"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.16.7/lib/dns/rdata/generic/nsec3_50.h" (4 Sep 2020, 3568 Bytes) of package /linux/misc/dns/bind9/9.16.7/bind-9.16.7.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "nsec3_50.h" see the Fossies "Dox" file reference documentation.

    1 /*
    2  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
    3  *
    4  * This Source Code Form is subject to the terms of the Mozilla Public
    5  * License, v. 2.0. If a copy of the MPL was not distributed with this
    6  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
    7  *
    8  * See the COPYRIGHT file distributed with this work for additional
    9  * information regarding copyright ownership.
   10  */
   11 
   12 #ifndef GENERIC_NSEC3_50_H
   13 #define GENERIC_NSEC3_50_H 1
   14 
   15 /*!
   16  * \brief Per RFC 5155 */
   17 
   18 #include <isc/iterated_hash.h>
   19 
   20 typedef struct dns_rdata_nsec3 {
   21     dns_rdatacommon_t common;
   22     isc_mem_t *mctx;
   23     dns_hash_t hash;
   24     unsigned char flags;
   25     dns_iterations_t iterations;
   26     unsigned char salt_length;
   27     unsigned char next_length;
   28     uint16_t len;
   29     unsigned char *salt;
   30     unsigned char *next;
   31     unsigned char *typebits;
   32 } dns_rdata_nsec3_t;
   33 
   34 /*
   35  * The corresponding NSEC3 interval is OPTOUT indicating possible
   36  * insecure delegations.
   37  */
   38 #define DNS_NSEC3FLAG_OPTOUT 0x01U
   39 
   40 /*%
   41  * The following flags are used in the private-type record (implemented in
   42  * lib/dns/private.c) which is used to store NSEC3PARAM data during the
   43  * time when it is not legal to have an actual NSEC3PARAM record in the
   44  * zone.  They are defined here because the private-type record uses the
   45  * same flags field for the OPTOUT flag above and for the private flags
   46  * below.  XXX: This should be considered for refactoring.
   47  */
   48 
   49 /*%
   50  * Non-standard, private type only.
   51  *
   52  * Create a corresponding NSEC3 chain.
   53  * Once the NSEC3 chain is complete this flag will be removed to signal
   54  * that there is a complete chain.
   55  *
   56  * This flag is automatically set when a NSEC3PARAM record is added to
   57  * the zone via UPDATE.
   58  *
   59  * NSEC3PARAM records containing this flag should never be published,
   60  * but if they are, they should be ignored by RFC 5155 compliant
   61  * nameservers.
   62  */
   63 #define DNS_NSEC3FLAG_CREATE 0x80U
   64 
   65 /*%
   66  * Non-standard, private type only.
   67  *
   68  * The corresponding NSEC3 set is to be removed once the NSEC chain
   69  * has been generated.
   70  *
   71  * This flag is automatically set when the last active NSEC3PARAM record
   72  * is removed from the zone via UPDATE.
   73  *
   74  * NSEC3PARAM records containing this flag should never be published,
   75  * but if they are, they should be ignored by RFC 5155 compliant
   76  * nameservers.
   77  */
   78 #define DNS_NSEC3FLAG_REMOVE 0x40U
   79 
   80 /*%
   81  * Non-standard, private type only.
   82  *
   83  * When set with the CREATE flag, a corresponding NSEC3 chain will be
   84  * created when the zone becomes capable of supporting one (i.e., when it
   85  * has a DNSKEY RRset containing at least one NSEC3-capable algorithm).
   86  * Without this flag, NSEC3 chain creation would be attempted immediately,
   87  * fail, and the private type record would be removed.  With it, the NSEC3
   88  * parameters are stored until they can be used.  When the zone has the
   89  * necessary prerequisites for NSEC3, then the INITIAL flag can be cleared,
   90  * and the record will be cleaned up normally.
   91  *
   92  * NSEC3PARAM records containing this flag should never be published, but
   93  * if they are, they should be ignored by RFC 5155 compliant nameservers.
   94  */
   95 #define DNS_NSEC3FLAG_INITIAL 0x20U
   96 
   97 /*%
   98  * Non-standard, private type only.
   99  *
  100  * Prevent the creation of a NSEC chain before the last NSEC3 chain
  101  * is removed.  This will normally only be set when the zone is
  102  * transitioning from secure with NSEC3 chains to insecure.
  103  *
  104  * NSEC3PARAM records containing this flag should never be published,
  105  * but if they are, they should be ignored by RFC 5155 compliant
  106  * nameservers.
  107  */
  108 #define DNS_NSEC3FLAG_NONSEC 0x10U
  109 
  110 #endif /* GENERIC_NSEC3_50_H */