ldns_dnssec_data_chain - Man Page

data structures for validation chains

Synopsis

#include <stdint.h> #include <stdbool.h>

#include <ldns/ldns.h>

ldns_dnssec_data_chain_struct();

ldns_dnssec_data_chain
Chain structure that contains all DNSSEC data needed to
verify an rrset
struct ldns_dnssec_data_chain_struct
{
ldns_rr_list *rrset;
ldns_rr_list *signatures;
ldns_rr_type parent_type;
ldns_dnssec_data_chain *parent;
ldns_pkt_rcode packet_rcode;
ldns_rr_type packet_qtype;
bool packet_nodata;
};

typedef struct ldns_dnssec_data_chain_struct ldns_dnssec_data_chain;

ldns_dnssec_data_chain_struct()

ldns_dnssec_trust_tree
Tree structure that contains the relation of DNSSEC data,
and their cryptographic status.

This tree is derived from a data_chain, and can be used
to look whether there is a connection between an RRSET
and a trusted key. The tree only contains pointers to the
data_chain, and therefore one should *never* free() the
data_chain when there is still a trust tree derived from
that chain.

Example tree:
key key key
\ | /
\ | /
\ | /
ds
|
key
|
key
|
rr

For each signature there is a parent; if the parent
pointer is null, it couldn't be found and there was no
denial; otherwise is a tree which contains either a
DNSKEY, a DS, or a NSEC rr
struct ldns_dnssec_trust_tree_struct
{
ldns_rr *rr;
/* the complete rrset this rr was in */
ldns_rr_list *rrset;
ldns_dnssec_trust_tree *parents[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];
ldns_status parent_status[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];
/** for debugging, add signatures too (you might want
those if they contain errors) */
ldns_rr *parent_signature[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];
size_t parent_count;
};

typedef struct ldns_dnssec_trust_tree_struct ldns_dnssec_trust_tree;

ldns_dnssec_data_chain - Man Page

Synopsis

Description

Author

Reporting Bugs

Copyright

See Also

Remarks

Referenced By