_name(struct delegpt* dp, struct regional* regional,
183	uint8_t* name);
184
185/**
186 * Add a name to the delegation point.
187 * @param dp: delegation point.
188 * @param regional: where to allocate the info.
189 * @param name: domain name in wire format.
190 * @param lame: name is lame, disprefer it.
191 * @return false on error.
192 */
193int delegpt_add_ns(struct delegpt* dp, struct regional* regional,
194	uint8_t* name, uint8_t lame);
195
196/**
197 * Add NS rrset; calls add_ns repeatedly.
198 * @param dp: delegation point.
199 * @param regional: where to allocate the info.
200 * @param ns_rrset: NS rrset.
201 * @param lame: rrset is lame, disprefer it.
202 * @return 0 on alloc error.
203 */
204int delegpt_rrset_add_ns(struct delegpt* dp, struct regional* regional,
205	struct ub_packed_rrset_key* ns_rrset, uint8_t lame);
206
207/**
208 * Add target address to the delegation point.
209 * @param dp: delegation point.
210 * @param regional: where to allocate the info.
211 * @param name: name for which target was found (must be in nslist).
212 *	This name is marked resolved.
213 * @param namelen: length of name.
214 * @param addr: the address.
215 * @param addrlen: the length of addr.
216 * @param bogus: security status for the address, pass true if bogus.
217 * @param lame: address is lame.
218 * @return false on error.
219 */
220int delegpt_add_target(struct delegpt* dp, struct regional* regional,
221	uint8_t* name, size_t namelen, struct sockaddr_storage* addr,
222	socklen_t addrlen, uint8_t bogus, uint8_t lame);
223
224/**
225 * Add A RRset to delegpt.
226 * @param dp: delegation point.
227 * @param regional: where to allocate the info.
228 * @param rrset: RRset A to add.
229 * @param lame: rrset is lame, disprefer it.
230 * @return 0 on alloc error.
231 */
232int delegpt_add_rrset_A(struct delegpt* dp, struct regional* regional,
233	struct ub_packed_rrset_key* rrset, uint8_t lame);
234
235/**
236 * Add AAAA RRset to delegpt.
237 * @param dp: delegation point.
238 * @param regional: where to allocate the info.
239 * @param rrset: RRset AAAA to add.
240 * @param lame: rrset is lame, disprefer it.
241 * @return 0 on alloc error.
242 */
243int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* regional,
244	struct ub_packed_rrset_key* rrset, uint8_t lame);
245
246/**
247 * Add any RRset to delegpt.
248 * Does not check for duplicates added.
249 * @param dp: delegation point.
250 * @param regional: where to allocate the info.
251 * @param rrset: RRset to add, NS, A, AAAA.
252 * @param lame: rrset is lame, disprefer it.
253 * @return 0 on alloc error.
254 */
255int delegpt_add_rrset(struct delegpt* dp, struct regional* regional,
256	struct ub_packed_rrset_key* rrset, uint8_t lame);
257
258/**
259 * Add address to the delegation point. No servername is associated or checked.
260 * @param dp: delegation point.
261 * @param regional: where to allocate the info.
262 * @param addr: the address.
263 * @param addrlen: the length of addr.
264 * @param bogus: if address is bogus.
265 * @param lame: if address is lame.
266 * @param tls_auth_name: TLS authentication name (or NULL).
267 * @return false on error.
268 */
269int delegpt_add_addr(struct delegpt* dp, struct regional* regional,
270	struct sockaddr_storage* addr, socklen_t addrlen,
271	uint8_t bogus, uint8_t lame, char* tls_auth_name);
272
273/**
274 * Find NS record in name list of delegation point.
275 * @param dp: delegation point.
276 * @param name: name of nameserver to look for, uncompressed wireformat.
277 * @param namelen: length of name.
278 * @return the ns structure or NULL if not found.
279 */
280struct delegpt_ns* delegpt_find_ns(struct delegpt* dp, uint8_t* name,
281	size_t namelen);
282
283/**
284 * Find address record in total list of delegation point.
285 * @param dp: delegation point.
286 * @param addr: address
287 * @param addrlen: length of addr
288 * @return the addr structure or NULL if not found.
289 */
290struct delegpt_addr* delegpt_find_addr(struct delegpt* dp,
291	struct sockaddr_storage* addr, socklen_t addrlen);
292
293/**
294 * Print the delegation point to the log. For debugging.
295 * @param v: verbosity value that is needed to emit to log.
296 * @param dp: delegation point.
297 */
298void delegpt_log(enum verbosity_value v, struct delegpt* dp);
299
300/** count NS and number missing for logging */
301void delegpt_count_ns(struct delegpt* dp, size_t* numns, size_t* missing);
302
303/** count addresses, and number in result and available lists, for logging */
304void delegpt_count_addr(struct delegpt* dp, size_t* numaddr, size_t* numres,
305	size_t* numavail);
306
307/**
308 * Add all usable targets to the result list.
309 * @param dp: delegation point.
310 */
311void delegpt_add_unused_targets(struct delegpt* dp);
312
313/**
314 * Count number of missing targets. These are ns names with no resolved flag.
315 * @param dp: delegation point.
316 * @return number of missing targets (or 0).
317 */
318size_t delegpt_count_missing_targets(struct delegpt* dp);
319
320/** count total number of targets in dp */
321size_t delegpt_count_targets(struct delegpt* dp);
322
323/**
324 * Create new delegation point from a dns message
325 *
326 * Note that this method does not actually test to see if the message is an
327 * actual referral. It really is just checking to see if it can construct a
328 * delegation point, so the message could be of some other type (some ANSWER
329 * messages, some CNAME messages, generally.) Note that the resulting
330 * DelegationPoint will contain targets for all "relevant" glue (i.e.,
331 * address records whose ownernames match the target of one of the NS
332 * records), so if policy dictates that some glue should be discarded beyond
333 * that, discard it before calling this method. Note that this method will
334 * find "glue" in either the ADDITIONAL section or the ANSWER section.
335 *
336 * @param msg: the dns message, referral.
337 * @param regional: where to allocate delegation point.
338 * @return new delegation point or NULL on alloc error, or if the
339 *         message was not appropriate.
340 */
341struct delegpt* delegpt_from_message(struct dns_msg* msg,
342	struct regional* regional);
343
344/**
345 * Add negative message to delegation point.
346 * @param dp: delegation point.
347 * @param msg: the message added, marks off A or AAAA from an NS entry.
348 */
349void delegpt_add_neg_msg(struct delegpt* dp, struct msgreply_entry* msg);
350
351/**
352 * Register the fact that there is no ipv6 and thus AAAAs are not going
353 * to be queried for or be useful.
354 * @param dp: the delegation point. Updated to reflect no ipv6.
355 */
356void delegpt_no_ipv6(struct delegpt* dp);
357
358/**
359 * Register the fact that there is no ipv4 and thus As are not going
360 * to be queried for or be useful.
361 * @param dp: the delegation point. Updated to reflect no ipv4.
362 */
363void delegpt_no_ipv4(struct delegpt* dp);
364
365/**
366 * create malloced delegation point, with the given name
367 * @param name: uncompressed wireformat of delegpt name.
368 * @return NULL on alloc failure
369 */
370struct delegpt* delegpt_create_mlc(uint8_t* name);
371
372/**
373 * free malloced delegation point.
374 * @param dp: must have been created with delegpt_create_mlc, free'd.
375 */
376void delegpt_free_mlc(struct delegpt* dp);
377
378/**
379 * Set name of delegation point.
380 * @param dp: delegation point. malloced.
381 * @param name: name to use.
382 * @return false on error.
383 */
384int delegpt_set_name_mlc(struct delegpt* dp, uint8_t* name);
385
386/**
387 * add a name to malloced delegation point.
388 * @param dp: must have been created with delegpt_create_mlc.
389 * @param name: the name to add.
390 * @param lame: the name is lame, disprefer.
391 * @return false on error.
392 */
393int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, uint8_t lame);
394
395/**
396 * add an address to a malloced delegation point.
397 * @param dp: must have been created with delegpt_create_mlc.
398 * @param addr: the address.
399 * @param addrlen: the length of addr.
400 * @param bogus: if address is bogus.
401 * @param lame: if address is lame.
402 * @param tls_auth_name: TLS authentication name (or NULL).
403 * @return false on error.
404 */
405int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr,
406	socklen_t addrlen, uint8_t bogus, uint8_t lame, char* tls_auth_name);
407
408/**
409 * Add target address to the delegation point.
410 * @param dp: must have been created with delegpt_create_mlc.
411 * @param name: name for which target was found (must be in nslist).
412 *	This name is marked resolved.
413 * @param namelen: length of name.
414 * @param addr: the address.
415 * @param addrlen: the length of addr.
416 * @param bogus: security status for the address, pass true if bogus.
417 * @param lame: address is lame.
418 * @return false on error.
419 */
420int delegpt_add_target_mlc(struct delegpt* dp, uint8_t* name, size_t namelen,
421	struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus,
422	uint8_t lame);
423
424/** get memory in use by dp */
425size_t delegpt_get_mem(struct delegpt* dp);
426
427#endif /* ITERATOR_ITER_DELEGPT_H */
428