authzone.h revision 356345
1/* 2 * services/authzone.h - authoritative zone that is locally hosted. 3 * 4 * Copyright (c) 2017, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36/** 37 * \file 38 * 39 * This file contains the functions for an authority zone. This zone 40 * is queried by the iterator, just like a stub or forward zone, but then 41 * the data is locally held. 42 */ 43 44#ifndef SERVICES_AUTHZONE_H 45#define SERVICES_AUTHZONE_H 46#include "util/rbtree.h" 47#include "util/locks.h" 48#include "services/mesh.h" 49struct ub_packed_rrset_key; 50struct regional; 51struct config_file; 52struct config_auth; 53struct query_info; 54struct dns_msg; 55struct edns_data; 56struct module_env; 57struct worker; 58struct comm_point; 59struct comm_timer; 60struct comm_reply; 61struct auth_rrset; 62struct auth_nextprobe; 63struct auth_probe; 64struct auth_transfer; 65struct auth_master; 66struct auth_chunk; 67 68/** 69 * Authoritative zones, shared. 70 */ 71struct auth_zones { 72 /** lock on the authzone trees */ 73 lock_rw_type lock; 74 /** rbtree of struct auth_zone */ 75 rbtree_type ztree; 76 /** rbtree of struct auth_xfer */ 77 rbtree_type xtree; 78 /** do we have downstream enabled */ 79 int have_downstream; 80 /** number of queries upstream */ 81 size_t num_query_up; 82 /** number of queries downstream */ 83 size_t num_query_down; 84}; 85 86/** 87 * Auth zone. Authoritative data, that is fetched from instead of sending 88 * packets to the internet. 89 */ 90struct auth_zone { 91 /** rbtree node, key is name and class */ 92 rbnode_type node; 93 94 /** zone name, in uncompressed wireformat */ 95 uint8_t* name; 96 /** length of zone name */ 97 size_t namelen; 98 /** number of labels in zone name */ 99 int namelabs; 100 /** the class of this zone, in host byteorder. 101 * uses 'dclass' to not conflict with c++ keyword class. */ 102 uint16_t dclass; 103 104 /** lock on the data in the structure 105 * For the node, parent, name, namelen, namelabs, dclass, you 106 * need to also hold the zones_tree lock to change them (or to 107 * delete this zone) */ 108 lock_rw_type lock; 109 110 /** auth data for this zone 111 * rbtree of struct auth_data */ 112 rbtree_type data; 113 114 /** zonefile name (or NULL for no zonefile) */ 115 char* zonefile; 116 /** fallback to the internet on failure or ttl-expiry of auth zone */ 117 int fallback_enabled; 118 /** the zone has expired (enabled by the xfer worker), fallback 119 * happens if that option is enabled. */ 120 int zone_expired; 121 /** zone is a slave zone (it has masters) */ 122 int zone_is_slave; 123 /** for downstream: this zone answers queries towards the downstream 124 * clients */ 125 int for_downstream; 126 /** for upstream: this zone answers queries that unbound intends to 127 * send upstream. */ 128 int for_upstream; 129 /** zone has been deleted */ 130 int zone_deleted; 131 /** deletelist pointer, unused normally except during delete */ 132 struct auth_zone* delete_next; 133}; 134 135/** 136 * Auth data. One domain name, and the RRs to go with it. 137 */ 138struct auth_data { 139 /** rbtree node, key is name only */ 140 rbnode_type node; 141 /** domain name */ 142 uint8_t* name; 143 /** length of name */ 144 size_t namelen; 145 /** number of labels in name */ 146 int namelabs; 147 /** the data rrsets, with different types, linked list. 148 * if the list if NULL the node would be an empty non-terminal, 149 * but in this data structure such nodes that represent an empty 150 * non-terminal are not needed; they just don't exist. 151 */ 152 struct auth_rrset* rrsets; 153}; 154 155/** 156 * A auth data RRset 157 */ 158struct auth_rrset { 159 /** next in list */ 160 struct auth_rrset* next; 161 /** RR type in host byteorder */ 162 uint16_t type; 163 /** RRset data item */ 164 struct packed_rrset_data* data; 165}; 166 167/** 168 * Authoritative zone transfer structure. 169 * Create and destroy needs the auth_zones* biglock. 170 * The structure consists of different tasks. Each can be unowned (-1) or 171 * owner by a worker (worker-num). A worker can pick up a task and then do 172 * it. This means the events (timeouts, sockets) are for that worker. 173 * 174 * (move this to tasks). 175 * They don't have locks themselves, the worker (that owns it) uses it, 176 * also as part of callbacks, hence it has separate zonename pointers for 177 * lookup in the main zonetree. If the zone has no transfers, this 178 * structure is not created. 179 */ 180struct auth_xfer { 181 /** rbtree node, key is name and class */ 182 rbnode_type node; 183 184 /** lock on this structure, and on the workernum elements of the 185 * tasks. First hold the tree-lock in auth_zones, find the auth_xfer, 186 * lock this lock. Then a worker can reassign itself to fill up 187 * one of the tasks. 188 * Once it has the task assigned to it, the worker can access the 189 * other elements of the task structure without a lock, because that 190 * is necessary for the eventloop and callbacks from that. */ 191 lock_basic_type lock; 192 193 /** zone name, in uncompressed wireformat */ 194 uint8_t* name; 195 /** length of zone name */ 196 size_t namelen; 197 /** number of labels in zone name */ 198 int namelabs; 199 /** the class of this zone, in host byteorder. 200 * uses 'dclass' to not conflict with c++ keyword class. */ 201 uint16_t dclass; 202 203 /** task to wait for next-probe-timeout, 204 * once timeouted, see if a SOA probe is needed, or already 205 * in progress */ 206 struct auth_nextprobe* task_nextprobe; 207 208 /** task for SOA probe. Check if the zone can be updated */ 209 struct auth_probe* task_probe; 210 211 /** Task for transfer. Transferring and updating the zone. This 212 * includes trying (potentially) several upstream masters. Downloading 213 * and storing the zone */ 214 struct auth_transfer* task_transfer; 215 216 /** a notify was received, but a zone transfer or probe was already 217 * acted on. 218 * However, the zone transfer could signal a newer serial number. 219 * The serial number of that notify is saved below. The transfer and 220 * probe tasks should check this once done to see if they need to 221 * restart the transfer task for the newer notify serial. 222 * Hold the lock to access this member (and the serial). 223 */ 224 int notify_received; 225 /** true if the notify_received has a serial number */ 226 int notify_has_serial; 227 /** serial number of the notify */ 228 uint32_t notify_serial; 229 /** the list of masters for checking notifies. This list is 230 * empty on start, and a copy of the list from the probe_task when 231 * it is done looking them up. */ 232 struct auth_master* allow_notify_list; 233 234 /* protected by the lock on the structure, information about 235 * the loaded authority zone. */ 236 /** is the zone currently considered expired? after expiry also older 237 * serial numbers are allowed (not just newer) */ 238 int zone_expired; 239 /** do we have a zone (if 0, no zone data at all) */ 240 int have_zone; 241 242 /** current serial (from SOA), if we have no zone, 0 */ 243 uint32_t serial; 244 /** retry time (from SOA), time to wait with next_probe 245 * if no master responds */ 246 time_t retry; 247 /** refresh time (from SOA), time to wait with next_probe 248 * if everything is fine */ 249 time_t refresh; 250 /** expiry time (from SOA), time until zone data is not considered 251 * valid any more, if no master responds within this time, either 252 * with the current zone or a new zone. */ 253 time_t expiry; 254 255 /** zone lease start time (start+expiry is expiration time). 256 * this is renewed every SOA probe and transfer. On zone load 257 * from zonefile it is also set (with probe set soon to check) */ 258 time_t lease_time; 259}; 260 261/** 262 * The next probe task. 263 * This task consists of waiting for the probetimeout. It is a task because 264 * it needs an event in the eventtable. Once the timeout has passed, that 265 * worker can (potentially) become the auth_probe worker, or if another worker 266 * is already doing that, do nothing. Tasks becomes unowned. 267 * The probe worker, if it detects nothing has to be done picks up this task, 268 * if unowned. 269 */ 270struct auth_nextprobe { 271 /* Worker pointer. NULL means unowned. */ 272 struct worker* worker; 273 /* module env for this task */ 274 struct module_env* env; 275 276 /** increasing backoff for failures */ 277 time_t backoff; 278 /** Timeout for next probe (for SOA) */ 279 time_t next_probe; 280 /** timeout callback for next_probe or expiry(if that is sooner). 281 * it is on the worker's event_base */ 282 struct comm_timer* timer; 283}; 284 285/** 286 * The probe task. 287 * Send a SOA UDP query to see if the zone needs to be updated (or similar, 288 * potential, HTTP probe query) and check serial number. 289 * If yes, start the auth_transfer task. If no, make sure auth_nextprobe 290 * timeout wait task is running. 291 * Needs to be a task, because the UDP query needs an event entry. 292 * This task could also be started by eg. a NOTIFY being received, even though 293 * another worker is performing the nextprobe task (and that worker keeps 294 * waiting uninterrupted). 295 */ 296struct auth_probe { 297 /* Worker pointer. NULL means unowned. */ 298 struct worker* worker; 299 /* module env for this task */ 300 struct module_env* env; 301 302 /** list of upstream masters for this zone, from config */ 303 struct auth_master* masters; 304 305 /** for the hostname lookups, which master is current */ 306 struct auth_master* lookup_target; 307 /** are we looking up A or AAAA, first A, then AAAA (if ip6 enabled) */ 308 int lookup_aaaa; 309 /** we only want to do lookups for making config work (for notify), 310 * don't proceed with UDP SOA probe queries */ 311 int only_lookup; 312 /** we have seen a new lease this scan, because one of the masters 313 * replied with the current SOA serial version */ 314 int have_new_lease; 315 316 /** once notified, or the timeout has been reached. a scan starts. */ 317 /** the scan specific target (notify source), or NULL if none */ 318 struct auth_master* scan_specific; 319 /** scan tries all the upstream masters. the scan current target. 320 * or NULL if not working on sequential scan */ 321 struct auth_master* scan_target; 322 /** if not NULL, the specific addr for the current master */ 323 struct auth_addr* scan_addr; 324 325 /** dns id of packet in flight */ 326 uint16_t id; 327 /** the SOA probe udp event. 328 * on the workers event base. */ 329 struct comm_point* cp; 330 /** is the cp for ip6 or ip4 */ 331 int cp_is_ip6; 332 /** timeout for packets. 333 * on the workers event base. */ 334 struct comm_timer* timer; 335 /** timeout in msec */ 336 int timeout; 337}; 338 339/** 340 * The transfer task. 341 * Once done, make sure the nextprobe waiting task is running, whether done 342 * with failure or success. If failure, use shorter timeout for wait time. 343 */ 344struct auth_transfer { 345 /* Worker pointer. NULL means unowned. */ 346 struct worker* worker; 347 /* module env for this task */ 348 struct module_env* env; 349 350 /** xfer data that has been transferred, the data is applied 351 * once the transfer has completed correctly */ 352 struct auth_chunk* chunks_first; 353 /** last element in chunks list (to append new data at the end) */ 354 struct auth_chunk* chunks_last; 355 356 /** list of upstream masters for this zone, from config */ 357 struct auth_master* masters; 358 359 /** for the hostname lookups, which master is current */ 360 struct auth_master* lookup_target; 361 /** are we looking up A or AAAA, first A, then AAAA (if ip6 enabled) */ 362 int lookup_aaaa; 363 364 /** once notified, or the timeout has been reached. a scan starts. */ 365 /** the scan specific target (notify source), or NULL if none */ 366 struct auth_master* scan_specific; 367 /** scan tries all the upstream masters. the scan current target. 368 * or NULL if not working on sequential scan */ 369 struct auth_master* scan_target; 370 /** what address we are scanning for the master, or NULL if the 371 * master is in IP format itself */ 372 struct auth_addr* scan_addr; 373 /** the zone transfer in progress (or NULL if in scan). It is 374 * from this master */ 375 struct auth_master* master; 376 377 /** failed ixfr transfer, retry with axfr (to the current master), 378 * the IXFR was 'REFUSED', 'SERVFAIL', 'NOTIMPL' or the contents of 379 * the IXFR did not apply cleanly (out of sync, delete of nonexistent 380 * data or add of duplicate data). Flag is cleared once the retry 381 * with axfr is done. */ 382 int ixfr_fail; 383 /** we saw an ixfr-indicating timeout, count of them */ 384 int ixfr_possible_timeout_count; 385 /** we are doing IXFR right now */ 386 int on_ixfr; 387 /** did we detect the current AXFR/IXFR serial number yet, 0 not yet, 388 * 1 we saw the first, 2 we saw the second, 3 must be last SOA in xfr*/ 389 int got_xfr_serial; 390 /** number of RRs scanned for AXFR/IXFR detection */ 391 size_t rr_scan_num; 392 /** we are doing an IXFR but we detected an AXFR contents */ 393 int on_ixfr_is_axfr; 394 /** the serial number for the current AXFR/IXFR incoming reply, 395 * for IXFR, the outermost SOA records serial */ 396 uint32_t incoming_xfr_serial; 397 398 /** dns id of AXFR query */ 399 uint16_t id; 400 /** the transfer (TCP) to the master. 401 * on the workers event base. */ 402 struct comm_point* cp; 403 /** timeout for the transfer. 404 * on the workers event base. */ 405 struct comm_timer* timer; 406}; 407 408/** list of addresses */ 409struct auth_addr { 410 /** next in list */ 411 struct auth_addr* next; 412 /** IP address */ 413 struct sockaddr_storage addr; 414 /** addr length */ 415 socklen_t addrlen; 416}; 417 418/** auth zone master upstream, and the config settings for it */ 419struct auth_master { 420 /** next master in list */ 421 struct auth_master* next; 422 /** master IP address (and port), or hostname, string */ 423 char* host; 424 /** for http, filename */ 425 char* file; 426 /** use HTTP for this master */ 427 int http; 428 /** use IXFR for this master */ 429 int ixfr; 430 /** this is an allow notify member, the master can send notifies 431 * to us, but we don't send SOA probes, or zone transfer from it */ 432 int allow_notify; 433 /** use ssl for channel */ 434 int ssl; 435 /** the port number (for urls) */ 436 int port; 437 /** if the host is a hostname, the list of resolved addrs, if any*/ 438 struct auth_addr* list; 439}; 440 441/** auth zone master zone transfer data chunk */ 442struct auth_chunk { 443 /** next chunk in list */ 444 struct auth_chunk* next; 445 /** the data from this chunk, this is what was received. 446 * for an IXFR that means results from comm_net tcp actions, 447 * packets. also for an AXFR. For HTTP a zonefile chunk. */ 448 uint8_t* data; 449 /** length of allocated data */ 450 size_t len; 451}; 452 453/** 454 * Create auth zones structure 455 */ 456struct auth_zones* auth_zones_create(void); 457 458/** 459 * Apply configuration to auth zones. Reads zonefiles. 460 * @param az: auth zones structure 461 * @param cfg: config to apply. 462 * @param setup: if true, also sets up values in the auth zones structure 463 * @return false on failure. 464 */ 465int auth_zones_apply_cfg(struct auth_zones* az, struct config_file* cfg, 466 int setup); 467 468/** initial pick up of worker timeouts, ties events to worker event loop 469 * @param az: auth zones structure 470 * @param env: worker env, of first worker that receives the events (if any) 471 * in its eventloop. 472 */ 473void auth_xfer_pickup_initial(struct auth_zones* az, struct module_env* env); 474 475/** 476 * Cleanup auth zones. This removes all events from event bases. 477 * Stops the xfr tasks. But leaves zone data. 478 * @param az: auth zones structure. 479 */ 480void auth_zones_cleanup(struct auth_zones* az); 481 482/** 483 * Delete auth zones structure 484 */ 485void auth_zones_delete(struct auth_zones* az); 486 487/** 488 * Write auth zone data to file, in zonefile format. 489 */ 490int auth_zone_write_file(struct auth_zone* z, const char* fname); 491 492/** 493 * Use auth zones to lookup the answer to a query. 494 * The query is from the iterator. And the auth zones attempts to provide 495 * the answer instead of going to the internet. 496 * 497 * @param az: auth zones structure. 498 * @param qinfo: query info to lookup. 499 * @param region: region to use to allocate the reply in. 500 * @param msg: reply is stored here (if one). 501 * @param fallback: if true, fallback to making a query to the internet. 502 * @param dp_nm: name of delegation point to look for. This zone is used 503 * to answer the query. 504 * If the dp_nm is not found, fallback is set to true and false returned. 505 * @param dp_nmlen: length of dp_nm. 506 * @return 0: failure (an error of some sort, like servfail). 507 * if 0 and fallback is true, fallback to the internet. 508 * if 0 and fallback is false, like getting servfail. 509 * If true, an answer is available. 510 */ 511int auth_zones_lookup(struct auth_zones* az, struct query_info* qinfo, 512 struct regional* region, struct dns_msg** msg, int* fallback, 513 uint8_t* dp_nm, size_t dp_nmlen); 514 515/** 516 * Answer query from auth zone. Create authoritative answer. 517 * @param az: auth zones structure. 518 * @param env: the module environment. 519 * @param qinfo: query info (parsed). 520 * @param edns: edns info (parsed). 521 * @param buf: buffer with query ID and flags, also for reply. 522 * @param repinfo: reply information for a communication point. 523 * @param temp: temporary storage region. 524 * @return false if not answered 525 */ 526int auth_zones_answer(struct auth_zones* az, struct module_env* env, 527 struct query_info* qinfo, struct edns_data* edns, 528 struct comm_reply* repinfo, struct sldns_buffer* buf, struct regional* temp); 529 530/** 531 * Find the auth zone that is above the given qname. 532 * Return NULL when there is no auth_zone above the give name, otherwise 533 * returns the closest auth_zone above the qname that pertains to it. 534 * @param az: auth zones structure. 535 * @param name: query to look up for. 536 * @param name_len: length of name. 537 * @param dclass: class of zone to find. 538 * @return NULL or auth_zone that pertains to the query. 539 */ 540struct auth_zone* auth_zones_find_zone(struct auth_zones* az, 541 uint8_t* name, size_t name_len, uint16_t dclass); 542 543/** find an auth zone by name (exact match by name or NULL returned) */ 544struct auth_zone* auth_zone_find(struct auth_zones* az, uint8_t* nm, 545 size_t nmlen, uint16_t dclass); 546 547/** find an xfer zone by name (exact match by name or NULL returned) */ 548struct auth_xfer* auth_xfer_find(struct auth_zones* az, uint8_t* nm, 549 size_t nmlen, uint16_t dclass); 550 551/** create an auth zone. returns wrlocked zone. caller must have wrlock 552 * on az. returns NULL on malloc failure */ 553struct auth_zone* auth_zone_create(struct auth_zones* az, uint8_t* nm, 554 size_t nmlen, uint16_t dclass); 555 556/** set auth zone zonefile string. caller must have lock on zone */ 557int auth_zone_set_zonefile(struct auth_zone* z, char* zonefile); 558 559/** set auth zone fallback. caller must have lock on zone. 560 * fallbackstr is "yes" or "no". false on parse failure. */ 561int auth_zone_set_fallback(struct auth_zone* z, char* fallbackstr); 562 563/** see if the auth zone for the name can fallback 564 * @param az: auth zones 565 * @param nm: name of delegation point. 566 * @param nmlen: length of nm. 567 * @param dclass: class of zone to look for. 568 * @return true if fallback_enabled is true. false if not. 569 * if the zone does not exist, fallback is true (more lenient) 570 * also true if zone does not do upstream requests. 571 */ 572int auth_zones_can_fallback(struct auth_zones* az, uint8_t* nm, size_t nmlen, 573 uint16_t dclass); 574 575/** process notify for auth zones. 576 * first checks the access list. Then processes the notify. This starts 577 * the probe sequence or it notes the serial number (if any) 578 * @param az: auth zones structure. 579 * @param env: module env of the worker that is handling the notify. it will 580 * pick up the task probe (or transfer), unless already in progress by 581 * another worker. 582 * @param nm: name of the zone. Uncompressed. from query. 583 * @param nmlen: length of name. 584 * @param dclass: class of zone. 585 * @param addr: source address of notify 586 * @param addrlen: length of addr. 587 * @param has_serial: if true, the notify has a serial attached. 588 * @param serial: the serial number, if has_serial is true. 589 * @param refused: is set to true on failure to note refused access. 590 * @return fail on failures (refused is false) and when access is 591 * denied (refused is true). True when processed. 592 */ 593int auth_zones_notify(struct auth_zones* az, struct module_env* env, 594 uint8_t* nm, size_t nmlen, uint16_t dclass, 595 struct sockaddr_storage* addr, socklen_t addrlen, int has_serial, 596 uint32_t serial, int* refused); 597 598/** process notify packet and read serial number from SOA. 599 * returns 0 if no soa record in the notify */ 600int auth_zone_parse_notify_serial(struct sldns_buffer* pkt, uint32_t *serial); 601 602/** for the zone and if not already going, starts the probe sequence. 603 * false if zone cannot be found. This is like a notify arrived and was 604 * accepted for that zone. */ 605int auth_zones_startprobesequence(struct auth_zones* az, 606 struct module_env* env, uint8_t* nm, size_t nmlen, uint16_t dclass); 607 608/** read auth zone from zonefile. caller must lock zone. false on failure */ 609int auth_zone_read_zonefile(struct auth_zone* z, struct config_file* cfg); 610 611/** find serial number of zone or false if none (no SOA record) */ 612int auth_zone_get_serial(struct auth_zone* z, uint32_t* serial); 613 614/** compare auth_zones for sorted rbtree */ 615int auth_zone_cmp(const void* z1, const void* z2); 616 617/** compare auth_data for sorted rbtree */ 618int auth_data_cmp(const void* z1, const void* z2); 619 620/** compare auth_xfer for sorted rbtree */ 621int auth_xfer_cmp(const void* z1, const void* z2); 622 623/** Create auth_xfer structure. 624 * Caller must have wrlock on az. Returns locked xfer zone. 625 * @param az: zones structure. 626 * @param z: zone with name and class 627 * @return xfer zone or NULL 628 */ 629struct auth_xfer* auth_xfer_create(struct auth_zones* az, struct auth_zone* z); 630 631/** 632 * Set masters in auth xfer structure from config. 633 * @param list: pointer to start of list. The malloced list is returned here. 634 * @param c: the config items to copy over. 635 * @param with_http: if true, http urls are also included, before the masters. 636 * @return false on failure. 637 */ 638int xfer_set_masters(struct auth_master** list, struct config_auth* c, 639 int with_http); 640 641/** xfer nextprobe timeout callback, this is part of task_nextprobe */ 642void auth_xfer_timer(void* arg); 643 644/** callback for commpoint udp replies to task_probe */ 645int auth_xfer_probe_udp_callback(struct comm_point* c, void* arg, int err, 646 struct comm_reply* repinfo); 647/** callback for task_transfer tcp connections */ 648int auth_xfer_transfer_tcp_callback(struct comm_point* c, void* arg, int err, 649 struct comm_reply* repinfo); 650/** callback for task_transfer http connections */ 651int auth_xfer_transfer_http_callback(struct comm_point* c, void* arg, int err, 652 struct comm_reply* repinfo); 653/** xfer probe timeout callback, part of task_probe */ 654void auth_xfer_probe_timer_callback(void* arg); 655/** xfer transfer timeout callback, part of task_transfer */ 656void auth_xfer_transfer_timer_callback(void* arg); 657/** mesh callback for task_probe on lookup of host names */ 658void auth_xfer_probe_lookup_callback(void* arg, int rcode, 659 struct sldns_buffer* buf, enum sec_status sec, char* why_bogus, 660 int was_ratelimited); 661/** mesh callback for task_transfer on lookup of host names */ 662void auth_xfer_transfer_lookup_callback(void* arg, int rcode, 663 struct sldns_buffer* buf, enum sec_status sec, char* why_bogus, 664 int was_ratelimited); 665 666/* 667 * Compares two 32-bit serial numbers as defined in RFC1982. Returns 668 * <0 if a < b, 0 if a == b, and >0 if a > b. The result is undefined 669 * if a != b but neither is greater or smaller (see RFC1982 section 670 * 3.2.). 671 */ 672int compare_serial(uint32_t a, uint32_t b); 673 674#endif /* SERVICES_AUTHZONE_H */ 675