Lines Matching defs:qstate
73 static void process_ds_response(struct module_qstate* qstate,
246 val_new_getmsg(struct module_qstate* qstate, struct val_qstate* vq)
248 if(!qstate->return_msg || qstate->return_rcode != LDNS_RCODE_NOERROR) {
251 vq->orig_msg = (struct dns_msg*)regional_alloc(qstate->region,
255 vq->orig_msg->qinfo = qstate->qinfo;
257 qstate->region, sizeof(struct reply_info));
261 vq->orig_msg->rep->flags = (uint16_t)(qstate->return_rcode&0xf)
262 |BIT_QR|BIT_RA|(qstate->query_flags|(BIT_CD|BIT_RD));
266 vq->orig_msg = qstate->return_msg;
268 vq->qchase = qstate->qinfo;
270 vq->chase_reply = regional_alloc_init(qstate->region,
279 vq->chase_reply->rrsets = regional_alloc(qstate->region,
294 val_new(struct module_qstate* qstate, int id)
297 qstate->region, sizeof(*vq));
298 log_assert(!qstate->minfo[id]);
302 qstate->minfo[id] = vq;
304 return val_new_getmsg(qstate, vq);
325 * @param qstate: query state
330 val_error(struct module_qstate* qstate, int id)
332 qstate->ext_state[id] = module_error;
333 qstate->return_rcode = LDNS_RCODE_SERVFAIL;
343 * @param qstate: query state.
350 needs_validation(struct module_qstate* qstate, int ret_rc,
364 if(qstate->query_flags & BIT_CD) {
369 if(qstate->is_valrec) {
390 if(qstate->qinfo.qtype == LDNS_RR_TYPE_RRSIG &&
420 * @param qstate: query state that is the parent.
429 * @param detached: true if this qstate should not attach to the subquery
433 generate_request(struct module_qstate* qstate, int id, uint8_t* name,
437 struct val_qstate* vq = (struct val_qstate*)qstate->minfo[id];
450 fptr_ok(fptr_whitelist_modenv_detect_cycle(qstate->env->detect_cycle));
451 if((*qstate->env->detect_cycle)(qstate, &ask,
460 qstate->env->add_sub));
461 if(!(*qstate->env->add_sub)(qstate, &ask,
469 qstate->env->attach_sub));
470 if(!(*qstate->env->attach_sub)(qstate, &ask,
483 qstate->ext_state[id] = module_wait_subquery;
490 * @param qstate: query state.
496 generate_keytag_query(struct module_qstate* qstate, int id,
510 enum module_ext_state ext_state = qstate->ext_state[id];
526 if(!(keytagdname = (uint8_t*)regional_alloc_init(qstate->region,
534 if(!generate_request(qstate, id, keytagdname, dnamebuf_len,
542 qstate->ext_state[id] = ext_state;
577 * @param qstate: query state.
584 prime_trust_anchor(struct module_qstate* qstate, struct val_qstate* vq,
588 int ret = generate_request(qstate, id, toprime->name, toprime->namelen,
591 if(newq && qstate->env->cfg->trust_anchor_signaling &&
592 !generate_keytag_query(qstate, id, toprime)) {
606 vq->trust_anchor_name = regional_alloc_init(qstate->region,
627 * @param qstate: query state.
640 validate_msg_signatures(struct module_qstate* qstate, struct val_qstate* vq,
686 &reason_bogus, LDNS_SECTION_ANSWER, qstate, &verified,
694 errinf_ede(qstate, reason, reason_bogus);
696 errinf(qstate, "for CNAME");
698 errinf(qstate, "for DNAME");
699 errinf_origin(qstate, qstate->reply_origin);
731 &reason_bogus, LDNS_SECTION_AUTHORITY, qstate,
739 errinf_ede(qstate, reason, reason_bogus);
740 errinf_origin(qstate, qstate->reply_origin);
741 errinf_rrset(qstate, s);
777 &reason, NULL, LDNS_SECTION_ADDITIONAL, qstate,
800 struct module_qstate* qstate = (struct module_qstate*)arg;
802 mesh_run(qstate->env->mesh, qstate->mesh_info, module_event_pass,
808 validate_suspend_setup_timer(struct module_qstate* qstate,
817 errinf(qstate, "max validation suspends reached, "
823 qstate->ext_state[id] = module_wait_reply;
826 qstate->env->worker_base,
827 validate_suspend_timer_cb, qstate);
841 if(qstate->env->mesh->all.count >= qstate->env->mesh->max_reply_states)
843 else if(qstate->env->mesh->all.count >= qstate->env->mesh->max_reply_states/2)
845 else if(qstate->env->mesh->all.count >= qstate->env->mesh->max_reply_states/4)
856 usec = base + ub_random_max(qstate->env->rnd, usec-base);
962 * @param qstate: query state for the region.
971 struct key_entry_key* kkey, struct module_qstate* qstate,
1034 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1081 * @param qstate: query state for the region.
1090 struct key_entry_key* kkey, struct module_qstate* qstate,
1148 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1195 * @param qstate: query state for the region.
1205 struct module_qstate* qstate, struct val_qstate* vq,
1247 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1270 qstate, vq, nsec3_calculations, suspend);
1286 qstate, vq, nsec3_calculations, suspend);
1356 * @param qstate: query state for the region.
1365 struct key_entry_key* kkey, struct module_qstate* qstate,
1433 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1483 * @param qstate: query state for the region.
1492 struct key_entry_key* kkey, struct module_qstate* qstate,
1567 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1613 * @param qstate: query state for the region.
1622 struct key_entry_key* kkey, struct module_qstate* qstate,
1704 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1754 * @param qstate: query state.
1762 processInit(struct module_qstate* qstate, struct val_qstate* vq,
1769 qstate->query_flags, &qstate->qinfo, &vq->qchase,
1773 return val_error(qstate, id);
1808 val_mark_indeterminate(vq->chase_reply, qstate->env->anchors,
1809 qstate->env->rrset_cache, qstate->env);
1813 anchor = anchors_lookup(qstate->env->anchors,
1838 anchor = anchors_lookup(qstate->env->anchors,
1850 qstate->qinfo.qtype == LDNS_RR_TYPE_DNSKEY &&
1851 query_dname_compare(lookup_name, qstate->qinfo.qname) == 0) {
1870 vq->qchase.qclass, qstate->region, *qstate->env->now);
1889 qstate->env->rrset_cache, qstate->env);
1897 if(!prime_trust_anchor(qstate, vq, id, anchor)) {
1899 return val_error(qstate, id);
1917 qstate->env->rrset_cache, qstate->env);
1925 errinf_dname(qstate, "key for validation", vq->key_entry->name);
1926 errinf_ede(qstate, "is marked as invalid", ede);
1927 errinf(qstate, "because of a previous");
1928 errinf(qstate, key_entry_get_reason(vq->key_entry));
1950 * @param qstate: query state.
1957 processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id)
1972 if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
1976 return val_error(qstate, id);
2004 errinf_ede(qstate, "no signatures", LDNS_EDE_RRSIGS_MISSING);
2005 errinf_origin(qstate, qstate->reply_origin);
2045 if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
2049 return val_error(qstate, id);
2071 process_ds_response(qstate, vq, id, LDNS_RCODE_NOERROR,
2075 if(!validate_suspend_setup_timer(qstate, vq,
2077 return val_error(qstate, id);
2082 } else if(!qstate->blacklist && !vq->chain_blacklist &&
2083 (msg=val_find_DS(qstate->env, target_key_name,
2084 target_key_len, vq->qchase.qclass, qstate->region,
2087 process_ds_response(qstate, vq, id, LDNS_RCODE_NOERROR,
2091 if(!validate_suspend_setup_timer(qstate, vq,
2093 return val_error(qstate, id);
2098 if(!generate_request(qstate, id, target_key_name,
2102 return val_error(qstate, id);
2108 if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
2112 return val_error(qstate, id);
2126 * @param qstate: query state.
2134 processValidate(struct module_qstate* qstate, struct val_qstate* vq,
2142 return val_error(qstate, id);
2154 qstate->env->rrset_cache, qstate->env);
2156 qstate->env->cfg->val_log_level >= 2);
2167 errinf_ede(qstate, "while building chain of trust",
2171 qstate->env->cfg->val_log_level >= 2);
2182 errinf_ede(qstate, "no signatures", LDNS_EDE_RRSIGS_MISSING);
2183 errinf_origin(qstate, qstate->reply_origin);
2188 subtype = val_classify_response(qstate->query_flags, &qstate->qinfo,
2195 if(!validate_msg_signatures(qstate, vq, qstate->env, ve,
2198 if(!validate_suspend_setup_timer(qstate, vq,
2200 return val_error(qstate, id);
2218 qstate->errinf = NULL;
2230 validate_positive_response(qstate->env, ve,
2232 qstate, vq, &nsec3_calculations, &suspend);
2234 if(!validate_suspend_setup_timer(qstate,
2236 return val_error(qstate, id);
2246 validate_nodata_response(qstate->env, ve,
2248 qstate, vq, &nsec3_calculations, &suspend);
2250 if(!validate_suspend_setup_timer(qstate,
2252 return val_error(qstate, id);
2263 validate_nameerror_response(qstate->env, ve,
2265 qstate, vq, &nsec3_calculations, &suspend);
2267 if(!validate_suspend_setup_timer(qstate,
2269 return val_error(qstate, id);
2281 validate_cname_response(qstate->env, ve,
2283 qstate, vq, &nsec3_calculations, &suspend);
2285 if(!validate_suspend_setup_timer(qstate,
2287 return val_error(qstate, id);
2298 validate_cname_noanswer_response(qstate->env, ve,
2300 qstate, vq, &nsec3_calculations, &suspend);
2302 if(!validate_suspend_setup_timer(qstate,
2304 return val_error(qstate, id);
2323 validate_any_response(qstate->env, ve, &vq->qchase,
2324 vq->chase_reply, vq->key_entry, qstate, vq,
2327 if(!validate_suspend_setup_timer(qstate,
2329 return val_error(qstate, id);
2343 errinf(qstate, "wildcard");
2344 else errinf(qstate, val_classification_to_string(subtype));
2345 errinf(qstate, "proof failed");
2346 errinf_origin(qstate, qstate->reply_origin);
2355 * @param qstate: query state.
2363 processFinished(struct module_qstate* qstate, struct val_qstate* vq,
2367 qstate->query_flags, &qstate->qinfo, &vq->qchase,
2424 val_check_nonsecure(qstate->env, vq->orig_msg->rep);
2427 &qstate->qinfo);
2428 if(!qstate->no_cache_store) {
2429 val_neg_addreply(qstate->env->neg_cache,
2442 val_blacklist(&qstate->blacklist, qstate->region,
2443 qstate->reply_origin, 0);
2444 qstate->reply_origin = NULL;
2445 qstate->errinf = NULL;
2448 qstate->ext_state[id] = module_restart_next;
2456 vq->orig_msg->rep->ttl + qstate->env->cfg->serve_expired_ttl;
2457 if((qstate->env->cfg->val_log_level >= 1 ||
2458 qstate->env->cfg->log_servfail) &&
2459 !qstate->env->cfg->val_log_squelch) {
2460 if(qstate->env->cfg->val_log_level < 2 &&
2461 !qstate->env->cfg->log_servfail)
2463 &qstate->qinfo);
2465 char* err_str = errinf_to_str_bogus(qstate,
2466 qstate->region);
2480 if(qstate->env->cfg->val_permissive_mode)
2485 qstate->env->cfg->root_key_sentinel &&
2486 (qstate->qinfo.qtype == LDNS_RR_TYPE_A ||
2487 qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA)) {
2490 if(*qstate->qinfo.qname == strlen(SENTINEL_IS) +
2492 dname_lab_startswith(qstate->qinfo.qname, SENTINEL_IS,
2495 !anchor_has_keytag(qstate->env->anchors,
2500 } else if(*qstate->qinfo.qname == strlen(SENTINEL_NOT) +
2502 dname_lab_startswith(qstate->qinfo.qname, SENTINEL_NOT,
2505 anchor_has_keytag(qstate->env->anchors,
2514 update_reason_bogus(vq->orig_msg->rep, errinf_to_reason_bogus(qstate));
2516 if(qstate->query_flags&BIT_RD) {
2519 if(!qstate->no_cache_store) {
2520 if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo,
2521 vq->orig_msg->rep, 0, qstate->prefetch_leeway, 0, NULL,
2522 qstate->query_flags, qstate->qstarttime)) {
2529 if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo,
2531 qstate->query_flags, qstate->qstarttime)) {
2535 qstate->return_rcode = LDNS_RCODE_NOERROR;
2536 qstate->return_msg = vq->orig_msg;
2537 qstate->ext_state[id] = module_finished;
2545 * @param qstate: query state.
2551 val_handle(struct module_qstate* qstate, struct val_qstate* vq,
2560 cont = processInit(qstate, vq, ve, id);
2563 cont = processFindKey(qstate, vq, id);
2566 cont = processValidate(qstate, vq, ve, id);
2569 cont = processFinished(qstate, vq, ve, id);
2581 val_operate(struct module_qstate* qstate, enum module_ev event, int id,
2584 struct val_env* ve = (struct val_env*)qstate->env->modinfo[id];
2585 struct val_qstate* vq = (struct val_qstate*)qstate->minfo[id];
2587 "event:%s", id, strextstate(qstate->ext_state[id]),
2590 &qstate->qinfo);
2591 if(vq && qstate->qinfo.qname != vq->qchase.qname)
2600 qstate->ext_state[id] = module_wait_module;
2607 if(!needs_validation(qstate, qstate->return_rcode,
2608 qstate->return_msg)) {
2610 if(qstate->return_msg)
2611 qstate->return_msg->rep->security =
2613 qstate->ext_state[id] = module_finished;
2616 if(already_validated(qstate->return_msg)) {
2617 qstate->ext_state[id] = module_finished;
2622 if(qstate->qinfo.qclass == LDNS_RR_CLASS_ANY) {
2624 if(qstate->return_msg) {
2625 qstate->return_msg->rep->security =
2627 update_reason_bogus(qstate->return_msg->rep, LDNS_EDE_DNSSEC_BOGUS);
2629 qstate->ext_state[id] = module_finished;
2633 qstate->ext_state[id] = module_error; /* override this */
2635 vq = val_new(qstate, id);
2638 qstate->ext_state[id] = module_error;
2642 if(!val_new_getmsg(qstate, vq)) {
2644 qstate->ext_state[id] = module_error;
2648 val_handle(qstate, vq, ve, id);
2652 qstate->ext_state[id] = module_error; /* override this */
2654 val_handle(qstate, vq, ve, id);
2658 qstate->ext_state[id] = module_error;
2666 * (this rrset is allocated in the wrong region, not the qstate).
2668 * @param qstate: qstate that needs key.
2679 struct trust_anchor* ta, struct module_qstate* qstate, int id,
2682 struct val_env* ve = (struct val_env*)qstate->env->modinfo[id];
2688 int downprot = qstate->env->cfg->harden_algo_downgrade;
2703 if(qstate->env->cfg->harden_dnssec_stripped) {
2704 errinf_ede(qstate, rstr, reason_bogus);
2705 kkey = key_entry_create_bad(qstate->region, ta->name,
2707 reason_bogus, rstr, *qstate->env->now);
2708 } else kkey = key_entry_create_null(qstate->region, ta->name,
2710 reason_bogus, rstr, *qstate->env->now);
2718 kkey = val_verify_new_DNSKEYs_with_ta(qstate->region, qstate->env, ve,
2720 &reason, &reason_bogus, qstate, reasonbuf, sizeof(reasonbuf));
2738 if(qstate->env->cfg->harden_dnssec_stripped) {
2739 errinf_ede(qstate, reason, reason_bogus);
2740 kkey = key_entry_create_bad(qstate->region, ta->name,
2743 *qstate->env->now);
2744 } else kkey = key_entry_create_null(qstate->region, ta->name,
2747 *qstate->env->now);
2764 * @param qstate: query state that is validating and asked for a DS.
2784 ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq,
2788 struct val_env* ve = (struct val_env*)qstate->env->modinfo[id];
2800 errinf(qstate, rc);
2807 errinf(qstate, buf);
2811 errinf_ede(qstate, reason, reason_bogus);
2826 errinf_ede(qstate, reason, reason_bogus);
2831 sec = val_verify_rrset_entry(qstate->env, ve, ds,
2833 LDNS_SECTION_ANSWER, qstate, &verified, reasonbuf,
2838 errinf_ede(qstate, reason, reason_bogus);
2847 *ke = key_entry_create_null(qstate->region,
2851 *qstate->env->now);
2857 *ke = key_entry_create_rrset(qstate->region,
2859 NULL, LDNS_EDE_NONE, NULL, *qstate->env->now);
2872 errinf_ede(qstate, reason, reason_bogus);
2883 qstate->env, ve, qinfo, msg->rep, vq->key_entry,
2884 &proof_ttl, &reason, &reason_bogus, qstate,
2890 *ke = key_entry_create_null(qstate->region,
2894 *qstate->env->now);
2904 errinf(qstate, reason);
2912 if(!nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
2916 errinf_ede(qstate, reason, 0);
2919 sec = nsec3_prove_nods(qstate->env, ve,
2922 &reason_bogus, qstate, &vq->nsec3_cache_table,
2932 *ke = key_entry_create_null(qstate->region,
2936 *qstate->env->now);
2946 errinf_ede(qstate, reason, reason_bogus);
2960 errinf_ede(qstate, reason, reason_bogus);
2974 errinf_ede(qstate, reason, reason_bogus);
2985 errinf_ede(qstate, reason, reason_bogus);
2988 sec = val_verify_rrset_entry(qstate->env, ve, cname,
2990 LDNS_SECTION_ANSWER, qstate, &verified, reasonbuf,
2999 errinf(qstate, "CNAME in DS response was not secure.");
3000 errinf_ede(qstate, reason, reason_bogus);
3005 errinf(qstate, "no DS and");
3012 errinf(qstate, rc);
3013 } else errinf(qstate, val_classification_to_string(subtype));
3014 errinf(qstate, "message fails to prove that");
3018 *ke = key_entry_create_bad(qstate->region, qinfo->qname,
3020 reason_bogus, reason, *qstate->env->now);
3031 * @param qstate: query state that is validating and asked for a DS.
3045 process_ds_response(struct module_qstate* qstate, struct val_qstate* vq,
3050 struct val_env* ve = (struct val_env*)qstate->env->modinfo[id];
3056 ret = ds_response_to_ke(qstate, vq, id, rcode, msg, qinfo, &dske,
3076 vq->empty_DS_name = regional_alloc_init(qstate->region,
3089 vq->ds_rrset = key_entry_get_rrset(dske, qstate->region);
3101 val_blacklist(&vq->chain_blacklist, qstate->region, origin, 1);
3102 qstate->errinf = NULL;
3106 errinf_origin(qstate, origin);
3107 errinf_dname(qstate, "for DS", qinfo->qname);
3126 * @param qstate: query state that is validating and asked for a DNSKEY.
3137 process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq,
3141 struct val_env* ve = (struct val_env*)qstate->env->modinfo[id];
3160 val_blacklist(&vq->chain_blacklist, qstate->region,
3162 qstate->errinf = NULL;
3174 vq->key_entry = key_entry_create_bad(qstate->region,
3176 BOGUS_KEY_TTL, reason_bogus, rstr, *qstate->env->now);
3181 errinf_ede(qstate, rstr, reason_bogus);
3182 errinf_origin(qstate, origin);
3183 errinf_dname(qstate, "for key", qinfo->qname);
3193 downprot = qstate->env->cfg->harden_algo_downgrade;
3194 vq->key_entry = val_verify_new_DNSKEYs(qstate->region, qstate->env,
3196 qstate, reasonbuf, sizeof(reasonbuf));
3209 qstate->region, origin, 1);
3210 qstate->errinf = NULL;
3217 errinf_ede(qstate, reason, reason_bogus);
3218 errinf_origin(qstate, origin);
3219 errinf_dname(qstate, "for key", qinfo->qname);
3226 qstate->errinf = NULL;
3230 qstate->env->cfg->val_log_level >= 2);
3240 * @param qstate: query state that is validating and primed a trust anchor.
3250 process_prime_response(struct module_qstate* qstate, struct val_qstate* vq,
3254 struct val_env* ve = (struct val_env*)qstate->env->modinfo[id];
3256 struct trust_anchor* ta = anchor_find(qstate->env->anchors,
3276 if(!autr_process_prime(qstate->env, ve, ta, dnskey_rrset,
3277 qstate)) {
3284 vq->key_entry = primeResponseToKE(dnskey_rrset, ta, qstate, id,
3290 val_blacklist(&vq->chain_blacklist, qstate->region,
3292 qstate->errinf = NULL;
3299 errinf_origin(qstate, origin);
3300 errinf_dname(qstate, "for trust anchor", ta->name);
3303 qstate->env->cfg->val_log_level >= 2);
3311 /* the qstate will be reactivated after inform_super is done */
3317 * @param qstate: query state that finished.
3319 * @param super: the qstate to inform.
3322 val_inform_super(struct module_qstate* qstate, int id,
3327 &qstate->qinfo);
3335 process_prime_response(super, vq, id, qstate->return_rcode,
3336 qstate->return_msg, qstate->reply_origin, qstate);
3339 if(qstate->qinfo.qtype == LDNS_RR_TYPE_DS) {
3341 process_ds_response(super, vq, id, qstate->return_rcode,
3342 qstate->return_msg, &qstate->qinfo,
3343 qstate->reply_origin, &suspend, qstate);
3347 * the super qstate whilst the RRs are allocated (and pointed
3348 * to) in this sub qstate. */
3358 qstate->return_msg, super->region);
3361 } else if(qstate->qinfo.qtype == LDNS_RR_TYPE_DNSKEY) {
3362 process_dnskey_response(super, vq, id, qstate->return_rcode,
3363 qstate->return_msg, &qstate->qinfo,
3364 qstate->reply_origin, qstate);
3371 val_clear(struct module_qstate* qstate, int id)
3374 if(!qstate)
3376 vq = (struct val_qstate*)qstate->minfo[id];
3383 qstate->minfo[id] = NULL;