Lines Matching +full:cfg +full:- +full:space

2  * ipsecmod/ipsecmod.c - facilitate opportunistic IPsec module
47 #include "ipsecmod/ipsecmod-whitelist.h"
57 ipsecmod_apply_cfg(struct ipsecmod_env* ipsecmod_env, struct config_file* cfg)
59 	if(!cfg->ipsecmod_hook || (cfg->ipsecmod_hook && !cfg->ipsecmod_hook[0])) {
60 		log_err("ipsecmod: missing ipsecmod-hook.");
63 	if(cfg->ipsecmod_whitelist &&
64 		!ipsecmod_whitelist_apply_cfg(ipsecmod_env, cfg))
78 	env->modinfo[id] = (void*)ipsecmod_env;
79 	ipsecmod_env->whitelist = NULL;
80 	if(!ipsecmod_apply_cfg(ipsecmod_env, env->cfg)) {
91 	if(!env || !env->modinfo[id])
93 	ipsecmod_env = (struct ipsecmod_env*)env->modinfo[id];
95 	ipsecmod_whitelist_delete(ipsecmod_env->whitelist);
97 	env->modinfo[id] = NULL;
105 		qstate->region, sizeof(struct ipsecmod_qstate));
106 	qstate->minfo[id] = iq;
111 	iq->enabled = qstate->env->cfg->ipsecmod_enabled;
112 	iq->is_whitelisted = ipsecmod_domain_is_whitelisted(
113 		(struct ipsecmod_env*)qstate->env->modinfo[id], qstate->qinfo.qname,
114 		qstate->qinfo.qname_len, qstate->qinfo.qclass);
126 	qstate->ext_state[id] = module_error;
127 	qstate->return_rcode = LDNS_RCODE_SERVFAIL;
158 	fptr_ok(fptr_whitelist_modenv_detect_cycle(qstate->env->detect_cycle));
159 	if((*qstate->env->detect_cycle)(qstate, &ask,
165 	fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
166 	if(!(*qstate->env->attach_sub)(qstate, &ask,
171 	qstate->ext_state[id] = module_wait_subquery;
179  *  - digits
180  *  - alphas
181  *  - hyphen (not at the start)
182  *  - dot (not at the start, or the only character)
183  *  - underscore
193 		if((s[i] == '-' && i != 0)
261 		log_err("ipsecmod: no shell available for ipsecmod-hook");
271 	w += sldns_str_print(&s, &slen, "%s", qstate->env->cfg->ipsecmod_hook);
272 	/* Put space into the buffer. */
275 	tempstring = sldns_wire2str_dname(qstate->qinfo.qname,
276 		qstate->qinfo.qname_len);
288 	/* Put space into the buffer. */
291 	rrset_data = (struct packed_rrset_data*)iq->ipseckey_rrset->entry.data;
292 	w += sldns_str_print(&s, &slen, "\"%ld\"", (long)rrset_data->ttl);
293 	/* Put space into the buffer. */
295 	rrset_key = reply_find_answer_rrset(&qstate->return_msg->qinfo,
296 		qstate->return_msg->rep);
301 	qtype = ntohs(rrset_key->rk.type);
306 	rrset_data = (struct packed_rrset_data*)rrset_key->entry.data;
310 	for(i=0; i<rrset_data->count; i++) {
312 			/* Put space into the buffer. */
316 		w_temp = sldns_wire2str_rdata_buf(rrset_data->rr_data[i] + 2,
317 			rrset_data->rr_len[i] - 2, s, slen, qstate->qinfo.qtype);
329 			slen -= w_temp;
334 	/* Put space into the buffer. */
339 	rrset_data = (struct packed_rrset_data*)iq->ipseckey_rrset->entry.data;
340 	for(i=0; i<rrset_data->count; i++) {
342 			/* Put space into the buffer. */
346 		tempdata = rrset_data->rr_data[i] + 2;
347 		tempdata_len = rrset_data->rr_len[i] - 2;
354 		if(w_temp == -1) {
358 					tempstring, tempstring_len - slen)) {
371 	/* ipsecmod-hook should return 0 on success. */
380  * 	contains qstate->env module environment with global caches and so on.
381  * @param iq: query state specific for this module.  per-query.
393 	if(!(iq->enabled && iq->is_whitelisted)) {
394 		qstate->ext_state[id] = module_wait_module;
399 	if(!iq->ipseckey_done) {
400 		if(qstate->qinfo.qtype == LDNS_RR_TYPE_A ||
401 			qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA) {
403 			sldns_wire2str_type_buf(qstate->qinfo.qtype, type,
407 			qstate->no_cache_store = 1;
410 		qstate->ext_state[id] = module_wait_module;
415 	if(iq->ipseckey_rrset) {
416 		rrset_data = (struct packed_rrset_data*)iq->ipseckey_rrset->entry.data;
419 			if(!qstate->env->cfg->ipsecmod_ignore_bogus &&
420 				rrset_data->security == sec_status_bogus) {
428 				qstate->env->cfg->ipsecmod_strict) {
429 				log_err("ipsecmod: ipsecmod-hook failed");
430 				errinf(qstate, "ipsecmod: ipsecmod-hook failed");
436 			rrset_key = reply_find_answer_rrset(&qstate->return_msg->qinfo,
437 				qstate->return_msg->rep);
438 			rrset_data = (struct packed_rrset_data*)rrset_key->entry.data;
439 			if(rrset_data->ttl > (time_t)qstate->env->cfg->ipsecmod_max_ttl) {
441 				rrset_data->ttl = qstate->env->cfg->ipsecmod_max_ttl;
442 				for(i=0; i<rrset_data->count+rrset_data->rrsig_count; i++)
443 					rrset_data->rr_ttl[i] = qstate->env->cfg->ipsecmod_max_ttl;
445 				if(qstate->return_msg->rep->ttl > (time_t)qstate->env->cfg->ipsecmod_max_ttl) {
446 					qstate->return_msg->rep->ttl =
447 						qstate->env->cfg->ipsecmod_max_ttl;
448 					qstate->return_msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(
449 						qstate->return_msg->rep->ttl);
450 					qstate->return_msg->rep->serve_expired_ttl = qstate->return_msg->rep->ttl +
451 						qstate->env->cfg->serve_expired_ttl;
457 	if(!dns_cache_store(qstate->env, &qstate->qinfo,
458 		qstate->return_msg->rep, 0, qstate->prefetch_leeway,
459 		0, qstate->region, qstate->query_flags, qstate->qstarttime,
460 		qstate->is_valrec)) {
463 	qstate->ext_state[id] = module_finished;
469  * 	contains qstate->env module environment with global caches and so on.
470  * @param iq: query state specific for this module.  per-query.
480 	if(!(iq->enabled && iq->is_whitelisted)) {
481 		qstate->ext_state[id] = module_finished;
485 	if((qstate->qinfo.qtype == LDNS_RR_TYPE_A ||
486 		qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA) &&
488 		qstate->return_msg &&
489 		reply_find_answer_rrset(&qstate->return_msg->qinfo,
490 		qstate->return_msg->rep) &&
492 		qstate->return_rcode == LDNS_RCODE_NOERROR) {
494 		sldns_wire2str_type_buf(qstate->qinfo.qtype, type,
499 		if(!generate_request(qstate, id, qstate->qinfo.qname,
500 			qstate->qinfo.qname_len, LDNS_RR_TYPE_IPSECKEY,
501 			qstate->qinfo.qclass, 0)) {
509 	qstate->ext_state[id] = module_finished;
516 	struct ipsecmod_env* ie = (struct ipsecmod_env*)qstate->env->modinfo[id];
517 	struct ipsecmod_qstate* iq = (struct ipsecmod_qstate*)qstate->minfo[id];
519 		id, strextstate(qstate->ext_state[id]), strmodulevent(event));
521 		&qstate->qinfo);
531 		iq = (struct ipsecmod_qstate*)qstate->minfo[id];
556 		qstate->ext_state[id] = module_finished;
572 		&qstate->qinfo);
573 	log_query_info(VERB_ALGO, "super is", &super->qinfo);
574 	siq = (struct ipsecmod_qstate*)super->minfo[id];
580 	if(qstate->return_msg) {
582 			&qstate->return_msg->qinfo, qstate->return_msg->rep);
586 			rrset_key = packed_rrset_copy_region(rrset_key, super->region, 0);
587 			siq->ipseckey_rrset = rrset_key;
594 	siq->ipseckey_done = 1;
602 	qstate->minfo[id] = NULL;
608 	struct ipsecmod_env* ie = (struct ipsecmod_env*)env->modinfo[id];
611 	return sizeof(*ie) + ipsecmod_whitelist_get_mem(ie->whitelist);