LDNS_DNSSEC_DATA_CHAIN_STRUCT(3) - Linux man page online | Library functions

Data structures for validation.

Chapter

30 May 2006

ldns(3) Library Functions Manual ldns(3)

NAME

ldns_dnssec_data_chain, ldns_dnssec_data_chain_struct, ldns_dnssec_trust_tree - data structures for validation chains

SYNOPSIS

#include <stdint.h> #include <stdbool.h> #include <ldns/ldns.h> ldns_dnssec_data_chain_struct();

DESCRIPTION

ldns_dnssec_data_chain Chain structure that contains all DNSSEC data needed to verify an rrset struct ldns_dnssec_data_chain_struct { ldns_rr_list *rrset; ldns_rr_list *signatures; ldns_rr_type parent_type; ldns_dnssec_data_chain *parent; ldns_pkt_rcode packet_rcode; ldns_rr_type packet_qtype; bool packet_nodata; }; typedef struct ldns_dnssec_data_chain_struct ldns_dnssec_data_chain; ldns_dnssec_data_chain_struct() ldns_dnssec_trust_tree Tree structure that contains the relation of DNSSEC data, and their cryptographic status. This tree is derived from a data_chain, and can be used to look whether there is a connection between an RRSET and a trusted key. The tree only contains pointers to the data_chain, and therefore one should *never* free() the data_chain when there is still a trust tree derived from that chain. Example tree: key key key \ | / \ | / \ | / ds | key | key | rr For each signature there is a parent; if the parent pointer is null, it couldn't be found and there was no denial; otherwise is a tree which contains either a DNSKEY, a DS, or a NSEC rr struct ldns_dnssec_trust_tree_struct { ldns_rr *rr; /* the complete rrset this rr was in */ ldns_rr_list *rrset; ldns_dnssec_trust_tree *parents[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS]; ldns_status parent_status[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS]; /** for debugging, add signatures too (you might want those if they contain errors) */ ldns_rr *parent_signature[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS]; size_t parent_count; }; typedef struct ldns_dnssec_trust_tree_struct ldns_dnssec_trust_tree;