ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
strongswan/src/libstrongswan/resolver/resolver_response.h

144 lines
4.0 KiB
C
Raw Blame History

/*
* Copyright (C) 2012 Reto Guadagnini
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup rsolver_response resolver_response
* @{ @ingroup resolver
*/
#ifndef RESOLVER_RESPONSE_H_
#define RESOLVER_RESPONSE_H_
typedef struct resolver_response_t resolver_response_t;
typedef enum dnssec_status_t dnssec_status_t;
#include <library.h>
#include <resolver/rr_set.h>
/**
* DNSSEC security state.
*
* DNSSEC security state, which a security aware resolver is able determine
* according to RFC 4033.
*/
enum dnssec_status_t {
/**
* The validating resolver has a trust anchor, has a chain of
* trust, and is able to verify all the signatures in the response.
* [RFC4033]
*/
SECURE,
/**
* The validating resolver has a trust anchor, a chain of
* trust, and, at some delegation point, signed proof of the
* non-existence of a DS record. This indicates that subsequent
* branches in the tree are provably insecure. A validating resolver
* may have a local policy to mark parts of the domain space as
* insecure. [RFC4033]
*/
INSECURE,
/**
* The validating resolver has a trust anchor and a secure
* delegation indicating that subsidiary data is signed, but the
* response fails to validate for some reason: missing signatures,
* expired signatures, signatures with unsupported algorithms, data
* missing that the relevant NSEC RR says should be present, and so
* forth. [RFC4033]
*/
BOGUS,
/**
* There is no trust anchor that would indicate that a
* specific portion of the tree is secure. This is the default
* operation mode. [RFC4033]
*/
INDETERMINATE,
};
/**
* A response of the DNS resolver to a DNS query.
*
* A response represents the answer of the Domain Name System to a query.
* It contains the RRset with the queried Resource Records and additional
* information.
*/
struct resolver_response_t {
/**
* Get the original question string.
*
* The string to which the returned pointer points, is still owned
* by the resolver_response. Clone it if necessary.
*
* @return the queried name
*/
char *(*get_query_name)(resolver_response_t *this);
/**
* Get the canonical name of the result.
*
* The string to which the returned pointer points, is still owned
* by the resolver_response. Clone it if necessary.
*
* @return - canonical name of result
* - NULL, if result has no canonical name
*/
char *(*get_canon_name)(resolver_response_t *this);
/**
* Does the RRset of this response contain some Resource Records?
*
* Returns TRUE if the RRset of this response contains some RRs
* (RRSIG Resource Records are ignored).
*
* @return
* - TRUE, if there are some RRs in the RRset
* - FALSE, otherwise
*/
bool (*has_data)(resolver_response_t *this);
/**
* Does the queried name exist?
*
* @return
* - TRUE, if the queried name exists
* - FALSE, otherwise
*/
bool (*query_name_exist)(resolver_response_t *this);
/**
* Get the DNSSEC security state of the response.
*
* @return DNSSEC security state
*/
dnssec_status_t (*get_security_state)(resolver_response_t *this);
/**
* Get the RRset with all Resource Records of this response.
*
* @return - RRset
* - NULL if there is no data or the query name
* does not exist
*/
rr_set_t *(*get_rr_set)(resolver_response_t *this);
/**
* Destroy this response.
*/
void (*destroy) (resolver_response_t *this);
};
#endif /** RR_SET_H_ @}*/
View Git Blame Copy Permalink