40 #define SE_MAX_RRTYPE_COUNT 65536
42 static const char* denial_str =
"denial";
54 if (!dname || !zoneptr) {
60 ods_log_error(
"[%s] unable to create denial: allocator_alloc() "
61 "failed", denial_str);
64 denial->
dname = dname;
65 denial->
zone = zoneptr;
80 denial_create_bitmap(
denial_type* denial, ldns_rr_type types[],
93 if (dstatus == LDNS_RR_TYPE_SOA) {
96 if (dstatus == LDNS_RR_TYPE_SOA ||
97 rrset->
rrtype == LDNS_RR_TYPE_NS ||
98 rrset->
rrtype == LDNS_RR_TYPE_DS) {
100 types[*types_count] = rrset->
rrtype;
101 *types_count = *types_count + 1;
115 denial_create_nsec3_nxt(ldns_rdf* nxt)
117 ldns_status status = LDNS_STATUS_OK;
118 ldns_rdf* next_owner_label = NULL;
119 ldns_rdf* next_owner_rdf = NULL;
120 char* next_owner_string = NULL;
123 next_owner_label = ldns_dname_label(nxt, 0);
124 if (!next_owner_label) {
126 "ldns_dname_label() failed", denial_str);
129 next_owner_string = ldns_rdf2str(next_owner_label);
130 if (!next_owner_string) {
132 "ldns_rdf2str() failed", denial_str);
133 ldns_rdf_deep_free(next_owner_label);
136 if (next_owner_string[strlen(next_owner_string)-1] ==
'.') {
137 next_owner_string[strlen(next_owner_string)-1] =
'\0';
139 status = ldns_str2rdf_b32_ext(&next_owner_rdf, next_owner_string);
140 if (status != LDNS_STATUS_OK) {
142 "ldns_str2rdf_b32_ext() failed", denial_str);
144 free((
void*)next_owner_string);
145 ldns_rdf_deep_free(next_owner_label);
146 return next_owner_rdf;
158 ldns_rr* nsec_rr = NULL;
159 ldns_rr_type rrtype = LDNS_RR_TYPE_NSEC;
160 ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
161 ldns_rdf* rdf = NULL;
164 size_t types_count = 0;
170 nsec_rr = ldns_rr_new();
173 "ldns_rr_new() failed", denial_str);
178 rrtype = LDNS_RR_TYPE_NSEC3;
180 ldns_rr_set_type(nsec_rr, rrtype);
182 rdf = ldns_rdf_clone(denial->
dname);
185 "ldns_rdf_clone(owner) failed", denial_str);
186 ldns_rr_free(nsec_rr);
189 ldns_rr_set_owner(nsec_rr, rdf);
194 ldns_rr_push_rdf(nsec_rr, NULL);
201 rdf = denial_create_nsec3_nxt(nxt->
dname);
203 rdf = ldns_rdf_clone(nxt->
dname);
207 "create next field failed", denial_str);
208 ldns_rr_free(nsec_rr);
211 ldns_rr_push_rdf(nsec_rr, rdf);
213 denial_create_bitmap(denial, types, &types_count);
217 if (dstatus == LDNS_RR_TYPE_SOA) {
219 if (dstatus != LDNS_RR_TYPE_NS && domain->
rrsets) {
221 types[types_count] = LDNS_RR_TYPE_RRSIG;
227 types[types_count] = LDNS_RR_TYPE_RRSIG;
229 types[types_count] = LDNS_RR_TYPE_NSEC;
232 rdf = ldns_dnssec_create_nsec_bitmap(types, types_count, rrtype);
235 "ldns_dnssec_create_nsec_bitmap() failed", denial_str);
236 ldns_rr_free(nsec_rr);
239 ldns_rr_push_rdf(nsec_rr, rdf);
240 ldns_rr_set_ttl(nsec_rr, ttl);
241 ldns_rr_set_class(nsec_rr, klass);
253 if (denial && denial->
rrset) {
274 if (!denial->
rrset) {
280 if (!denial->
rrset) {
289 record->
owner = (
void*) denial;
304 ldns_rr* nsec_rr = NULL;
313 nsec_rr = denial_create_nsec(denial, nxt, zone->
default_ttl,
317 "failed", denial_str);
335 if (!denial || !fd) {
337 ods_log_crit(
"[%s] unable to print denial: denial of fd missing",
362 ldns_rdf_deep_free(denial->
dname);
void ods_log_alert(const char *format,...)
void rrset_cleanup(rrset_type *rrset)
denial_type * denial_create(void *zoneptr, ldns_rdf *dname)
void denial_cleanup(denial_type *denial)
void * allocator_alloc(allocator_type *allocator, size_t size)
void ods_fatal_exit(const char *format,...)
rrset_type * rrset_create(void *zoneptr, ldns_rr_type type)
enum ods_enum_status ods_status
rr_type * rrset_add_rr(rrset_type *rrset, ldns_rr *rr)
void ods_log_error(const char *format,...)
void ods_log_crit(const char *format,...)
void denial_print(FILE *fd, denial_type *denial, ods_status *status)
ldns_rr_type domain_is_delegpt(domain_type *domain)
ldns_rr_type domain_is_occluded(domain_type *domain)
#define SE_NSEC3_RDATA_NSEC3PARAMS
void denial_add_rr(denial_type *denial, ldns_rr *rr)
allocator_type * allocator
void denial_diff(denial_type *denial)
nsec3params_type * nsec3params
#define SE_MAX_RRTYPE_COUNT
void allocator_deallocate(allocator_type *allocator, void *data)
void rrset_diff(rrset_type *rrset, unsigned is_ixfr, unsigned more_coming)
#define ods_log_assert(x)
void denial_nsecify(denial_type *denial, denial_type *nxt, uint32_t *num_added)
void rrset_print(FILE *fd, rrset_type *rrset, int skip_rrsigs, ods_status *status)