Lines Matching refs:vq
74 struct val_qstate* vq, int id, int rcode, struct dns_msg* msg,
284 val_new_getmsg(struct module_qstate* qstate, struct val_qstate* vq)
289 vq->orig_msg = (struct dns_msg*)regional_alloc(qstate->region,
291 if(!vq->orig_msg)
293 vq->orig_msg->qinfo = qstate->qinfo;
294 vq->orig_msg->rep = (struct reply_info*)regional_alloc(
296 if(!vq->orig_msg->rep)
298 memset(vq->orig_msg->rep, 0, sizeof(struct reply_info));
299 vq->orig_msg->rep->flags = (uint16_t)(qstate->return_rcode&0xf)
301 vq->orig_msg->rep->qdcount = 1;
302 vq->orig_msg->rep->reason_bogus = LDNS_EDE_NONE;
304 vq->orig_msg = qstate->return_msg;
306 vq->qchase = qstate->qinfo;
308 vq->chase_reply = regional_alloc_init(qstate->region,
309 vq->orig_msg->rep,
311 if(!vq->chase_reply)
313 if(vq->orig_msg->rep->rrset_count > RR_COUNT_MAX)
317 vq->chase_reply->rrsets = regional_alloc(qstate->region,
319 (vq->orig_msg->rep->rrset_count
320 + vq->orig_msg->rep->an_numrrsets));
321 if(!vq->chase_reply->rrsets)
323 memmove(vq->chase_reply->rrsets, vq->orig_msg->rep->rrsets,
325 vq->orig_msg->rep->rrset_count);
326 vq->rrset_skip = 0;
327 return vq;
334 struct val_qstate* vq = (struct val_qstate*)regional_alloc(
335 qstate->region, sizeof(*vq));
337 if(!vq)
339 memset(vq, 0, sizeof(*vq));
340 qstate->minfo[id] = vq;
341 vq->state = VAL_INIT_STATE;
342 return val_new_getmsg(qstate, vq);
347 val_restart(struct val_qstate* vq)
351 if(!vq) return;
352 temp_timer = vq->suspend_timer;
353 restart_count = vq->restart_count+1;
354 memset(vq, 0, sizeof(*vq));
355 vq->suspend_timer = temp_timer;
356 vq->restart_count = restart_count;
357 vq->state = VAL_INIT_STATE;
475 struct val_qstate* vq = (struct val_qstate*)qstate->minfo[id];
519 vq->chain_blacklist);
616 * @param vq: validator query state.
622 prime_trust_anchor(struct module_qstate* qstate, struct val_qstate* vq,
641 vq->wait_prime_ta = 1; /* to elicit PRIME_RESP_STATE processing
644 vq->trust_anchor_name = regional_alloc_init(qstate->region,
646 vq->trust_anchor_len = toprime->namelen;
647 vq->trust_anchor_labs = toprime->namelabs;
648 if(!vq->trust_anchor_name) {
666 * @param vq: validator query state.
678 validate_msg_signatures(struct module_qstate* qstate, struct val_qstate* vq,
692 if(vq->msg_signatures_state) {
694 vq->msg_signatures_state = 0;
700 if(have_state && i <= vq->msg_signatures_index)
785 vq->msg_signatures_state = 1;
786 vq->msg_signatures_index = i;
796 if(have_state && i <= vq->msg_signatures_index)
821 vq->msg_signatures_state = 1;
822 vq->msg_signatures_index = i;
836 if(have_state && i <= vq->msg_signatures_index)
855 vq->msg_signatures_state = 1;
856 vq->msg_signatures_index = i;
878 struct val_qstate* vq, int id, enum val_state resume_state)
882 if(vq->suspend_count >= MAX_VALIDATION_SUSPENDS) {
891 vq->state = resume_state;
893 if(!vq->suspend_timer) {
894 vq->suspend_timer = comm_timer_create(
897 if(!vq->suspend_timer) {
916 if(vq->suspend_count > 3)
918 else if(vq->suspend_count > 0)
919 slack += vq->suspend_count;
928 vq->suspend_count ++;
929 comm_timer_set(vq->suspend_timer, &tv);
1032 * @param vq: validator state for the nsec3 cache table.
1041 struct val_qstate* vq, int* nsec3_calculations, int* suspend)
1103 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1107 &vq->nsec3_cache_table, nsec3_calculations);
1151 * @param vq: validator state for the nsec3 cache table.
1160 struct val_qstate* vq, int* nsec3_calculations, int* suspend)
1217 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1221 &vq->nsec3_cache_table, nsec3_calculations);
1265 * @param vq: validator state for the nsec3 cache table.
1274 struct module_qstate* qstate, struct val_qstate* vq,
1316 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1322 &vq->nsec3_cache_table, nsec3_calculations);
1339 qstate, vq, nsec3_calculations, suspend);
1355 qstate, vq, nsec3_calculations, suspend);
1426 * @param vq: validator state for the nsec3 cache table.
1435 struct val_qstate* vq, int* nsec3_calculations, int* suspend)
1502 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1507 qchase, kkey, wc, &vq->nsec3_cache_table,
1553 * @param vq: validator state for the nsec3 cache table.
1562 struct val_qstate* vq, int* nsec3_calculations, int* suspend)
1636 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1640 &vq->nsec3_cache_table, nsec3_calculations);
1683 * @param vq: validator state for the nsec3 cache table.
1692 struct val_qstate* vq, int* nsec3_calculations, int* suspend)
1773 nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1778 &vq->nsec3_cache_table, nsec3_calculations);
1824 * @param vq: validator query state.
1831 processInit(struct module_qstate* qstate, struct val_qstate* vq,
1838 qstate->query_flags, &qstate->qinfo, &vq->qchase,
1839 vq->orig_msg->rep, vq->rrset_skip);
1840 if(vq->restart_count > ve->max_restart) {
1846 update_reason_bogus(vq->chase_reply, LDNS_EDE_DNSSEC_BOGUS);
1851 vq->rrset_skip < vq->orig_msg->rep->rrset_count) {
1854 vq->qchase.qname = vq->orig_msg->rep->
1855 rrsets[vq->rrset_skip]->rk.dname;
1856 vq->qchase.qname_len = vq->orig_msg->rep->
1857 rrsets[vq->rrset_skip]->rk.dname_len;
1858 vq->qchase.qtype = ntohs(vq->orig_msg->rep->
1859 rrsets[vq->rrset_skip]->rk.type);
1860 vq->qchase.qclass = ntohs(vq->orig_msg->rep->
1861 rrsets[vq->rrset_skip]->rk.rrset_class);
1863 lookup_name = vq->qchase.qname;
1864 lookup_len = vq->qchase.qname_len;
1867 if(vq->qchase.qtype == LDNS_RR_TYPE_DS ||
1868 (vq->qchase.qtype == LDNS_RR_TYPE_NSEC &&
1869 vq->orig_msg->rep->rrset_count > vq->rrset_skip &&
1870 ntohs(vq->orig_msg->rep->rrsets[vq->rrset_skip]->rk.type) ==
1872 !(vq->orig_msg->rep->rrsets[vq->rrset_skip]->
1877 val_mark_indeterminate(vq->chase_reply, qstate->env->anchors,
1879 vq->key_entry = NULL;
1880 vq->empty_DS_name = NULL;
1881 vq->ds_rrset = 0;
1883 lookup_name, lookup_len, vq->qchase.qclass);
1886 val_find_signer(subtype, &vq->qchase, vq->orig_msg->rep,
1887 vq->rrset_skip, &vq->signer_name, &vq->signer_len);
1888 if(vq->signer_name != NULL &&
1889 !dname_subdomain_c(lookup_name, vq->signer_name)) {
1891 "of lookupname, omitted", vq->signer_name, 0, 0);
1892 vq->signer_name = NULL;
1894 if(vq->signer_name == NULL) {
1898 lookup_name = vq->signer_name;
1899 lookup_len = vq->signer_len;
1904 if(subtype == VAL_CLASS_NAMEERROR && vq->signer_name &&
1908 lookup_name, lookup_len, vq->qchase.qclass);
1912 vq->chase_reply->security = sec_status_indeterminate;
1913 update_reason_bogus(vq->chase_reply, LDNS_EDE_DNSSEC_INDETERMINATE);
1914 vq->state = VAL_FINISHED_STATE;
1926 if(vq->rrset_skip > 0 || subtype == VAL_CLASS_CNAME ||
1930 val_fill_reply(vq->chase_reply, vq->orig_msg->rep,
1931 vq->rrset_skip, lookup_name, lookup_len,
1932 vq->signer_name);
1934 log_dns_msg("chased extract", &vq->qchase,
1935 vq->chase_reply);
1938 vq->key_entry = key_cache_obtain(ve->kcache, lookup_name, lookup_len,
1939 vq->qchase.qclass, qstate->region, *qstate->env->now);
1942 if(vq->key_entry == NULL && anchor == NULL) {
1944 vq->chase_reply->security = sec_status_indeterminate;
1945 update_reason_bogus(vq->chase_reply, LDNS_EDE_DNSSEC_INDETERMINATE);
1947 vq->state = VAL_FINISHED_STATE;
1952 else if(vq->key_entry == NULL || (anchor &&
1953 dname_strict_subdomain_c(anchor->name, vq->key_entry->name))) {
1956 vq->chase_reply->security = sec_status_insecure;
1957 val_mark_insecure(vq->chase_reply, anchor->name,
1961 vq->state = VAL_FINISHED_STATE;
1966 if(!prime_trust_anchor(qstate, vq, id, anchor)) {
1973 vq->state = VAL_FINDKEY_STATE;
1980 if(key_entry_isnull(vq->key_entry)) {
1984 vq->chase_reply->security = sec_status_insecure;
1985 val_mark_insecure(vq->chase_reply, vq->key_entry->name,
1988 vq->state = VAL_FINISHED_STATE;
1990 } else if(key_entry_isbad(vq->key_entry)) {
1992 sldns_ede_code ede = key_entry_get_reason_bogus(vq->key_entry);
1994 errinf_dname(qstate, "key for validation", vq->key_entry->name);
1997 errinf(qstate, key_entry_get_reason(vq->key_entry));
2000 vq->restart_count = ve->max_restart;
2001 vq->chase_reply->security = sec_status_bogus;
2002 update_reason_bogus(vq->chase_reply, ede);
2003 vq->state = VAL_FINISHED_STATE;
2009 vq->state = VAL_FINDKEY_STATE;
2020 * @param vq: validator query state.
2026 processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id)
2033 log_query_info(VERB_ALGO, "validator: FindKey", &vq->qchase);
2039 log_assert(vq->key_entry && !key_entry_isbad(vq->key_entry));
2040 if(key_entry_isnull(vq->key_entry)) {
2041 if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
2042 vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
2043 vq->qchase.qclass, BIT_CD, &newq, 0)) {
2050 target_key_name = vq->signer_name;
2051 target_key_len = vq->signer_len;
2053 target_key_name = vq->qchase.qname;
2054 target_key_len = vq->qchase.qname_len;
2057 current_key_name = vq->key_entry->name;
2061 vq->state = VAL_VALIDATE_STATE;
2065 if(vq->empty_DS_name) {
2070 vq->empty_DS_name) == 0) {
2075 vq->chase_reply->security = sec_status_bogus;
2076 update_reason_bogus(vq->chase_reply, LDNS_EDE_RRSIGS_MISSING);
2077 vq->state = VAL_FINISHED_STATE;
2080 current_key_name = vq->empty_DS_name;
2090 vq->chase_reply->security = sec_status_bogus;
2091 vq->state = VAL_FINISHED_STATE;
2108 if(vq->ds_rrset)
2109 log_nametypeclass(VERB_ALGO, "DS RRset", vq->ds_rrset->rk.dname, LDNS_RR_TYPE_DS, LDNS_RR_CLASS_IN);
2112 if(vq->ds_rrset && query_dname_compare(vq->ds_rrset->rk.dname,
2113 vq->key_entry->name) != 0) {
2114 if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
2115 vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
2116 vq->qchase.qclass, BIT_CD, &newq, 0)) {
2123 if(!vq->ds_rrset || query_dname_compare(vq->ds_rrset->rk.dname,
2135 if(vq->sub_ds_msg) {
2139 msg = vq->sub_ds_msg;
2140 process_ds_response(qstate, vq, id, LDNS_RCODE_NOERROR,
2144 if(!validate_suspend_setup_timer(qstate, vq,
2149 vq->sub_ds_msg = NULL;
2151 } else if(!qstate->blacklist && !vq->chain_blacklist &&
2153 target_key_len, vq->qchase.qclass, qstate->region,
2154 vq->key_entry->name)) ) {
2156 process_ds_response(qstate, vq, id, LDNS_RCODE_NOERROR,
2160 if(!validate_suspend_setup_timer(qstate, vq,
2168 target_key_len, LDNS_RR_TYPE_DS, vq->qchase.qclass,
2177 if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
2178 vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
2179 vq->qchase.qclass, BIT_CD, &newq, 0)) {
2196 * @param vq: validator query state.
2203 processValidate(struct module_qstate* qstate, struct val_qstate* vq,
2209 if(!vq->key_entry) {
2215 vq->state = VAL_FINISHED_STATE;
2218 if(key_entry_isnull(vq->key_entry)) {
2220 vq->signer_name?"":"unsigned ");
2221 vq->chase_reply->security = sec_status_insecure;
2222 val_mark_insecure(vq->chase_reply, vq->key_entry->name,
2224 key_cache_insert(ve->kcache, vq->key_entry,
2229 if(key_entry_isbad(vq->key_entry)) {
2231 "of trust to keys for", vq->key_entry->name,
2232 LDNS_RR_TYPE_DNSKEY, vq->key_entry->key_class);
2233 vq->chase_reply->security = sec_status_bogus;
2234 update_reason_bogus(vq->chase_reply,
2235 key_entry_get_reason_bogus(vq->key_entry));
2237 key_entry_get_reason_bogus(vq->key_entry));
2238 if(vq->restart_count >= ve->max_restart)
2239 key_cache_insert(ve->kcache, vq->key_entry,
2246 if(vq->signer_name == NULL) {
2248 "signer name", &vq->qchase);
2253 vq->chase_reply->security = sec_status_bogus;
2254 update_reason_bogus(vq->chase_reply, LDNS_EDE_RRSIGS_MISSING);
2258 &vq->qchase, vq->orig_msg->rep, vq->rrset_skip);
2260 remove_spurious_authority(vq->chase_reply, vq->orig_msg->rep);
2264 if(!validate_msg_signatures(qstate, vq, qstate->env, ve,
2265 vq->chase_reply, vq->key_entry, &suspend)) {
2267 if(!validate_suspend_setup_timer(qstate, vq,
2277 detect_wrongly_truncated(vq->orig_msg->rep)) {
2279 vq->orig_msg->rep->ns_numrrsets = 0;
2280 vq->orig_msg->rep->ar_numrrsets = 0;
2281 vq->orig_msg->rep->rrset_count =
2282 vq->orig_msg->rep->an_numrrsets;
2283 vq->chase_reply->ns_numrrsets = 0;
2284 vq->chase_reply->ar_numrrsets = 0;
2285 vq->chase_reply->rrset_count =
2286 vq->chase_reply->an_numrrsets;
2300 &vq->qchase, vq->chase_reply, vq->key_entry,
2301 qstate, vq, &nsec3_calculations, &suspend);
2304 vq, id, VAL_VALIDATE_STATE))
2310 vq->chase_reply->security));
2316 &vq->qchase, vq->chase_reply, vq->key_entry,
2317 qstate, vq, &nsec3_calculations, &suspend);
2320 vq, id, VAL_VALIDATE_STATE))
2326 vq->chase_reply->security));
2330 rcode = (int)FLAGS_GET_RCODE(vq->orig_msg->rep->flags);
2333 &vq->qchase, vq->chase_reply, vq->key_entry, &rcode,
2334 qstate, vq, &nsec3_calculations, &suspend);
2337 vq, id, VAL_VALIDATE_STATE))
2343 vq->chase_reply->security));
2344 FLAGS_SET_RCODE(vq->orig_msg->rep->flags, rcode);
2345 FLAGS_SET_RCODE(vq->chase_reply->flags, rcode);
2351 &vq->qchase, vq->chase_reply, vq->key_entry,
2352 qstate, vq, &nsec3_calculations, &suspend);
2355 vq, id, VAL_VALIDATE_STATE))
2361 vq->chase_reply->security));
2368 &vq->qchase, vq->chase_reply, vq->key_entry,
2369 qstate, vq, &nsec3_calculations, &suspend);
2372 vq, id, VAL_VALIDATE_STATE))
2378 vq->chase_reply->security));
2383 validate_referral_response(vq->chase_reply);
2386 vq->chase_reply->security));
2392 validate_any_response(qstate->env, ve, &vq->qchase,
2393 vq->chase_reply, vq->key_entry, qstate, vq,
2397 vq, id, VAL_VALIDATE_STATE))
2403 vq->chase_reply->security));
2410 if(vq->chase_reply->security == sec_status_bogus) {
2425 * @param vq: validator query state.
2432 processFinished(struct module_qstate* qstate, struct val_qstate* vq,
2436 qstate->query_flags, &qstate->qinfo, &vq->qchase,
2437 vq->orig_msg->rep, vq->rrset_skip);
2440 if(vq->rrset_skip == 0) {
2441 vq->orig_msg->rep->security = vq->chase_reply->security;
2442 update_reason_bogus(vq->orig_msg->rep, vq->chase_reply->reason_bogus);
2444 vq->rrset_skip < vq->orig_msg->rep->an_numrrsets +
2445 vq->orig_msg->rep->ns_numrrsets) {
2449 if(vq->chase_reply->security < vq->orig_msg->rep->security) {
2450 vq->orig_msg->rep->security =
2451 vq->chase_reply->security;
2452 update_reason_bogus(vq->orig_msg->rep, vq->chase_reply->reason_bogus);
2458 vq->rrset_skip = val_next_unchecked(vq->orig_msg->rep,
2459 vq->rrset_skip);
2460 if(vq->rrset_skip < vq->orig_msg->rep->rrset_count) {
2463 vq->chase_reply->security = sec_status_unchecked;
2464 vq->state = VAL_INIT_STATE;
2469 if(vq->chase_reply->security != sec_status_bogus &&
2472 if(!val_chase_cname(&vq->qchase, vq->orig_msg->rep,
2473 &vq->rrset_skip)) {
2475 vq->orig_msg->rep->security = sec_status_bogus;
2476 update_reason_bogus(vq->orig_msg->rep, LDNS_EDE_DNSSEC_BOGUS);
2480 &vq->qchase);
2481 vq->chase_reply->security = sec_status_unchecked;
2482 vq->state = VAL_INIT_STATE;
2487 if(vq->orig_msg->rep->security == sec_status_secure) {
2493 val_check_nonsecure(qstate->env, vq->orig_msg->rep);
2494 if(vq->orig_msg->rep->security == sec_status_secure) {
2499 vq->orig_msg->rep);
2506 if(vq->orig_msg->rep->security == sec_status_bogus) {
2510 if(vq->restart_count < ve->max_restart) {
2517 val_restart(vq);
2564 vq->orig_msg->rep->ttl = ve->bogus_ttl;
2565 vq->orig_msg->rep->prefetch_ttl =
2566 PREFETCH_TTL_CALC(vq->orig_msg->rep->ttl);
2567 vq->orig_msg->rep->serve_expired_ttl =
2568 vq->orig_msg->rep->ttl + qstate->env->cfg->serve_expired_ttl;
2581 vq->orig_msg->rep->reason_bogus_str = err_str;
2593 vq->orig_msg->rep->security = sec_status_indeterminate;
2596 if(vq->orig_msg->rep->security == sec_status_secure &&
2608 (uint8_t*)"", 1, 0, vq->qchase.qclass, keytag)) {
2609 vq->orig_msg->rep->security =
2618 (uint8_t*)"", 1, 0, vq->qchase.qclass, keytag)) {
2619 vq->orig_msg->rep->security =
2626 update_reason_bogus(vq->orig_msg->rep, errinf_to_reason_bogus(qstate));
2627 if(vq->orig_msg->rep->security != sec_status_bogus &&
2628 vq->orig_msg->rep->security != sec_status_secure_sentinel_fail
2629 && vq->orig_msg->rep->reason_bogus == LDNS_EDE_DNSSEC_BOGUS) {
2633 vq->orig_msg->rep->reason_bogus = LDNS_EDE_NONE;
2641 if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo,
2642 vq->orig_msg->rep, 0, qstate->prefetch_leeway,
2651 if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo,
2652 vq->orig_msg->rep, 1, 0, 0, qstate->region,
2659 qstate->return_msg = vq->orig_msg;
2669 * @param vq: validator query state.
2674 val_handle(struct module_qstate* qstate, struct val_qstate* vq,
2680 val_state_to_string(vq->state));
2681 switch(vq->state) {
2683 cont = processInit(qstate, vq, ve, id);
2686 cont = processFindKey(qstate, vq, id);
2689 cont = processValidate(qstate, vq, ve, id);
2692 cont = processFinished(qstate, vq, ve, id);
2696 vq->state);
2708 struct val_qstate* vq = (struct val_qstate*)qstate->minfo[id];
2714 if(vq && qstate->qinfo.qname != vq->qchase.qname)
2716 &vq->qchase);
2719 (event == module_event_pass && vq == NULL)) {
2767 if(!vq) {
2768 vq = val_new(qstate, id);
2769 if(!vq) {
2774 } else if(!vq->orig_msg) {
2775 if(!val_new_getmsg(qstate, vq)) {
2781 val_handle(qstate, vq, ve, id);
2787 val_handle(qstate, vq, ve, id);
2898 * @param vq: validator query state
2917 ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq,
2965 vq->key_entry, &reason, &reason_bogus,
3016 qstate->env, ve, qinfo, msg->rep, vq->key_entry,
3045 if(!nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
3054 msg->rep->ns_numrrsets, qinfo, vq->key_entry, &reason,
3055 &reason_bogus, qstate, &vq->nsec3_cache_table,
3122 vq->key_entry, &reason, &reason_bogus,
3221 * @param vq: validator query state
3234 process_ds_response(struct module_qstate* qstate, struct val_qstate* vq,
3241 uint8_t* olds = vq->empty_DS_name;
3244 vq->empty_DS_name = NULL;
3248 vq->key_entry = NULL;
3249 vq->state = VAL_FINISHED_STATE;
3250 vq->chase_reply->security = sec_status_insecure;
3253 ret = ds_response_to_ke(qstate, vq, id, rcode, msg, qinfo, &dske,
3259 vq->key_entry = NULL; /* make it error */
3260 vq->state = VAL_VALIDATE_STATE;
3267 vq->key_entry = NULL; /* make it error */
3268 vq->state = VAL_VALIDATE_STATE;
3273 vq->empty_DS_name = regional_alloc_init(qstate->region,
3275 if(!vq->empty_DS_name) {
3277 vq->key_entry = NULL; /* make it error */
3278 vq->state = VAL_VALIDATE_STATE;
3281 vq->empty_DS_len = qinfo->qname_len;
3282 vq->chain_blacklist = NULL;
3286 vq->ds_rrset = key_entry_get_rrset(dske, qstate->region);
3287 if(!vq->ds_rrset) {
3289 vq->key_entry = NULL; /* make it error */
3290 vq->state = VAL_VALIDATE_STATE;
3293 vq->chain_blacklist = NULL; /* fresh blacklist for next part*/
3296 && vq->restart_count < ve->max_restart) {
3297 vq->empty_DS_name = olds;
3298 val_blacklist(&vq->chain_blacklist, qstate->region, origin, 1);
3300 vq->restart_count++;
3309 vq->key_entry = dske;
3311 vq->state = VAL_VALIDATE_STATE;
3324 * @param vq: validator query state
3334 process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq,
3339 struct key_entry_key* old = vq->key_entry;
3349 vq->key_entry = NULL;
3350 vq->state = VAL_FINISHED_STATE;
3351 vq->chase_reply->security = sec_status_insecure;
3365 if(vq->restart_count < ve->max_restart) {
3366 val_blacklist(&vq->chain_blacklist, qstate->region,
3369 vq->restart_count++;
3380 vq->key_entry = key_entry_create_bad(qstate->region,
3383 if(!vq->key_entry) {
3390 vq->state = VAL_VALIDATE_STATE;
3393 if(!vq->ds_rrset) {
3395 vq->key_entry = NULL;
3396 vq->state = VAL_VALIDATE_STATE;
3400 vq->key_entry = val_verify_new_DNSKEYs(qstate->region, qstate->env,
3401 ve, dnskey, vq->ds_rrset, downprot, &reason, &reason_bogus,
3404 if(!vq->key_entry) {
3406 vq->state = VAL_VALIDATE_STATE;
3411 if(!key_entry_isgood(vq->key_entry)) {
3412 if(key_entry_isbad(vq->key_entry)) {
3413 if(vq->restart_count < ve->max_restart) {
3414 val_blacklist(&vq->chain_blacklist,
3417 vq->restart_count++;
3418 vq->key_entry = old;
3427 vq->chain_blacklist = NULL;
3428 vq->state = VAL_VALIDATE_STATE;
3431 vq->chain_blacklist = NULL;
3435 key_cache_insert(ve->kcache, vq->key_entry,
3447 * @param vq: validator query state
3456 process_prime_response(struct module_qstate* qstate, struct val_qstate* vq,
3463 vq->trust_anchor_name, vq->trust_anchor_labs,
3464 vq->trust_anchor_len, vq->qchase.qclass);
3467 vq->state = VAL_INIT_STATE;
3468 if(!vq->trust_anchor_name)
3469 vq->state = VAL_VALIDATE_STATE; /* break a loop */
3470 vq->trust_anchor_name = NULL;
3485 vq->state = VAL_INIT_STATE;
3486 vq->trust_anchor_name = NULL;
3490 vq->key_entry = primeResponseToKE(dnskey_rrset, ta, qstate, id,
3493 if(vq->key_entry) {
3494 if(key_entry_isbad(vq->key_entry)
3495 && vq->restart_count < ve->max_restart) {
3496 val_blacklist(&vq->chain_blacklist, qstate->region,
3499 vq->restart_count++;
3500 vq->key_entry = NULL;
3501 vq->state = VAL_INIT_STATE;
3504 vq->chain_blacklist = NULL;
3508 key_cache_insert(ve->kcache, vq->key_entry,
3513 if(!vq->key_entry || key_entry_isnull(vq->key_entry) ||
3514 key_entry_isbad(vq->key_entry)) {
3515 vq->state = VAL_VALIDATE_STATE;
3531 struct val_qstate* vq = (struct val_qstate*)super->minfo[id];
3535 if(!vq) {
3539 if(vq->wait_prime_ta) {
3540 vq->wait_prime_ta = 0;
3541 process_prime_response(super, vq, id, qstate->return_rcode,
3547 process_ds_response(super, vq, id, qstate->return_rcode,
3555 if(vq->nsec3_cache_table.ct) {
3556 vq->nsec3_cache_table.ct = NULL;
3559 /* deep copy the return_msg to vq->sub_ds_msg; it will
3563 vq->sub_ds_msg = dns_msg_deepcopy_region(
3568 process_dnskey_response(super, vq, id, qstate->return_rcode,
3579 struct val_qstate* vq;
3582 vq = (struct val_qstate*)qstate->minfo[id];
3583 if(vq) {
3584 if(vq->suspend_timer) {
3585 comm_timer_delete(vq->suspend_timer);
Indexes created Mon May 25 00:24:39 UTC 2026