42 static const char* rrset_str =
"rrset";
50 log_rr(ldns_rr* rr,
const char* pre,
int level)
58 str = ldns_rr2str(rr);
60 ods_log_error(
"[%s] %s: Error converting RR to string", rrset_str,
64 str[(strlen(str))-1] =
'\0';
66 for (i=0; i < strlen(str); i++) {
102 log_rrset(ldns_rdf* dname, ldns_rr_type type,
const char* pre,
int level)
110 str = ldns_rdf2str(dname);
114 str[(strlen(str))-1] =
'\0';
116 for (i=0; i < strlen(str); i++) {
117 if (str[i] ==
'\t') {
125 ods_log_alert(
"[%s] %s: <%s,%s>", rrset_str, pre?pre:
"", str,
128 ods_log_crit(
"[%s] %s: <%s,%s>", rrset_str, pre?pre:
"", str,
131 ods_log_error(
"[%s] %s: <%s,%s>", rrset_str, pre?pre:
"", str,
137 ods_log_info(
"[%s] %s: <%s,%s>", rrset_str, pre?pre:
"", str,
143 ods_log_debug(
"[%s] %s: <%s,%s>", rrset_str, pre?pre:
"", str,
164 if (type == LDNS_RR_TYPE_IXFR) {
166 }
else if (type == LDNS_RR_TYPE_AXFR) {
168 }
else if (type == LDNS_RR_TYPE_MAILB) {
170 }
else if (type == LDNS_RR_TYPE_MAILA) {
172 }
else if (type == LDNS_RR_TYPE_ANY) {
175 const ldns_rr_descriptor* descriptor = ldns_rr_descript(type);
176 if (descriptor && descriptor->_name) {
177 return descriptor->_name;
193 if (!type || !zoneptr) {
199 ods_log_error(
"[%s] unable to create RRset %u: allocator_alloc() "
200 "failed", rrset_str, (
unsigned) type);
207 rrset->
zone = zoneptr;
223 ldns_status lstatus = LDNS_STATUS_OK;
227 if (!rrset || !rr || rrset->
rr_count <= 0) {
230 for (i=0; i < rrset->
rr_count; i++) {
232 if (lstatus != LDNS_STATUS_OK) {
233 ods_log_error(
"[%s] unable to lookup RR: compare failed (%s)",
234 rrset_str, ldns_get_errorstr_by_id(lstatus));
238 return &rrset->
rrs[i];
257 for (i=0; i < rrset->
rr_count; i++) {
281 rrs_old = rrset->
rrs;
285 ods_fatal_exit(
"[%s] fatal unable to add RR: allocator_alloc() failed",
320 rrset->
rrs[rrnum].
rr = NULL;
321 while (rrnum < rrset->rr_count-1) {
322 rrset->
rrs[rrnum] = rrset->
rrs[rrnum+1];
326 rrs_orig = rrset->
rrs;
330 ods_fatal_exit(
"[%s] fatal unable to delete RR: allocator_alloc() failed",
350 uint8_t del_sigs = 0;
355 for (i=0; i < rrset->
rr_count; i++) {
365 if ((rrset->
rrtype == LDNS_RR_TYPE_DNSKEY ||
366 rrset->
rrtype == LDNS_RR_TYPE_NSEC3PARAMS) && more_coming) {
403 const char* locator, uint32_t flags)
411 rrsigs_old = rrset->
rrsigs;
415 ods_fatal_exit(
"[%s] fatal unable to add RRSIG: allocator_alloc() failed",
419 memcpy(rrset->
rrsigs, rrsigs_old,
451 while (rrnum < rrset->rrsig_count-1) {
456 rrsigs_orig = rrset->
rrsigs;
460 ods_fatal_exit(
"[%s] fatal unable to delete RRSIG: allocator_alloc() failed",
463 memcpy(rrset->
rrsigs, rrsigs_orig,
476 rrset_recycle(
rrset_type* rrset, time_t signtime, ldns_rr_type dstatus,
477 ldns_rr_type delegpt)
479 uint32_t refresh = 0;
480 uint32_t expiration = 0;
481 uint32_t inception = 0;
482 uint32_t reusedsigs = 0;
483 unsigned drop_sig = 0;
494 refresh = (uint32_t) (signtime +
501 if (dstatus != LDNS_RR_TYPE_SOA || (delegpt != LDNS_RR_TYPE_SOA &&
502 rrset->
rrtype != LDNS_RR_TYPE_DS)) {
504 goto recycle_drop_sig;
507 (delegpt == LDNS_RR_TYPE_SOA || rrset->
rrtype == LDNS_RR_TYPE_DS));
510 if (rrset->
needs_signing || refresh <= (uint32_t) signtime) {
512 goto recycle_drop_sig;
515 expiration = ldns_rdf2native_int32(
516 ldns_rr_rrsig_expiration(rrset->
rrsigs[i].
rr));
517 if (expiration < refresh) {
519 goto recycle_drop_sig;
522 inception = ldns_rdf2native_int32(
523 ldns_rr_rrsig_inception(rrset->
rrsigs[i].
rr));
524 if (inception > (uint32_t) signtime) {
526 goto recycle_drop_sig;
558 rrset_sigalgo(
rrset_type* rrset, uint8_t algorithm)
565 if (algorithm == ldns_rdf2native_int8(
566 ldns_rr_rrsig_algorithm(rrset->
rrsigs[i].
rr))) {
579 rrset_siglocator(
rrset_type* rrset,
const char* locator)
601 ldns_rr_list* rr_list = NULL;
604 rr_list = ldns_rr_list_new();
605 for (i=0; i < rrset->
rr_count; i++) {
611 ldns_rr2canonical(rrset->
rrs[i].
rr);
612 ret = (int) ldns_rr_list_push_rr(rr_list, rrset->
rrs[i].
rr);
614 ldns_rr_list_free(rr_list);
617 if (rrset->
rrtype == LDNS_RR_TYPE_CNAME ||
618 rrset->
rrtype == LDNS_RR_TYPE_DNAME) {
623 ldns_rr_list_sort(rr_list);
633 rrset_sigvalid_period(
signconf_type* sc, ldns_rr_type rrtype, time_t signtime,
634 time_t* inception, time_t* expiration)
639 time_t random_jitter = 0;
640 if (!sc || !rrtype || !signtime) {
648 if (rrtype == LDNS_RR_TYPE_NSEC || rrtype == LDNS_RR_TYPE_NSEC3) {
653 *inception = signtime - offset;
654 *expiration = (signtime + validity + random_jitter) - jitter;
667 uint32_t newsigs = 0;
668 uint32_t reusedsigs = 0;
669 ldns_rr* rrsig = NULL;
670 ldns_rr_list* rr_list = NULL;
672 const char* locator = NULL;
673 time_t inception = 0;
674 time_t expiration = 0;
677 ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
678 ldns_rr_type delegpt = LDNS_RR_TYPE_FIRST;
686 if (rrset->
rrtype == LDNS_RR_TYPE_NSEC ||
687 rrset->
rrtype == LDNS_RR_TYPE_NSEC3) {
688 dstatus = LDNS_RR_TYPE_SOA;
689 delegpt = LDNS_RR_TYPE_SOA;
695 reusedsigs = rrset_recycle(rrset, signtime, dstatus, delegpt);
702 if (dstatus != LDNS_RR_TYPE_SOA) {
707 if (delegpt != LDNS_RR_TYPE_SOA && rrset->
rrtype != LDNS_RR_TYPE_DS) {
716 (delegpt == LDNS_RR_TYPE_SOA || rrset->
rrtype == LDNS_RR_TYPE_DS));
718 rr_list = rrset2rrlist(rrset);
720 ods_log_error(
"[%s] unable to sign RRset[%i]: rrset2rrlist() failed",
721 rrset_str, rrset->
rrtype);
724 if (ldns_rr_list_rr_count(rr_list) <= 0) {
726 ldns_rr_list_free(rr_list);
731 &inception, &expiration);
736 rrset->
rrtype != LDNS_RR_TYPE_DNSKEY) {
741 rrset->
rrtype == LDNS_RR_TYPE_DNSKEY) {
748 if (rrset->
rrtype != LDNS_RR_TYPE_DNSKEY &&
762 zone->
apex, inception, expiration);
764 ods_log_crit(
"[%s] unable to sign RRset[%i]: lhsm_sign() failed",
765 rrset_str, rrset->
rrtype);
766 ldns_rr_list_free(rr_list);
782 ldns_rr_list_free(rr_list);
784 if (rrset->
rrtype == LDNS_RR_TYPE_SOA) {
806 ods_log_crit(
"[%s] unable to print RRset: rrset or fd missing",
813 for (i=0; i < rrset->
rr_count; i++) {
816 if (rrset->
rrtype == LDNS_RR_TYPE_CNAME ||
817 rrset->
rrtype == LDNS_RR_TYPE_DNAME) {
865 for (i=0; i < rrset->
rr_count; i++) {
866 ldns_rr_free(rrset->
rrs[i].
rr);
895 str = ldns_rr2str(rrset->
rrsigs[i].
rr);
899 str[(strlen(str))-1] =
'\0';
900 fprintf(fd,
"%s; {locator %s flags %u}\n", str,
void ods_log_alert(const char *format,...)
rr_type * rrset_lookup_rr(rrset_type *rrset, ldns_rr *rr)
duration_type * sig_inception_offset
void rrset_cleanup(rrset_type *rrset)
key_type * keylist_lookup_by_locator(keylist_type *kl, const char *locator)
const char * rrset_type2str(ldns_rr_type type)
void ods_log_debug(const char *format,...)
void * allocator_alloc(allocator_type *allocator, size_t size)
duration_type * sig_validity_default
ldns_status util_dnssec_rrs_compare(ldns_rr *rr1, ldns_rr *rr2, int *cmp)
ldns_rr * lhsm_sign(hsm_ctx_t *ctx, ldns_rr_list *rrset, key_type *key_id, ldns_rdf *owner, time_t inception, time_t expiration)
size_t rrset_count_rr_is_added(rrset_type *rrset)
void ods_fatal_exit(const char *format,...)
void ixfr_add_rr(ixfr_type *ixfr, ldns_rr *rr)
rrset_type * rrset_create(void *zoneptr, ldns_rr_type type)
duration_type * sig_validity_denial
void ixfr_del_rr(ixfr_type *ixfr, ldns_rr *rr)
void ods_log_info(const char *format,...)
enum ods_enum_status ods_status
rr_type * rrset_add_rr(rrset_type *rrset, ldns_rr *rr)
void ods_log_error(const char *format,...)
rrsig_type * rrset_add_rrsig(rrset_type *rrset, ldns_rr *rr, const char *locator, uint32_t flags)
lock_basic_type stats_lock
int ods_strcmp(const char *s1, const char *s2)
adapter_type * adoutbound
ods_status util_rr_print(FILE *fd, const ldns_rr *rr)
void log_rr(ldns_rr *rr, const char *pre, int level)
void ods_log_crit(const char *format,...)
duration_type * sig_refresh_interval
#define lock_basic_lock(lock)
void log_rrset(ldns_rdf *dname, ldns_rr_type type, const char *pre, int level)
ldns_rr_type domain_is_delegpt(domain_type *domain)
ldns_rr_type domain_is_occluded(domain_type *domain)
char * allocator_strdup(allocator_type *allocator, const char *string)
void rrset_del_rrsig(rrset_type *rrset, uint16_t rrnum)
void rrset_backup2(FILE *fd, rrset_type *rrset)
allocator_type * allocator
void rrset_del_rr(rrset_type *rrset, uint16_t rrnum)
time_t duration2time(duration_type *duration)
void ods_log_verbose(const char *format,...)
struct rrsig_struct rrsig_type
lock_basic_type ixfr_lock
duration_type * sig_jitter
void ods_log_deeebug(const char *format,...)
ods_status rrset_sign(hsm_ctx_t *ctx, rrset_type *rrset, time_t signtime)
void allocator_deallocate(allocator_type *allocator, void *data)
void rrset_diff(rrset_type *rrset, unsigned is_ixfr, unsigned more_coming)
#define ods_log_assert(x)
time_t ods_rand(time_t mod)
#define lock_basic_unlock(lock)
void ods_log_warning(const char *format,...)
void rrset_print(FILE *fd, rrset_type *rrset, int skip_rrsigs, ods_status *status)