41 #include <ldns/ldns.h>
43 #define SE_MAX_RRTYPE_COUNT 65536
45 static const char* denial_str =
"denial";
60 ods_log_error(
"[%s] unable to create denial of existence data point: "
61 "no owner name", denial_str);
68 str = ldns_rdf2str(owner);
69 ods_log_error(
"[%s] unable to create denial of existence data point: "
70 "%s: create allocator failed", denial_str, str?str:
"(null)");
78 str = ldns_rdf2str(denial->
owner);
79 ods_log_error(
"[%s] unable to create denial of existence data point: "
80 "%s: allocator failed", denial_str, str?str:
"(null)");
88 denial->
owner = ldns_rdf_clone(owner);
102 denial_create_bitmap(
denial_type* denial, ldns_rr_type types[],
105 ldns_rbnode_t* node = LDNS_RBTREE_NULL;
112 node = ldns_rbtree_first(domain->
rrsets);
114 while (node && node != LDNS_RBTREE_NULL) {
116 types[*types_count] = rrset->
rr_type;
117 *types_count = *types_count + 1;
118 node = ldns_rbtree_next(node);
132 ldns_rr* nsec_rr = NULL;
133 ldns_rdf* rdf = NULL;
135 size_t types_count = 0;
142 nsec_rr = ldns_rr_new();
150 ldns_rr_set_type(nsec_rr, LDNS_RR_TYPE_NSEC);
151 rdf = ldns_rdf_clone(denial->
owner);
153 ods_log_alert(
"[%s] unable to create NSEC RR: failed to clone owner",
155 ldns_rr_free(nsec_rr);
158 ldns_rr_set_owner(nsec_rr, rdf);
160 rdf = ldns_rdf_clone(nxt->
owner);
162 ods_log_alert(
"[%s] unable to create NSEC RR: failed to clone nxt",
164 ldns_rr_free(nsec_rr);
167 ldns_rr_push_rdf(nsec_rr, rdf);
170 denial_create_bitmap(denial, types, &types_count);
171 types[types_count] = LDNS_RR_TYPE_RRSIG;
173 types[types_count] = LDNS_RR_TYPE_NSEC;
176 rdf = ldns_dnssec_create_nsec_bitmap(types,
177 types_count, LDNS_RR_TYPE_NSEC);
179 ods_log_alert(
"[%s] unable to create NSEC RR: failed to create bitmap",
181 ldns_rr_free(nsec_rr);
184 ldns_rr_push_rdf(nsec_rr, rdf);
185 ldns_rr_set_ttl(nsec_rr, ttl);
186 ldns_rr_set_class(nsec_rr, klass);
199 ldns_rr* nsec_rr = NULL;
203 ods_log_error(
"[%s] unable to nsecify: no data point", denial_str);
209 ods_log_error(
"[%s] unable to nsecify: no next", denial_str);
216 if (!denial->
rrset) {
218 if (!denial->
rrset) {
220 "create NSEC RRset", denial_str);
226 nsec_rr = denial_create_nsec(denial, nxt, ttl, klass);
229 "create NSEC RR", denial_str);
236 "wipe out NSEC RRset", denial_str);
237 ldns_rr_free(nsec_rr);
243 "add NSEC to RRset", denial_str);
244 ldns_rr_free(nsec_rr);
251 "commit the NSEC RRset", denial_str);
271 ldns_status status = LDNS_STATUS_OK;
272 ldns_rr* nsec_rr = NULL;
273 ldns_rdf* rdf = NULL;
274 ldns_rdf* next_owner_label = NULL;
275 ldns_rdf* next_owner_rdf = NULL;
276 char* next_owner_string = NULL;
279 size_t types_count = 0;
288 nsec_rr = ldns_rr_new();
296 ldns_rr_set_type(nsec_rr, LDNS_RR_TYPE_NSEC3);
297 rdf = ldns_rdf_clone(denial->
owner);
299 ods_log_alert(
"[%s] unable to create NSEC3 RR: failed to clone owner",
301 ldns_rr_free(nsec_rr);
304 ldns_rr_set_owner(nsec_rr, rdf);
308 ldns_rr_push_rdf(nsec_rr, NULL);
310 ldns_nsec3_add_param_rdfs(nsec_rr, nsec3params->
algorithm,
314 next_owner_label = ldns_dname_label(nxt->
owner, 0);
315 if (!next_owner_label) {
316 ods_log_alert(
"[%s] unable to create NSEC3 RR: failed to get nxt "
317 "owner label", denial_str);
318 ldns_rr_free(nsec_rr);
321 next_owner_string = ldns_rdf2str(next_owner_label);
322 if (!next_owner_string) {
323 ods_log_alert(
"[%s] unable to create NSEC3 RR: failed to get nxt "
324 "owner string", denial_str);
325 ldns_rdf_deep_free(next_owner_label);
326 ldns_rr_free(nsec_rr);
329 if (next_owner_string[strlen(next_owner_string)-1] ==
'.') {
330 next_owner_string[strlen(next_owner_string)-1] =
'\0';
332 status = ldns_str2rdf_b32_ext(&next_owner_rdf, next_owner_string);
333 free((
void*)next_owner_string);
334 ldns_rdf_deep_free(next_owner_label);
335 if (status != LDNS_STATUS_OK) {
336 ods_log_alert(
"[%s] unable to create NSEC3 RR: failed to create nxt "
337 "owner rdf: %s", denial_str, ldns_get_errorstr_by_id(status));
338 ldns_rr_free(nsec_rr);
341 ldns_rr_push_rdf(nsec_rr, next_owner_rdf);
344 denial_create_bitmap(denial, types, &types_count);
351 types[types_count] = LDNS_RR_TYPE_RRSIG;
355 rdf = ldns_dnssec_create_nsec_bitmap(types,
356 types_count, LDNS_RR_TYPE_NSEC3);
358 ods_log_alert(
"[%s] unable to create NSEC3 RR: failed to create "
359 "bitmap", denial_str);
360 ldns_rr_free(nsec_rr);
363 ldns_rr_push_rdf(nsec_rr, rdf);
364 ldns_rr_set_ttl(nsec_rr, ttl);
365 ldns_rr_set_class(nsec_rr, klass);
378 ldns_rr* nsec_rr = NULL;
382 ods_log_error(
"[%s] unable to nsecify3: no data point", denial_str);
388 ods_log_error(
"[%s] unable to nsecify3: no next", denial_str);
395 if (!denial->
rrset) {
397 if (!denial->
rrset) {
399 "create NSEC3 RRset", denial_str);
405 nsec_rr = denial_create_nsec3(denial, nxt, ttl, klass, nsec3params);
408 "create NSEC3 RR", denial_str);
416 "wipe out NSEC3 RRset", denial_str);
422 "add NSEC3 to RRset", denial_str);
429 "commit the NSEC3 RRset", denial_str);
455 ldns_rdf_deep_free(denial->
owner);
456 denial->
owner = NULL;
460 denial->
rrset = NULL;
void ods_log_alert(const char *format,...)
ods_status denial_nsecify3(denial_type *denial, denial_type *nxt, uint32_t ttl, ldns_rr_class klass, nsec3params_type *nsec3params)
void rrset_cleanup(rrset_type *rrset)
struct domain_struct * domain
void denial_cleanup(denial_type *denial)
void * allocator_alloc(allocator_type *allocator, size_t size)
enum ods_enum_status ods_status
void ods_log_error(const char *format,...)
ods_status rrset_wipe_out(rrset_type *rrset)
ldns_rr * rrset_add_rr(rrset_type *rrset, ldns_rr *rr)
allocator_type * allocator_create(void *(*allocator)(size_t size), void(*deallocator)(void *))
#define SE_NSEC3_RDATA_NSEC3PARAMS
allocator_type * allocator
ods_status denial_nsecify(denial_type *denial, denial_type *nxt, uint32_t ttl, ldns_rr_class klass)
size_t domain_count_rrset(domain_type *domain)
void allocator_cleanup(allocator_type *allocator)
#define SE_MAX_RRTYPE_COUNT
denial_type * denial_create(ldns_rdf *owner)
void allocator_deallocate(allocator_type *allocator, void *data)
#define ods_log_assert(x)
rrset_type * rrset_create(ldns_rr_type rrtype)
ods_status rrset_commit(rrset_type *rrset)