1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
/*
* nsec3.h -- nsec3 handling.
*
* Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
*
* See LICENSE for the license.
*
*/
#ifndef NSEC3_H
#define NSEC3_H
#ifdef NSEC3
struct udb_ptr;
struct domain;
struct dname;
struct region;
struct zone;
struct namedb;
struct query;
struct answer;
struct rr;
/*
* calculate prehash information for zone.
*/
void prehash_zone(struct namedb* db, struct zone* zone);
/*
* calculate prehash for zone, assumes no partial precompile or prehashlist
*/
void prehash_zone_complete(struct namedb* db, struct zone* zone);
/*
* finds nsec3 that covers the given domain hash.
* returns true if the find is exact.
*/
int nsec3_find_cover(struct zone* zone, uint8_t* hash, size_t hashlen,
struct domain** result);
/*
* _answer_ Routines used to add the correct nsec3 record to a query answer.
* cnames etc may have been followed, hence original name.
*/
/*
* add proof for wildcards that the name below the wildcard.parent
* does not exist
*/
void nsec3_answer_wildcard(struct query* query, struct answer* answer,
struct domain* wildcard, const struct dname* qname);
/*
* add NSEC3 to provide domain name but not rrset exists,
* this could be a query for a DS or NSEC3 type
*/
void nsec3_answer_nodata(struct query *query, struct answer *answer,
struct domain *original);
/*
* add NSEC3 for a delegation (optout stuff)
*/
void nsec3_answer_delegation(struct query *query, struct answer *answer);
/*
* add NSEC3 for authoritative answers.
* match==0 is an nxdomain.
*/
void nsec3_answer_authoritative(struct domain** match, struct query *query,
struct answer *answer, struct domain* closest_encloser,
const struct dname* qname);
/*
* True if domain is a NSEC3 (+RRSIG) data only variety.
* pass nonNULL zone to filter for particular zone.
*/
int domain_has_only_NSEC3(struct domain* domain, struct zone* zone);
/* get hashed bytes */
void nsec3_hash_and_store(struct zone* zone, const struct dname* dname,
uint8_t* store);
/* see if NSEC3 record uses the params in use for the zone */
int nsec3_rr_uses_params(struct rr* rr, struct zone* zone);
/* number of NSEC3s that are in the zone chain */
int nsec3_in_chain_count(struct domain* domain, struct zone* zone);
/* find previous NSEC3, or, lastinzone, or, NULL */
struct domain* nsec3_chain_find_prev(struct zone* zone, struct domain* domain);
/* clear nsec3 precompile for the zone */
void nsec3_clear_precompile(struct namedb* db, struct zone* zone);
/* if domain is part of nsec3hashed domains of a zone */
int nsec3_domain_part_of_zone(struct domain* d, struct zone* z);
/* condition when a domain is precompiled */
int nsec3_condition_hash(struct domain* d, struct zone* z);
/* condition when a domain is ds precompiled */
int nsec3_condition_dshash(struct domain* d, struct zone* z);
/* set nsec3param for this zone or NULL if no NSEC3 available */
void nsec3_find_zone_param(struct namedb* db, struct zone* zone,
struct udb_ptr* z, struct rr* avoid_rr, int checkchain);
/* hash domain and wcchild, and lookup nsec3 in tree, and precompile */
void nsec3_precompile_domain(struct namedb* db, struct domain* domain,
struct zone* zone, struct region* tmpregion);
/* hash ds_parent_cover, and lookup nsec3 and precompile */
void nsec3_precompile_domain_ds(struct namedb* db, struct domain* domain,
struct zone* zone);
/* put nsec3 into nsec3tree and adjust zonelast */
void nsec3_precompile_nsec3rr(struct namedb* db, struct domain* domain,
struct zone* zone);
/* precompile entire zone, assumes all is null at start */
void nsec3_precompile_newparam(struct namedb* db, struct zone* zone);
/* create b32.zone for a hash, allocated in the region */
const struct dname* nsec3_b32_create(struct region* region, struct zone* zone,
unsigned char* hash);
/* create trees for nsec3 updates and lookups in zone */
void nsec3_zone_trees_create(struct region* region, struct zone* zone);
/* lookup zone that contains domain's nsec3 trees */
struct zone* nsec3_tree_zone(struct namedb* db, struct domain* domain);
/* lookup zone that contains domain's ds tree */
struct zone* nsec3_tree_dszone(struct namedb* db, struct domain* domain);
#endif /* NSEC3 */
#endif /* NSEC3_H*/
|