Annotation of embedaddon/strongswan/src/libstrongswan/resolver/resolver_response.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2012 Reto Guadagnini
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: /**
17: * @defgroup rsolver_response resolver_response
18: * @{ @ingroup resolver
19: */
20:
21: #ifndef RESOLVER_RESPONSE_H_
22: #define RESOLVER_RESPONSE_H_
23:
24: typedef struct resolver_response_t resolver_response_t;
25: typedef enum dnssec_status_t dnssec_status_t;
26:
27: #include <library.h>
28: #include <resolver/rr_set.h>
29:
30: /**
31: * DNSSEC security state.
32: *
33: * DNSSEC security state, which a security aware resolver is able determine
34: * according to RFC 4033.
35: */
36: enum dnssec_status_t {
37: /**
38: * The validating resolver has a trust anchor, has a chain of
39: * trust, and is able to verify all the signatures in the response.
40: * [RFC4033]
41: */
42: SECURE,
43: /**
44: * The validating resolver has a trust anchor, a chain of
45: * trust, and, at some delegation point, signed proof of the
46: * non-existence of a DS record. This indicates that subsequent
47: * branches in the tree are provably insecure. A validating resolver
48: * may have a local policy to mark parts of the domain space as
49: * insecure. [RFC4033]
50: */
51: INSECURE,
52: /**
53: * The validating resolver has a trust anchor and a secure
54: * delegation indicating that subsidiary data is signed, but the
55: * response fails to validate for some reason: missing signatures,
56: * expired signatures, signatures with unsupported algorithms, data
57: * missing that the relevant NSEC RR says should be present, and so
58: * forth. [RFC4033]
59: */
60: BOGUS,
61: /**
62: * There is no trust anchor that would indicate that a
63: * specific portion of the tree is secure. This is the default
64: * operation mode. [RFC4033]
65: */
66: INDETERMINATE,
67: };
68:
69:
70: /**
71: * A response of the DNS resolver to a DNS query.
72: *
73: * A response represents the answer of the Domain Name System to a query.
74: * It contains the RRset with the queried Resource Records and additional
75: * information.
76: */
77: struct resolver_response_t {
78:
79: /**
80: * Get the original question string.
81: *
82: * The string to which the returned pointer points, is still owned
83: * by the resolver_response. Clone it if necessary.
84: *
85: * @return the queried name
86: */
87: char *(*get_query_name)(resolver_response_t *this);
88:
89: /**
90: * Get the canonical name of the result.
91: *
92: * The string to which the returned pointer points, is still owned
93: * by the resolver_response. Clone it if necessary.
94: *
95: * @return - canonical name of result
96: * - NULL, if result has no canonical name
97: */
98: char *(*get_canon_name)(resolver_response_t *this);
99:
100: /**
101: * Does the RRset of this response contain some Resource Records?
102: *
103: * Returns TRUE if the RRset of this response contains some RRs
104: * (RRSIG Resource Records are ignored).
105: *
106: * @return
107: * - TRUE, if there are some RRs in the RRset
108: * - FALSE, otherwise
109: */
110: bool (*has_data)(resolver_response_t *this);
111:
112: /**
113: * Does the queried name exist?
114: *
115: * @return
116: * - TRUE, if the queried name exists
117: * - FALSE, otherwise
118: */
119: bool (*query_name_exist)(resolver_response_t *this);
120:
121: /**
122: * Get the DNSSEC security state of the response.
123: *
124: * @return DNSSEC security state
125: */
126: dnssec_status_t (*get_security_state)(resolver_response_t *this);
127:
128: /**
129: * Get the RRset with all Resource Records of this response.
130: *
131: * @return - RRset
132: * - NULL if there is no data or the query name
133: * does not exist
134: */
135: rr_set_t *(*get_rr_set)(resolver_response_t *this);
136:
137: /**
138: * Destroy this response.
139: */
140: void (*destroy) (resolver_response_t *this);
141: };
142:
143: #endif /** RR_SET_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>