Lines Matching refs:qstate
73 static void process_ds_response(struct module_qstate* qstate,
284 val_new_getmsg(struct module_qstate* qstate, struct val_qstate* vq)
286 if(!qstate->return_msg || qstate->return_rcode != LDNS_RCODE_NOERROR) {
289 vq->orig_msg = (struct dns_msg*)regional_alloc(qstate->region,
293 vq->orig_msg->qinfo = qstate->qinfo;
295 qstate->region, sizeof(struct reply_info));
299 vq->orig_msg->rep->flags = (uint16_t)(qstate->return_rcode&0xf)
300 |BIT_QR|BIT_RA|(qstate->query_flags|(BIT_CD|BIT_RD));
304 vq->orig_msg = qstate->return_msg;
306 vq->qchase = qstate->qinfo;
308 vq->chase_reply = regional_alloc_init(qstate->region,
317 vq->chase_reply->rrsets = regional_alloc(qstate->region,
332 val_new(struct module_qstate* qstate, int id)
335 qstate->region, sizeof(*vq));
336 log_assert(!qstate->minfo[id]);
340 qstate->minfo[id] = vq;
342 return val_new_getmsg(qstate, vq);
363 * @param qstate: query state
368 val_error(struct module_qstate* qstate, int id)
370 qstate->ext_state[id] = module_error;
371 qstate->return_rcode = LDNS_RCODE_SERVFAIL;
381 * @param qstate: query state.
388 needs_validation(struct module_qstate* qstate, int ret_rc,
402 if(qstate->query_flags & BIT_CD) {
407 if(qstate->is_valrec) {
428 if(qstate->qinfo.qtype == LDNS_RR_TYPE_RRSIG &&
458 * @param qstate: query state that is the parent.
467 * @param detached: true if this qstate should not attach to the subquery
471 generate_request(struct module_qstate* qstate, int id, uint8_t* name,
475 struct val_qstate* vq = (struct val_qstate*)qstate->minfo[id];
488 fptr_ok(fptr_whitelist_modenv_detect_cycle(qstate->env->detect_cycle));
489 if((*qstate->env->detect_cycle)(qstate, &ask,
498 qstate->env->add_sub));
499 if(!(*qstate->env->add_sub)(qstate, &ask,
507 qstate->env->attach_sub));
508 if(!(*qstate->env->attach_sub)(qstate, &ask,
521 qstate->ext_state[id] = module_wait_subquery;
528 * @param qstate: query state.
534 generate_keytag_query(struct module_qstate* qstate, int id,
548 enum module_ext_state ext_state = qstate->ext_state[id];
564 if(!(keytagdname = (uint8_t*)regional_alloc_init(qstate->region,
572 if(!generate_request(qstate, id, keytagdname, dnamebuf_len,
580 qstate->ext_state[id] = ext_state;
615 * @param qstate: query state.
622 prime_trust_anchor(struct module_qstate* qstate, struct val_qstate* vq,
626 int ret = generate_request(qstate, id, toprime->name, toprime->namelen,
629 if(newq && qstate->env->cfg->trust_anchor_signaling &&
630 !generate_keytag_query(qstate, id, toprime)) {
644 vq->trust_anchor_name = regional_alloc_init(qstate->region,
665 * @param qstate: query state.
678 validate_msg_signatures(struct module_qstate* qstate, struct val_qstate* vq,
724 &reason_bogus, LDNS_SECTION_ANSWER, qstate, &verified,
732 errinf_ede(qstate, reason, reason_bogus);
734 errinf(qstate, "for CNAME");
736 errinf(qstate, "for DNAME");
737 errinf_origin(qstate, qstate->reply_origin);
769 &reason_bogus, LDNS_SECTION_AUTHORITY, qstate,
777 errinf_ede(qstate, reason, reason_bogus);
778 errinf_origin(qstate, qstate->reply_origin);
779 errinf_rrset(qstate, s);
815 &reason, NULL, LDNS_SECTION_ADDITIONAL, qstate,
838 struct module_qstate* qstate = (struct module_qstate*)arg;
840 mesh_run(qstate->env->mesh, qstate->mesh_info, module_event_pass,
846 validate_suspend_setup_timer(struct module_qstate* qstate,
855 errinf(qstate, "max validation suspends reached, "
861 qstate->ext_state[id] = module_wait_reply;
864 qstate->env->worker_base,
865 validate_suspend_timer_cb, qstate);
879 if(qstate->env->mesh->all.count >= qstate->env->mesh->max_reply_states)
881 else if(qstate->env->mesh->all.count >= qstate->env->mesh->max_reply_states/2)
883 else if(qstate->env->mesh->all.count >= qstate->env->mesh->max_reply_states/4)
894 usec = base + ub_random_max(qstate->env->rnd, usec-base);
1000 * @param qstate: query state for the region.
1009 struct key_entry_key* kkey, struct module_qstate* qstate,
1072 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1119 * @param qstate: query state for the region.
1128 struct key_entry_key* kkey, struct module_qstate* qstate,
1186 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1233 * @param qstate: query state for the region.
1243 struct module_qstate* qstate, struct val_qstate* vq,
1285 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1308 qstate, vq, nsec3_calculations, suspend);
1324 qstate, vq, nsec3_calculations, suspend);
1394 * @param qstate: query state for the region.
1403 struct key_entry_key* kkey, struct module_qstate* qstate,
1471 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1521 * @param qstate: query state for the region.
1530 struct key_entry_key* kkey, struct module_qstate* qstate,
1605 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1651 * @param qstate: query state for the region.
1660 struct key_entry_key* kkey, struct module_qstate* qstate,
1742 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1792 * @param qstate: query state.
1800 processInit(struct module_qstate* qstate, struct val_qstate* vq,
1807 qstate->query_flags, &qstate->qinfo, &vq->qchase,
1811 return val_error(qstate, id);
1846 val_mark_indeterminate(vq->chase_reply, qstate->env->anchors,
1847 qstate->env->rrset_cache, qstate->env);
1851 anchor = anchors_lookup(qstate->env->anchors,
1876 anchor = anchors_lookup(qstate->env->anchors,
1888 qstate->qinfo.qtype == LDNS_RR_TYPE_DNSKEY &&
1889 query_dname_compare(lookup_name, qstate->qinfo.qname) == 0) {
1908 vq->qchase.qclass, qstate->region, *qstate->env->now);
1927 qstate->env->rrset_cache, qstate->env);
1935 if(!prime_trust_anchor(qstate, vq, id, anchor)) {
1937 return val_error(qstate, id);
1955 qstate->env->rrset_cache, qstate->env);
1963 errinf_dname(qstate, "key for validation", vq->key_entry->name);
1964 errinf_ede(qstate, "is marked as invalid", ede);
1965 errinf(qstate, "because of a previous");
1966 errinf(qstate, key_entry_get_reason(vq->key_entry));
1988 * @param qstate: query state.
1995 processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id)
2010 if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
2014 return val_error(qstate, id);
2042 errinf_ede(qstate, "no signatures", LDNS_EDE_RRSIGS_MISSING);
2043 errinf_origin(qstate, qstate->reply_origin);
2083 if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
2087 return val_error(qstate, id);
2109 process_ds_response(qstate, vq, id, LDNS_RCODE_NOERROR,
2113 if(!validate_suspend_setup_timer(qstate, vq,
2115 return val_error(qstate, id);
2120 } else if(!qstate->blacklist && !vq->chain_blacklist &&
2121 (msg=val_find_DS(qstate->env, target_key_name,
2122 target_key_len, vq->qchase.qclass, qstate->region,
2125 process_ds_response(qstate, vq, id, LDNS_RCODE_NOERROR,
2129 if(!validate_suspend_setup_timer(qstate, vq,
2131 return val_error(qstate, id);
2136 if(!generate_request(qstate, id, target_key_name,
2140 return val_error(qstate, id);
2146 if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
2150 return val_error(qstate, id);
2164 * @param qstate: query state.
2172 processValidate(struct module_qstate* qstate, struct val_qstate* vq,
2180 return val_error(qstate, id);
2192 qstate->env->rrset_cache, qstate->env);
2194 qstate->env->cfg->val_log_level >= 2);
2205 errinf_ede(qstate, "while building chain of trust",
2209 qstate->env->cfg->val_log_level >= 2);
2220 errinf_ede(qstate, "no signatures", LDNS_EDE_RRSIGS_MISSING);
2221 errinf_origin(qstate, qstate->reply_origin);
2226 subtype = val_classify_response(qstate->query_flags, &qstate->qinfo,
2233 if(!validate_msg_signatures(qstate, vq, qstate->env, ve,
2236 if(!validate_suspend_setup_timer(qstate, vq,
2238 return val_error(qstate, id);
2256 qstate->errinf = NULL;
2268 validate_positive_response(qstate->env, ve,
2270 qstate, vq, &nsec3_calculations, &suspend);
2272 if(!validate_suspend_setup_timer(qstate,
2274 return val_error(qstate, id);
2284 validate_nodata_response(qstate->env, ve,
2286 qstate, vq, &nsec3_calculations, &suspend);
2288 if(!validate_suspend_setup_timer(qstate,
2290 return val_error(qstate, id);
2301 validate_nameerror_response(qstate->env, ve,
2303 qstate, vq, &nsec3_calculations, &suspend);
2305 if(!validate_suspend_setup_timer(qstate,
2307 return val_error(qstate, id);
2319 validate_cname_response(qstate->env, ve,
2321 qstate, vq, &nsec3_calculations, &suspend);
2323 if(!validate_suspend_setup_timer(qstate,
2325 return val_error(qstate, id);
2336 validate_cname_noanswer_response(qstate->env, ve,
2338 qstate, vq, &nsec3_calculations, &suspend);
2340 if(!validate_suspend_setup_timer(qstate,
2342 return val_error(qstate, id);
2361 validate_any_response(qstate->env, ve, &vq->qchase,
2362 vq->chase_reply, vq->key_entry, qstate, vq,
2365 if(!validate_suspend_setup_timer(qstate,
2367 return val_error(qstate, id);
2381 errinf(qstate, "wildcard");
2382 else errinf(qstate, val_classification_to_string(subtype));
2383 errinf(qstate, "proof failed");
2384 errinf_origin(qstate, qstate->reply_origin);
2393 * @param qstate: query state.
2401 processFinished(struct module_qstate* qstate, struct val_qstate* vq,
2405 qstate->query_flags, &qstate->qinfo, &vq->qchase,
2462 val_check_nonsecure(qstate->env, vq->orig_msg->rep);
2465 &qstate->qinfo);
2466 if(!qstate->no_cache_store) {
2467 val_neg_addreply(qstate->env->neg_cache,
2482 val_blacklist(&qstate->blacklist, qstate->region,
2483 qstate->reply_origin, 0);
2484 qstate->reply_origin = NULL;
2485 qstate->errinf = NULL;
2488 qstate->ext_state[id] = module_restart_next;
2492 if(qstate->env->cfg->serve_expired &&
2493 (e=msg_cache_lookup(qstate->env, qstate->qinfo.qname,
2494 qstate->qinfo.qname_len, qstate->qinfo.qtype,
2495 qstate->qinfo.qclass, qstate->query_flags,
2500 (!qstate->env->cfg->serve_expired_ttl ||
2501 qstate->env->cfg->serve_expired_ttl_reset ||
2502 *qstate->env->now <= rep->serve_expired_ttl)) {
2508 *qstate->env->now;
2509 if(qstate->env->cfg->serve_expired_ttl_reset &&
2510 *qstate->env->now + qstate->env->cfg->serve_expired_ttl
2514 rep->serve_expired_ttl = *qstate->env->now +
2515 qstate->env->cfg->serve_expired_ttl;
2524 qstate->return_rcode = LDNS_RCODE_SERVFAIL;
2525 qstate->return_msg = NULL;
2526 qstate->ext_state[id] = module_finished;
2537 vq->orig_msg->rep->ttl + qstate->env->cfg->serve_expired_ttl;
2538 if((qstate->env->cfg->val_log_level >= 1 ||
2539 qstate->env->cfg->log_servfail) &&
2540 !qstate->env->cfg->val_log_squelch) {
2541 if(qstate->env->cfg->val_log_level < 2 &&
2542 !qstate->env->cfg->log_servfail)
2544 &qstate->qinfo);
2546 char* err_str = errinf_to_str_bogus(qstate,
2547 qstate->region);
2561 if(qstate->env->cfg->val_permissive_mode)
2566 qstate->env->cfg->root_key_sentinel &&
2567 (qstate->qinfo.qtype == LDNS_RR_TYPE_A ||
2568 qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA)) {
2571 if(*qstate->qinfo.qname == strlen(SENTINEL_IS) +
2573 dname_lab_startswith(qstate->qinfo.qname, SENTINEL_IS,
2576 !anchor_has_keytag(qstate->env->anchors,
2581 } else if(*qstate->qinfo.qname == strlen(SENTINEL_NOT) +
2583 dname_lab_startswith(qstate->qinfo.qname, SENTINEL_NOT,
2586 anchor_has_keytag(qstate->env->anchors,
2595 update_reason_bogus(vq->orig_msg->rep, errinf_to_reason_bogus(qstate));
2597 if(qstate->query_flags&BIT_RD) {
2600 if(!qstate->no_cache_store) {
2601 if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo,
2602 vq->orig_msg->rep, 0, qstate->prefetch_leeway,
2603 0, qstate->region, qstate->query_flags,
2604 qstate->qstarttime, qstate->is_valrec)) {
2611 if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo,
2612 vq->orig_msg->rep, 1, 0, 0, qstate->region,
2613 qstate->query_flags, qstate->qstarttime,
2614 qstate->is_valrec)) {
2618 qstate->return_rcode = LDNS_RCODE_NOERROR;
2619 qstate->return_msg = vq->orig_msg;
2620 qstate->ext_state[id] = module_finished;
2628 * @param qstate: query state.
2634 val_handle(struct module_qstate* qstate, struct val_qstate* vq,
2643 cont = processInit(qstate, vq, ve, id);
2646 cont = processFindKey(qstate, vq, id);
2649 cont = processValidate(qstate, vq, ve, id);
2652 cont = processFinished(qstate, vq, ve, id);
2664 val_operate(struct module_qstate* qstate, enum module_ev event, int id,
2667 struct val_env* ve = (struct val_env*)qstate->env->modinfo[id];
2668 struct val_qstate* vq = (struct val_qstate*)qstate->minfo[id];
2670 "event:%s", id, strextstate(qstate->ext_state[id]),
2673 &qstate->qinfo);
2674 if(vq && qstate->qinfo.qname != vq->qchase.qname)
2683 qstate->ext_state[id] = module_wait_module;
2690 if(!needs_validation(qstate, qstate->return_rcode,
2691 qstate->return_msg)) {
2693 if(qstate->return_msg)
2694 qstate->return_msg->rep->security =
2696 qstate->ext_state[id] = module_finished;
2699 if(already_validated(qstate->return_msg)) {
2700 qstate->ext_state[id] = module_finished;
2703 if(qstate->rpz_applied) {
2705 if(qstate->return_msg)
2706 qstate->return_msg->rep->security =
2708 qstate->ext_state[id] = module_finished;
2713 if(qstate->qinfo.qclass == LDNS_RR_CLASS_ANY) {
2715 if(qstate->return_msg) {
2716 qstate->return_msg->rep->security =
2718 update_reason_bogus(qstate->return_msg->rep, LDNS_EDE_DNSSEC_BOGUS);
2720 qstate->ext_state[id] = module_finished;
2724 qstate->ext_state[id] = module_error; /* override this */
2726 vq = val_new(qstate, id);
2729 qstate->ext_state[id] = module_error;
2733 if(!val_new_getmsg(qstate, vq)) {
2735 qstate->ext_state[id] = module_error;
2739 val_handle(qstate, vq, ve, id);
2743 qstate->ext_state[id] = module_error; /* override this */
2745 val_handle(qstate, vq, ve, id);
2749 qstate->ext_state[id] = module_error;
2757 * (this rrset is allocated in the wrong region, not the qstate).
2759 * @param qstate: qstate that needs key.
2770 struct trust_anchor* ta, struct module_qstate* qstate, int id,
2773 struct val_env* ve = (struct val_env*)qstate->env->modinfo[id];
2779 int downprot = qstate->env->cfg->harden_algo_downgrade;
2794 if(qstate->env->cfg->harden_dnssec_stripped) {
2795 errinf_ede(qstate, rstr, reason_bogus);
2796 kkey = key_entry_create_bad(qstate->region, ta->name,
2798 reason_bogus, rstr, *qstate->env->now);
2799 } else kkey = key_entry_create_null(qstate->region, ta->name,
2801 reason_bogus, rstr, *qstate->env->now);
2809 kkey = val_verify_new_DNSKEYs_with_ta(qstate->region, qstate->env, ve,
2811 &reason, &reason_bogus, qstate, reasonbuf, sizeof(reasonbuf));
2829 if(qstate->env->cfg->harden_dnssec_stripped) {
2830 errinf_ede(qstate, reason, reason_bogus);
2831 kkey = key_entry_create_bad(qstate->region, ta->name,
2834 *qstate->env->now);
2835 } else kkey = key_entry_create_null(qstate->region, ta->name,
2838 *qstate->env->now);
2855 * @param qstate: query state that is validating and asked for a DS.
2875 ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq,
2879 struct val_env* ve = (struct val_env*)qstate->env->modinfo[id];
2891 errinf(qstate, rc);
2898 errinf(qstate, buf);
2902 errinf_ede(qstate, reason, reason_bogus);
2917 errinf_ede(qstate, reason, reason_bogus);
2922 sec = val_verify_rrset_entry(qstate->env, ve, ds,
2924 LDNS_SECTION_ANSWER, qstate, &verified, reasonbuf,
2929 errinf_ede(qstate, reason, reason_bogus);
2938 *ke = key_entry_create_null(qstate->region,
2942 *qstate->env->now);
2948 *ke = key_entry_create_rrset(qstate->region,
2950 NULL, LDNS_EDE_NONE, NULL, *qstate->env->now);
2963 errinf_ede(qstate, reason, reason_bogus);
2974 qstate->env, ve, qinfo, msg->rep, vq->key_entry,
2975 &proof_ttl, &reason, &reason_bogus, qstate,
2981 *ke = key_entry_create_null(qstate->region,
2985 *qstate->env->now);
2995 errinf(qstate, reason);
3003 if(!nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
3007 errinf_ede(qstate, reason, 0);
3010 sec = nsec3_prove_nods(qstate->env, ve,
3013 &reason_bogus, qstate, &vq->nsec3_cache_table,
3023 *ke = key_entry_create_null(qstate->region,
3027 *qstate->env->now);
3037 errinf_ede(qstate, reason, reason_bogus);
3051 errinf_ede(qstate, reason, reason_bogus);
3065 errinf_ede(qstate, reason, reason_bogus);
3076 errinf_ede(qstate, reason, reason_bogus);
3079 sec = val_verify_rrset_entry(qstate->env, ve, cname,
3081 LDNS_SECTION_ANSWER, qstate, &verified, reasonbuf,
3090 errinf(qstate, "CNAME in DS response was not secure.");
3091 errinf_ede(qstate, reason, reason_bogus);
3096 errinf(qstate, "no DS and");
3103 errinf(qstate, rc);
3104 } else errinf(qstate, val_classification_to_string(subtype));
3105 errinf(qstate, "message fails to prove that");
3109 *ke = key_entry_create_bad(qstate->region, qinfo->qname,
3111 reason_bogus, reason, *qstate->env->now);
3122 * @param qstate: query state that is validating and asked for a DS.
3136 process_ds_response(struct module_qstate* qstate, struct val_qstate* vq,
3141 struct val_env* ve = (struct val_env*)qstate->env->modinfo[id];
3155 ret = ds_response_to_ke(qstate, vq, id, rcode, msg, qinfo, &dske,
3175 vq->empty_DS_name = regional_alloc_init(qstate->region,
3188 vq->ds_rrset = key_entry_get_rrset(dske, qstate->region);
3200 val_blacklist(&vq->chain_blacklist, qstate->region, origin, 1);
3201 qstate->errinf = NULL;
3205 errinf_origin(qstate, origin);
3206 errinf_dname(qstate, "for DS", qinfo->qname);
3225 * @param qstate: query state that is validating and asked for a DNSKEY.
3236 process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq,
3240 struct val_env* ve = (struct val_env*)qstate->env->modinfo[id];
3268 val_blacklist(&vq->chain_blacklist, qstate->region,
3270 qstate->errinf = NULL;
3282 vq->key_entry = key_entry_create_bad(qstate->region,
3284 BOGUS_KEY_TTL, reason_bogus, rstr, *qstate->env->now);
3289 errinf_ede(qstate, rstr, reason_bogus);
3290 errinf_origin(qstate, origin);
3291 errinf_dname(qstate, "for key", qinfo->qname);
3301 downprot = qstate->env->cfg->harden_algo_downgrade;
3302 vq->key_entry = val_verify_new_DNSKEYs(qstate->region, qstate->env,
3304 qstate, reasonbuf, sizeof(reasonbuf));
3317 qstate->region, origin, 1);
3318 qstate->errinf = NULL;
3325 errinf_ede(qstate, reason, reason_bogus);
3326 errinf_origin(qstate, origin);
3327 errinf_dname(qstate, "for key", qinfo->qname);
3334 qstate->errinf = NULL;
3338 qstate->env->cfg->val_log_level >= 2);
3348 * @param qstate: query state that is validating and primed a trust anchor.
3358 process_prime_response(struct module_qstate* qstate, struct val_qstate* vq,
3362 struct val_env* ve = (struct val_env*)qstate->env->modinfo[id];
3364 struct trust_anchor* ta = anchor_find(qstate->env->anchors,
3384 if(!autr_process_prime(qstate->env, ve, ta, dnskey_rrset,
3385 qstate)) {
3392 vq->key_entry = primeResponseToKE(dnskey_rrset, ta, qstate, id,
3398 val_blacklist(&vq->chain_blacklist, qstate->region,
3400 qstate->errinf = NULL;
3407 errinf_origin(qstate, origin);
3408 errinf_dname(qstate, "for trust anchor", ta->name);
3411 qstate->env->cfg->val_log_level >= 2);
3419 /* the qstate will be reactivated after inform_super is done */
3425 * @param qstate: query state that finished.
3427 * @param super: the qstate to inform.
3430 val_inform_super(struct module_qstate* qstate, int id,
3435 &qstate->qinfo);
3443 process_prime_response(super, vq, id, qstate->return_rcode,
3444 qstate->return_msg, qstate->reply_origin, qstate);
3447 if(qstate->qinfo.qtype == LDNS_RR_TYPE_DS) {
3449 process_ds_response(super, vq, id, qstate->return_rcode,
3450 qstate->return_msg, &qstate->qinfo,
3451 qstate->reply_origin, &suspend, qstate);
3455 * the super qstate whilst the RRs are allocated (and pointed
3456 * to) in this sub qstate. */
3466 qstate->return_msg, super->region);
3469 } else if(qstate->qinfo.qtype == LDNS_RR_TYPE_DNSKEY) {
3470 process_dnskey_response(super, vq, id, qstate->return_rcode,
3471 qstate->return_msg, &qstate->qinfo,
3472 qstate->reply_origin, qstate);
3479 val_clear(struct module_qstate* qstate, int id)
3482 if(!qstate)
3484 vq = (struct val_qstate*)qstate->minfo[id];
3491 qstate->minfo[id] = NULL;