[BACK]Return to resolver_response.h CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / resolver
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / resolver / resolver_response.h
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Jun 3 09:46:43 2020 UTC (4 years, 2 months ago) by misho
Branches: strongswan, MAIN
CVS tags: v5_9_2p0, v5_8_4p7, HEAD
Strongswan

/*
 * Copyright (C) 2012 Reto Guadagnini
 * HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup rsolver_response resolver_response
 * @{ @ingroup resolver
 */

#ifndef RESOLVER_RESPONSE_H_
#define RESOLVER_RESPONSE_H_

typedef struct resolver_response_t resolver_response_t;
typedef enum dnssec_status_t dnssec_status_t;

#include <library.h>
#include <resolver/rr_set.h>

/**
 * DNSSEC security state.
 *
 * DNSSEC security state, which a security aware resolver is able determine
 * according to RFC 4033.
 */
enum dnssec_status_t {
	/**
	 * The validating resolver has a trust anchor, has a chain of
	 * trust, and is able to verify all the signatures in the response.
	 * [RFC4033]
	 */
	SECURE,
	/**
	 * The validating resolver has a trust anchor, a chain of
	 * trust, and, at some delegation point, signed proof of the
	 * non-existence of a DS record.  This indicates that subsequent
	 * branches in the tree are provably insecure.  A validating resolver
	 * may have a local policy to mark parts of the domain space as
	 * insecure. [RFC4033]
	 */
	INSECURE,
	/**
	 * The validating resolver has a trust anchor and a secure
	 * delegation indicating that subsidiary data is signed, but the
	 * response fails to validate for some reason: missing signatures,
	 * expired signatures, signatures with unsupported algorithms, data
	 * missing that the relevant NSEC RR says should be present, and so
	 * forth. [RFC4033]
	 */
	BOGUS,
	/**
	 * There is no trust anchor that would indicate that a
	 * specific portion of the tree is secure.  This is the default
	 * operation mode. [RFC4033]
	 */
	INDETERMINATE,
};


/**
 * A response of the DNS resolver to a DNS query.
 *
 * A response represents the answer of the Domain Name System to a query.
 * It contains the RRset with the queried Resource Records and additional
 * information.
 */
struct resolver_response_t {

    /**
     * Get the original question string.
     *
     * The string to which the returned pointer points, is still owned
	 * by the resolver_response. Clone it if necessary.
     *
     * @return			the queried name
     */
	char *(*get_query_name)(resolver_response_t *this);

	/**
	 * Get the canonical name of the result.
	 *
	 * The string to which the returned pointer points, is still owned
	 * by the resolver_response. Clone it if necessary.
	 *
	 * @return			- canonical name of result
	 * 					- NULL, if result has no canonical name
	 */
	char *(*get_canon_name)(resolver_response_t *this);

	/**
	 * Does the RRset of this response contain some Resource Records?
	 *
	 * Returns TRUE if the RRset of this response contains some RRs
	 * (RRSIG Resource Records are ignored).
	 *
	 * @return
	 * 					- TRUE, if there are some RRs in the RRset
	 * 					- FALSE, otherwise
	 */
	bool (*has_data)(resolver_response_t *this);

	/**
	 * Does the queried name exist?
	 *
	 * @return
	 * 					- TRUE, if the queried name exists
	 * 					- FALSE, otherwise
	 */
	bool (*query_name_exist)(resolver_response_t *this);

	/**
	 * Get the DNSSEC security state of the response.
	 *
	 * @return			DNSSEC security state
	 */
	dnssec_status_t (*get_security_state)(resolver_response_t *this);

	/**
	 * Get the RRset with all Resource Records of this response.
	 *
	 * @return			- RRset
	 * 					- NULL if there is no data or the query name
	 * 					  does not exist
	 */
	rr_set_t *(*get_rr_set)(resolver_response_t *this);

	/**
	 * Destroy this response.
	 */
	void (*destroy) (resolver_response_t *this);
};

#endif /** RR_SET_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>