38 #define SE_MAX_RRTYPE_COUNT 65536 40 static const char* denial_str =
"denial";
51 if (!dname || !zone) {
56 ods_log_error(
"[%s] unable to create denial: allocator_alloc() " 57 "failed", denial_str);
60 denial->
dname = dname;
76 denial_create_bitmap(
denial_type* denial, ldns_rr_type types[],
82 ods_log_assert(denial);
83 ods_log_assert(denial->
domain);
89 if (dstatus == LDNS_RR_TYPE_SOA) {
92 if (dstatus == LDNS_RR_TYPE_SOA ||
93 rrset->
rrtype == LDNS_RR_TYPE_NS ||
94 rrset->
rrtype == LDNS_RR_TYPE_DS) {
96 types[*types_count] = rrset->
rrtype;
97 *types_count = *types_count + 1;
110 denial_create_nsec3_nxt(ldns_rdf* nxt)
112 ldns_status status = LDNS_STATUS_OK;
113 ldns_rdf* next_owner_label = NULL;
114 ldns_rdf* next_owner_rdf = NULL;
115 char* next_owner_string = NULL;
118 next_owner_label = ldns_dname_label(nxt, 0);
119 if (!next_owner_label) {
120 ods_log_alert(
"[%s] unable to create NSEC3 Next: " 121 "ldns_dname_label() failed", denial_str);
124 next_owner_string = ldns_rdf2str(next_owner_label);
125 if (!next_owner_string) {
126 ods_log_alert(
"[%s] unable to create NSEC3 Next: " 127 "ldns_rdf2str() failed", denial_str);
128 ldns_rdf_deep_free(next_owner_label);
131 if (next_owner_string[strlen(next_owner_string)-1] ==
'.') {
132 next_owner_string[strlen(next_owner_string)-1] =
'\0';
134 status = ldns_str2rdf_b32_ext(&next_owner_rdf, next_owner_string);
135 if (status != LDNS_STATUS_OK) {
136 ods_log_alert(
"[%s] unable to create NSEC3 Next: " 137 "ldns_str2rdf_b32_ext() failed", denial_str);
139 free((
void*)next_owner_string);
140 ldns_rdf_deep_free(next_owner_label);
141 return next_owner_rdf;
153 ldns_rr* nsec_rr = NULL;
154 ldns_rr_type rrtype = LDNS_RR_TYPE_NSEC;
155 ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
156 ldns_rdf* rdf = NULL;
159 size_t types_count = 0;
161 ods_log_assert(denial);
162 ods_log_assert(denial->
dname);
164 ods_log_assert(nxt->
dname);
165 nsec_rr = ldns_rr_new();
167 ods_log_alert(
"[%s] unable to create NSEC(3) RR: " 168 "ldns_rr_new() failed", denial_str);
173 rrtype = LDNS_RR_TYPE_NSEC3;
175 ldns_rr_set_type(nsec_rr, rrtype);
177 rdf = ldns_rdf_clone(denial->
dname);
179 ods_log_alert(
"[%s] unable to create NSEC(3) RR: " 180 "ldns_rdf_clone(owner) failed", denial_str);
181 ldns_rr_free(nsec_rr);
184 ldns_rr_set_owner(nsec_rr, rdf);
189 ldns_rr_push_rdf(nsec_rr, NULL);
196 rdf = denial_create_nsec3_nxt(nxt->
dname);
198 rdf = ldns_rdf_clone(nxt->
dname);
201 ods_log_alert(
"[%s] unable to create NSEC(3) RR: " 202 "create next field failed", denial_str);
203 ldns_rr_free(nsec_rr);
206 ldns_rr_push_rdf(nsec_rr, rdf);
208 denial_create_bitmap(denial, types, &types_count);
212 if (dstatus == LDNS_RR_TYPE_SOA) {
214 if (dstatus != LDNS_RR_TYPE_NS && domain->
rrsets) {
216 types[types_count] = LDNS_RR_TYPE_RRSIG;
222 types[types_count] = LDNS_RR_TYPE_RRSIG;
224 types[types_count] = LDNS_RR_TYPE_NSEC;
227 rdf = ldns_dnssec_create_nsec_bitmap(types, types_count, rrtype);
229 ods_log_alert(
"[%s] unable to create NSEC(3) RR: " 230 "ldns_dnssec_create_nsec_bitmap() failed", denial_str);
231 ldns_rr_free(nsec_rr);
234 ldns_rr_push_rdf(nsec_rr, rdf);
235 ldns_rr_set_ttl(nsec_rr, ttl);
236 ldns_rr_set_class(nsec_rr, klass);
248 if (denial && denial->
rrset) {
263 ods_log_assert(denial);
266 ods_log_assert(zone);
268 if (!denial->
rrset) {
274 if (!denial->
rrset) {
275 ods_fatal_exit(
"[%s] unable to nsecify: rrset_create() failed",
279 ods_log_assert(denial->
rrset);
281 ods_log_assert(record);
282 ods_log_assert(record->
rr);
283 record->
owner = (
void*) denial;
297 ldns_rr* nsec_rr = NULL;
300 ods_log_assert(denial);
303 ods_log_assert(zone);
312 nsec_rr = denial_create_nsec(denial, nxt, ttl, zone->
klass,
315 ods_fatal_exit(
"[%s] unable to nsecify: denial_create_nsec() " 316 "failed", denial_str);
333 if (!denial || !fd) {
335 ods_log_crit(
"[%s] unable to print denial: denial of fd missing",
337 *status = ODS_STATUS_ASSERT_ERR;
339 }
else if (denial->
rrset) {
355 ldns_rdf_deep_free(denial->
dname);
denial_type * denial_create(zone_type *zone, ldns_rdf *dname)
void rrset_cleanup(rrset_type *rrset)
void denial_cleanup(denial_type *denial)
rr_type * rrset_add_rr(rrset_type *rrset, ldns_rr *rr)
void denial_print(FILE *fd, denial_type *denial, ods_status *status)
ldns_rr_type domain_is_delegpt(domain_type *domain)
ldns_rr_type domain_is_occluded(domain_type *domain)
#define SE_NSEC3_RDATA_NSEC3PARAMS
void denial_add_rr(denial_type *denial, ldns_rr *rr)
void denial_diff(denial_type *denial)
nsec3params_type * nsec3params
#define SE_MAX_RRTYPE_COUNT
void rrset_diff(rrset_type *rrset, unsigned is_ixfr, unsigned more_coming)
rrset_type * rrset_create(zone_type *zone, ldns_rr_type type)
void denial_nsecify(denial_type *denial, denial_type *nxt, uint32_t *num_added)
void rrset_print(FILE *fd, rrset_type *rrset, int skip_rrsigs, ods_status *status)